Author Topic: Problem - Please Help (Read 70379 times)

SCHC · « **on:** March 03, 2010, 04:21:15 PM »

I went to run MBAM last night for a routine scan and it won't work. I've tried downloading it again and reinstalling (even renaming it) and still nothing. I read the instructions about what to do before making requests and followed them all, except, for obvious reasons, the step that requires running MBAM, and the step involving Hijack This (I didn't run it b/c the instructions said not to do it until all other steps had been completed).

If anyone could help me, I'd greatly appreciate it.

Thanks.

Dr Jay · « **Reply #1 on:** March 04, 2010, 12:07:01 PM »

Hello. We need to do some diagnostics to get started.

1. Please download Rooter and Save it to your desktop

Double click it to start the tool.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download LockSearch to your desktop

A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

3. Please download CKScanner by askey127 from here
Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url], and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to start.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks. :)

SCHC · « **Reply #2 on:** March 04, 2010, 11:44:13 PM »

Here goes.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
.
C:\ [Fixed-NTFS] .. ( Total:109 Go - Free:80 Go )
D:\ [CD_Rom]
.
Scan : 00:35.26
Path : C:\Documents and Settings\Me\Desktop\Rooter.exe
User : Me ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (464)
______ \??\C:\WINDOWS\system32\csrss.exe (520)
______ \??\C:\WINDOWS\system32\winlogon.exe (552)
______ C:\WINDOWS\system32\services.exe (596)
______ C:\WINDOWS\system32\lsass.exe (608)
______ C:\WINDOWS\system32\svchost.exe (816)
______ C:\WINDOWS\system32\svchost.exe (868)
______ C:\Program Files\Windows Defender\MsMpEng.exe (908)
______ C:\WINDOWS\System32\svchost.exe (968)
______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1040)
______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1104)
______ C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (1148)
______ C:\WINDOWS\system32\svchost.exe (1244)
______ C:\WINDOWS\system32\svchost.exe (1312)
______ C:\Program Files\Tall Emu\Online Armor\OAcat.exe (1472)
______ C:\Program Files\Tall Emu\Online Armor\oasrv.exe (1584)
______ C:\WINDOWS\explorer.exe (1948)
______ C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (360)
______ C:\WINDOWS\system32\spoolsv.exe (508)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (740)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (612)
______ C:\WINDOWS\system32\svchost.exe (1632)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1796)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1816)
______ C:\WINDOWS\system32\nvsvc32.exe (2244)
______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (2324)
______ C:\WINDOWS\system32\svchost.exe (2444)
______ C:\WINDOWS\System32\alg.exe (3692)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1092)
______ C:\WINDOWS\system32\rundll32.exe (3840)
______ C:\WINDOWS\system32\RunDLL32.exe (1552)
______ C:\WINDOWS\OEM02Mon.exe (2120)
______ C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (2472)
______ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (2564)
______ C:\WINDOWS\stsystra.exe (3432)
______ C:\WINDOWS\system32\KADxMain.exe (3540)
______ C:\Program Files\Dell\MediaDirect\PCMService.exe (3684)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3948)
______ C:\Program Files\iTunes\iTunesHelper.exe (1520)
______ C:\WINDOWS\system32\rundll32.exe (1672)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2088)
______ C:\Program Files\Tall Emu\Online Armor\oaui.exe (2540)
______ C:\WINDOWS\system32\ctfmon.exe (2572)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (2840)
______ C:\Program Files\Digital Line Detect\DLG.exe (3016)
______ C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (2424)
______ C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (2920)
______ C:\Program Files\iPod\bin\iPodService.exe (2408)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1352)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2940)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (336)
______ C:\Documents and Settings\Me\Desktop\Rooter.exe (3648)
______ C:\WINDOWS\system32\wscntfy.exe (3772)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:106896384)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:106928640 | Length:117234915840)
\Device\Harddisk0\Partition0 (Start_Offset:117350069760 | Length:2681441280)
\Device\Harddisk0\Partition3 (Start_Offset:117350102016 | Length:2681409024)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
C:\WINDOWS\Tasks\Norton Security Scan.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 00:36.01
.
C:\Rooter$\Rooter_1.txt - (05/03/2010 | 00:36.01)

SCHC · « **Reply #3 on:** March 04, 2010, 11:44:53 PM »

LockSearch by jpshortstuff (05.11.09.1)
Log created at 00:37 on 05/03/2010 (Me)
Scanning C:\

C:\hiberfil.sys
-------------------------

C:\pagefile.sys
-------------------------

-=E.O.F=-

SCHC · « **Reply #4 on:** March 04, 2010, 11:46:48 PM »

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\me\my documents\media\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\02 hold my hand.m4a
c:\documents and settings\me\my documents\media\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\03 let her cry.m4a
c:\documents and settings\me\my documents\media\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a
c:\documents and settings\me\my documents\media\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\08 time.m4a
scanner sequence 3.CA.11
----- EOF -----

SCHC · « **Reply #5 on:** March 04, 2010, 11:47:22 PM »

Cheetah-Anti-Rogue v1.3.23
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 03/05/2010 - Time: 0:42:16 - Arch.: x86

-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware

-- Known infection --

Extra message: Detection only.

EOF

SCHC · « **Reply #6 on:** March 04, 2010, 11:47:48 PM »

Thanks.

Dr Jay · « **Reply #7 on:** March 05, 2010, 07:36:52 AM »

[list=1]

Download Win32kDiag from any of the following locations and save it to your Desktop.
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

SCHC · « **Reply #8 on:** March 05, 2010, 08:43:30 AM »

Running from: C:\Documents and Settings\Me\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Me\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Dr Jay · « **Reply #9 on:** March 05, 2010, 12:35:07 PM »

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

Double-click mbr.exe to start the program.
When done scanning, it will save a log on the Desktop called mbr.log.
Please post the contents of that log in your next reply.

=========

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

SCHC · « **Reply #10 on:** March 06, 2010, 04:19:11 PM »

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

SCHC · « **Reply #11 on:** March 06, 2010, 04:23:21 PM »

Malwarebytes still won't open. I tried downloading it again and still nothing.

Dr Jay · « **Reply #12 on:** March 07, 2010, 03:19:55 AM »

[list=1]

We will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link: Malwarebytes' RANDOM - EXE Download

When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.
Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 8. MBAM should now start and you will be at the main program screen.

Let me know if this helps.

SCHC · « **Reply #13 on:** March 07, 2010, 09:46:11 AM »

Yes, it opened. I'm assuming I need to run a scan now, but won't do anything until you say so. If so, should I do a quick scan or a full one?

Dr Jay · « **Reply #14 on:** March 08, 2010, 02:02:54 PM »

Do a quick scan, please.

SCHC · « **Reply #15 on:** March 08, 2010, 08:49:30 PM »

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/8/2010 9:48:43 PM
mbam-log-2010-03-08 (21-48-28).txt

Scan type: Quick Scan
Objects scanned: 118910
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljigdcdrv (Trojan.Vundo) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljigdcdrv (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmkklldrv (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qomligdrv (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qomlkhsys (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vtrpmmsys (Trojan.Vundo) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vtrpmmsys (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe nynw.wmo mynleeq) Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #16 on:** March 08, 2010, 09:30:07 PM »

Try one more quick scan and post a log, please.

SCHC · « **Reply #17 on:** March 08, 2010, 10:28:00 PM »

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/8/2010 11:26:52 PM
mbam-log-2010-03-08 (23-26-52).txt

Scan type: Quick Scan
Objects scanned: 119034
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fcbcdedrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ddaawudrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxvstudrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xxvstudrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mliihisys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dddabxsys (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dddabxsys (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #18 on:** March 08, 2010, 10:44:03 PM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

SCHC · « **Reply #19 on:** March 08, 2010, 11:17:20 PM »

ComboFix 10-03-08.01 - Me 03/09/2010 0:06.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -6:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-05 06:36 . 2010-03-05 06:36   --------   d-----w-   C:\Rooter$
2010-03-04 03:21 . 2010-03-06 23:21   --------   d-----w-   c:\program files\MalwareBytes
2010-03-03 23:07 . 2010-03-03 23:07   61440   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-sse.dll
2010-03-03 23:07 . 2010-03-03 23:07   503808   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcp71.dll
2010-03-03 23:07 . 2010-03-03 23:07   499712   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\jmc.dll
2010-03-03 23:07 . 2010-03-03 23:07   348160   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcr71.dll
2010-03-03 23:07 . 2010-03-03 23:07   12800   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-d3d.dll
2010-03-03 23:07 . 2010-03-03 23:06   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-03 21:01 . 2010-03-03 21:01   52224   ----a-w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-03 21:01 . 2010-03-03 21:01   117760   ----a-w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-03 21:00 . 2010-03-03 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-03 20:59 . 2010-03-03 20:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-03 20:59 . 2010-03-03 20:59   --------   d-----w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2010-03-03 20:19 . 2010-03-03 20:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-03 20:19 . 2010-03-03 20:19   --------   d-----w-   c:\documents and settings\Me\Application Data\OnlineArmor
2010-03-03 20:18 . 2009-12-05 13:28   24656   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-03-03 20:18 . 2009-12-05 13:27   29776   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-03-03 20:18 . 2009-12-05 13:27   223312   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-03-03 20:18 . 2010-03-03 20:18   --------   d-----w-   c:\program files\Tall Emu
2010-03-03 17:49 . 2010-03-03 17:49   --------   d-----w-   c:\program files\CCleaner
2010-03-03 02:30 . 2009-11-25 17:19   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-03-03 02:30 . 2009-03-30 15:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-03-03 02:30 . 2009-02-13 17:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-03-03 02:30 . 2009-02-13 17:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-03-03 02:30 . 2010-03-03 02:30   --------   d-----w-   c:\program files\Avira
2010-03-03 02:30 . 2010-03-03 02:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-03-03 02:01 . 2010-03-03 22:58   --------   d-----w-   c:\program files\mapp
2010-03-03 01:28 . 2010-03-03 01:28   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-02 16:54 . 2010-03-02 16:54   91648   ---ha-w-   c:\windows\system32\jkhfde.dll
2010-03-02 05:56 . 2010-03-02 05:57   97280   ---ha-w-   c:\windows\system32\rqrstu.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 16:41 . 2008-08-26 20:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-03 23:12 . 2007-08-06 12:04   --------   d-----w-   c:\program files\Java
2010-03-03 23:07 . 2007-08-06 12:04   --------   d-----w-   c:\program files\Common Files\Java
2010-03-03 20:58 . 2007-12-03 02:29   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-03 17:55 . 2007-12-03 05:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-24 15:16 . 2009-10-03 18:26   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-20 20:09 . 2008-03-09 01:17   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-02-14 20:18 . 2007-08-14 02:23   --------   d-----w-   c:\program files\Google
2010-02-10 16:34 . 2007-08-14 01:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-21 21:41 . 2007-08-06 11:51   91562   ----a-w-   c:\windows\system32\nvModes.dat
2010-01-21 13:54 . 2009-06-02 04:54   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-15 00:11 . 2008-09-19 02:31   5115824   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-08-26 20:16   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-08-26 20:16   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-10 17:51   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 17:51   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 17:50   17408   ------w-   c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-10 17:51   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-18 17:18 . 2007-11-30 20:43   638339   ----a-w-   c:\windows\jgzr.dat
2009-12-16 18:43 . 2004-08-10 18:01   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 17:50   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-06-09 16:29 . 2009-06-09 16:20   724952   ----a-w-   c:\program files\avenger.zip
2008-08-27 16:50 . 2008-08-27 16:50   1495112   ----a-w-   c:\program files\install_flash_player.exe
2008-08-26 21:07 . 2008-08-26 20:44   7499056   ----a-w-   c:\program files\Firefox Setup 3.0.1.exe
2008-08-12 23:14 . 2008-08-12 23:14   2367160   ----a-w-   c:\program files\LinksysWebConnectPC.exe
2008-07-06 20:16 . 2008-07-06 20:16   9390251   ----a-w-   c:\program files\vlc-0.8.6h-win32.exe
2008-01-04 03:10 . 2008-01-04 03:10   13413048   ----a-w-   c:\program files\Google_Earth_BZXD.exe
2007-08-30 12:08 . 2007-08-30 12:08   238450   ----a-w-   c:\program files\SecureW2_2kXP.exe
2007-08-27 12:43 . 2007-08-27 12:43   50009400   ----a-w-   c:\program files\iTunesSetup.exe
2007-08-06 12:09 . 2007-08-06 12:09   76   --sh--r-   c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]
"jkhgdcdrv"="rqrstu.dll" [2010-03-02 97280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"fcbbxwdrv"="rqrstu.dll" [2010-03-02 97280]
"mlmljgsys"="jkhfde.dll" [2010-03-02 91648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"wvvvvvsys"="jkhfde.dll" [2010-03-02 91648]
"ssqpopdrv"="rqrstu.dll" [2010-03-02 97280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-6 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ     msv1_0 jkhfde.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DELL\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/3/2010 2:18 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/3/2010 2:18 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/3/2010 2:18 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2010 8:30 PM 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/3/2010 2:18 PM 1282248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate1c9a393ba0b99a0;Google Update Service (gupdate1c9a393ba0b99a0);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 10:25 PM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/3/2010 2:18 PM 3291336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://law.wustl.edu/
FF - plugin: c:\documents and settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000000CC5AEF8701CB5A8A30 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *·*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\rqrstu.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\jkhfde.dll
c:\windows\system32\wininet.dll

- - - - - - - > 'csrss.exe'(524)
c:\windows\system32\wininet.dll
.
Completion time: 2010-03-09 00:13:37
ComboFix-quarantined-files.txt 2010-03-09 06:13

Pre-Run: 86,253,690,880 bytes free
Post-Run: 87,853,133,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BD3BA76768EFDDE9CFE95CC7C0D48527

Dr Jay · « **Reply #20 on:** March 09, 2010, 11:17:43 AM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
killall::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jkhgdcdrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fcbbxwdrv"=-
"mlmljgsys"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"wvvvvvsys"=-
"ssqpopdrv"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
@=""

File::
c:\windows\system32\jkhfde.dll
c:\windows\system32\rqrstu.dll
c:\windows\jgzr.dat

rootkit::
reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

SCHC · « **Reply #21 on:** March 09, 2010, 01:14:41 PM »

ComboFix 10-03-09.03 - Me 03/09/2010 14:00:55.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1385 [GMT -6:00]
Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Me\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"c:\windows\jgzr.dat"
"c:\windows\system32\jkhfde.dll"
"c:\windows\system32\rqrstu.dll"
.

Dr Jay · « **Reply #22 on:** March 09, 2010, 01:21:57 PM »

That is not a full log.

Look in C:\Combofix.txt and see if you can find the full log.

SCHC · « **Reply #23 on:** March 09, 2010, 01:31:16 PM »

That is all that is there. Could it be a problem that Avira and my firewall both automatically restarted when ComboFix restarted Windows?

Dr Jay · « **Reply #24 on:** March 09, 2010, 01:32:47 PM »

Might be.

Re-run ComboFix, and post a log. But, do not do the script above, just double-click on ComboFix.

SCHC · « **Reply #25 on:** March 09, 2010, 01:34:50 PM »

Should I shut off the autostart features for Avira and Online Armor first?

Dr Jay · « **Reply #26 on:** March 09, 2010, 01:47:32 PM »

If you want to. Just remember to turn them back on.

SCHC · « **Reply #27 on:** March 09, 2010, 02:11:13 PM »

Still just this:

ComboFix 10-03-09.03 - Me 03/09/2010 14:55:20.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1514 [GMT -6:00]
Running from: C:\Documents and Settings\Me\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

SCHC · « **Reply #28 on:** March 09, 2010, 02:17:23 PM »

I also got a message when Windows restarted saying something about ComboFix and not having permission, but the screenshot I attempted to take didn't work, so sorry I can't tell you exactly what it said.

And I got these two messages:

Error loading rqrstu.dll
The specified module could not be found.

and

Error loading jkhfde.dll
The specified module could not be found.

SCHC · « **Reply #29 on:** March 09, 2010, 02:20:51 PM »

Also, Online Armor blocked two programs automatically:

CF21025.cfxxe

iernonce.dll

Dr Jay · « **Reply #30 on:** March 09, 2010, 08:45:45 PM »

Ok. Well how is your computer running?

SCHC · « **Reply #31 on:** March 09, 2010, 09:28:17 PM »

It seems fine, but I haven't restarted it lately.

SCHC · « **Reply #32 on:** March 13, 2010, 09:57:23 PM »

When I restart I still get the same messages I told you about last time. It's also pausing on a black screen for a few seconds to ask if I want to start windows or not (though it does start windows without me doing anything).

What do I need to do next? Any more scans?

Dr Jay · « **Reply #33 on:** March 14, 2010, 02:34:17 PM »

Please download Radix rootkit detector, and save to your Desktop.

Unzip the file by right-clicking on it and select Extract all... save to your Desktop.
Find the radix_installer folder on your Desktop. Double-click on it.
Double-click on radixgui.exe and read the agreement and click on Yes.
When the program opens, make sure all the checkboxes on the left.
Then, click the Check button. Do not click Fix Checked.
Note: if you get a warning about deleting data from the Registry...Are you sure you want to scan...click Yes.
When it appears to be done scanning, click the Save log... button at the bottom right. Pick a file name and location and click Save.
Find the log, double-click on the file. Post the contents in your next reply.

SCHC · « **Reply #34 on:** March 14, 2010, 04:32:32 PM »

USEC Radix V1, 0, 0, 11 [2010/02/09] at your service.
---- Check started at 14.3.2010 22:13:29 ----
Running on: Microsoft Windows NT 5.1 Build 2600 Service Pack 3
Number of Processors: 2, Active Processor Mask: 00000003
Processor: Intel Level 6 Revision 0F0D
Allocation granularity: 00010000, Page granularity: 00001000
Application space: 00010000-7FFEFFFF
Kernel Membase: 80000000
[X] Filter common false alarms.
22:13:29 - Performing check: "Hidden files":
This check can take some time depending on your harddisk size. You can interrupt it with the ESC key.
Warning: Helper driver failed to load: The specified service has been marked for deletion.

C:\Documents and Settings
C:\Documents and Settings\Administrator
C:\Documents and Settings\Administrator\Application Data
C:\Documents and Settings\Administrator\Favorites
C:\Documents and Settings\Administrator\Favorites\MSN.com.url
C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url
C:\Documents and Settings\Administrator\Local Settings
C:\Documents and Settings\Administrator\Local Settings\Application Data
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word
C:\Documents and Settings\Administrator\My Documents
C:\Documents and Settings\Administrator\My Documents\My Music
C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk
C:\Documents and Settings\Administrator\My Documents\My Pictures
C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk
C:\Documents and Settings\Administrator\My Documents\My Videos
C:\Documents and Settings\Administrator\My Documents\My Videos\Desktop.ini
C:\Documents and Settings\Administrator\ntuser.dat.LOG
C:\Documents and Settings\Administrator\PrintHood
C:\Documents and Settings\Administrator\Start Menu
C:\Documents and Settings\Administrator\Start Menu\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories
C:\Documents and Settings\Administrator\Start Menu\Programs\Dell Accessories\Express Service Code.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Administrator\Templates
C:\Documents and Settings\Administrator\Templates\amipro.sam
C:\Documents and Settings\Administrator\Templates\excel.xls
C:\Documents and Settings\Administrator\Templates\excel4.xls
C:\Documents and Settings\Administrator\Templates\lotus.wk4
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt
C:\Documents and Settings\Administrator\Templates\presenta.shw
C:\Documents and Settings\Administrator\Templates\quattro.wb2
C:\Documents and Settings\Administrator\Templates\sndrec.wav
C:\Documents and Settings\Administrator\Templates\winword.doc
C:\Documents and Settings\Administrator\Templates\winword2.doc
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg
C:\Documents and Settings\All Users
C:\Documents and Settings\All Users\Application Data
C:\Documents and Settings\All Users\Documents
C:\Documents and Settings\All Users\Documents\My Music
C:\Documents and Settings\All Users\Documents\My Music\My Playlists
C:\Documents and Settings\All Users\Documents\My Music\Sample Music
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst1.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst10.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst11.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst12.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst13.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst14.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst15.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst2.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst3.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst4.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst5.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst6.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst7.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst8.wpl
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000648E3\Plylst9.wpl
C:\Documents and Settings\All Users\Documents\My Pictures
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Google Earth.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Mozilla Firefox.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 001.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 002.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 003.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 004.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 005.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 006.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 007.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 008.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 009.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 010.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 011.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 012.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 013.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 014.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 015.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 016.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 021.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 023.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 024.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 025.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 026.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 027.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 028.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 029.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Picture 030.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Recycle Bin.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\SofTest_8.5.lnk
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
C:\Documents and Settings\All Users\Documents\My Videos
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
C:\Documents and Settings\All Users\Documents\Reallusion
C:\Documents and Settings\All Users\Documents\Reallusion\Shared Custom
C:\Documents and Settings\All Users\Documents\Reallusion\Shared Custom\CrazyTalk 4 Custom
C:\Documents and Settings\All Users\Documents\Reallusion\Shared Custom\CrazyTalk 4 Custom\Expression
C:\Documents and Settings\All Users\Favorites
C:\Documents and Settings\All Users\msrecovery.cfc
C:\Documents and Settings\All Users\NTUSER.DAT.LOG
C:\Documents and Settings\All Users\Start Menu
C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
C:\Documents and Settings\All Users\Templates
C:\Documents and Settings\Default User
C:\Documents and Settings\Default User\Application Data
C:\Documents and Settings\Default User\Favorites
C:\Documents and Settings\Default User\Favorites\MSN.com.url
C:\Documents and Settings\Default User\Favorites\Radio Station Guide.url
C:\Documents and Settings\Default User\Local Settings
C:\Documents and Settings\Default User\Local Settings\Application Data
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Default User\My Documents
C:\Documents and Settings\Default User\My Documents\My Music
C:\Documents and Settings\Default User\My Documents\My Music\Sample Music.lnk
C:\Documents and Settings\Default User\My Documents\My Pictures
C:\Documents and Settings\Default User\My Documents\My Pictures\Sample Pictures.lnk
C:\Documents and Settings\Default User\My Documents\My Videos
C:\Documents and Settings\Default User\My Documents\My Videos\Desktop.ini
C:\Documents and Settings\Default User\ntuser.dat.LOG
C:\Documents and Settings\Default User\PrintHood
C:\Documents and Settings\Default User\Start Menu
C:\Documents and Settings\Default User\Start Menu\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Address Book.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Dell Accessories
C:\Documents and Settings\Default User\Start Menu\Programs\Dell Accessories\Express Service Code.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini
C:\Documents and Settings\Default User\Start Menu\Programs\Internet Explorer.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Outlook Express.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
C:\Documents and Settings\Default User\Start Menu\Programs\Startup
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Default User\Templates
C:\Documents and Settings\Default User\Templates\amipro.sam
C:\Documents and Settings\Default User\Templates\excel.xls
C:\Documents and Settings\Default User\Templates\excel4.xls
C:\Documents and Settings\Default User\Templates\lotus.wk4
C:\Documents and Settings\Default User\Templates\powerpnt.ppt
C:\Documents and Settings\Default User\Templates\presenta.shw
C:\Documents and Settings\Default User\Templates\quattro.wb2
C:\Documents and Settings\Default User\Templates\sndrec.wav
C:\Documents and Settings\Default User\Templates\winword.doc
C:\Documents and Settings\Default User\Templates\winword2.doc
C:\Documents and Settings\Default User\Templates\wordpfct.wpd
C:\Documents and Settings\Default User\Templates\wordpfct.wpg
C:\Documents and Settings\LocalService
C:\Documents and Settings\LocalService\Application Data
C:\Documents and Settings\LocalService\Local Settings
C:\Documents and Settings\LocalService\Local Settings\Application Data
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\LocalService\ntuser.dat.LOG
C:\Documents and Settings\NetworkService
C:\Documents and Settings\NetworkService\Application Data
C:\Documents and Settings\NetworkService\Local Settings
C:\Documents and Settings\NetworkService\Local Settings\Application Data
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3H1F3O6U
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3H1F3O6U\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5MFUGI36
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5MFUGI36\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GP82CN1A
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GP82CN1A\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I54L19AK
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I54L19AK\desktop.ini
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
C:\Program Files
C:\Program Files\AOL Games
C:\Program Files\AOL Games\Monopoly by Parker Brothers
C:\Program Files\AOL Games\Monopoly by Parker Brothers\MonopolyPB.exe
C:\Program Files\Apple Software Update
C:\Program Files\Apple Software Update\ScriptingObjectModel.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\da.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\de.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\de.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\es.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\es.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fi.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fi.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fr.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\fr.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\it.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\it.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ja.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ja.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ko.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ko.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nb.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nb.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nl.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\nl.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ru.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\ru.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\Software Update.tiff
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\sv.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\sv.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_CN.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\zh_TW.lproj\SoftwareUpdateLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateAdmin.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\da.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\es.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fi.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\fr.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\it.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ja.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ko.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nb.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\nl.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\sv.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_TW.lproj\SoftwareUpdateFilesLocalized.dll
C:\Program Files\Common Files
C:\Program Files\Common Files\InstallShield
C:\Program Files\Common Files\InstallShield\Professional
C:\Program Files\Common Files\InstallShield\Professional\RunTime
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\iKernel.rgs
C:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb
C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
C:\Program Files\Common Files\Microsoft Shared
C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr
C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL
C:\Program Files\Common Files\Microsoft Shared\Smart Tag
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Microsoft Shared\Stationery
C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank Bkgrd.gif
C:\Program Files\Common Files\Microsoft Shared\Stationery\Citrus Punch Bkgrd.gif
C:\Program Files\Common Files\Microsoft Shared\Stationery\Citrus Punch.htm
C:\Program Files\Common Files\Microsoft Shared\Stationery\Clear Day Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Clear Day.htm
C:\Program Files\Common Files\Microsoft Shared\Stationery\Fiesta Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Glacier Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Leaves Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Maize Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Nature Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Network Blitz Bkgrd.gif
C:\Program Files\Common Files\Microsoft Shared\Stationery\Network Blitz.htm
C:\Program Files\Common Files\Microsoft Shared\Stationery\Pie Charts Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Pie Charts.htm
C:\Program Files\Common Files\Microsoft Shared\Stationery\Sunflower Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Stationery\Sunflower.htm
C:\Program Files\Common Files\Microsoft Shared\Stationery\Sweets Bkgrd.gif
C:\Program Files\Common Files\Microsoft Shared\Stationery\Technical.htm
C:\Program Files\Common Files\Microsoft Shared\Web Folders
C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033
C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL
C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\NSEXTINT.DLL
C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL
C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOWS409.DLL
C:\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT
C:\Program Files\Common Files\Microsoft Shared\web server extensions
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\1033
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\1033\FPEXT.MSG
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\FPSRVUTL.DLL
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\FPWEC.DLL
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1033
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1033\FPEXT.MSG
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4autl.dll
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\FP4AWEC.DLL
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
C:\Program Files\Common Files\Reallusion
C:\Program Files\Common Files\Reallusion\CT Player
C:\Program Files\Common Files\Reallusion\CT Player\crazytalk4.ocx
C:\Program Files\Common Files\Reallusion\CT Player\CrazyTalk4Native.dll
C:\Program Files\Common Files\Reallusion\CT Player\ctdomemhelper.dll
C:\Program Files\Common Files\Reallusion\CT Player\ctframeplayerobject.dll
C:\Program Files\Common Files\Reallusion\CT Player\ctplayerobject.dll
C:\Program Files\Common Files\Reallusion\CT Player\frameplayerapp.exe
C:\Program Files\Common Files\Reallusion\CT Player\imagickrt.dll
C:\Program Files\Common Files\Reallusion\CT Player\rlcontentclass.dll
C:\Program Files\Common Files\Reallusion\CT Player\RLMusicPacker.dll
C:\Program Files\Common Files\Reallusion\CT Player\RLMusicUnpacker.dll
C:\Program Files\Common Files\Reallusion\CT Player\RLRecordWave.ocx
C:\Program Files\Common Files\Reallusion\CT Player\rlvoicepacker.dll
C:\Program Files\Common Files\Reallusion\CT Player\rlvoiceunpacker.dll
C:\Program Files\Common Files\SpeechEngines
C:\Program Files\Common Files\SpeechEngines\Microsoft
C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon
C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033\ltts1033.lxa
C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033\r1033tts.lxa
C:\Program Files\Common Files\SpeechEngines\Microsoft\spcommon.dll
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\sam.sdf
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\sam.spd
C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\spttseng.dll
C:\Program Files\Common Files\Wise Installation Wizard
C:\Program Files\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_34_0_1000.MSI
C:\Program Files\Common Files\Wise Installation Wizard\WISDED53B0BB67C4244AE6AD6FD3C28D1EF_7_0_2_5.MSI
C:\Program Files\ComPlus Applications
C:\Program Files\Creative Live! Cam
C:\Program Files\Creative Live! Cam\AudioFX
C:\Program Files\Creative Live! Cam\AudioFX\CtAfxApp.exe
C:\Program Files\Creative Live! Cam\AudioFX\ctAfxRes.crl
C:\Program Files\Creative Live! Cam\AudioFX\CtAudFx.dll
C:\Program Files\Creative Live! Cam\VideoFX
C:\Program Files\Creative Live! Cam\VideoFX\blankscr.txt
C:\Program Files\Creative Live! Cam\VideoFX\cv097.dll
C:\Program Files\Creative Live! Cam\VideoFX\cvlicense.txt
C:\Program Files\Creative Live! Cam\VideoFX\cxcore097.dll
C:\Program Files\Creative Live! Cam\VideoFX\data
C:\Program Files\Creative Live! Cam\VideoFX\data\ArtyFarty.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\ArtyFarty.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Ayersrock.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Ayersrock.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Birthdaycard.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\BirthdayCard.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Brownshades.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Brownshades.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\bubbles.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Bubbles.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\cards.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\cards.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\CartoonEye.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\CartoonEye.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Croceye.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\CrocEye.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Crying.JPG
C:\Program Files\Creative Live! Cam\VideoFX\data\Crying.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Cupid.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Cupid.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\egypt.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\egypt.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\eiffeltower.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\eiffeltower.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\ElvenEars.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\ElvenEars.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\FadeAway.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\FadeAway.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\fire.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\fire.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\FlyingHero.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\FlyingHero.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Glitter.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Glitter.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\halftone.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\halftone.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Logo.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\LogoM.bmp
C:\Program Files\Creative Live! Cam\VideoFX\data\Mardigras.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Mardigras.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\mirror.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\mirror.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\monkeyBananas.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\monkeyBananas.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\mud.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Mud.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\multiplex.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Multiplex.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\negative.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Negative.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\outline.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Outline.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\PCCamS.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\PCCamSM.bmp
C:\Program Files\Creative Live! Cam\VideoFX\data\phantom.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Phantom.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\photoframe.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Photoframe.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\PrettyEye.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\PrettyEye.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Psychedelic.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Psychedelic.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Racingtrack.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\RacingTrack.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1024.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1028.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1031.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1034.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1036.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1040.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1041.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1043.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_1046.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\scripts_2052.lst
C:\Program Files\Creative Live! Cam\VideoFX\data\shark.JPG
C:\Program Files\Creative Live! Cam\VideoFX\data\Shark.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\shortie.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\shortie.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\skyline.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Skyline.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\snowflakes.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\snowflakes.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\soulout.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\soulout.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\spacecity.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\spacecity.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\sparkles.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\sparkles.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\StroketheCat.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\StroketheCat.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Sunshine.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Sunshine.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\syncswim.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\syncswim.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\tigerface.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\tigerface.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\toyshelf.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\toyshelf.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\Trail.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\Trail.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\voluptuous.JPG
C:\Program Files\Creative Live! Cam\VideoFX\data\Voluptuous.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\waterRipple.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\WaterRipple.vfx
C:\Program Files\Creative Live! Cam\VideoFX\data\werewolf.jpg
C:\Program Files\Creative Live! Cam\VideoFX\data\werewolf.vfx
C:\Program Files\Creative Live! Cam\VideoFX\default.jpg
C:\Program Files\Creative Live! Cam\VideoFX\eyebrowTemplate.jpg
C:\Program Files\Creative Live! Cam\VideoFX\EyeCatcherEx.dll
C:\Program Files\Creative Live! Cam\VideoFX\eyeTemplate.jpg
C:\Program Files\Creative Live! Cam\VideoFX\haarcascade_frontalface_alt.xml
C:\Program Files\Creative Live! Cam\VideoFX\highgui097.dll
C:\Program Files\Creative Live! Cam\VideoFX\mouth_medium.jpg
C:\Program Files\Creative Live! Cam\VideoFX\mouth_small.jpg
C:\Program Files\Creative Live! Cam\VideoFX\mouth_wide.jpg
C:\Program Files\Creative Live! Cam\VideoFX\PAL1.PAL
C:\Program Files\Creative Live! Cam\VideoFX\Pens
C:\Program Files\Creative Live! Cam\VideoFX\Pens\bub3frames.jpg
C:\Program Files\Creative Live! Cam\VideoFX\Pens\bub3frames_MASK.bmp
C:\Program Files\Creative Live! Cam\VideoFX\StartFX.exe

SCHC · « **Reply #35 on:** March 14, 2010, 04:33:09 PM »

C:\Program Files\CyberLink
C:\Program Files\CyberLink\OutlookAddinSetup
C:\Program Files\CyberLink\OutlookAddinSetup\OutlookAddin.dll
C:\Program Files\CyberLink\Shared Files
C:\Program Files\CyberLink\Shared Files\cldsc.dll
C:\Program Files\Digital Line Detect
C:\Program Files\Digital Line Detect\Aboutn.dll
C:\Program Files\Digital Line Detect\Aboutn.ini
C:\Program Files\Digital Line Detect\BVRPCTLN.DLL
C:\Program Files\Digital Line Detect\BVRPDiag.dll
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Digital Line Detect\DLG.ini
C:\Program Files\Digital Line Detect\DllDef.ini
C:\Program Files\Digital Line Detect\Language
C:\Program Files\Digital Line Detect\Language\Us
C:\Program Files\Digital Line Detect\Language\Us\Aboutn.dll
C:\Program Files\Digital Line Detect\Language\Us\DLG.ini
C:\Program Files\Digital Line Detect\Language\Us\licence.txt
C:\Program Files\Firefox Setup 3.0.1.exe
C:\Program Files\Google_Earth_BZXD.exe
C:\Program Files\InstallShield Installation Information
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\data1.cab
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\data1.hdr
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\ISSetup.dll
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\layout.bin
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.ilg
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.ini
C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\_Setup.dll
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\data1.cab
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\data1.hdr
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\ISSetup.dll
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\layout.bin
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.ilg
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.ini
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.inx
C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\_Setup.dll
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\data1.cab
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\data1.hdr
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\ISSetup.dll
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\layout.bin
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.ilg
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.ini
C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\_Setup.dll
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\data1.cab
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\data1.hdr
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\layout.bin
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\setup.exe
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\setup.ibt
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\setup.ini
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\setup.inx
C:\Program Files\InstallShield Installation Information\{825598D7-2307-4D19-8B2D-014D50824B66}\_setup.dll
C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}
C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.skin
C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}
C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe.manifest
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\CmnReg.log
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\CMNSUPT.CAB
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\CTCABEX.DLL
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\CTEngine.INI
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\data1.cab
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\data1.hdr
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\Install.log
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\layout.bin
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\ReGInfo.log
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.ibt
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.ilg
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.ini
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.inx
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.skn
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\SUPPORT.CAB
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\Version.ini
C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\_setup.dll
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\CMNSUPT.CAB
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\CTCABEX.DLL
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\data1.cab
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\data1.hdr
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\Install.log
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\layout.bin
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.ibt
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.ilg
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.ini
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.inx
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\SUPPORT.CAB
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\Version.ini
C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\_setup.dll
C:\Program Files\InstallShield Installation Information\{A94C6048-87C9-46AA-9B47-2402F6556FFB}
C:\Program Files\InstallShield Installation Information\{A94C6048-87C9-46AA-9B47-2402F6556FFB}\setup.skin
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\data1.cab
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\data1.hdr
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\ISSetup.dll
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\layout.bin
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.ilg
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.ini
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.inx
C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\_Setup.dll
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\CmnReg.log
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\CMNSUPT.CAB
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\CTCABEX.DLL
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\data1.cab
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\data1.hdr
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\Install.log
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\layout.bin
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\ReGInfo.log
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.ibt
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.ilg
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.ini
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.inx
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.skn
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\SUPPORT.CAB
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\Version.ini
C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\_setup.dll
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\data1.cab
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\data1.hdr
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\ISSetup.dll
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\layout.bin
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.ilg
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.ini
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.inx
C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\_Setup.dll
C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}
C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.skin
C:\Program Files\install_flash_player.exe
C:\Program Files\Intel, Inc
C:\Program Files\Intel, Inc\iProInst
C:\Program Files\Internet Explorer
C:\Program Files\Internet Explorer\Connection Wizard
C:\Program Files\Internet Explorer\Connection Wizard\icwconn.dll
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll
C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll
C:\Program Files\Internet Explorer\Connection Wizard\icwip.dun
C:\Program Files\Internet Explorer\Connection Wizard\icwres.dll
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll
C:\Program Files\Internet Explorer\Connection Wizard\icwx25a.dun
C:\Program Files\Internet Explorer\Connection Wizard\icwx25b.dun
C:\Program Files\Internet Explorer\Connection Wizard\icwx25c.dun
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
C:\Program Files\Internet Explorer\Connection Wizard\msicw.isp
C:\Program Files\Internet Explorer\Connection Wizard\msn.isp
C:\Program Files\Internet Explorer\Connection Wizard\phone.icw
C:\Program Files\Internet Explorer\Connection Wizard\phone.ver
C:\Program Files\Internet Explorer\Connection Wizard\state.icw
C:\Program Files\Internet Explorer\Connection Wizard\support.icw
C:\Program Files\Internet Explorer\Connection Wizard\trialoc.dll
C:\Program Files\iTunesSetup.exe
C:\Program Files\LinksysWebConnectPC.exe
C:\Program Files\MalwareBytes
C:\Program Files\MalwareBytes\Languages
C:\Program Files\MalwareBytes\Languages\belarusian.lng
C:\Program Files\MalwareBytes\Languages\bulgarian.lng
C:\Program Files\MalwareBytes\Languages\chineseSI.lng
C:\Program Files\MalwareBytes\Languages\chineseTR.lng
C:\Program Files\MalwareBytes\Languages\hungarian.lng
C:\Program Files\MalwareBytes\Languages\macedonian.lng
C:\Program Files\MalwareBytes\Languages\norwegian.lng
C:\Program Files\MalwareBytes\Languages\portugueseBR.lng
C:\Program Files\MalwareBytes\Languages\portuguesePT.lng
C:\Program Files\MalwareBytes\Languages\slovenian.lng
C:\Program Files\MalwareBytes\Languages\ukrainian.lng
C:\Program Files\MalwareBytes\mbamservice.exe
C:\Program Files\MalwareBytes\vbalsgrid6.ocx
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Malwarebytes' Anti-Malware\5aHzprLwM.exe
C:\Program Files\Malwarebytes' Anti-Malware\Languages
C:\Program Files\Malwarebytes' Anti-Malware\Languages\belarusian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\macedonian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng
C:\Program Files\Malwarebytes' Anti-Malware\Languages\ukrainian.lng
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
C:\Program Files\Messenger
C:\Program Files\Messenger\custsat.dll
C:\Program Files\Messenger\logowin.gif
C:\Program Files\Messenger\lvback.gif
C:\Program Files\Messenger\msgsc.dll
C:\Program Files\Messenger\msgslang.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Messenger\newalert.wav
C:\Program Files\Messenger\newemail.wav
C:\Program Files\Messenger\online.wav
C:\Program Files\Messenger\type.wav
C:\Program Files\Messenger\xpmsgr.chm
C:\Program Files\microsoft frontpage
C:\Program Files\microsoft frontpage\version3.0
C:\Program Files\microsoft frontpage\version3.0\bin
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Office\Document Themes 12
C:\Program Files\Microsoft Office\Document Themes 12\Apex.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Aspect.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Civic.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Concourse.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Equity.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Flow.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Foundry.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Median.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Metro.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Module.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Opulent.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Oriel.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Origin.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Paper.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Solstice.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Technic.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Colors
C:\Program Files\Microsoft Office\Document Themes 12\Theme Colors\Concourse.xml
C:\Program Files\Microsoft Office\Document Themes 12\Theme Colors\Grayscale.xml
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Apex.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Aspect.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Civic.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Concourse.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Equity.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Flow.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Foundry.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Median.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Metro.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Module.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Opulent.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Oriel.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Origin.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Paper.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Solstice.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Technic.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Trek.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Urban.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Effects\Verve.eftx
C:\Program Files\Microsoft Office\Document Themes 12\Theme Fonts
C:\Program Files\Microsoft Office\Document Themes 12\Theme Fonts\Concourse.xml
C:\Program Files\Microsoft Office\Document Themes 12\Theme Fonts\Office 2.xml
C:\Program Files\Microsoft Office\Document Themes 12\Theme Fonts\Office Classic 2.xml
C:\Program Files\Microsoft Office\Document Themes 12\Theme Fonts\Office Classic.xml
C:\Program Files\Microsoft Office\Document Themes 12\Trek.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Urban.thmx
C:\Program Files\Microsoft Office\Document Themes 12\Verve.thmx
C:\Program Files\Microsoft Office\Stationery
C:\Program Files\Microsoft Office\Stationery\1033
C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF
C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM
C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF
C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM
C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF
C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM
C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF
C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM
C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM
C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG
C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.GIF
C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM
C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.GIF
C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM
C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM
C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.JPG
C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM
C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.JPG
C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.GIF
C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM
C:\Program Files\Microsoft Office\Templates
C:\Program Files\Microsoft Office\Templates\Presentation Designs
C:\Program Files\Microsoft Office\Templates\Presentation Designs\Maple.gif
C:\Program Files\Microsoft Silverlight
C:\Program Files\Microsoft Silverlight\3.0.50106.0
C:\Program Files\Microsoft Silverlight\3.0.50106.0\Microsoft.VisualBasic.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\Silverlight.Configuration.exe
C:\Program Files\Microsoft Silverlight\3.0.50106.0\Silverlight.ConfigurationUI.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\slr.dll.managed_manifest
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.Core.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.Net.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.Runtime.Serialization.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.ServiceModel.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.ServiceModel.Web.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.Windows.Browser.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.Windows.dll
C:\Program Files\Microsoft Silverlight\3.0.50106.0\System.Xml.dll
C:\Program Files\Microsoft Silverlight\sllauncher.exe
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Visual Studio\COMMON
C:\Program Files\Microsoft Visual Studio\COMMON\IDE
C:\Program Files\Microsoft Visual Studio\COMMON\IDE\IDE98
C:\Program Files\Microsoft Visual Studio\COMMON\IDE\IDE98\ASP.TLB
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works\1033
C:\Program Files\Microsoft Works\1033\WkGL90.dll
C:\Program Files\Microsoft Works\1033\WkImgL90.dll
C:\Program Files\Microsoft Works\lfbmp13n.dll
C:\Program Files\Microsoft Works\LFCMP13n.DLL
C:\Program Files\Microsoft Works\lfgif13n.dll
C:\Program Files\Microsoft Works\Lfpng13n.dll
C:\Program Files\Microsoft Works\Lfwmf13n.dll
C:\Program Files\Microsoft Works\LTDIS13n.dll
C:\Program Files\Microsoft Works\ltfil13n.DLL
C:\Program Files\Microsoft Works\ltimg13n.dll
C:\Program Files\Microsoft Works\ltkrn13n.dll
C:\Program Files\Microsoft Works\WkImg90.dll
C:\Program Files\Microsoft Works\WkImgSrv.dll
C:\Program Files\Microsoft Works\WkWat90.dll
C:\Program Files\Microsoft Works\WkWbl90.dll
C:\Program Files\Microsoft.NET
C:\Program Files\Microsoft.NET\Primary Interop Assemblies
C:\Program Files\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll
C:\Program Files\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll
C:\Program Files\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll
C:\Program Files\Modem Diagnostic Tool
C:\Program Files\Modem Diagnostic Tool\DModem.exe.manifest
C:\Program Files\Modem Diagnostic Tool\DModem_Trace.trc
C:\Program Files\Movie Maker
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\Movie Maker\MUI
C:\Program Files\Movie Maker\MUI\0409
C:\Program Files\Movie Maker\MUI\0409\moviemk.chm
C:\Program Files\Movie Maker\Shared
C:\Program Files\Movie Maker\Shared\Empty.txt
C:\Program Files\Movie Maker\Shared\Filters.xml
C:\Program Files\Movie Maker\Shared\news.png
C:\Program Files\Movie Maker\Shared\paint.png
C:\Program Files\Movie Maker\Shared\Profiles
C:\Program Files\Movie Maker\Shared\Profiles\Blank.txt
C:\Program Files\Movie Maker\Shared\Sample1.jpg
C:\Program Files\Movie Maker\Shared\Sample2.jpg
C:\Program Files\Movie Maker\wmm2ae.dll
C:\Program Files\Movie Maker\wmm2eres.dll
C:\Program Files\Movie Maker\wmm2ext.dll
C:\Program Files\Movie Maker\wmm2filt.dll
C:\Program Files\Movie Maker\wmm2fxa.dll
C:\Program Files\Movie Maker\wmm2fxb.dll
C:\Program Files\Movie Maker\wmm2res.dll
C:\Program Files\Movie Maker\wmm2res2.dll
C:\Program Files\Mozilla Firefox
C:\Program Files\Mozilla Firefox\.autoreg
C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
C:\Program Files\Mozilla Firefox\application.ini
C:\Program Files\Mozilla Firefox\blocklist.xml
C:\Program Files\Mozilla Firefox\browserconfig.properties
C:\Program Files\Mozilla Firefox\components
C:\Program Files\Mozilla Firefox\components\aboutCertError.js
C:\Program Files\Mozilla Firefox\components\aboutPrivateBrowsing.js
C:\Program Files\Mozilla Firefox\components\aboutRights.js
C:\Program Files\Mozilla Firefox\components\aboutRobots.js
C:\Program Files\Mozilla Firefox\components\aboutSessionRestore.js
C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
C:\Program Files\Mozilla Firefox\components\FeedConverter.js
C:\Program Files\Mozilla Firefox\components\FeedProcessor.js
C:\Program Files\Mozilla Firefox\components\FeedWriter.js
C:\Program Files\Mozilla Firefox\components\fuelApplication.js
C:\Program Files\Mozilla Firefox\components\jsconsole-clhandler.js
C:\Program Files\Mozilla Firefox\components\NetworkGeolocationProvider.js
C:\Program Files\Mozilla Firefox\components\nsAddonRepository.js
C:\Program Files\Mozilla Firefox\components\nsBadCertHandler.js
C:\Program Files\Mozilla Firefox\components\nsBlocklistService.js
C:\Program Files\Mozilla Firefox\components\nsBrowserContentHandler.js
C:\Program Files\Mozilla Firefox\components\nsBrowserGlue.js
C:\Program Files\Mozilla Firefox\components\nsContentDispatchChooser.js
C:\Program Files\Mozilla Firefox\components\nsContentPrefService.js
C:\Program Files\Mozilla Firefox\components\nsDefaultCLH.js
C:\Program Files\Mozilla Firefox\components\nsDownloadManagerUI.js
C:\Program Files\Mozilla Firefox\components\nsExtensionManager.js
C:\Program Files\Mozilla Firefox\components\nsHandlerService.js
C:\Program Files\Mozilla Firefox\components\nsHelperAppDlg.js
C:\Program Files\Mozilla Firefox\components\nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\components\nsLivemarkService.js
C:\Program Files\Mozilla Firefox\components\nsLoginInfo.js
C:\Program Files\Mozilla Firefox\components\nsLoginManager.js
C:\Program Files\Mozilla Firefox\components\nsLoginManagerPrompter.js
C:\Program Files\Mozilla Firefox\components\nsMicrosummaryService.js
C:\Program Files\Mozilla Firefox\components\nsPlacesDBFlush.js
C:\Program Files\Mozilla Firefox\components\nsPlacesTransactionsService.js
C:\Program Files\Mozilla Firefox\components\nsPostUpdateWin.js
C:\Program Files\Mozilla Firefox\components\nsPrivateBrowsingService.js
C:\Program Files\Mozilla Firefox\components\nsProxyAutoConfig.js
C:\Program Files\Mozilla Firefox\components\nsSafebrowsingApplication.js
C:\Program Files\Mozilla Firefox\components\nsSearchService.js
C:\Program Files\Mozilla Firefox\components\nsSearchSuggestions.js
C:\Program Files\Mozilla Firefox\components\nsSessionStartup.js
C:\Program Files\Mozilla Firefox\components\nsSessionStore.js
C:\Program Files\Mozilla Firefox\components\nsSetDefaultBrowser.js
C:\Program Files\Mozilla Firefox\components\nsSidebar.js
C:\Program Files\Mozilla Firefox\components\nsTaggingService.js
C:\Program Files\Mozilla Firefox\components\nsTryToClose.js
C:\Program Files\Mozilla Firefox\components\nsUpdateService.js
C:\Program Files\Mozilla Firefox\components\nsUrlClassifierLib.js
C:\Program Files\Mozilla Firefox\components\nsUrlClassifierListManager.js
C:\Program Files\Mozilla Firefox\components\nsURLFormatter.js
C:\Program Files\Mozilla Firefox\components\nsWebHandlerApp.js
C:\Program Files\Mozilla Firefox\components\pluginGlue.js
C:\Program Files\Mozilla Firefox\components\storage-Legacy.js
C:\Program Files\Mozilla Firefox\components\storage-mozStorage.js
C:\Program Files\Mozilla Firefox\components\txEXSLTRegExFunctions.js
C:\Program Files\Mozilla Firefox\components\WebContentConverter.js
C:\Program Files\Mozilla Firefox\crashreporter-override.ini
C:\Program Files\Mozilla Firefox\crashreporter.exe
C:\Program Files\Mozilla Firefox\crashreporter.ini
C:\Program Files\Mozilla Firefox\dictionaries
C:\Program Files\Mozilla Firefox\dictionaries\en-US.aff
C:\Program Files\Mozilla Firefox\dictionaries\en-US.dic
C:\Program Files\Mozilla Firefox\extensions
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\chrome.manifest
C:\Program Files\Mozilla Firefox\old-homepage-default.properties
C:\Program Files\Mozilla Firefox\removed-files
C:\Program Files\Mozilla Firefox\searchplugins
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
C:\Program Files\Mozilla Firefox\uninstall
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini
C:\Program Files\Mozilla Firefox\uninstall\uninstall.log
C:\Program Files\Mozilla Firefox\uninstall\uninstall.update
C:\Program Files\Mozilla Firefox\update.locale

SCHC · « **Reply #36 on:** March 14, 2010, 04:33:55 PM »

N Gaming Zone

C:\Program Files\MSN Gaming Zone\Windows
C:\Program Files\MSN Gaming Zone\Windows\bckg.dll
C:\Program Files\MSN Gaming Zone\Windows\bckgres.dll
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
C:\Program Files\MSN Gaming Zone\Windows\chkr.dll
C:\Program Files\MSN Gaming Zone\Windows\chkrres.dll
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
C:\Program Files\MSN Gaming Zone\Windows\Cmnclim.dll
C:\Program Files\MSN Gaming Zone\Windows\Cmnresm.dll
C:\Program Files\MSN Gaming Zone\Windows\hrtz.dll
C:\Program Files\MSN Gaming Zone\Windows\Hrtzres.dll
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
C:\Program Files\MSN Gaming Zone\Windows\rvse.dll
C:\Program Files\MSN Gaming Zone\Windows\Rvseres.dll
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
C:\Program Files\MSN Gaming Zone\Windows\shvl.dll
C:\Program Files\MSN Gaming Zone\Windows\Shvlres.dll
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
C:\Program Files\MSN Gaming Zone\Windows\UniAnsi.dll
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe
C:\Program Files\MSN Gaming Zone\Windows\ZCorem.dll
C:\Program Files\MSN Gaming Zone\Windows\zeeverm.dll
C:\Program Files\MSN Gaming Zone\Windows\ZNetM.dll
C:\Program Files\MSN Gaming Zone\Windows\zoneclim.dll
C:\Program Files\MSN Gaming Zone\Windows\zonelibM.dll
C:\Program Files\MSXML 6.0
C:\Program Files\MSXML 6.0\EULA
C:\Program Files\MSXML 6.0\EULA\License_MSXML6_ENU.txt
C:\Program Files\NetMeeting
C:\Program Files\NetMeeting\Blip.wav
C:\Program Files\NetMeeting\callcont.dll
C:\Program Files\NetMeeting\cb32.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\NetMeeting\confmrsl.dll
C:\Program Files\NetMeeting\dcap32.dll
C:\Program Files\NetMeeting\h323cc.dll
C:\Program Files\NetMeeting\mst120.dll
C:\Program Files\NetMeeting\mst123.dll
C:\Program Files\NetMeeting\nac.dll
C:\Program Files\NetMeeting\netmeet.htm
C:\Program Files\NetMeeting\nmas.dll
C:\Program Files\NetMeeting\nmasnt.dll
C:\Program Files\NetMeeting\nmchat.dll
C:\Program Files\NetMeeting\nmcom.dll
C:\Program Files\NetMeeting\nmft.dll
C:\Program Files\NetMeeting\nmoldwb.dll
C:\Program Files\NetMeeting\nmwb.dll
C:\Program Files\NetMeeting\rrcm.dll
C:\Program Files\NetMeeting\TestSnd.wav
C:\Program Files\NetMeeting\wb32.exe
C:\Program Files\NetWaiting
C:\Program Files\NetWaiting\NetWaiting.exe
C:\Program Files\Online Services
C:\Program Files\Online Services\Refer me to more Internet Service Providers.lnk
C:\Program Files\Online Services\Use MSN Explorer to sign up for Internet Access (US only).lnk
C:\Program Files\Outlook Express
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Outlook Express\msoe.dll
C:\Program Files\Outlook Express\msoe.txt
C:\Program Files\Outlook Express\msoeres.dll
C:\Program Files\Outlook Express\oeimport.dll
C:\Program Files\Outlook Express\oemig50.exe
C:\Program Files\Outlook Express\oemiglib.dll
C:\Program Files\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\wab.exe
C:\Program Files\Outlook Express\wabfind.dll
C:\Program Files\Outlook Express\wabimp.dll
C:\Program Files\Outlook Express\wabmig.exe
C:\Program Files\PartyGaming.Net
C:\Program Files\PartyGaming.Net\PartyGamingNet.exe
C:\Program Files\PartyGaming.Net\PartyPokerNet
C:\Program Files\PartyGaming.Net\PartyPokerNet\cards_dealing.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\cards_sliding.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\chips_sliding.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\firework3.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\mouse_move.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\NewSounds
C:\Program Files\PartyGaming.Net\PartyPokerNet\NewSounds\chips_moving.WAV
C:\Program Files\PartyGaming.Net\PartyPokerNet\NewSounds\Click_Alert.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\NewSounds\firework3.wav
C:\Program Files\PartyGaming.Net\PartyPokerNet\NewSounds\OptionsClick.WAV
C:\Program Files\PartyGaming.Net\PartyPokerNet\NewSounds\OptionSet.WAV
C:\Program Files\PartyGaming.Net\PartyPokerNet\PartyPokerNet.dll
C:\Program Files\PartyGaming.Net\PartyPokerNet\pf_horsehead717_c-o-i.txt
C:\Program Files\PartyGaming.Net\PartyPokerNet\pf_horsehead717_pst_flts.txt
C:\Program Files\PartyGaming.Net\PartyPokerNet\ppunistall.bat
C:\Program Files\PartyGaming.Net\PartyPokerNet\TabConfig.txt
C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe
C:\Program Files\PartyGaming.Net\PartyPokerNet\WatchList.txt
C:\Program Files\QuickTime
C:\Program Files\QuickTime\PictureViewer.exe
C:\Program Files\QuickTime\PictureViewer.Resources
C:\Program Files\QuickTime\PictureViewer.Resources\da.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\de.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\es.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\fi.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\fr.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\it.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\ja.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\ko.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\nb.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\nl.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.dll
C:\Program Files\QuickTime\PictureViewer.Resources\PictureViewer.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\pl.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\pl.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\pl.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\pt_PT.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\ru.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\sv.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\zh_CN.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PictureViewer.Resources\zh_TW.lproj
C:\Program Files\QuickTime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.dll
C:\Program Files\QuickTime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels
C:\Program Files\QuickTime\PropertyPanels\annoanno.pdef
C:\Program Files\QuickTime\PropertyPanels\moovaudi.pdef
C:\Program Files\QuickTime\PropertyPanels\moovpres.pdef
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.qpa
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\da.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\de.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\es.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fi.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ja.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ko.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nb.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ru.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ru.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\sv.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj
C:\Program Files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropertyPanels.plist
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.qpa
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\da.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\de.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\es.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\it.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj
C:\Program Files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
C:\Program Files\QuickTime\PropertyPanels\rsrcrsrc.pdef
C:\Program Files\QuickTime\PropertyPanels\trakaudi.pdef
C:\Program Files\QuickTime\PropertyPanels\trakhint.pdef
C:\Program Files\QuickTime\PropertyPanels\trakothr.pdef
C:\Program Files\QuickTime\PropertyPanels\trakstrm.pdef
C:\Program Files\QuickTime\PropertyPanels\trakvisl.pdef
C:\Program Files\QuickTime\QTComponents
C:\Program Files\QuickTime\QTOControl.dll
C:\Program Files\QuickTime\QTOLibrary.dll
C:\Program Files\QuickTime\QTUIPanelControl.dll
C:\Program Files\QuickTime\QuickTime Read Me.htm
C:\Program Files\QuickTime\QuickTimePlayer.dll
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\QuickTime\QuickTimePlayer.Resources
C:\Program Files\QuickTime\QuickTimePlayer.Resources\da.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\da.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\de.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\de.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\en.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\en.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\es.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\es.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\fi.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\fi.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\fr.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\fr.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\it.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\it.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\ja.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\ja.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\ko.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\ko.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\nb.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\nb.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\nl.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\nl.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\pl.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\pl.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\QuickTimePlayer.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\ru.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\ru.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\sv.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\sv.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj
C:\Program Files\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimePlayerLocalized.qtr
C:\Program Files\QuickTime\Sample.qtif
C:\Program Files\Second Sight Software
C:\Program Files\SecureW2_2kXP.exe
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Spybot - Search & Destroy\DASEGFUHNP.scr
C:\Program Files\Spybot - Search & Destroy\Default configuration.ini
C:\Program Files\Spybot - Search & Destroy\DelZip179.dll
C:\Program Files\Spybot - Search & Destroy\EKNGWBIPJGKVM.scr
C:\Program Files\Spybot - Search & Destroy\JUXDCPELRGADOGBTU.scr
C:\Program Files\Spybot - Search & Destroy\Languages
C:\Program Files\Spybot - Search & Destroy\Languages\Afrikaans.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Bulgarski.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Esperanto.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Makedonski.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Nederlands.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Portugues.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Romaneste.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Slovenscina.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Slovensky.sbl
C:\Program Files\Spybot - Search & Destroy\Languages\Ukrainian.sbl
C:\Program Files\Spybot - Search & Destroy\messages.zres
C:\Program Files\Spybot - Search & Destroy\OWECVACQBEV.scr
C:\Program Files\Spybot - Search & Destroy\QYUYPZTRMEJCMVM.scr
C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe
C:\Program Files\SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\PROCESSLIST.DB
C:\Program Files\SUPERAntiSpyware\PROCESSLISTRELATED.DB
C:\Program Files\SUPERAntiSpyware\SASREPAIRS.STG
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics
C:\Program Files\Synaptics\SynTP
C:\Program Files\Synaptics\SynTP\DellTpad.exe
C:\Program Files\Synaptics\SynTP\DellTpad.exe.manifest
C:\Program Files\Synaptics\SynTP\DellTpad.rtf
C:\Program Files\Synaptics\SynTP\InstNT.exe
C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
C:\Program Files\Synaptics\SynTP\SynISDLL.dll
C:\Program Files\Synaptics\SynTP\SynMood.exe
C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPRes.dll
C:\Program Files\Synaptics\SynTP\SynUnst.ini
C:\Program Files\Synaptics\SynTP\SynZMetr.exe
C:\Program Files\Synaptics\SynTP\Tutorial.exe
C:\Program Files\Tall Emu
C:\Program Files\Tall Emu\Online Armor
C:\Program Files\Tall Emu\Online Armor\fwdata.dat.bak
C:\Program Files\Tall Emu\Online Armor\oacached.dat.bak
C:\Program Files\Tall Emu\Online Armor\reference.dat
C:\Program Files\Tall Emu\Online Armor\server.dat.bak
C:\Program Files\Tall Emu\Online Armor\taskman.dat.bak
C:\Program Files\Uninstall Information
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\vlc-0.8.6h-win32.exe
C:\Program Files\Windows Defender
C:\Program Files\Windows Defender\LegitLib.dll
C:\Program Files\Windows Defender\MpAsDesc.dll
C:\Program Files\Windows Defender\MpClient.dll
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\mpevmsg.dll
C:\Program Files\Windows Defender\MpOAv.dll
C:\Program Files\Windows Defender\MpRtMon.dll
C:\Program Files\Windows Defender\MpRtPlug.dll
C:\Program Files\Windows Defender\MpShHook.dll
C:\Program Files\Windows Defender\MpSigDwn.dll
C:\Program Files\Windows Defender\MpSoftEx.dll
C:\Program Files\Windows Defender\MpSvc.dll
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpCom.dll
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpLics.dll
C:\Program Files\Windows Defender\MsMpRes.dll
C:\Program Files\Windows Defender\wgadef.chm
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Safety Center\scnAVengine.inf
C:\Program Files\Windows Live Safety Center\wlscBaseUI.inf
C:\Program Files\Windows Live Safety Center\wlscUploader.exe
C:\Program Files\Windows Media Player
C:\Program Files\Windows Media Player\Sample Playlists
C:\Program Files\Windows Media Player\Visualizations
C:\Program Files\Windows NT
C:\Program Files\Windows NT\Accessories
C:\Program Files\Windows NT\Accessories\mswrd6.wpc
C:\Program Files\Windows NT\Accessories\mswrd8.wpc
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Accessories\write.wpc
C:\Program Files\WindowsUpdate
C:\System Volume Information
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\drivetable.txt
C:\WindowsDefender.msi

22:17:35 - Performing check: "Alternate Data Streams":
This check can take some time depending on your harddisk size. You can interrupt it with the ESC key.

0 streams found.
22:17:35 - Performing check: "Hidden Registry entries":
--------------------[HKEY_LOCAL_MACHINE\HARDWARE ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SAM ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SAM\SAM: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SECURITY ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SECURITY: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SOFTWARE ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Remote Desktop\Pending Help Session: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_LOCAL_MACHINE\SYSTEM ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\EncryptedDirectories: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MRxDAV\EncryptedDirectories: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}\Properties: Access is denied.

[-] Unable to open key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MRxDAV\EncryptedDirectories: Access is denied.

DONE.

SCHC · « **Reply #37 on:** March 14, 2010, 04:34:45 PM »

-------------------------------------------------------------------------------

--------------------[HKEY_USERS\.DEFAULT ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider\S-1-5-18: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-19 ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_USERS\S-1-5-19\Software\Microsoft\Protected Storage System Provider\S-1-5-19: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-19_Classes ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-20 ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_USERS\S-1-5-20\Software\Microsoft\Protected Storage System Provider\S-1-5-20: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-20_Classes ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Protected Storage System Provider\S-1-5-21-528782599-2496388250-353526557-1006: Access is denied.

DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006_Classes]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.htm

[REG_SZ] (Standard)
FirefoxHTML

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.html

[REG_SZ] (Standard)
FirefoxHTML

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.kml

[REG_SZ] (Standard)
   Google Earth.kmlfile
[.] Found hidden value:
   [REG_SZ] Content Type
   application/vnd.google-earth.kml+xml

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.kml\Google Earth.kmlfile
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.kml\Google Earth.kmlfile\ShellNew
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.kmz

[REG_SZ] (Standard)
   Google Earth.kmzfile
[.] Found hidden value:
   [REG_SZ] Content Type
   application/vnd.google-earth.kmz

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.kmz\Google Earth.kmzfile
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.kmz\Google Earth.kmzfile\ShellNew
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.shtml

[REG_SZ] (Standard)
FirefoxHTML

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.xht

[REG_SZ] (Standard)
FirefoxHTML

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\.xhtml

[REG_SZ] (Standard)
FirefoxHTML

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\googleearth.exe

[REG_SZ] (Standard)
   00000000
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\Keyhole.EXE

[REG_SZ] (Standard)
   00000000
[.] Found hidden value:
   [REG_SZ] AppID
   {7E7898C9-8E34-4314-9670-771BC5343D0E}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\{46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

[REG_SZ] (Standard)
GoogleEarth

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\{7E7898C9-8E34-4314-9670-771BC5343D0E}

[REG_SZ] (Standard)
Keyhole

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}

[REG_SZ] (Standard)
QSP2IE_Dep.QSP2IE_Dep

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\{e473a65c-8087-49a3-affd-c5bc4a10669b}

[REG_SZ] (Standard)
QSP2IEVer_Dep.QSP2IEVer_Dep

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}

[REG_SZ] (Standard)
QSP2IE.QSP2IE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\AppID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}

[REG_SZ] (Standard)
QSP2IEVer.QSP2IEVer

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Applications
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Applications\SofTest.exe
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Applications\SofTest.exe\shell
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Applications\SofTest.exe\shell\open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Applications\SofTest.exe\shell\open\command

[REG_SZ] (Standard)
"C:\Program Files\ExamSoft\SofTest\SofTest.exe" "%1"

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{998FA181-D5BB-4548-9CB6-7FC105A0A327}

[REG_SZ] CLSID
   {998FA181-D5BB-4548-9CB6-7FC105A0A327}
[.] Found hidden value:
   [REG_BINARY] FilterData
   02 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 ... ...........
[.] Found hidden value:
   [REG_SZ] FriendlyName
   WAV Dest

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}

[REG_SZ] (Standard)
   PointOnTerrainGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\ProgID

[REG_SZ] (Standard)
GoogleEarth.PointOnTerrainGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1796A329-04C1-4C07-B28E-E4A807935C06}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.PointOnTerrainGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}

[REG_SZ] (Standard)
   AnimationControllerGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\ProgID

[REG_SZ] (Standard)
GoogleEarth.AnimationControllerGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.AnimationControllerGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}

[REG_SZ] (Standard)
   TimeGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\ProgID

[REG_SZ] (Standard)
GoogleEarth.TimeGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.TimeGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}

[REG_SZ] (Standard)
   TimeIntervalGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\ProgID

[REG_SZ] (Standard)
GoogleEarth.TimeIntervalGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.TimeIntervalGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}

[REG_SZ] (Standard)
   KHViewExtents Class
[.] Found hidden value:
   [REG_SZ] AppID
   {7E7898C9-8E34-4314-9670-771BC5343D0E}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\ProgID

[REG_SZ] (Standard)
Keyhole.KHViewExtents.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}\VersionIndependentProgID

[REG_SZ] (Standard)
Keyhole.KHViewExtents

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}

[REG_SZ] (Standard)
   CameraInfoGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\ProgID

[REG_SZ] (Standard)
GoogleEarth.CameraInfoGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.CameraInfoGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}

[REG_SZ] (Standard)
   TourControllerGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\ProgID

[REG_SZ] (Standard)
GoogleEarth.TourControllerGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{77C4C807-E257-43AD-BB3F-7CA88760BD29}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.TourControllerGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}

[REG_SZ] (Standard)
   ApplicationGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\ProgID

[REG_SZ] (Standard)
GoogleEarth.ApplicationGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.ApplicationGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}

[REG_SZ] (Standard)
   FeatureCollectionGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\ProgID

[REG_SZ] (Standard)
GoogleEarth.FeatureCollectionGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{9059C329-4661-49B2-9984-8753C45DB7B9}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.FeatureCollectionGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}

[REG_SZ] (Standard)
Audio Destination

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{998FA181-D5BB-4548-9CB6-7FC105A0A327}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Google\Google Earth\wavdest.ax
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Both

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}

[REG_SZ] (Standard)
   KHViewInfo Class
[.] Found hidden value:
   [REG_SZ] AppID
   {7E7898C9-8E34-4314-9670-771BC5343D0E}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\ProgID

[REG_SZ] (Standard)
Keyhole.KHViewInfo.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}\VersionIndependentProgID

[REG_SZ] (Standard)
Keyhole.KHViewInfo

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}

[REG_SZ] (Standard)
   SearchControllerGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\ProgID

[REG_SZ] (Standard)
GoogleEarth.SearchControllerGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{A4F65992-5738-475B-9C16-CF102BCDE153}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.SearchControllerGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}

[REG_SZ] (Standard)
   KHInterface Class
[.] Found hidden value:
   [REG_SZ] AppID
   {7E7898C9-8E34-4314-9670-771BC5343D0E}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\ProgID

[REG_SZ] (Standard)
Keyhole.KHInterface.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}\VersionIndependentProgID

[REG_SZ] (Standard)
Keyhole.KHInterface

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}

[REG_SZ] (Standard)
   KHFeature Class
[.] Found hidden value:
   [REG_SZ] AppID
   {7E7898C9-8E34-4314-9670-771BC5343D0E}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\ProgID

[REG_SZ] (Standard)
Keyhole.KHFeature.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{B153D707-447A-4538-913E-6146B3FDEE02}\VersionIndependentProgID

[REG_SZ] (Standard)
Keyhole.KHFeature

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

[REG_SZ] (Standard)

SCHC · « **Reply #38 on:** March 14, 2010, 04:38:08 PM »

Java Plug-in 1.3.1_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.3.1_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.1_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_14

SCHC · « **Reply #39 on:** March 14, 2010, 04:39:01 PM »

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32

SCHC · « **Reply #40 on:** March 14, 2010, 04:39:58 PM »

   [REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.4.2_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.4.2

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
C:\Program Files\Java\jre6\bin\jp2iexp.dll

SCHC · « **Reply #41 on:** March 14, 2010, 04:40:46 PM »

[.] Found hidden value:
[REG_SZ] ThreadingModel
Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
C:\Program Files\Java\jre6\bin\jp2iexp.dll

SCHC · « **Reply #42 on:** March 14, 2010, 04:41:42 PM »

[.] Found hidden value:
[REG_SZ] ThreadingModel
Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_19

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_20

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_22

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_23

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_26

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_27

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_28

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_29

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.5.0_30

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.5.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_01

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_03

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_04

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_05

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_06

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_07

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_08

SCHC · « **Reply #43 on:** March 14, 2010, 04:42:31 PM »

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_08

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_09

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_13

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_14

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

[REG_SZ] (Standard)
Java Plug-in 1.6.0_18

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}

[REG_SZ] (Standard)
Java Plug-in 1.6.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}

[REG_SZ] (Standard)
   FeatureGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\ProgID

[REG_SZ] (Standard)
GoogleEarth.FeatureGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{CBD4FB70-F00B-4963-B249-4B056E6A981A}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.FeatureGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}

[REG_SZ] (Standard)
   ViewExtentsGE Class
[.] Found hidden value:
   [REG_SZ] AppID
   {46A99B9C-4AC8-4EE9-AF7D-D02816CEC314}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\LocalServer32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\ProgID

[REG_SZ] (Standard)
GoogleEarth.ViewExtentsGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\TypeLib

[REG_SZ] (Standard)
{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}\VersionIndependentProgID

[REG_SZ] (Standard)
GoogleEarth.ViewExtentsGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

[REG_SZ] (Standard)
Java Plug-in 1.3.0_02

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Java\jre6\bin\jp2iexp.dll
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Control

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Implemented Categories
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32

[REG_SZ] (Standard)
   "C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll"
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InstalledVersion

[REG_SZ] (Standard)
   0715,03,0000,010
[.] Found hidden value:
   [REG_SZ] path
   C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InstalledVersionComparable

[REG_SZ] (Standard)
071503000010

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\MiscStatus

[REG_SZ] (Standard)
00000030

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\MiscStatus\1

[REG_SZ] (Standard)
131473

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\ProgID

[REG_SZ] (Standard)
QSP2IE_Dep.QSP2IE_Dep.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\TypeLib

[REG_SZ] (Standard)
{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\Version

[REG_SZ] (Standard)
00000031

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\VersionIndependentProgID

[REG_SZ] (Standard)
QSP2IE_Dep.QSP2IE_Dep

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Control

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Implemented Categories
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32

[REG_SZ] (Standard)
   "C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll"
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InstalledVersion

[REG_SZ] (Standard)
   0715,03,0000,010
[.] Found hidden value:
   [REG_SZ] path
   C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InstalledVersionComparable

[REG_SZ] (Standard)
071503000010

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\MiscStatus

[REG_SZ] (Standard)
00000030

SCHC · « **Reply #44 on:** March 14, 2010, 04:43:23 PM »

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\MiscStatus\1

[REG_SZ] (Standard)
131473

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\ProgID

[REG_SZ] (Standard)
QSP2IEVer_Dep.QSP2IEVer_Dep.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\TypeLib

[REG_SZ] (Standard)
{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\Version

[REG_SZ] (Standard)
00000031

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\VersionIndependentProgID

[REG_SZ] (Standard)
QSP2IEVer_Dep.QSP2IEVer_Dep

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}

[REG_SZ] (Standard)
PSFactoryBuffer

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{F4F7B301-7C59-4851-BA97-C51F110B590F}\InprocServer32

[REG_SZ] (Standard)
   C:\Program Files\Google\Google Earth\earthps.dll
[.] Found hidden value:
   [REG_MULTI_SZ] InprocServer32
   !($3C[r+h(@OXeAuL9vH>rzD}Op*HP@xo*UwI'=!aäÜ
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Both

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\Control

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\Implemented Categories
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32

[REG_SZ] (Standard)
   "C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll"
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InstalledVersion

[REG_SZ] (Standard)
   0715,03,0000,010
[.] Found hidden value:
   [REG_SZ] path
   C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InstalledVersionComparable

[REG_SZ] (Standard)
071503000010

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\MiscStatus

[REG_SZ] (Standard)
00000030

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\MiscStatus\1

[REG_SZ] (Standard)
131473

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\ProgID

[REG_SZ] (Standard)
QSP2IE.QSP2IE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\TypeLib

[REG_SZ] (Standard)
{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\Version

[REG_SZ] (Standard)
00000031

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\VersionIndependentProgID

[REG_SZ] (Standard)
QSP2IE.QSP2IE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\Control

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\Implemented Categories
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32

[REG_SZ] (Standard)
   "C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll"
[.] Found hidden value:
   [REG_SZ] ThreadingModel
   Apartment

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InstalledVersion

[REG_SZ] (Standard)
   0715,03,0000,010
[.] Found hidden value:
   [REG_SZ] path
   C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InstalledVersionComparable

[REG_SZ] (Standard)
071503000010

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\MiscStatus

[REG_SZ] (Standard)
00000030

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\MiscStatus\1

[REG_SZ] (Standard)
131473

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\ProgID

[REG_SZ] (Standard)
QSP2IEVer.QSP2IEVer.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\Programmable

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\TypeLib

[REG_SZ] (Standard)
{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\Version

[REG_SZ] (Standard)
00000031

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\VersionIndependentProgID

[REG_SZ] (Standard)
QSP2IEVer.QSP2IEVer

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML

[REG_SZ] (Standard)
   Firefox Document
[.] Found hidden value:
   [REG_SZ] FriendlyTypeName
   Firefox Document

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Mozilla Firefox\firefox.exe,1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\shell
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\shell\open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\shell\open\command

[REG_SZ] (Standard)
"C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\shell\open\ddeexec

[REG_SZ] (Standard)
   "%1",,0,0,,,,
[.] Found hidden value:
   [REG_SZ] NoActivateHandler
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\shell\open\ddeexec\Application

[REG_SZ] (Standard)
Firefox

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxHTML\shell\open\ddeexec\Topic

[REG_SZ] (Standard)
WWW_OpenURL

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL

[REG_SZ] (Standard)
   Firefox URL
[.] Found hidden value:
   [REG_DWORD] EditFlags
   00000002
[.] Found hidden value:
   [REG_SZ] FriendlyTypeName
   Firefox URL
[.] Found hidden value:
   [REG_SZ] URL Protocol
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Mozilla Firefox\firefox.exe,1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\shell
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\shell\open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\shell\open\command

[REG_SZ] (Standard)
"C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\shell\open\ddeexec

[REG_SZ] (Standard)
   "%1",,0,0,,,,
[.] Found hidden value:
   [REG_SZ] NoActivateHandler
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\shell\open\ddeexec\Application

[REG_SZ] (Standard)
Firefox

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\FirefoxURL\shell\open\ddeexec\Topic

[REG_SZ] (Standard)
WWW_OpenURL

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp

[REG_SZ] (Standard)
   URL:File Transfer Protocol
[.] Found hidden value:
   [REG_DWORD] EditFlags
   00000002
[.] Found hidden value:
   [REG_SZ] FriendlyTypeName
   @ieframe.dll,-905
[.] Found hidden value:
   [REG_SZ] URL Protocol
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Mozilla Firefox\firefox.exe,1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\shell

[REG_SZ] (Standard)
open

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\shell\open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\shell\open\command

[REG_SZ] (Standard)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\shell\open\ddeexec

[REG_SZ] (Standard)
   "%1",,0,0,,,,
[.] Found hidden value:
   [REG_SZ] NoActivateHandler
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\shell\open\ddeexec\Application
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\ftp\shell\open\ddeexec\Topic

[REG_SZ] (Standard)
WWW_OpenURL

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmlfile
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmlfile\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\kml_file.ico

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmlfile\shell
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmlfile\shell\Open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmlfile\shell\Open\command

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe "%1"

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmzfile
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmzfile\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\kmz_file.ico

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmzfile\shell
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmzfile\shell\Open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Google Earth.kmzfile\shell\Open\command

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe "%1"

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.AnimationControllerGE

[REG_SZ] (Standard)
AnimationControllerGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.AnimationControllerGE\CLSID

[REG_SZ] (Standard)
{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.AnimationControllerGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.AnimationControllerGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.AnimationControllerGE.1

[REG_SZ] (Standard)
AnimationControllerGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.AnimationControllerGE.1\CLSID

[REG_SZ] (Standard)
{1A239250-B650-4B63-B4CF-7FCC4DC07DC6}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ApplicationGE

[REG_SZ] (Standard)
ApplicationGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ApplicationGE\CLSID

[REG_SZ] (Standard)
{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ApplicationGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.ApplicationGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ApplicationGE.1

[REG_SZ] (Standard)
ApplicationGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ApplicationGE.1\CLSID

[REG_SZ] (Standard)
{8097D7E9-DB9E-4AEF-9B28-61D82A1DF784}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.CameraInfoGE

[REG_SZ] (Standard)
CameraInfoGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.CameraInfoGE\CLSID

[REG_SZ] (Standard)
{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.CameraInfoGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.CameraInfoGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.CameraInfoGE.1

[REG_SZ] (Standard)
CameraInfoGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.CameraInfoGE.1\CLSID

[REG_SZ] (Standard)
{645EEE5A-BD51-4C05-A6AF-6F2CF8950AAB}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureCollectionGE

[REG_SZ] (Standard)
FeatureCollectionGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureCollectionGE\CLSID

[REG_SZ] (Standard)
{9059C329-4661-49B2-9984-8753C45DB7B9}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureCollectionGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.FeatureCollectionGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureCollectionGE.1

[REG_SZ] (Standard)
FeatureCollection Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureCollectionGE.1\CLSID

[REG_SZ] (Standard)
{9059C329-4661-49B2-9984-8753C45DB7B9}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureGE

[REG_SZ] (Standard)
FeatureGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureGE\CLSID

[REG_SZ] (Standard)
{CBD4FB70-F00B-4963-B249-4B056E6A981A}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.FeatureGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureGE.1

[REG_SZ] (Standard)
FeatureGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.FeatureGE.1\CLSID

[REG_SZ] (Standard)
{CBD4FB70-F00B-4963-B249-4B056E6A981A}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.PointOnTerrainGE

[REG_SZ] (Standard)
PointOnTerrainGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.PointOnTerrainGE\CLSID

[REG_SZ] (Standard)
{1796A329-04C1-4C07-B28E-E4A807935C06}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.PointOnTerrainGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.PointOnTerrainGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.PointOnTerrainGE.1

[REG_SZ] (Standard)
PointOnTerrainGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.PointOnTerrainGE.1\CLSID

[REG_SZ] (Standard)
{1796A329-04C1-4C07-B28E-E4A807935C06}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.SearchControllerGE

[REG_SZ] (Standard)
SearchControllerGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.SearchControllerGE\CLSID

[REG_SZ] (Standard)
{A4F65992-5738-475B-9C16-CF102BCDE153}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.SearchControllerGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.SearchControllerGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.SearchControllerGE.1

[REG_SZ] (Standard)
SearchControllerGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.SearchControllerGE.1\CLSID

[REG_SZ] (Standard)
{A4F65992-5738-475B-9C16-CF102BCDE153}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeGE

[REG_SZ] (Standard)
TimeGE Class

SCHC · « **Reply #45 on:** March 14, 2010, 04:44:10 PM »

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeGE\CLSID

[REG_SZ] (Standard)
{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.TimeGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeGE.1

[REG_SZ] (Standard)
TimeGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeGE.1\CLSID

[REG_SZ] (Standard)
{1AEDB68D-18A7-4CA9-B41B-3CE7E59FAB24}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeIntervalGE

[REG_SZ] (Standard)
TimeIntervalGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeIntervalGE\CLSID

[REG_SZ] (Standard)
{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeIntervalGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.TimeIntervalGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeIntervalGE.1

[REG_SZ] (Standard)
TimeIntervalGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TimeIntervalGE.1\CLSID

[REG_SZ] (Standard)
{42DF0D46-7D49-4AE5-8EF6-9CA6E41EFEC1}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TourControllerGE

[REG_SZ] (Standard)
TourControllerGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TourControllerGE\CLSID

[REG_SZ] (Standard)
{77C4C807-E257-43AD-BB3F-7CA88760BD29}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TourControllerGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.TourControllerGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TourControllerGE.1

[REG_SZ] (Standard)
TourControllerGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.TourControllerGE.1\CLSID

[REG_SZ] (Standard)
{77C4C807-E257-43AD-BB3F-7CA88760BD29}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ViewExtentsGE

[REG_SZ] (Standard)
ViewExtentsGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ViewExtentsGE\CLSID

[REG_SZ] (Standard)
{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ViewExtentsGE\CurVer

[REG_SZ] (Standard)
GoogleEarth.ViewExtentsGE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ViewExtentsGE.1

[REG_SZ] (Standard)
ViewExtentsGE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\GoogleEarth.ViewExtentsGE.1\CLSID

[REG_SZ] (Standard)
{D93BF052-FC68-4DB6-A4F8-A4DC9BEEB1C0}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http

[REG_SZ] (Standard)
   URL:HyperText Transfer Protocol
[.] Found hidden value:
   [REG_DWORD] EditFlags
   00000002
[.] Found hidden value:
   [REG_SZ] FriendlyTypeName
   @ieframe.dll,-903
[.] Found hidden value:
   [REG_SZ] URL Protocol
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Mozilla Firefox\firefox.exe,1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http\shell

[REG_SZ] (Standard)
open

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http\shell\open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http\shell\open\ddeexec

[REG_SZ] (Standard)
   "%1",,0,0,,,,
[.] Found hidden value:
   [REG_SZ] NoActivateHandler
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http\shell\open\ddeexec\Application
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\http\shell\open\ddeexec\Topic

[REG_SZ] (Standard)
WWW_OpenURL

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https

[REG_SZ] (Standard)
   URL:HyperText Transfer Protocol with Privacy
[.] Found hidden value:
   [REG_DWORD] EditFlags
   00000002
[.] Found hidden value:
   [REG_SZ] FriendlyTypeName
   @ieframe.dll,-904
[.] Found hidden value:
   [REG_SZ] URL Protocol
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\DefaultIcon

[REG_SZ] (Standard)
C:\Program Files\Mozilla Firefox\firefox.exe,1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\shell

[REG_SZ] (Standard)
open

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\shell\open
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\shell\open\command

[REG_SZ] (Standard)
"C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\shell\open\ddeexec

[REG_SZ] (Standard)
   "%1",,0,0,,,,
[.] Found hidden value:
   [REG_SZ] NoActivateHandler
   00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\shell\open\ddeexec\Application

[REG_SZ] (Standard)
Firefox

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\https\shell\open\ddeexec\Topic

[REG_SZ] (Standard)
WWW_OpenURL

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{07F46615-1857-40CF-9AA9-872C9858E769}

[REG_SZ] (Standard)
IKHFeature

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{07F46615-1857-40CF-9AA9-872C9858E769}\NumMethods

[REG_SZ] (Standard)
10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{07F46615-1857-40CF-9AA9-872C9858E769}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{08D46BCD-AF56-4175-999E-6DDC3771C64E}

[REG_SZ] (Standard)
ICameraInfoGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{08D46BCD-AF56-4175-999E-6DDC3771C64E}\NumMethods

[REG_SZ] (Standard)
21

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{08D46BCD-AF56-4175-999E-6DDC3771C64E}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{2830837B-D4E8-48C6-B6EE-04633372ABE4}

[REG_SZ] (Standard)
IApplicationGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{2830837B-D4E8-48C6-B6EE-04633372ABE4}\NumMethods

[REG_SZ] (Standard)
42

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{2830837B-D4E8-48C6-B6EE-04633372ABE4}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{45F89E39-7A46-4CA4-97E3-8C5AA252531C}

[REG_SZ] (Standard)
IKHViewInfo

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{45F89E39-7A46-4CA4-97E3-8C5AA252531C}\NumMethods

[REG_SZ] (Standard)
17

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{45F89E39-7A46-4CA4-97E3-8C5AA252531C}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{524E5B0F-D593-45A6-9F87-1BAE7D338373}

[REG_SZ] (Standard)
ISearchControllerGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{524E5B0F-D593-45A6-9F87-1BAE7D338373}\NumMethods

[REG_SZ] (Standard)
11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{524E5B0F-D593-45A6-9F87-1BAE7D338373}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{80A43F86-E2CD-4671-A7FA-E5627B519711}

[REG_SZ] (Standard)
IKHInterface

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{80A43F86-E2CD-4671-A7FA-E5627B519711}\NumMethods

[REG_SZ] (Standard)
24

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{80A43F86-E2CD-4671-A7FA-E5627B519711}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{851D25E7-785F-4DB7-95F9-A0EF7E836C44}

[REG_SZ] (Standard)
IFeatureCollectionGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{851D25E7-785F-4DB7-95F9-A0EF7E836C44}\NumMethods

[REG_SZ] (Standard)
10

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{851D25E7-785F-4DB7-95F9-A0EF7E836C44}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{865AB2C1-38C5-492B-8B71-AC73F5A7A43D}

[REG_SZ] (Standard)
IViewExtentsGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{865AB2C1-38C5-492B-8B71-AC73F5A7A43D}\NumMethods

[REG_SZ] (Standard)
11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{865AB2C1-38C5-492B-8B71-AC73F5A7A43D}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{92547B06-0007-4820-B76A-C84E402CA709}

[REG_SZ] (Standard)
IFeatureGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{92547B06-0007-4820-B76A-C84E402CA709}\NumMethods

[REG_SZ] (Standard)
16

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{92547B06-0007-4820-B76A-C84E402CA709}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{969eb9de-7bda-46f9-94ce-bcf4e6558079}

[REG_SZ] (Standard)
IQSP2IECtl

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{969eb9de-7bda-46f9-94ce-bcf4e6558079}\ProxyStubClsid

[REG_SZ] (Standard)
{00020424-0000-0000-C000-000000000046}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{969eb9de-7bda-46f9-94ce-bcf4e6558079}\ProxyStubClsid32

[REG_SZ] (Standard)
{00020424-0000-0000-C000-000000000046}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{969eb9de-7bda-46f9-94ce-bcf4e6558079}\TypeLib

[REG_SZ] (Standard)
   {1BF6EFF2-F87D-4F1A-9F11-3ED2CABE7F3C}
[.] Found hidden value:
   [REG_SZ] Version
   1.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{BE5E5F15-8EC4-4DCC-B48D-9957D2DE4D05}

[REG_SZ] (Standard)
IAnimationControllerGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{BE5E5F15-8EC4-4DCC-B48D-9957D2DE4D05}\NumMethods

[REG_SZ] (Standard)
12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{BE5E5F15-8EC4-4DCC-B48D-9957D2DE4D05}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D05D6E91-72DA-4654-B8A7-BCBD3B87E3B6}

[REG_SZ] (Standard)
IKHViewExtents

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D05D6E91-72DA-4654-B8A7-BCBD3B87E3B6}\NumMethods

[REG_SZ] (Standard)
11

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D05D6E91-72DA-4654-B8A7-BCBD3B87E3B6}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D08577E0-365E-4216-B1A4-19353EAC1602}

[REG_SZ] (Standard)
ITourControllerGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D08577E0-365E-4216-B1A4-19353EAC1602}\NumMethods

[REG_SZ] (Standard)
15

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D08577E0-365E-4216-B1A4-19353EAC1602}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D794FE36-10B1-4E7E-959D-9638794D2A1B}

[REG_SZ] (Standard)
ITimeIntervalGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D794FE36-10B1-4E7E-959D-9638794D2A1B}\NumMethods

[REG_SZ] (Standard)
00000039

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{D794FE36-10B1-4E7E-959D-9638794D2A1B}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{e2fa5b10-540a-4a0b-afd1-55aee24a49cb}

[REG_SZ] (Standard)
IQSP2IECtlEvents

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{e2fa5b10-540a-4a0b-afd1-55aee24a49cb}\ProxyStubClsid

[REG_SZ] (Standard)
{00020420-0000-0000-C000-000000000046}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{e2fa5b10-540a-4a0b-afd1-55aee24a49cb}\ProxyStubClsid32

[REG_SZ] (Standard)
{00020420-0000-0000-C000-000000000046}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{e2fa5b10-540a-4a0b-afd1-55aee24a49cb}\TypeLib

[REG_SZ] (Standard)
   {1BF6EFF2-F87D-4F1A-9F11-3ED2CABE7F3C}
[.] Found hidden value:
   [REG_SZ] Version
   1.0

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{E39391AE-51C0-4FBD-9042-F9C5B6094445}

[REG_SZ] (Standard)
ITimeGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{E39391AE-51C0-4FBD-9042-F9C5B6094445}\NumMethods

[REG_SZ] (Standard)
25

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{E39391AE-51C0-4FBD-9042-F9C5B6094445}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{F4F7B301-7C59-4851-BA97-C51F110B590F}

[REG_SZ] (Standard)
IPointOnTerrainGE

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{F4F7B301-7C59-4851-BA97-C51F110B590F}\NumMethods

[REG_SZ] (Standard)
12

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Interface\{F4F7B301-7C59-4851-BA97-C51F110B590F}\ProxyStubClsid32

[REG_SZ] (Standard)
{F4F7B301-7C59-4851-BA97-C51F110B590F}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\JavaPlugin.160_18
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\JavaPlugin.160_18\CLSID

[REG_SZ] (Standard)
{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHFeature

[REG_SZ] (Standard)
KHFeature Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHFeature\CLSID

[REG_SZ] (Standard)
{B153D707-447A-4538-913E-6146B3FDEE02}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHFeature.1

[REG_SZ] (Standard)
KHFeature Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHFeature.1\CLSID

[REG_SZ] (Standard)
{B153D707-447A-4538-913E-6146B3FDEE02}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHInterface

[REG_SZ] (Standard)
KHInterface Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHInterface\CLSID

[REG_SZ] (Standard)
{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHInterface\CurVer

[REG_SZ] (Standard)
Keyhole.KHInterface.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHInterface.1

[REG_SZ] (Standard)
KHInterface Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHInterface.1\CLSID

[REG_SZ] (Standard)
{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewExtents

[REG_SZ] (Standard)
KHViewExtents Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewExtents\CLSID

[REG_SZ] (Standard)
{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewExtents.1

[REG_SZ] (Standard)
KHViewExtents Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewExtents.1\CLSID

[REG_SZ] (Standard)
{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewInfo

[REG_SZ] (Standard)
KHViewInfo Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewInfo\CLSID

[REG_SZ] (Standard)
{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewInfo\CurVer

[REG_SZ] (Standard)
Keyhole.KHViewInfo.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewInfo.1

[REG_SZ] (Standard)
KHViewInfo Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Keyhole.KHViewInfo.1\CLSID

[REG_SZ] (Standard)
{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\MIME
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\MIME\Database
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\MIME\Database\Content Type
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\MIME\Database\Content Type\application/vnd.google-earth.kml+xml

[REG_SZ] CLSID
   {407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
[.] Found hidden value:
   [REG_SZ] Extension
   .kml

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\MIME\Database\Content Type\application/vnd.google-earth.kmz

[REG_SZ] CLSID
   {407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
[.] Found hidden value:
   [REG_SZ] Extension
   .kmz

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Network
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE.QSP2IE

[REG_SZ] (Standard)
Quantum Streaming IE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE.QSP2IE\CLSID

[REG_SZ] (Standard)
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE.QSP2IE\CurVer

[REG_SZ] (Standard)
QSP2IE.QSP2IE.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE.QSP2IE.1

[REG_SZ] (Standard)
Quantum Streaming IE Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE.QSP2IE.1\CLSID

[REG_SZ] (Standard)
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE_Dep.QSP2IE_Dep

[REG_SZ] (Standard)
Quantum Streaming IE Class - Depricated

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE_Dep.QSP2IE_Dep\CLSID

[REG_SZ] (Standard)
{e3e02f12-2adb-478c-8742-5f0819f9f0f4}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE_Dep.QSP2IE_Dep\CurVer

[REG_SZ] (Standard)
QSP2IE_Dep.QSP2IE_Dep.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE_Dep.QSP2IE_Dep.1

[REG_SZ] (Standard)
Quantum Streaming IE Class - Depricated

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IE_Dep.QSP2IE_Dep.1\CLSID

[REG_SZ] (Standard)
{e3e02f12-2adb-478c-8742-5f0819f9f0f4}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer.QSP2IEVer

[REG_SZ] (Standard)
Quantum Streaming IE VersionManager Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer.QSP2IEVer\CLSID

[REG_SZ] (Standard)
{fd6484ed-ebe3-4c3d-938a-8238003b41b7}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer.QSP2IEVer\CurVer

[REG_SZ] (Standard)
QSP2IEVer.QSP2IEVer.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer.QSP2IEVer.1

[REG_SZ] (Standard)
Quantum Streaming IE VersionManager Class

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer.QSP2IEVer.1\CLSID

[REG_SZ] (Standard)
{fd6484ed-ebe3-4c3d-938a-8238003b41b7}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer_Dep.QSP2IEVer_Dep

[REG_SZ] (Standard)
Quantum Streaming IE VersionManager Class - Depricated

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer_Dep.QSP2IEVer_Dep\CLSID

[REG_SZ] (Standard)
{e473a65c-8087-49a3-affd-c5bc4a10669b}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer_Dep.QSP2IEVer_Dep\CurVer

[REG_SZ] (Standard)
QSP2IEVer_Dep.QSP2IEVer_Dep.1

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer_Dep.QSP2IEVer_Dep.1

[REG_SZ] (Standard)
Quantum Streaming IE VersionManager Class - Depricated

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\QSP2IEVer_Dep.QSP2IEVer_Dep.1\CLSID

[REG_SZ] (Standard)
{e473a65c-8087-49a3-affd-c5bc4a10669b}

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft\MediaPlayer
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft\MediaPlayer\Preferences

[REG_DWORD] AcceptedPrivacyStatement
00000001

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft\Windows NT
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft\Windows NT\CurrentVersion
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft\Windows NT\CurrentVersion\Network
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib

SCHC · « **Reply #46 on:** March 14, 2010, 04:45:41 PM »

[.] Found hidden value:
[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}\1.0

[REG_SZ] (Standard)
QSP2IECtl 1.0 Type Library

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}\1.0\0
Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}\1.0\0\win32

[REG_SZ] (Standard)
C:\Documents and Settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{1bf6eff2-f87d-4f1a-9f11-3ed2cabe7f3c}\1.0\FLAGS

[REG_SZ] (Standard)
00000030

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}\1.0

[REG_SZ] (Standard)
Google Earth 1.0 Type Library

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}\1.0\0

[REG_SZ] (Standard)
00000000

Found hidden key: HKEY_USERS\S-1-5-21-1708537768-616249376-725345543-1003_Classes\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}\1.0\0\win32

[REG_SZ] (Standard)
C:\Program Files\Google\Google Earth\googleearth.exe
DONE.
-------------------------------------------------------------------------------

--------------------[HKEY_USERS\S-1-5-18 ]-------------------
WARNING: Dumping the registry can take quite some time! Be assured
that the app doesn't hang while dumping!
Dumping...OK.
Scanning...[-] Unable to open key: HKEY_USERS\S-1-5-18\Software\Microsoft\Protected Storage System Provider\S-1-5-18: Access is denied.

DONE.
-------------------------------------------------------------------------------

22:21:47 - Performing check: "Hidden processes":
(01) PID: 0 [00000000] (Idle)
(01) PID: 4 [00000000] (System)
(129) PID: 128 [00000000] (OEM02Mon.exe)
(129) PID: 144 [00000000] (spoolsv.exe)
(129) PID: 152 [00000000] (jqs.exe)
(129) PID: 172 [00000000] (rundll32.exe)
(129) PID: 304 [00000000] (sched.exe)
(129) PID: 336 [00000000] (avguard.exe)
(01) PID: 468 [00000000] (smss.exe)
(129) PID: 504 [00000000] (ZCfgSvc.exe)
(129) PID: 516 [00000000] (nvsvc32.exe)
(129) PID: 524 [00000000] (csrss.exe)
(129) PID: 560 [00000000] (winlogon.exe)
(129) PID: 604 [00000000] (services.exe)
(129) PID: 616 [00000000] (lsass.exe)
(129) PID: 784 [00000000] (svchost.exe)
(129) PID: 844 [00000000] (svchost.exe)
(129) PID: 884 [00000000] (MsMpEng.exe)
(129) PID: 896 [00000000] (svchost.exe)
(129) PID: 924 [00000000] (svchost.exe)
(129) PID: 972 [00000000] (EvtEng.exe)
(129) PID: 1000 [00000000] (iFrmewrk.exe)
(129) PID: 1088 [00000000] (S24EvMon.exe)
(129) PID: 1124 [00000000] (WLKEEPER.exe)
(129) PID: 1212 [00000000] (stsystra.exe)
(129) PID: 1236 [00000000] (explorer.exe)
(129) PID: 1244 [00000000] (svchost.exe)
(129) PID: 1296 [00000000] (svchost.exe)
(129) PID: 1452 [00000000] (oacat.exe)
(129) PID: 1468 [00000000] (oasrv.exe)
(129) PID: 1540 [00000000] (KADxMain.exe)
(129) PID: 1576 [00000000] (RegSrvc.exe)
(129) PID: 1788 [00000000] (PCMService.exe)
(129) PID: 1808 [00000000] (SynTPEnh.exe)
(129) PID: 1896 [00000000] (svchost.exe)
(129) PID: 1944 [00000000] (aawservice.exe)
(129) PID: 1976 [00000000] (rundll32.exe)
(129) PID: 2052 [00000000] (GrooveMonitor.exe)
(129) PID: 2160 [00000000] (Dot1XCfg.exe)
(129) PID: 2796 [00000000] (radixgui.exe)
(129) PID: 2932 [00000000] (iPodService.exe)
(129) PID: 3032 [00000000] (MSASCui.exe)
(129) PID: 3200 [00000000] (iTunesHelper.exe)
(129) PID: 3232 [00000000] (avgnt.exe)
(129) PID: 3316 [00000000] (AppleMobileDeviceService.exe)
(129) PID: 3448 [00000000] (mDNSResponder.exe)
(129) PID: 3476 [00000000] (jusched.exe)
(129) PID: 3584 [00000000] (alg.exe)
(129) PID: 3844 [00000000] (wmiprvse.exe)
(129) PID: 3864 [00000000] (GoogleToolbarNotifier.exe)
(129) PID: 3956 [00000000] (DLG.exe)
(01) PID: 3960 [00000000] (wscntfy.exe)
22:21:53 - Performing check: "Selftest":
Doing a short selftest...
-> Checking IAT

PID 2796 - C:\Documents and Settings\Me\Desktop\radix_installer\radixgui.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)

Patching code of CreateProcessA at 7C80236B

7C80236B: Patching FF -> 8B
7C80236C: Patching 25 -> FF
7C80236D: Patching 1E -> 55
7C80236E: Patching 00 -> 8B
7C80236F: Patching 05 -> EC
7C802370: Patching 5F -> 6A

Wrote patch to process memory.
Patching code of CreateProcessW at 7C802336

7C802336: Patching FF -> 8B
7C802337: Patching 25 -> FF
7C802338: Patching 1E -> 55
7C802339: Patching 00 -> 8B
7C80233A: Patching 0B -> EC
7C80233B: Patching 5F -> 6A

Wrote patch to process memory.
Patching code of FreeLibrary at 7C80AC93

7C80AC93: Patching A5 -> DC
7C80AC94: Patching 53 -> FF
7C80AC95: Patching 2F -> FF
7C80AC96: Patching F5 -> FF

Wrote patch to process memory.

USER32.dll (7E410000 - 7E4A1000)

Patching code of ExitWindowsEx at 7E45A275

7E45A275: Patching FF -> 8B
7E45A276: Patching 25 -> FF
7E45A277: Patching 1E -> 55
7E45A278: Patching 00 -> 8B
7E45A279: Patching 0E -> EC
7E45A27A: Patching 5F -> 83

Wrote patch to process memory.

GDI32.dll (77F10000 - 77F59000)
comdlg32.dll (763B0000 - 763F9000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)

Patching code of CoCreateInstance at 7750057E

7750057E: Patching FF -> 8B
7750057F: Patching 25 -> FF
77500580: Patching 1E -> 55
77500581: Patching 00 -> 8B
77500582: Patching 11 -> EC
77500583: Patching 5F -> 83

Wrote patch to process memory.
Patching code of CoCreateInstanceEx at 77500526

77500526: Patching FF -> 8B
77500527: Patching 25 -> FF
77500528: Patching 1E -> 55
77500529: Patching 00 -> 8B
7750052A: Patching 14 -> EC
7750052B: Patching 5F -> 6A

Wrote patch to process memory.

VERSION.dll (77C00000 - 77C08000)
dbghelp.dll (59A60000 - 59B01000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00A90000 - 00B7B000)
oleaut32.dll (77120000 - 771AB000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
wintrust.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
Selftest complete.

22:21:56 - Performing check: "MBR":
22:21:57 - Performing check: "IRP hooks":
Could not open physical memory device!
Make sure you are running as Administrator.
22:21:57 - Performing check: "Patched modules":
Could not open physical memory device!
Make sure you are running as Administrator.
22:21:57 - Performing check: "SDT hooks":
Could not open physical memory device!
Make sure you are running as Administrator.
22:21:57 - Performing check: "IDT hooks":
Could not open physical memory device!
Make sure you are running as Administrator.
22:21:57 - Performing check: "SYSENTER hook":
Could not open physical memory device!
Make sure you are running as Administrator.
22:21:57 - Performing check: "IAT hooks":

PID 468 - C:\WINDOWS\System32\smss.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)

PID 524 - C:\WINDOWS\system32\csrss.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
CSRSRV.dll (75B40000 - 75B4B000)
basesrv.dll (75B50000 - 75B60000)
winsrv.dll (75B60000 - 75BAB000)
GDI32.dll (77F10000 - 77F59000)
KERNEL32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
USER32.dll (7E410000 - 7E4A1000)
sxs.dll (7E720000 - 7E7D0000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)

PID 560 - C:\WINDOWS\system32\winlogon.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
AUTHZ.dll (776C0000 - 776D2000)
msvcrt.dll (77C10000 - 77C68000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
NDdeApi.dll (75940000 - 75948000)
PROFMAP.dll (75930000 - 7593A000)
NETAPI32.dll (5B860000 - 5B8B5000)
USERENV.dll (769C0000 - 76A74000)
PSAPI.DLL (76BF0000 - 76BFB000)
REGAPI.dll (76BC0000 - 76BCF000)
SETUPAPI.dll (77920000 - 77A13000)
VERSION.dll (77C00000 - 77C08000)
WINSTA.dll (76360000 - 76370000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
IMM32.DLL (76390000 - 763AD000)
MSGINA.dll (75970000 - 75A68000)
COMCTL32.dll (5D090000 - 5D12A000)
ODBC32.dll (74320000 - 7435D000)
comdlg32.dll (763B0000 - 763F9000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
comctl32.dll (773D0000 - 774D3000)
odbcint.dll (00970000 - 00987000)
SHSVCS.dll (776E0000 - 77703000)
sfc.dll (76BB0000 - 76BB5000)
sfc_os.dll (76C60000 - 76C8A000)
ole32.dll (774E0000 - 7761D000)
Apphelp.dll (77B40000 - 77B62000)
msctfime.ime (755C0000 - 755EE000)
WINSCARD.DLL (723D0000 - 723EC000)
WTSAPI32.dll (76F50000 - 76F58000)
sxs.dll (7E720000 - 7E7D0000)
uxtheme.dll (5AD70000 - 5ADA8000)
WINMM.dll (76B40000 - 76B6D000)
SASWINLO.dll (10000000 - 100CC000)
OLEAUT32.dll (77120000 - 771AB000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00FE0000 - 00FE9000)
iertutil.dll (3DFD0000 - 3E015000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
cscdll.dll (76600000 - 7661D000)
dimsntfy.dll (47020000 - 47028000)
WlNotify.dll (75950000 - 7596A000)
MPR.dll (71B20000 - 71B32000)
WINSPOOL.DRV (73000000 - 73026000)
rsaenh.dll (68000000 - 68036000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)
cscui.dll (77A20000 - 77A74000)
xpsp2res.dll (016B0000 - 01975000)
wdmaud.drv (72D20000 - 72D29000)
msacm32.drv (72D10000 - 72D18000)
MSACM32.dll (77BE0000 - 77BF5000)
midimap.dll (77BD0000 - 77BD7000)
COMRes.dll (77050000 - 77115000)
CLBCATQ.DLL (76FD0000 - 7704F000)

PID 604 - C:\WINDOWS\system32\services.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
NCObjAPI.DLL (5F770000 - 5F77C000)
MSVCP60.dll (76080000 - 760E5000)
SCESRV.dll (7DBD0000 - 7DC21000)
AUTHZ.dll (776C0000 - 776D2000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
USERENV.dll (769C0000 - 76A74000)
umpnpmgr.dll (7DBA0000 - 7DBC1000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
ShimEng.dll (5CB70000 - 5CB96000)
AcAdProc.dll (47260000 - 4726F000)
IMM32.DLL (76390000 - 763AD000)
Apphelp.dll (77B40000 - 77B62000)
VERSION.dll (77C00000 - 77C08000)
eventlog.dll (77B70000 - 77B81000)
PSAPI.DLL (76BF0000 - 76BFB000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)

PID 616 - C:\WINDOWS\system32\lsass.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
LSASRV.dll (75730000 - 757E5000)
MPR.dll (71B20000 - 71B32000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
MSASN1.dll (77B20000 - 77B32000)
msvcrt.dll (77C10000 - 77C68000)
NETAPI32.dll (5B860000 - 5B8B5000)
NTDSAPI.dll (767A0000 - 767B3000)
DNSAPI.dll (76F20000 - 76F47000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
WLDAP32.dll (76F60000 - 76F8C000)
SAMLIB.dll (71BF0000 - 71C03000)
SAMSRV.dll (74440000 - 744AA000)
cryptdll.dll (76790000 - 7679C000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
msprivs.dll (4D200000 - 4D20E000)
kerberos.dll (71CF0000 - 71D3C000)
msv1_0.dll (77C70000 - 77C95000)
iphlpapi.dll (76D60000 - 76D79000)
netlogon.dll (744B0000 - 74515000)
w32time.dll (767C0000 - 767EC000)
MSVCP60.dll (76080000 - 760E5000)
schannel.dll (767F0000 - 76818000)
CRYPT32.dll (77A80000 - 77B15000)
wdigest.dll (7DFC0000 - 7DFD1000)
rsaenh.dll (68000000 - 68036000)
setupapi.dll (77920000 - 77A13000)
scecli.dll (74410000 - 7443F000)
ipsecsvc.dll (743E0000 - 7440F000)
AUTHZ.dll (776C0000 - 776D2000)
oakley.DLL (75D90000 - 75E60000)
WINIPSEC.DLL (74370000 - 7437B000)
pstorsvc.dll (743A0000 - 743AB000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
psbase.dll (743C0000 - 743DB000)
wshtcpip.dll (71A90000 - 71A98000)
dssenh.dll (68100000 - 68126000)

PID 784 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
rpcss.dll (76A80000 - 76AE4000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
xpsp2res.dll (006B0000 - 00975000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
termsrv.dll (760F0000 - 76143000)
ICAAPI.dll (74F70000 - 74F76000)
SETUPAPI.dll (77920000 - 77A13000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
AUTHZ.dll (776C0000 - 776D2000)
mstlsapi.dll (75110000 - 7512F000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
NETAPI32.dll (5B860000 - 5B8B5000)
ATL.DLL (76B20000 - 76B31000)
REGAPI.dll (76BC0000 - 76BCF000)
Apphelp.dll (77B40000 - 77B62000)
rsaenh.dll (68000000 - 68036000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)

PID 844 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
rpcss.dll (76A80000 - 76AE4000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
xpsp2res.dll (006B0000 - 00975000)
rsaenh.dll (68000000 - 68036000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
DNSAPI.dll (76F20000 - 76F47000)
iphlpapi.dll (76D60000 - 76D79000)
winrnr.dll (76FB0000 - 76FB8000)
WLDAP32.dll (76F60000 - 76F8C000)
mdnsNSP.dll (16080000 - 160A5000)
rasadhlp.dll (76FC0000 - 76FC6000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)

PID 884 - C:\Program Files\Windows Defender\MsMpEng.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
MSVCR80.dll (78130000 - 781CB000)
msvcrt.dll (77C10000 - 77C68000)
MpSvc.dll (5C800000 - 5C844000)
MSVCP80.dll (7C420000 - 7C4A7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
VERSION.dll (77C00000 - 77C08000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
MpClient.dll (5B800000 - 5B84F000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
USERENV.dll (769C0000 - 76A74000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
rsaenh.dll (68000000 - 68036000)
xpsp2res.dll (00AE0000 - 00DA5000)
netapi32.dll (5B860000 - 5B8B5000)
mpengine.dll (5A100000 - 5A641000)
wininet.dll (3D930000 - 3DA01000)
Normaliz.dll (006F0000 - 006F9000)
iertutil.dll (3DFD0000 - 3E015000)
iphlpapi.dll (76D60000 - 76D79000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
mprtplug.dll (5E800000 - 5E80F000)
PSAPI.DLL (76BF0000 - 76BFB000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
MpAsDesc.dll (60800000 - 6080D000)

PID 924 - C:\WINDOWS\System32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
xpsp2res.dll (00630000 - 008F5000)
shsvcs.dll (776E0000 - 77703000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
rsaenh.dll (68000000 - 68036000)
dhcpcsvc.dll (7D4B0000 - 7D4D2000)
DNSAPI.dll (76F20000 - 76F47000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
iphlpapi.dll (76D60000 - 76D79000)
wzcsvc.dll (7DB10000 - 7DB9C000)
rtutils.dll (76E80000 - 76E8E000)
WMI.dll (76D30000 - 76D34000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
EapolQec.dll (72810000 - 7281B000)
ATL.DLL (76B20000 - 76B31000)
QUtil.dll (726C0000 - 726D6000)
MSVCP60.dll (76080000 - 760E5000)
dot3api.dll (478C0000 - 478CA000)
WTSAPI32.dll (76F50000 - 76F58000)
ESENT.dll (606B0000 - 607BD000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
rastls.dll (76B70000 - 76B97000)
CRYPTUI.dll (754D0000 - 75550000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (01590000 - 01599000)
iertutil.dll (3DFD0000 - 3E015000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
SETUPAPI.dll (77920000 - 77A13000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
SCHANNEL.dll (767F0000 - 76818000)
WinSCard.dll (723D0000 - 723EC000)
PSAPI.DLL (76BF0000 - 76BFB000)
sw2_ttls.dll (10000000 - 1003F000)
sw2_ttls_res.dll (01730000 - 01752000)
WZCSAPI.DLL (73030000 - 73040000)
raschap.dll (76BD0000 - 76BE6000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
schedsvc.dll (77300000 - 77333000)
NTDSAPI.dll (767A0000 - 767B3000)
MSIDLE.DLL (74F50000 - 74F55000)
audiosrv.dll (708B0000 - 708BD000)
wkssvc.dll (76E40000 - 76E63000)
cryptsvc.dll (76CE0000 - 76CF2000)
certcli.dll (77B90000 - 77BC2000)
ersvc.dll (74F80000 - 74F89000)
es.dll (77710000 - 77754000)
pchsvc.dll (74F40000 - 74F4C000)
srvsvc.dll (75090000 - 750AA000)
netman.dll (77D00000 - 77D33000)
netshell.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
eappcfg.dll (745B0000 - 745D2000)
eappprxy.dll (5DCD0000 - 5DCDE000)
seclogon.dll (73D20000 - 73D28000)
sens.dll (722D0000 - 722DD000)
srsvc.dll (751A0000 - 751CE000)
POWRPROF.dll (74AD0000 - 74AD8000)
SXS.DLL (7E720000 - 7E7D0000)
tapisrv.dll (733E0000 - 73420000)
trkwks.dll (75070000 - 75089000)
w32time.dll (767C0000 - 767EC000)
wmisvc.dll (59490000 - 594B8000)
VSSAPI.DLL (753E0000 - 7544D000)
wuauserv.dll (50000000 - 50005000)
wuaueng.dll (50040000 - 50219000)
WINSPOOL.DRV (73000000 - 73026000)
WINHTTP.dll (4D4F0000 - 4D549000)
Cabinet.dll (75150000 - 75163000)
mspatcha.dll (600A0000 - 600AB000)
browser.dll (76DA0000 - 76DB6000)
ipnathlp.dll (66460000 - 664B5000)
AUTHZ.dll (776C0000 - 776D2000)
sfc.dll (76BB0000 - 76BB5000)
sfc_os.dll (76C60000 - 76C8A000)
wscsvc.dll (4C0A0000 - 4C0B7000)
msi.dll (7D1E0000 - 7D49C000)
wbemcomn.dll (75290000 - 752C7000)
wbemcore.dll (762C0000 - 76345000)
esscli.dll (75310000 - 7534F000)
FastProx.dll (75690000 - 75706000)
Apphelp.dll (77B40000 - 77B62000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
WSOCK32.dll (71AD0000 - 71AD9000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
wbemsvc.dll (74ED0000 - 74EDE000)
wmiutils.dll (75020000 - 7503B000)
repdrvfs.dll (75200000 - 7522F000)
wmiprvsd.dll (3F1E0000 - 3F252000)
NCObjAPI.DLL (5F770000 - 5F77C000)
wbemess.dll (75390000 - 753D6000)
ncprov.dll (5F740000 - 5F74E000)
wups2.dll (50F00000 - 50F0D000)
upnp.dll (76DE0000 - 76E04000)
SSDPAPI.dll (74F00000 - 74F0C000)
qmgr.dll (5B9F0000 - 5BA5B000)
MPR.dll (71B20000 - 71B32000)
SHFOLDER.dll (76780000 - 76789000)
qmgrprxy.dll (5DDC0000 - 5DDC9000)
rasmans.dll (7DF30000 - 7DF62000)
WINIPSEC.DLL (74370000 - 7437B000)
netcfgx.dll (755F0000 - 7568A000)
rastapi.dll (75880000 - 75891000)
unimdm.tsp (57CC0000 - 57CF6000)
uniplat.dll (72000000 - 72007000)
rasadhlp.dll (76FC0000 - 76FC6000)
unimdmat.dll (5B070000 - 5B084000)
modemui.dll (61650000 - 61678000)
kmddsp.tsp (57D40000 - 57D4B000)
ndptsp.tsp (57D20000 - 57D30000)
ipconf.tsp (57D50000 - 57D58000)
h323.tsp (57D70000 - 57DB6000)
hidphone.tsp (57D60000 - 57D6A000)
HID.DLL (688F0000 - 688F9000)
rasppp.dll (72240000 - 72277000)
ntlsapi.dll (724B0000 - 724B6000)
kerberos.dll (71CF0000 - 71D3C000)
RASQEC.DLL (72AE0000 - 72AF3000)
RASDLG.dll (768D0000 - 76974000)
winrnr.dll (76FB0000 - 76FB8000)
mdnsNSP.dll (16080000 - 160A5000)
mlang.dll (75CF0000 - 75D81000)
xmlprovi.dll (4CB90000 - 4CBA0000)

SCHC · « **Reply #47 on:** March 14, 2010, 04:46:37 PM »

PID 972 - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
PfMgrApi.dll (10000000 - 100DF000)
LIBEAY32.dll (004B0000 - 005BF000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
TraceAPI.DLL (00330000 - 00399000)
PsRegApi.dll (005C0000 - 00642000)
SETUPAPI.dll (77920000 - 77A13000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
VERSION.dll (77C00000 - 77C08000)
DbEngine.dll (003A0000 - 003F9000)
IntStngs.dll (00650000 - 006A9000)
MurocApi.dll (006B0000 - 0075E000)
S24MUDLL.dll (00760000 - 00779000)
ICMP.dll (74290000 - 74294000)
iphlpapi.dll (76D60000 - 76D79000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
xpsp2res.dll (00DE0000 - 010A5000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msado15.dll (4DE10000 - 4DE93000)
MSDART.DLL (765B0000 - 765D5000)
oledb32.dll (73160000 - 731D7000)
OLEDB32R.DLL (75350000 - 75361000)
msdasql.dll (01740000 - 0178D000)
MSDATL3.dll (60E30000 - 60E47000)
ODBC32.dll (74320000 - 7435D000)
odbcint.dll (018D0000 - 018E7000)
MSDASQLR.DLL (018F0000 - 018F4000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
NETAPI32.dll (5B860000 - 5B8B5000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
USERENV.dll (769C0000 - 76A74000)
odbcjt32.dll (4DD40000 - 4DD84000)
msjet40.dll (1B000000 - 1B170000)
mswstr10.dll (1B5D0000 - 1B665000)
odbcji32.dll (5D130000 - 5D13E000)
msjter40.dll (1B2C0000 - 1B2CD000)
MSJINT40.DLL (1B2D0000 - 1B2F6000)
odbccp32.dll (5FE80000 - 5FE9B000)
msadce.dll (74060000 - 740B1000)
msadcer.dll (06CB0000 - 06CB5000)
wbemprox.dll (74EF0000 - 74EF8000)
wbemcomn.dll (75290000 - 752C7000)
wbemsvc.dll (74ED0000 - 74EDE000)
fastprox.dll (75690000 - 75706000)
NTDSAPI.dll (767A0000 - 767B3000)
DNSAPI.dll (76F20000 - 76F47000)
WLDAP32.dll (76F60000 - 76F8C000)
rsaenh.dll (68000000 - 68036000)

PID 1088 - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
LIBEAY32.dll (10000000 - 1010F000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
SETUPAPI.dll (77920000 - 77A13000)
TraceAPI.DLL (00330000 - 00399000)
PsRegApi.dll (00500000 - 00582000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
iphlpapi.dll (76D60000 - 76D79000)
NETAPI32.dll (5B860000 - 5B8B5000)
IntStngs.dll (003A0000 - 003F9000)
VERSION.dll (77C00000 - 77C08000)
IWMSPROV.DLL (00590000 - 005AF000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
netcfgx.dll (755F0000 - 7568A000)
CLUSAPI.dll (76D10000 - 76D22000)
DNSAPI.dll (76F20000 - 76F47000)
msctfime.ime (755C0000 - 755EE000)
msado15.dll (4DE10000 - 4DE93000)
MSDART.DLL (765B0000 - 765D5000)
xpsp2res.dll (014B0000 - 01775000)
oledb32.dll (73160000 - 731D7000)
OLEDB32R.DLL (75350000 - 75361000)
msdasql.dll (01980000 - 019CD000)
MSDATL3.dll (60E30000 - 60E47000)
ODBC32.dll (74320000 - 7435D000)
odbcint.dll (01B10000 - 01B27000)
MSDASQLR.DLL (01B30000 - 01B34000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
RESUTILS.DLL (750B0000 - 750C2000)
USERENV.dll (769C0000 - 76A74000)
odbcjt32.dll (4DD40000 - 4DD84000)
msjet40.dll (1B000000 - 1B170000)
mswstr10.dll (1B5D0000 - 1B665000)
odbcji32.dll (5D130000 - 5D13E000)
msjter40.dll (1B2C0000 - 1B2CD000)
MSJINT40.DLL (1B2D0000 - 1B2F6000)
odbccp32.dll (5FE80000 - 5FE9B000)
msadce.dll (74060000 - 740B1000)
msadcer.dll (06EF0000 - 06EF5000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
netman.dll (77D00000 - 77D33000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
WLDAP32.dll (76F60000 - 76F8C000)
ATL.DLL (76B20000 - 76B31000)
rtutils.dll (76E80000 - 76E8E000)
SAMLIB.dll (71BF0000 - 71C03000)
netshell.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3api.dll (478C0000 - 478CA000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
eappcfg.dll (745B0000 - 745D2000)
eappprxy.dll (5DCD0000 - 5DCDE000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
WINMM.dll (76B40000 - 76B6D000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (01B40000 - 01B49000)
iertutil.dll (3DFD0000 - 3E015000)
WZCSAPI.DLL (73030000 - 73040000)
WZCSvc.DLL (7DB10000 - 7DB9C000)
WMI.dll (76D30000 - 76D34000)
DHCPCSVC.DLL (7D4B0000 - 7D4D2000)
EapolQec.dll (72810000 - 7281B000)
QUtil.dll (726C0000 - 726D6000)
ESENT.dll (606B0000 - 607BD000)

PID 1124 - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
PfMgrApi.dll (10000000 - 100DF000)
LIBEAY32.dll (00450000 - 0055F000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
TraceAPI.DLL (00330000 - 00399000)
PsRegApi.dll (00560000 - 005E2000)
SETUPAPI.dll (77920000 - 77A13000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
VERSION.dll (77C00000 - 77C08000)
DbEngine.dll (003A0000 - 003F9000)
IntStngs.dll (005F0000 - 00649000)
MurocApi.dll (00650000 - 006FE000)
S24MUDLL.dll (00700000 - 00719000)
ICMP.dll (74290000 - 74294000)
iphlpapi.dll (76D60000 - 76D79000)
NETAPI32.dll (5B860000 - 5B8B5000)
WinSCard.dll (723D0000 - 723EC000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
USERENV.dll (769C0000 - 76A74000)
C1XStngs.dll (00720000 - 007DF000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
PSAPI.DLL (76BF0000 - 76BFB000)
oledlg.dll (7DF70000 - 7DF92000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msado15.dll (4DE10000 - 4DE93000)
MSDART.DLL (765B0000 - 765D5000)
xpsp2res.dll (012B0000 - 01575000)
oledb32.dll (73160000 - 731D7000)
OLEDB32R.DLL (75350000 - 75361000)
msdasql.dll (01780000 - 017CD000)
MSDATL3.dll (60E30000 - 60E47000)
ODBC32.dll (74320000 - 7435D000)
odbcint.dll (01910000 - 01927000)
MSDASQLR.DLL (01930000 - 01934000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
odbcjt32.dll (4DD40000 - 4DD84000)
msjet40.dll (1B000000 - 1B170000)
mswstr10.dll (1B5D0000 - 1B665000)
odbcji32.dll (5D130000 - 5D13E000)
msjter40.dll (1B2C0000 - 1B2CD000)
MSJINT40.DLL (1B2D0000 - 1B2F6000)
odbccp32.dll (5FE80000 - 5FE9B000)
msadce.dll (74060000 - 740B1000)
msadcer.dll (06CF0000 - 06CF5000)
wbemprox.dll (74EF0000 - 74EF8000)
wbemcomn.dll (75290000 - 752C7000)
wbemsvc.dll (74ED0000 - 74EDE000)
fastprox.dll (75690000 - 75706000)
NTDSAPI.dll (767A0000 - 767B3000)
DNSAPI.dll (76F20000 - 76F47000)
WLDAP32.dll (76F60000 - 76F8C000)
msctfime.ime (755C0000 - 755EE000)

PID 1244 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
dnsrslvr.dll (76770000 - 7677D000)
DNSAPI.dll (76F20000 - 76F47000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
iphlpapi.dll (76D60000 - 76D79000)
rsaenh.dll (68000000 - 68036000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)

PID 1296 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
xpsp2res.dll (00630000 - 008F5000)
lmhsvc.dll (74C40000 - 74C46000)
iphlpapi.dll (76D60000 - 76D79000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
ssdpsrv.dll (765E0000 - 765F4000)
hnetcfg.dll (662B0000 - 66308000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
mswsock.dll (71A50000 - 71A8F000)
wshtcpip.dll (71A90000 - 71A98000)

PID 1452 - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
user32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
advapi32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
oleaut32.dll (77120000 - 771AB000)
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
version.dll (77C00000 - 77C08000)
comctl32.dll (5D090000 - 5D12A000)
shell32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
comdlg32.dll (763B0000 - 763F9000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
netapi32.dll (5B860000 - 5B8B5000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
rsaenh.dll (68000000 - 68036000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)

PID 1468 - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
user32.dll (7E410000 - 7E4A1000)
The code of LoadStringA at 7E42C908 (0) got patched. Here is the diff:
Address New-Original
7E42C908: FF - 8B
7E42C909: 25 - FF
7E42C90A: 1E - 55
7E42C90B: 00 - 8B
7E42C90C: 05 - EC
7E42C90D: 5F - 53
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\oasrv.exe+0xC0154

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\oasrv.exe+0xC0154:
Base address:   00400000
Size:      00331000
Flags:      00005000
Load count:   65535
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of LoadStringW at 7E419E36 (0) got patched. Here is the diff:
Address New-Original
7E419E36: FF - 8B
7E419E37: 25 - FF
7E419E38: 1E - 55
7E419E39: 00 - 8B
7E419E3A: 0B - EC
7E419E3B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\oasrv.exe+0xC0078

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\oasrv.exe+0xC0078:
Base address:   00400000
Size:      00331000
Flags:      00005000
Load count:   65535
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\oasrv.exe
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
advapi32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
oleaut32.dll (77120000 - 771AB000)
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
shell32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
comctl32.dll (5D090000 - 5D12A000)
wininet.dll (3D930000 - 3DA01000)
Normaliz.dll (00330000 - 00339000)
iertutil.dll (3DFD0000 - 3E015000)
comdlg32.dll (763B0000 - 763F9000)
winmm.dll (76B40000 - 76B6D000)
crypt32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
fltlib.dll (4FFE0000 - 4FFE8000)
shfolder.dll (76780000 - 76789000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
userenv.dll (769C0000 - 76A74000)
IPHLPAPI.DLL (76D60000 - 76D79000)
setupapi.dll (77920000 - 77A13000)
dnsapi.dll (76F20000 - 76F47000)
AVICAP32.DLL (73B80000 - 73B92000)
MSVFW32.dll (75A70000 - 75A91000)
rsaenh.dll (68000000 - 68036000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
ATL.DLL (76B20000 - 76B31000)
rtutils.dll (76E80000 - 76E8E000)
PSAPI.dll (76BF0000 - 76BFB000)
OAnetAPI.dll (10000000 - 10013000)
xpsp2res.dll (033D0000 - 03695000)
SXS.DLL (7E720000 - 7E7D0000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
MSVCP60.dll (76080000 - 760E5000)
wbemprox.dll (74EF0000 - 74EF8000)
wbemcomn.dll (75290000 - 752C7000)
msi.dll (7D1E0000 - 7D49C000)
wmiutils.dll (75020000 - 7503B000)
wbemsvc.dll (74ED0000 - 74EDE000)
fastprox.dll (75690000 - 75706000)
NTDSAPI.dll (767A0000 - 767B3000)
qmgrprxy.dll (5DDC0000 - 5DDC9000)
hnetcfg.dll (662B0000 - 66308000)
WinTrust.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)

PID 1944 - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking.
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2E - FF
7C80AC96: F5 - FF
CEAPI.dll (10000000 - 100B2000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
PKArchive84cb.dll (004A0000 - 0063B000)
[-] Unable to load module C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll for checking
SHELL32.dll (7C9C0000 - 7D1D7000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
WLDAP32.dll (76F60000 - 76F8C000)
PSAPI.DLL (76BF0000 - 76BFB000)
VERSION.dll (77C00000 - 77C08000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00350000 - 00359000)
iertutil.dll (3DFD0000 - 3E015000)
Update.dll (00360000 - 003E1000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
USERENV.dll (769C0000 - 76A74000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
rsaenh.dll (68000000 - 68036000)

PID 144 - C:\WINDOWS\system32\spoolsv.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
msvcrt.dll (77C10000 - 77C68000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
SPOOLSS.DLL (742E0000 - 742F5000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
DNSAPI.dll (76F20000 - 76F47000)
iphlpapi.dll (76D60000 - 76D79000)
rasadhlp.dll (76FC0000 - 76FC6000)
localspl.dll (75BB0000 - 75C07000)
sfc_os.dll (76C60000 - 76C8A000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
winspool.drv (73000000 - 73026000)
netapi32.dll (5B860000 - 5B8B5000)
cnbjmon.dll (742A0000 - 742AE000)
FXSMON.DLL (68F00000 - 68F09000)
FXSEVENT.dll (68F20000 - 68F31000)
pjlmon.dll (74280000 - 74287000)
msonpmon.dll (00980000 - 00989000)
MSVCR80.dll (78130000 - 781CB000)
msi.dll (7D1E0000 - 7D49C000)
tcpmon.dll (72400000 - 7240E000)
usbmon.dll (723F0000 - 723F7000)
msonpppr.dll (00D50000 - 00D59000)
mswsock.dll (71A50000 - 71A8F000)
winrnr.dll (76FB0000 - 76FB8000)
WLDAP32.dll (76F60000 - 76F8C000)
mdnsNSP.dll (16080000 - 160A5000)
win32spl.dll (75C10000 - 75C34000)
NETRAP.dll (71C80000 - 71C87000)
NTDSAPI.dll (767A0000 - 767B3000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (01010000 - 012D5000)
inetpp.dll (74300000 - 74315000)

PID 304 - C:\Program Files\Avira\AntiVir Desktop\sched.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
IPHLPAPI.DLL (76D60000 - 76D79000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
MSVCR90.dll (78520000 - 785C3000)
MSVCP90.dll (78480000 - 7850E000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
schedr.dll (10000000 - 10004000)
WTSAPI32.DLL (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
rasapi32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
rtutils.dll (76E80000 - 76E8E000)
WINMM.dll (76B40000 - 76B6D000)
avevtlog.dll (00BC0000 - 00BEE000)
sqlite3.dll (00D00000 - 00D53000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
xpsp2res.dll (01470000 - 01735000)
rsaenh.dll (68000000 - 68036000)
uxtheme.dll (5AD70000 - 5ADA8000)
userenv.dll (769C0000 - 76A74000)
cryptnet.dll (75E60000 - 75E73000)
PSAPI.DLL (76BF0000 - 76BFB000)
SensApi.dll (722B0000 - 722B5000)
WINHTTP.dll (4D4F0000 - 4D549000)
WLDAP32.dll (76F60000 - 76F8C000)

PID 336 - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
MSVCR90.dll (78520000 - 785C3000)
MSVCP90.dll (78480000 - 7850E000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
WTSAPI32.DLL (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
AVEvtLog.dll (10000000 - 1002E000)
guardmsg.dll (00C20000 - 00C28000)
sqlite3.dll (00C30000 - 00C83000)
AVPREF.DLL (00DA0000 - 00DAD000)
SMTPLIB.DLL (00DC0000 - 00DCB000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wintrust.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
AVGIO.DLL (01220000 - 01236000)
FLTLIB.DLL (4FFE0000 - 4FFE8000)
aecore.dll (01350000 - 01380000)
aevdf.dll (01390000 - 013AB000)
aescript.dll (013C0000 - 014BC000)
aescn.dll (014D0000 - 014F0000)
aesbx.dll (01500000 - 0153F000)
aerdl.dll (01550000 - 015C7000)
aepack.dll (015E0000 - 0164D000)
unacev2.dll (01660000 - 016AB000)
aeoffice.dll (016C0000 - 016F2000)
aeheur.dll (01710000 - 01949000)
aehelp.dll (01960000 - 0199C000)
aegen.dll (019B0000 - 01A0C000)
aeemu.dll (01A20000 - 01A81000)
aebb.dll (01AA0000 - 01AAE000)
avipc.dll (01C60000 - 01C72000)

PID 896 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
xpsp2res.dll (00630000 - 008F5000)
webclnt.dll (5A6E0000 - 5A6F5000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00940000 - 00949000)
iertutil.dll (3DFD0000 - 3E015000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)

PID 1236 - C:\WINDOWS\Explorer.EXE
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
Explorer.EXE:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address:   5CB70000
Size:      00026000
Flags:      8000400C
Load count:   1
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5512
Company:   Microsoft Corporation
File Version:   5.1.2600.5512 (xpsp.080413-2105)
Description:   Shim Engine DLL
Location:   C:\WINDOWS\system32\ShimEng.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\WINDOWS\system32\ShimEng.dll:
Base address:   5CB70000
Size:      00026000
Flags:      8000400C
Load count:   1
Name:      Microsoft® Windows® Operating System
Prod. Version:   5.1.2600.5512
Company:   Microsoft Corporation
File Version:   5.1.2600.5512 (xpsp.080413-2105)
Description:   Shim Engine DLL
Location:   C:\WINDOWS\system32\ShimEng.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
RPCRT4.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
Secur32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
BROWSEUI.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GDI32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USER32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msvcrt.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ole32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHLWAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
OLEAUT32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHDOCVW.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CRYPT32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSASN1.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CRYPTUI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NETAPI32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
VERSION.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WININET.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iertutil.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINTRUST.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
IMAGEHLP.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WLDAP32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SHELL32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
UxTheme.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINMM.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSACM32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
USERENV.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
IMM32.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comctl32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msctfime.ime:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
appHelp.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CLBCATQ.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GrooveShellExGetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GrooveUtil.DLGetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MSVCR80.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ATL80.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
rsaenh.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
cscui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
CSCDLL.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
themeui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
actxprxy.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wmpband.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MPR.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
OAwatch.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WS2_32.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WS2HELP.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wtsapi32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GrooveSystemSGetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msxml3.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ntshrui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ATL.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SETUPAPI.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
msi.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
LINKINFO.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ieframe.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
PSAPI.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
urlmon.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MLANG.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NETSHELL.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
credui.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
eappcfg.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
iphlpapi.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
oaevent.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
webcheck.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
stobject.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
BatMeter.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wdmaud.drv :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mydocs.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
GrooveMisc.dlGetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
shlext.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINSPOOL.DRV:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
mbamext.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WZCSAPI.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
fxsst.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
FXSAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NTMARTA.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
wzcdlg.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
WINHTTP.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ntlanman.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
NETUI0.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
davclnt.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MPRAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
ACTIVEDS.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
adsldpc.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DNSAPI.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DHCPCSVC.DLL:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
PDFShell.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SDHelper.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
comdlg32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
faultrep.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
olepro32.dll:GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
jsproxy.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
SXS.DLL :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
DUSER.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll
MpOAv.dll :GetProcAddress --[HOOKED]-- @5CB77774 by C:\WINDOWS\system32\ShimEng.dll

SCHC · « **Reply #48 on:** March 14, 2010, 04:47:32 PM »

The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   01780000
Size:      000EB000
Flags:      80284004
Load count:   1
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   01780000
Size:      000EB000
Flags:      80284004
Load count:   1
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
BROWSEUI.dll (75F80000 - 7607D000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   01780000
Size:      000EB000
Flags:      80284004
Load count:   1
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
SHLWAPI.dll (77F60000 - 77FD6000)
OLEAUT32.dll (77120000 - 771AB000)
SHDOCVW.dll (7E290000 - 7E401000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
CRYPTUI.dll (754D0000 - 75550000)
NETAPI32.dll (5B860000 - 5B8B5000)
VERSION.dll (77C00000 - 77C08000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00400000 - 00409000)
iertutil.dll (3DFD0000 - 3E015000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
WLDAP32.dll (76F60000 - 76F8C000)
SHELL32.dll (7C9C0000 - 7D1D7000)
UxTheme.dll (5AD70000 - 5ADA8000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
MSACM32.dll (77BE0000 - 77BF5000)
USERENV.dll (769C0000 - 76A74000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
msctfime.ime (755C0000 - 755EE000)
appHelp.dll (77B40000 - 77B62000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
GrooveShellExtensions.dll(661D0000 - 663EF000)
GrooveUtil.DLL (68EF0000 - 68FE2000)
MSVCR80.dll (78130000 - 781CB000)
GrooveNew.DLL (68FF0000 - 68FF7000)
ATL80.DLL (7C630000 - 7C64B000)
rsaenh.dll (68000000 - 68036000)
MSImg32.dll (76380000 - 76385000)
cscui.dll (77A20000 - 77A74000)
CSCDLL.dll (76600000 - 7661D000)
themeui.dll (5BA60000 - 5BAD1000)
xpsp2res.dll (011B0000 - 01475000)
actxprxy.dll (71D40000 - 71D5B000)
wmpband.dll (4C4B0000 - 4C4C8000)
MPR.dll (71B20000 - 71B32000)
OAwatch.dll (01780000 - 0186B000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
GrooveSystemServices.dll(65E50000 - 65E7D000)
msxml3.dll (74980000 - 74AA3000)
ntshrui.dll (76990000 - 769B5000)
ATL.DLL (76B20000 - 76B31000)
SETUPAPI.dll (77920000 - 77A13000)
msi.dll (7D1E0000 - 7D49C000)
LINKINFO.dll (76980000 - 76988000)
ieframe.dll (3E1C0000 - 3E78D000)
PSAPI.DLL (76BF0000 - 76BFB000)
urlmon.dll (01F60000 - 02088000)
MLANG.dll (75CF0000 - 75D81000)
NETSHELL.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3api.dll (478C0000 - 478CA000)
rtutils.dll (76E80000 - 76E8E000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
eappcfg.dll (745B0000 - 745D2000)
MSVCP60.dll (76080000 - 760E5000)
eappprxy.dll (5DCD0000 - 5DCDE000)
iphlpapi.dll (76D60000 - 76D79000)
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 11 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   01780000
Size:      000EB000
Flags:      80284004
Load count:   1
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MpShHook.dll (5F800000 - 5F816000)
MSVCP80.dll (7C420000 - 7C4A7000)
oaevent.dll (026B0000 - 02799000)
webcheck.dll (42E40000 - 42E7C000)
stobject.dll (76280000 - 762A1000)
BatMeter.dll (74AF0000 - 74AFA000)
POWRPROF.dll (74AD0000 - 74AD8000)
wdmaud.drv (72D20000 - 72D29000)
msacm32.drv (72D10000 - 72D18000)
midimap.dll (77BD0000 - 77BD7000)
mydocs.dll (72410000 - 7242A000)
GrooveMisc.dll (66B50000 - 66CCF000)
shlext.dll (030F0000 - 0313C000)
WINSPOOL.DRV (73000000 - 73026000)
mbamext.dll (03150000 - 03168000)
WZCSAPI.DLL (73030000 - 73040000)
fxsst.dll (68DF0000 - 68E7D000)
FXSAPI.dll (5A980000 - 5A9F2000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
wzcdlg.dll (5DF10000 - 5DF70000)
WINHTTP.dll (4D4F0000 - 4D549000)
xpsp3res.dll (20000000 - 200AA000)
drprov.dll (75F60000 - 75F67000)
ntlanman.dll (71C10000 - 71C1E000)
NETUI0.dll (71CD0000 - 71CE7000)
NETUI1.dll (71C90000 - 71CD0000)
NETRAP.dll (71C80000 - 71C87000)
davclnt.dll (75F70000 - 75F7A000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
DNSAPI.dll (76F20000 - 76F47000)
DHCPCSVC.DLL (7D4B0000 - 7D4D2000)
PDFShell.dll (10000000 - 1001C000)
browselc.dll (71600000 - 71612000)
SDHelper.dll (035E0000 - 03765000)
comdlg32.dll (763B0000 - 763F9000)
faultrep.dll (69450000 - 69466000)
olepro32.dll (5EDD0000 - 5EDE7000)
jsproxy.dll (42B80000 - 42B8A000)
SXS.DLL (7E720000 - 7E7D0000)
DUSER.dll (6C1B0000 - 6C1FD000)
MpOAv.dll (04100000 - 04115000)

PID 1808 - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00A60000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00A60000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
VERSION.dll (77C00000 - 77C08000)
WINMM.dll (76B40000 - 76B6D000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00A60000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00A60000 - 00B4B000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
SynCOM.dll (10000000 - 10028000)
msctfime.ime (755C0000 - 755EE000)
SynTPAPI.dll (63010000 - 63035000)

PID 1976 - C:\WINDOWS\system32\rundll32.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
msvcrt.dll (77C10000 - 77C68000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IMAGEHLP.dll (76C90000 - 76CB8000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
OAwatch.dll (009E0000 - 00ACB000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
nvHotkey.dll (10000000 - 10015000)
msctfime.ime (755C0000 - 755EE000)

PID 172 - C:\WINDOWS\system32\RunDLL32.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
msvcrt.dll (77C10000 - 77C68000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IMAGEHLP.dll (76C90000 - 76CB8000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
OAwatch.dll (009E0000 - 00ACB000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
NvMCTray.dll (10000000 - 10016000)
nvapi.dll (00C50000 - 00CA6000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
msctfime.ime (755C0000 - 755EE000)

PID 128 - C:\WINDOWS\OEM02Mon.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   008F0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   008F0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   008F0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SETUPAPI.dll (77920000 - 77A13000)
ksproxy.ax (5E030000 - 5E053000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
ksuser.dll (73EE0000 - 73EE4000)
IMM32.DLL (76390000 - 763AD000)
OAwatch.dll (008F0000 - 009DB000)
version.dll (77C00000 - 77C08000)
comctl32.dll (5D090000 - 5D12A000)
shell32.dll (7C9C0000 - 7D1D7000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
comctl32.dll (773D0000 - 774D3000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)

PID 504 - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
PfMgrApi.dll (10000000 - 100DF000)
LIBEAY32.dll (004D0000 - 005DF000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
TraceAPI.DLL (00330000 - 00399000)
PsRegApi.dll (005E0000 - 00662000)
SETUPAPI.dll (77920000 - 77A13000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 17 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F17001E]
--> JMP 5F160F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 1A - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F1A001E]
--> JMP 5F190F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OLEAUT32.dll (77120000 - 771AB000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
VERSION.dll (77C00000 - 77C08000)
DbEngine.dll (003A0000 - 003F9000)
IntStngs.dll (00670000 - 006C9000)
MurocApi.dll (006D0000 - 0077E000)
S24MUDLL.dll (00780000 - 00799000)
ICMP.dll (74290000 - 74294000)
iphlpapi.dll (76D60000 - 76D79000)
The code of IcmpSendEcho at 76D64B79 (0) got patched. Here is the diff:
Address New-Original
76D64B79: FF - 8B
76D64B7A: 25 - FF
76D64B7B: 1E - 55
76D64B7C: 00 - 8B
76D64B7D: 11 - EC
76D64B7E: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0B00

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0B00:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 14 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   00EA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
oledlg.dll (7DF70000 - 7DF92000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00EA0000 - 00F8B000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
USERENV.dll (769C0000 - 76A74000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msado15.dll (4DE10000 - 4DE93000)
MSDART.DLL (765B0000 - 765D5000)
xpsp2res.dll (013D0000 - 01695000)
oledb32.dll (73160000 - 731D7000)
OLEDB32R.DLL (75350000 - 75361000)
msdasql.dll (018A0000 - 018ED000)
MSDATL3.dll (60E30000 - 60E47000)
ODBC32.dll (74320000 - 7435D000)
odbcint.dll (01180000 - 01197000)
MSDASQLR.DLL (011A0000 - 011A4000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
odbcjt32.dll (4DD40000 - 4DD84000)
msjet40.dll (1B000000 - 1B170000)
mswstr10.dll (1B5D0000 - 1B665000)
odbcji32.dll (5D130000 - 5D13E000)
msjter40.dll (1B2C0000 - 1B2CD000)
MSJINT40.DLL (1B2D0000 - 1B2F6000)
odbccp32.dll (5FE80000 - 5FE9B000)
msadce.dll (74060000 - 740B1000)
msadcer.dll (06DE0000 - 06DE5000)
wbemprox.dll (74EF0000 - 74EF8000)
wbemcomn.dll (75290000 - 752C7000)
wbemsvc.dll (74ED0000 - 74EDE000)
fastprox.dll (75690000 - 75706000)
NTDSAPI.dll (767A0000 - 767B3000)
DNSAPI.dll (76F20000 - 76F47000)
WLDAP32.dll (76F60000 - 76F8C000)
rsaenh.dll (68000000 - 68036000)
msi.dll (7D1E0000 - 7D49C000)
SXS.DLL (7E720000 - 7E7D0000)

SCHC · « **Reply #49 on:** March 14, 2010, 04:48:29 PM »

PID 1000 - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00DC0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00DC0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
PsRegApi.dll (10000000 - 10082000)
SETUPAPI.dll (77920000 - 77A13000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00DC0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
msvcrt.dll (77C10000 - 77C68000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
VERSION.dll (77C00000 - 77C08000)
WINMM.dll (76B40000 - 76B6D000)
IntStngs.dll (00330000 - 00389000)
TraceAPI.DLL (00390000 - 003F9000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
MurocApi.dll (00500000 - 005AE000)
S24MUDLL.dll (005B0000 - 005C9000)
LIBEAY32.dll (005D0000 - 006DF000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
ICMP.dll (74290000 - 74294000)
iphlpapi.dll (76D60000 - 76D79000)
The code of IcmpSendEcho at 76D64B79 (0) got patched. Here is the diff:
Address New-Original
76D64B79: FF - 8B
76D64B7A: 25 - FF
76D64B7B: 1E - 55
76D64B7C: 00 - 8B
76D64B7D: 11 - EC
76D64B7E: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0B00

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0B00:
Base address:   00DC0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 14 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   00DC0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
oledlg.dll (7DF70000 - 7DF92000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00DC0000 - 00EAB000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
rsaenh.dll (68000000 - 68036000)
msctfime.ime (755C0000 - 755EE000)
ConnMgr.dll (010F0000 - 0124B000)
PfMgrApi.dll (01250000 - 0132F000)
DbEngine.dll (01020000 - 01079000)
imagehlp.dll (76C90000 - 76CB8000)
USERENV.dll (769C0000 - 76A74000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msado15.dll (4DE10000 - 4DE93000)
MSDART.DLL (765B0000 - 765D5000)
xpsp2res.dll (016B0000 - 01975000)
oledb32.dll (73160000 - 731D7000)
OLEDB32R.DLL (75350000 - 75361000)
msdasql.dll (01B80000 - 01BCD000)
MSDATL3.dll (60E30000 - 60E47000)
ODBC32.dll (74320000 - 7435D000)
odbcint.dll (010B0000 - 010C7000)
MSDASQLR.DLL (01D10000 - 01D14000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
odbcjt32.dll (4DD40000 - 4DD84000)
msjet40.dll (1B000000 - 1B170000)
mswstr10.dll (1B5D0000 - 1B665000)
odbcji32.dll (5D130000 - 5D13E000)
msjter40.dll (1B2C0000 - 1B2CD000)
MSJINT40.DLL (1B2D0000 - 1B2F6000)
odbccp32.dll (5FE80000 - 5FE9B000)
msadce.dll (74060000 - 740B1000)
msadcer.dll (070D0000 - 070D5000)
wbemprox.dll (74EF0000 - 74EF8000)
wbemcomn.dll (75290000 - 752C7000)
wbemsvc.dll (74ED0000 - 74EDE000)
fastprox.dll (75690000 - 75706000)
NTDSAPI.dll (767A0000 - 767B3000)
DNSAPI.dll (76F20000 - 76F47000)
WLDAP32.dll (76F60000 - 76F8C000)
netman.dll (77D00000 - 77D33000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
ATL.DLL (76B20000 - 76B31000)
rtutils.dll (76E80000 - 76E8E000)
SAMLIB.dll (71BF0000 - 71C03000)
netshell.dll (76400000 - 765A5000)
credui.dll (76C00000 - 76C2E000)
dot3api.dll (478C0000 - 478CA000)
dot3dlg.dll (736D0000 - 736D6000)
OneX.DLL (5DCA0000 - 5DCC8000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
eappcfg.dll (745B0000 - 745D2000)
eappprxy.dll (5DCD0000 - 5DCDE000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (06F50000 - 06F59000)
iertutil.dll (3DFD0000 - 3E015000)
WZCSAPI.DLL (73030000 - 73040000)
WZCSvc.DLL (7DB10000 - 7DB9C000)
WMI.dll (76D30000 - 76D34000)
DHCPCSVC.DLL (7D4B0000 - 7D4D2000)
EapolQec.dll (72810000 - 7281B000)
QUtil.dll (726C0000 - 726D6000)
ESENT.dll (606B0000 - 607BD000)

PID 1212 - C:\WINDOWS\stsystra.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00A20000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00A20000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
STLang.dll (10000000 - 10189000)
MFC42u.DLL (5F800000 - 5F8F2000)
msvcrt.dll (77C10000 - 77C68000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00A20000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
SHELL32.dll (7C9C0000 - 7D1D7000)
COMCTL32.dll (5D090000 - 5D12A000)
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 11 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   00A20000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 14 - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   00A20000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00A20000 - 00B0B000)
oleaut32.dll (77120000 - 771AB000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (00F20000 - 011E5000)
stacapi.dll (015F0000 - 01634000)
SETUPAPI.dll (77920000 - 77A13000)
WINMM.dll (76B40000 - 76B6D000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
wdmaud.drv (72D20000 - 72D29000)
msacm32.drv (72D10000 - 72D18000)
MSACM32.dll (77BE0000 - 77BF5000)
midimap.dll (77BD0000 - 77BD7000)

PID 1540 - C:\WINDOWS\system32\KADxMain.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
KADxCtl.dll (10000000 - 1002D000)
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
msvcrt.dll (77C10000 - 77C68000)
SETUPAPI.dll (77920000 - 77A13000)
WINMM.dll (76B40000 - 76B6D000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 11 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 14 - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OLEAUT32.dll (77120000 - 771AB000)
WINSPOOL.DRV (73000000 - 73026000)
oledlg.dll (7DF70000 - 7DF92000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (009E0000 - 00ACB000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
wdmaud.drv (72D20000 - 72D29000)
msacm32.drv (72D10000 - 72D18000)
MSACM32.dll (77BE0000 - 77BF5000)
midimap.dll (77BD0000 - 77BD7000)
xpsp2res.dll (00F20000 - 011E5000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)

PID 1788 - C:\Program Files\Dell\MediaDirect\PCMService.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
WININET.dll (3D930000 - 3DA01000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Normaliz.dll (00330000 - 00339000)
iertutil.dll (3DFD0000 - 3E015000)
DDRAW.dll (73760000 - 737AB000)
DCIMAN32.dll (73BC0000 - 73BC6000)
d3d9.dll (4FDD0000 - 4FF76000)
d3d8thk.dll (6D990000 - 6D996000)
VERSION.dll (77C00000 - 77C08000)
WINMM.dll (76B40000 - 76B6D000)
MFC71.DLL (7C140000 - 7C243000)
MSVCR71.dll (7C340000 - 7C396000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 11 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 14 - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
OLEAUT32.dll (77120000 - 771AB000)
MSVCP71.dll (7C3A0000 - 7C41B000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
OAwatch.dll (00BA0000 - 00C8B000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (00F10000 - 011D5000)
wab32.dll (470D0000 - 47151000)
MSOERT2.dll (76880000 - 768A2000)
wab32res.dll (35F40000 - 35F7F000)
msctfime.ime (755C0000 - 755EE000)
msident.dll (608A0000 - 608AF000)
msidntld.dll (60890000 - 60896000)
PSTOREC.DLL (5E0C0000 - 5E0CD000)
ATL.DLL (76B20000 - 76B31000)
CLRCEngine3.dll (10000000 - 10011000)
msxml3.dll (74980000 - 74AA3000)
urlmon.dll (78130000 - 78258000)
MSOXMLMF.DLL (38A70000 - 38A7C000)
MSVCR80.dll (01C30000 - 01CCB000)
mlang.dll (75CF0000 - 75D81000)

SCHC · « **Reply #50 on:** March 14, 2010, 04:49:26 PM »

PID 2052 - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00BA0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
GrooveUtil.DLL (68EF0000 - 68FE2000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00350000 - 00359000)
iertutil.dll (3DFD0000 - 3E015000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
OLEAUT32.dll (77120000 - 771AB000)
MSVCR80.dll (78130000 - 781CB000)
GrooveNew.DLL (68FF0000 - 68FF7000)
VERSION.dll (77C00000 - 77C08000)
ATL80.DLL (7C630000 - 7C64B000)
COMCTL32.dll (5D090000 - 5D12A000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
rsaenh.dll (68000000 - 68036000)
OAwatch.dll (00BA0000 - 00C8B000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
USERENV.dll (769C0000 - 76A74000)
SETUPAPI.dll (77920000 - 77A13000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
GrooveShellExtensions.dll(661D0000 - 663EF000)
MSImg32.dll (76380000 - 76385000)
GrooveSystemServices.dll(65E50000 - 65E7D000)
LINKINFO.dll (76980000 - 76988000)
ntshrui.dll (76990000 - 769B5000)
ATL.DLL (76B20000 - 76B31000)
msxml3.dll (74980000 - 74AA3000)

PID 3032 - C:\Program Files\Windows Defender\MSASCui.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00C60000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00C60000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
MSVCR80.dll (78130000 - 781CB000)
msvcrt.dll (77C10000 - 77C68000)
MSVCP80.dll (7C420000 - 7C4A7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00C60000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
MpClient.dll (5B800000 - 5B84F000)
USERENV.dll (769C0000 - 76A74000)
gdiplus.dll (4EC50000 - 4EDFB000)
COMCTL32.dll (773D0000 - 774D3000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
MsMpRes.dll (61800000 - 6189A000)
MpRtMon.DLL (5D800000 - 5D8AC000)
NETAPI32.dll (5B860000 - 5B8B5000)
WINHTTP.dll (4D4F0000 - 4D549000)
urlmon.dll (002B0000 - 003D8000)
iertutil.dll (3DFD0000 - 3E015000)
VERSION.dll (77C00000 - 77C08000)
IMM32.DLL (76390000 - 763AD000)
OAwatch.dll (00C60000 - 00D4B000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
uxtheme.dll (5AD70000 - 5ADA8000)
MSFTEDIT.DLL (4B400000 - 4B486000)
msctfime.ime (755C0000 - 755EE000)
rsaenh.dll (68000000 - 68036000)
MpAsDesc.dll (60800000 - 6080D000)

PID 3200 - C:\Program Files\iTunes\iTunesHelper.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00910000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00910000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00910000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
COMCTL32.dll (5D090000 - 5D12A000)
SHLWAPI.dll (77F60000 - 77FD6000)
msvcrt.dll (77C10000 - 77C68000)
IMM32.DLL (76390000 - 763AD000)
OAwatch.dll (00910000 - 009FB000)
oleaut32.dll (77120000 - 771AB000)
ole32.dll (774E0000 - 7761D000)
version.dll (77C00000 - 77C08000)
shell32.dll (7C9C0000 - 7D1D7000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
comctl32.dll (773D0000 - 774D3000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
iTunesHelper.dll (10000000 - 10037000)
CoreFoundation.dll (00B50000 - 00C1A000)
MSVCR80.dll (78130000 - 781CB000)
pthreadVC2.dll (003C0000 - 003D0000)
objc.dll (00C20000 - 00C3C000)
MSVCP80.dll (7C420000 - 7C4A7000)
icuin40.dll (00C70000 - 00D6D000)
icuuc40.dll (00D80000 - 00E61000)
icudt40.dll (4AD00000 - 4BA5B000)
ASL.dll (00E80000 - 00E8D000)
SETUPAPI.dll (77920000 - 77A13000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00EA0000 - 00EA9000)
iertutil.dll (3DFD0000 - 3E015000)
uxtheme.dll (5AD70000 - 5ADA8000)
iTunesHelperLocalized.DLL(014A0000 - 014AE000)
iTunesHelper.DLL (014D0000 - 014DE000)
msctfime.ime (755C0000 - 755EE000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
QuickTime.qts (66800000 - 673AB000)
QTCF.dll (68A40000 - 68A6E000)
WINMM.dll (76B40000 - 76B6D000)
comdlg32.dll (763B0000 - 763F9000)
gdiplus.dll (4EC50000 - 4EDFB000)
DSOUND.dll (73F10000 - 73F6C000)
CFNetwork.dll (01740000 - 017D3000)
SQLite3.dll (017F0000 - 01853000)
zlib1.dll (01870000 - 01883000)
iphlpapi.dll (76D60000 - 76D79000)
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 11 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   00910000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ddraw.dll (73760000 - 737AB000)
DCIMAN32.dll (73BC0000 - 73BC6000)
iTunesMobileDevice.dll(01D90000 - 01EDF000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (02250000 - 02515000)
msi.dll (7D1E0000 - 7D49C000)
SXS.DLL (7E720000 - 7E7D0000)

PID 3232 - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00AB0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00AB0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
mfc90u.dll (789E0000 - 78D81000)
MSVCR90.dll (78520000 - 785C3000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00AB0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
SHLWAPI.dll (77F60000 - 77FD6000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
COMCTL32.dll (773D0000 - 774D3000)
MSIMG32.dll (76380000 - 76385000)
SHELL32.dll (7C9C0000 - 7D1D7000)
cclib.dll (10000000 - 10038000)
VERSION.dll (77C00000 - 77C08000)
MSVCP90.dll (78480000 - 7850E000)
IMM32.DLL (76390000 - 763AD000)
UxTheme.dll (5AD70000 - 5ADA8000)
MFC90ENU.DLL (5D360000 - 5D36D000)
OAwatch.dll (00AB0000 - 00B9B000)
oleaut32.dll (77120000 - 771AB000)
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 11 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   00AB0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 14 - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   00AB0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
msctfime.ime (755C0000 - 755EE000)
ccgen.dll (00D70000 - 00DE0000)
ccgenrc.dll (00E20000 - 00E29000)
ccguard.dll (00E30000 - 00E6A000)
ccgrdrc.dll (00E90000 - 00E97000)
avipc.dll (00EA0000 - 00EB2000)
ccupdate.dll (00ED0000 - 00EFC000)
ccupdrc.dll (00F20000 - 00F25000)
cclic.dll (00F30000 - 00F41000)
cclicrc.dll (01070000 - 01073000)
ccmsg.dll (01080000 - 010AD000)

PID 3316 - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
SETUPAPI.dll (77920000 - 77A13000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
USERENV.dll (769C0000 - 76A74000)
IMM32.DLL (76390000 - 763AD000)
NTMARTA.DLL (77690000 - 776B1000)
ole32.dll (774E0000 - 7761D000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)

PID 3448 - C:\Program Files\Bonjour\mDNSResponder.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
IPHLPAPI.DLL (76D60000 - 76D79000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
rsaenh.dll (68000000 - 68036000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
NETAPI32.dll (5B860000 - 5B8B5000)
WLDAP32.dll (76F60000 - 76F8C000)
ATL.DLL (76B20000 - 76B31000)
rtutils.dll (76E80000 - 76E8E000)
SAMLIB.dll (71BF0000 - 71C03000)
SETUPAPI.dll (77920000 - 77A13000)

PID 3476 - C:\Program Files\Common Files\Java\Java Update\jusched.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00B30000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00B30000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

SCHC · « **Reply #51 on:** March 14, 2010, 04:50:20 PM »

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00B30000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
WININET.dll (3D930000 - 3DA01000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
Normaliz.dll (00340000 - 00349000)
iertutil.dll (3DFD0000 - 3E015000)
ole32.dll (774E0000 - 7761D000)
SHELL32.dll (7C9C0000 - 7D1D7000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
OAwatch.dll (00B30000 - 00C1B000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)

PID 3864 - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00420000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00420000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
OAwatch.dll (00420000 - 0050B000)
user32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00420000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
oleaut32.dll (77120000 - 771AB000)
msvcrt.dll (77C10000 - 77C68000)
ole32.dll (774E0000 - 7761D000)
version.dll (77C00000 - 77C08000)
comctl32.dll (773D0000 - 774D3000)
SHLWAPI.dll (77F60000 - 77FD6000)
shell32.dll (7C9C0000 - 7D1D7000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
IMM32.DLL (76390000 - 763AD000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
gtn.dll (10000000 - 10027000)
IPHLPAPI.DLL (76D60000 - 76D79000)
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 11 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   00420000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
PSAPI.DLL (76BF0000 - 76BFB000)
RASAPI32.dll (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
rtutils.dll (76E80000 - 76E8E000)
WINMM.dll (76B40000 - 76B6D000)
WININET.dll (3D930000 - 3DA01000)
Normaliz.dll (00350000 - 00359000)
iertutil.dll (3DFD0000 - 3E015000)
uxtheme.dll (5AD70000 - 5ADA8000)
USERENV.dll (769C0000 - 76A74000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
swg.dll (00E90000 - 00F5A000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
SETUPAPI.dll (77920000 - 77A13000)
msctfime.ime (755C0000 - 755EE000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
rsaenh.dll (68000000 - 68036000)
xpsp2res.dll (01180000 - 01445000)
msi.dll (7D1E0000 - 7D49C000)
SXS.DLL (7E720000 - 7E7D0000)
MPRAPI.dll (76D40000 - 76D58000)
ACTIVEDS.dll (77CC0000 - 77CF2000)
adsldpc.dll (76E10000 - 76E35000)
WLDAP32.dll (76F60000 - 76F8C000)
ATL.DLL (76B20000 - 76B31000)
SAMLIB.dll (71BF0000 - 71C03000)

PID 3956 - C:\Program Files\Digital Line Detect\DLG.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   009E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
BVRPDIAG.dll (10000000 - 10006000)
SHFOLDER.dll (76780000 - 76789000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
MdmXSdk.dll (00900000 - 0093C000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
OAwatch.dll (009E0000 - 00ACB000)
oleaut32.dll (77120000 - 771AB000)
ole32.dll (774E0000 - 7761D000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)

PID 152 - C:\Program Files\Java\jre6\bin\jqs.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
ole32.dll (774E0000 - 7761D000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
MSVCR71.dll (7C340000 - 7C396000)
IMM32.DLL (76390000 - 763AD000)
psapi.dll (76BF0000 - 76BFB000)
pdh.dll (74000000 - 74056000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
ODBC32.dll (74320000 - 7435D000)
odbcbcp.dll (711A0000 - 711A6000)
VERSION.dll (77C00000 - 77C08000)
OLEAUT32.dll (77120000 - 771AB000)
comctl32.dll (773D0000 - 774D3000)
odbcint.dll (007F0000 - 00807000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
perfos.dll (5E760000 - 5E76A000)
perfdisk.dll (5E790000 - 5E799000)

PID 516 - C:\WINDOWS\system32\nvsvc32.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
USERENV.dll (769C0000 - 76A74000)
msvcrt.dll (77C10000 - 77C68000)
POWRPROF.dll (74AD0000 - 74AD8000)
IMM32.DLL (76390000 - 763AD000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
COMCTL32.dll (5D090000 - 5D12A000)
OLEAUT32.dll (77120000 - 771AB000)
comctl32.dll (773D0000 - 774D3000)
nvapi.dll (007F0000 - 00846000)
NTMARTA.DLL (77690000 - 776B1000)
SAMLIB.dll (71BF0000 - 71C03000)
WLDAP32.dll (76F60000 - 76F8C000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
Apphelp.dll (77B40000 - 77B62000)
VERSION.dll (77C00000 - 77C08000)

PID 1576 - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
SETUPAPI.dll (77920000 - 77A13000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
msvcrt.dll (77C10000 - 77C68000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
uxtheme.dll (5AD70000 - 5ADA8000)
xpsp2res.dll (00870000 - 00B35000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
VERSION.dll (77C00000 - 77C08000)

PID 1896 - C:\WINDOWS\system32\svchost.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
WINMM.dll (76B40000 - 76B6D000)
ole32.dll (774E0000 - 7761D000)
msvcrt.dll (77C10000 - 77C68000)
OLEAUT32.dll (77120000 - 771AB000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
wiaservc.dll (75AA0000 - 75AF5000)
CFGMGR32.dll (74AE0000 - 74AE7000)
setupapi.DLL (77920000 - 77A13000)
mscms.dll (73B30000 - 73B45000)
WINSPOOL.DRV (73000000 - 73026000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
xpsp2res.dll (00680000 - 00945000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
wiavusd.dll (5A4B0000 - 5A4D6000)
gdiplus.dll (4EC50000 - 4EDFB000)
SHFOLDER.dll (76780000 - 76789000)
actxprxy.dll (71D40000 - 71D5B000)

PID 2932 - C:\Program Files\iPod\bin\iPodService.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
CFGMGR32.dll (74AE0000 - 74AE7000)
setupapi.dll (77920000 - 77A13000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
GDI32.dll (77F10000 - 77F59000)
USER32.dll (7E410000 - 7E4A1000)
msvcrt.dll (77C10000 - 77C68000)
VERSION.dll (77C00000 - 77C08000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
IMM32.DLL (76390000 - 763AD000)
iPodServiceLocalized.DLL(10000000 - 1000E000)
iPodService.DLL (008A0000 - 008AE000)
xpsp2res.dll (00CD0000 - 00F95000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msi.dll (7D1E0000 - 7D49C000)
SXS.DLL (7E720000 - 7E7D0000)
uxtheme.dll (5AD70000 - 5ADA8000)
Wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
WINTRUST.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)

PID 3584 - C:\WINDOWS\System32\alg.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
msvcrt.dll (77C10000 - 77C68000)
ATL.DLL (76B20000 - 76B31000)
USER32.dll (7E410000 - 7E4A1000)
GDI32.dll (77F10000 - 77F59000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
ole32.dll (774E0000 - 7761D000)
OLEAUT32.dll (77120000 - 771AB000)
WSOCK32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
MSWSOCK.DLL (71A50000 - 71A8F000)
ShimEng.dll (5CB70000 - 5CB96000)
AcGenral.DLL (6F880000 - 6FA4A000)
WINMM.dll (76B40000 - 76B6D000)
MSACM32.dll (77BE0000 - 77BF5000)
VERSION.dll (77C00000 - 77C08000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
USERENV.dll (769C0000 - 76A74000)
UxTheme.dll (5AD70000 - 5ADA8000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
comctl32.dll (5D090000 - 5D12A000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
xpsp2res.dll (00740000 - 00A05000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)

PID 2160 - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
acAuth.dll (10000000 - 10123000)
WS2_32.dll (71AB0000 - 71AC7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
msvcrt.dll (77C10000 - 77C68000)
WS2HELP.dll (71AA0000 - 71AA8000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
SETUPAPI.dll (77920000 - 77A13000)
iphlpapi.dll (76D60000 - 76D79000)
The code of IcmpSendEcho at 76D64B79 (0) got patched. Here is the diff:
Address New-Original
76D64B79: FF - 8B
76D64B7A: 25 - FF
76D64B7B: 1E - 55
76D64B7C: 00 - 8B
76D64B7D: 11 - EC
76D64B7E: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0B00

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0B00:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 14 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 17 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F17001E]
--> JMP 5F160F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 1A - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F1A001E]
--> JMP 5F190F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   00CE0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
C1XStngs.dll (00330000 - 003EF000)
PsRegApi.dll (00490000 - 00512000)
comdlg32.dll (763B0000 - 763F9000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
SHLWAPI.dll (77F60000 - 77FD6000)
WINSPOOL.DRV (73000000 - 73026000)
OLEAUT32.dll (77120000 - 771AB000)
PSAPI.DLL (76BF0000 - 76BFB000)
IntStngs.dll (00520000 - 00579000)
TraceAPI.DLL (00580000 - 005E9000)
OLEACC.dll (74C80000 - 74CAC000)
MSVCP60.dll (76080000 - 760E5000)
WinSCard.dll (723D0000 - 723EC000)
WTSAPI32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
oledlg.dll (7DF70000 - 7DF92000)
IWMSPROV.DLL (005F0000 - 0060F000)
USERENV.dll (769C0000 - 76A74000)
ICMP.dll (74290000 - 74294000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00CE0000 - 00DCB000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
uxtheme.dll (5AD70000 - 5ADA8000)
LSAWRAPI.dll (23000000 - 2300D000)
CLBCATQ.DLL (76FD0000 - 7704F000)
COMRes.dll (77050000 - 77115000)
msado15.dll (4DE10000 - 4DE93000)
MSDART.DLL (765B0000 - 765D5000)
xpsp2res.dll (01210000 - 014D5000)
oledb32.dll (73160000 - 731D7000)
OLEDB32R.DLL (75350000 - 75361000)
msdasql.dll (016E0000 - 0172D000)
MSDATL3.dll (60E30000 - 60E47000)
ODBC32.dll (74320000 - 7435D000)
odbcint.dll (00FC0000 - 00FD7000)
MSDASQLR.DLL (00FE0000 - 00FE4000)
comsvcs.dll (76620000 - 7675C000)
colbact.DLL (75130000 - 75144000)
MTXCLU.DLL (750F0000 - 75103000)
CLUSAPI.DLL (76D10000 - 76D22000)
RESUTILS.DLL (750B0000 - 750C2000)
odbcjt32.dll (4DD40000 - 4DD84000)
msjet40.dll (1B000000 - 1B170000)
mswstr10.dll (1B5D0000 - 1B665000)
odbcji32.dll (5D130000 - 5D13E000)
msjter40.dll (1B2C0000 - 1B2CD000)
MSJINT40.DLL (1B2D0000 - 1B2F6000)
odbccp32.dll (5FE80000 - 5FE9B000)
msadce.dll (74060000 - 740B1000)
msadcer.dll (06C20000 - 06C25000)
msi.dll (7D1E0000 - 7D49C000)
SXS.DLL (7E720000 - 7E7D0000)
msctfime.ime (755C0000 - 755EE000)
rsaenh.dll (68000000 - 68036000)
WINTRUST.dll (76C30000 - 76C5E000)
IMAGEHLP.dll (76C90000 - 76CB8000)
PfMgrApi.dll (07730000 - 0780F000)
LIBEAY32.dll (07930000 - 07A3F000)
DbEngine.dll (06BC0000 - 06C19000)

PID 3960 - C:\WINDOWS\system32\wscntfy.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   007E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

SCHC · « **Reply #52 on:** March 14, 2010, 04:50:56 PM »

The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   007E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of FreeLibrary at 7C80AC93 (21) got patched. Here is the diff:
Address New-Original
7C80AC93: A5 - DC
7C80AC94: 53 - FF
7C80AC95: 2F - FF
7C80AC96: F5 - FF
msvcrt.dll (77C10000 - 77C68000)
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   007E0000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
SHELL32.dll (7C9C0000 - 7D1D7000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
SHLWAPI.dll (77F60000 - 77FD6000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (007E0000 - 008CB000)
oleaut32.dll (77120000 - 771AB000)
ole32.dll (774E0000 - 7761D000)
version.dll (77C00000 - 77C08000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
xpsp2res.dll (00B50000 - 00E15000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)

PID 2796 - C:\Documents and Settings\Me\Desktop\radix_installer\radixgui.exe
-------------------------------------------------------------------------------
ntdll.dll (7C900000 - 7C9B2000)
kernel32.dll (7C800000 - 7C8F6000)
The code of CreateProcessA at 7C80236B (0) got patched. Here is the diff:
Address New-Original
7C80236B: FF - 8B
7C80236C: 25 - FF
7C80236D: 1E - 55
7C80236E: 00 - 8B
7C80236F: 05 - EC
7C802370: 5F - 6A
--> JMP DWORD PTR DS:[5F05001E]
--> JMP 5F040F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xBFDE0:
Base address:   00A90000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CreateProcessW at 7C802336 (0) got patched. Here is the diff:
Address New-Original
7C802336: FF - 8B
7C802337: 25 - FF
7C802338: 1E - 55
7C802339: 00 - 8B
7C80233A: 0B - EC
7C80233B: 5F - 6A
--> JMP DWORD PTR DS:[5F0B001E]
--> JMP 5F0A0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC03AC:
Base address:   00A90000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
USER32.dll (7E410000 - 7E4A1000)
The code of ExitWindowsEx at 7E45A275 (0) got patched. Here is the diff:
Address New-Original
7E45A275: FF - 8B
7E45A276: 25 - FF
7E45A277: 1E - 55
7E45A278: 00 - 8B
7E45A279: 0E - EC
7E45A27A: 5F - 83
--> JMP DWORD PTR DS:[5F0E001E]
--> JMP 5F0D0F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0978:
Base address:   00A90000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
GDI32.dll (77F10000 - 77F59000)
comdlg32.dll (763B0000 - 763F9000)
ADVAPI32.dll (77DD0000 - 77E6B000)
RPCRT4.dll (77E70000 - 77F02000)
Secur32.dll (77FE0000 - 77FF1000)
COMCTL32.dll (5D090000 - 5D12A000)
SHELL32.dll (7C9C0000 - 7D1D7000)
msvcrt.dll (77C10000 - 77C68000)
SHLWAPI.dll (77F60000 - 77FD6000)
ole32.dll (774E0000 - 7761D000)
The code of CoCreateInstance at 7750057E (0) got patched. Here is the diff:
Address New-Original
7750057E: FF - 8B
7750057F: 25 - FF
77500580: 1E - 55
77500581: 00 - 8B
77500582: 11 - EC
77500583: 5F - 83
--> JMP DWORD PTR DS:[5F11001E]
--> JMP 5F100F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1D68:
Base address:   00A90000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The code of CoCreateInstanceEx at 77500526 (0) got patched. Here is the diff:
Address New-Original
77500526: FF - 8B
77500527: 25 - FF
77500528: 1E - 55
77500529: 00 - 8B
7750052A: 14 - EC
7750052B: 5F - 6A
--> JMP DWORD PTR DS:[5F14001E]
--> JMP 5F130F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC1F54:
Base address:   00A90000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
VERSION.dll (77C00000 - 77C08000)
dbghelp.dll (59A60000 - 59B01000)
IMM32.DLL (76390000 - 763AD000)
comctl32.dll (773D0000 - 774D3000)
OAwatch.dll (00A90000 - 00B7B000)
oleaut32.dll (77120000 - 771AB000)
wsock32.dll (71AD0000 - 71AD9000)
WS2_32.dll (71AB0000 - 71AC7000)
WS2HELP.dll (71AA0000 - 71AA8000)
wtsapi32.dll (76F50000 - 76F58000)
WINSTA.dll (76360000 - 76370000)
NETAPI32.dll (5B860000 - 5B8B5000)
wintrust.dll (76C30000 - 76C5E000)
CRYPT32.dll (77A80000 - 77B15000)
MSASN1.dll (77B20000 - 77B32000)
IMAGEHLP.dll (76C90000 - 76CB8000)
uxtheme.dll (5AD70000 - 5ADA8000)
msctfime.ime (755C0000 - 755EE000)
xpsp2res.dll (0F600000 - 0F8C5000)
rsaenh.dll (68000000 - 68036000)
userenv.dll (769C0000 - 76A74000)
cryptnet.dll (75E60000 - 75E73000)
PSAPI.DLL (76BF0000 - 76BFB000)
SensApi.dll (722B0000 - 722B5000)
WINHTTP.dll (4D4F0000 - 4D549000)
WLDAP32.dll (76F60000 - 76F8C000)
mswsock.dll (71A50000 - 71A8F000)
hnetcfg.dll (662B0000 - 66308000)
wshtcpip.dll (71A90000 - 71A98000)
RASAPI32.DLL (76EE0000 - 76F1C000)
rasman.dll (76E90000 - 76EA2000)
TAPI32.dll (76EB0000 - 76EDF000)
rtutils.dll (76E80000 - 76E8E000)
WINMM.dll (76B40000 - 76B6D000)
msv1_0.dll (77C70000 - 77C95000)
cryptdll.dll (76790000 - 7679C000)
iphlpapi.dll (76D60000 - 76D79000)
The code of IcmpSendEcho2 at 76D6B73C (0) got patched. Here is the diff:
Address New-Original
76D6B73C: FF - 8B
76D6B73D: 25 - FF
76D6B73E: 1E - 55
76D6B73F: 00 - 8B
76D6B740: 17 - EC
76D6B741: 5F - 83
--> JMP DWORD PTR DS:[5F17001E]
--> JMP 5F160F5A
Patched by C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Information about C:\Program Files\Tall Emu\Online Armor\OAwatch.dll+0xC0C50:
Base address:   00A90000
Size:      000EB000
Flags:      80284004
Load count:   2
Name:      Online Armor Firewall
Prod. Version:   4.0.0.15
Company:   Tall Emu
File Version:   4.0.0.15
Description:   Online Armor Component
Location:   C:\Program Files\Tall Emu\Online Armor\OAwatch.dll
Signed:      YES
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DNSAPI.dll (76F20000 - 76F47000)
mdnsNSP.dll (16080000 - 160A5000)
rasadhlp.dll (76FC0000 - 76FC6000)
---- Check ended at 14.3.2010 22:27:14 ----

Dr Jay · « **Reply #53 on:** March 15, 2010, 03:05:48 PM »

The black screen at Startup is probably normal. We can modify that, if you like.

Any other issues? List any...like slowness, instability, etc.

SCHC · « **Reply #54 on:** March 15, 2010, 05:24:27 PM »

Not much. It's still giving two messages at start up about processes not starting (I mentioned them back on page 3 of this thread). Also still getting a message about a program from my firewall when I boot up (also on page 3).

Firefox had been crashing when I visited some websites (didn't seem to be any rhyme or reason to which ones) but that hasn't happened since running MBAM and everything else.

Otherwise, speed, stability, etc. seem normal.

I haven't been trusting my computer so I haven't been visiting any sites that require passwords (excepting this one), but I'd like to know when I can do so again. Thanks so much.

Dr Jay · « **Reply #55 on:** March 15, 2010, 07:34:46 PM »

Are you able to take screen shots of the messages or tell me what they say specifically?

SCHC · « **Reply #56 on:** March 16, 2010, 02:10:31 AM »

Error loading rqrstu.dll
The specified module could not be found.

and

Error loading jkhfde.dll
The specified module could not be found.

Dr Jay · « **Reply #57 on:** March 16, 2010, 11:03:01 AM »

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:filefind
jkhfde.dll
rqrstu.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SCHC · « **Reply #58 on:** March 16, 2010, 01:30:53 PM »

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:30 on 16/03/2010 by Me (Administrator - Elevation successful)

========== filefind ==========

Searching for "jkhfde.dll"
No files found.

Searching for "rqrstu.dll"
No files found.

-=End Of File=-

Is there a reason I couldn't cut and paste into SystemLook? I ended up having to type in the command since the cut and paste wasn't working.

Dr Jay · « **Reply #59 on:** March 16, 2010, 09:33:20 PM »

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
At the top, tick on Scan All Users section
At File Age set it to 90 Days
In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
In the Files Created Within and Files Modified Within section, set it to File Age
At the bottom, tick on all Safe List and Use Company Name WhiteList option
Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - Ext
Reg - IE
Explorer Bar
Reg - NetSvcs
Reg - Safeboot Minimal
Reg - Safeboot Network
File - Lop Check
File - Purity Scan

Do NOT change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

SCHC · « **Reply #60 on:** March 16, 2010, 11:27:56 PM »

Code: [Select]

OTS logfile created on: 3/17/2010 12:25:18 AM - Run 1
OTS by OldTimer - Version 3.1.27.0     Folder = C:\Documents and Settings\Me\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.18 Gb Total Space | 80.05 Gb Free Space | 73.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STEVE
Current User Name: Me
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
oacat.exe -> C:\Program Files\Tall Emu\Online Armor\oacat.exe -> [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/08/21 23:09:15 | 000,068,856 | ---- | M] (Google Inc.)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
oem02mon.exe -> C:\WINDOWS\OEM02Mon.exe -> [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
pcmservice.exe -> C:\Program Files\DELL\MediaDirect\PCMService.exe -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation)
zcfgsvc.exe -> C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe -> [2007/02/21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation)
wlkeeper.exe -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation)
ifrmewrk.exe -> C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe -> [2007/02/21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation)
s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation )
dot1xcfg.exe -> C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe -> [2007/02/21 11:13:26 | 000,487,424 | ---- | M] (Intel Corporation)
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
kadxmain.exe -> C:\WINDOWS\system32\KADxMain.exe -> [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(SvcOnlineArmor) Online Armor [Auto | Stopped] -> C:\Program Files\Tall Emu\Online Armor\oasrv.exe -> [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu)
(OAcat) Online Armor Helper Service [Auto | Running] -> C:\Program Files\Tall Emu\Online Armor\OAcat.exe -> [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH)
(aawservice) Ad-Aware 2007 Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
(EvtEng) Intel(R) PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007/02/21 11:28:36 | 000,643,072 | ---- | M] (Intel Corporation)
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -> [2007/02/21 11:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation)
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2007/02/21 11:16:48 | 000,983,040 | ---- | M] (Intel Corporation )
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007/02/21 11:10:00 | 000,327,680 | ---- | M] (Intel Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(OAmon) OAmon [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\OAmon.sys -> [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu)
(OAnet) OAnet [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\OAnet.sys -> [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd)
(OADevice) OADriver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\OADriver.sys -> [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007/06/06 15:34:38 | 006,345,472 | ---- | M] (NVIDIA Corporation)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007/06/06 15:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2007/06/03 14:20:58 | 000,202,912 | ---- | M] (Synaptics, Inc.)
(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Dev.sys -> [2007/05/09 10:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.)
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NETw4x32.sys -> [2007/05/08 23:05:36 | 002,203,520 | ---- | M] (Intel Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2007/05/08 21:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rixdptsk.sys -> [2007/05/08 21:46:12 | 000,037,376 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2007/05/08 21:46:08 | 000,043,520 | ---- | M] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2007/05/08 21:46:06 | 000,032,256 | ---- | M] (REDC)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\iaStor.sys -> [2007/05/08 20:22:58 | 000,277,784 | ---- | M] (Intel Corporation)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2007/04/23 21:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2007/04/23 21:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2007/04/23 21:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.)
(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\OEM02Vfx.sys -> [2007/03/05 03:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2007/02/21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation)
(DXEC02) DXEC02 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dxec02.sys -> [2006/11/02 12:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics)
(APPDRV) APPDRV [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> http://news.yahoo.com/ [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://news.yahoo.com/ [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"Default_Secondary_Page_URL" -> http://news.yahoo.com/ [binary data] -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Main\\"Start Page" -> http://www.yahoo.com -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Me\Application Data\Mozilla\FireFox\Profiles\xs21qfhi.default\prefs.js -> 
browser.startup.homepage -> "http://law.wustl.edu/" ->
extensions.enabledItems -> [email protected]:1.0.0.071101000055 ->
extensions.enabledItems -> [email protected]:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/02 12:26:56 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/03/03 18:07:10 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Extensions -> [2008/08/26 16:07:50 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions -> [2010/03/15 00:15:07 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions\[email protected] -> [2008/09/20 21:10:18 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\extensions\[email protected] -> [2009/09/14 07:21:38 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/15 00:15:07 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/03/09 15:09:37 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"@OnlineArmor GUI" -> C:\Program Files\Tall Emu\Online Armor\oaui.exe ["C:\Program Files\Tall Emu\Online Armor\oaui.exe"] -> [2009/12/05 08:53:38 | 006,622,920 | ---- | M] (Tall Emu)
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH)
"awurstdrv" ->  [rundll32.exe "rqrstu.dll",s] -> File not found
"hgfcdasys" ->  [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
"IntelWireless" -> C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2007/02/21 11:17:42 | 000,970,752 | ---- | M] (Intel Corporation)
"IntelZeroConfig" -> C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2007/02/21 11:19:58 | 000,819,200 | ---- | M] (Intel Corporation)
"KADxMain" -> C:\WINDOWS\system32\KADxMain.exe [C:\WINDOWS\system32\KADxMain.exe] -> [2006/11/02 14:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/06/06 15:34:42 | 008,429,568 | ---- | M] (NVIDIA Corporation)
"NVHotkey" -> C:\WINDOWS\System32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> [2007/06/06 15:34:54 | 000,067,584 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> [2007/06/06 15:34:56 | 000,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet] -> [2007/06/06 15:35:12 | 001,626,112 | ---- | M] ()
"OEM02Mon.exe" -> C:\WINDOWS\OEM02Mon.exe [C:\WINDOWS\OEM02Mon.exe] -> [2007/05/09 10:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.)
"PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2007/06/06 15:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 02:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"khefdadrv" ->  [rundll32.exe "rqrstu.dll",s] -> File not found
"vtttstsys" ->  [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DWQueuedReporting" -> C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> [2008/11/04 02:44:24 | 000,435,096 | ---- | M] (Microsoft Corporation)
"khefdadrv" ->  [rundll32.exe "rqrstu.dll",s] -> File not found
"vtttstsys" ->  [rundll32.exe "jkhfde.dll",DllRegisterServer] -> File not found
< Run [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/08/21 23:09:15 | 000,068,856 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software )
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Me Startup Folder > -> C:\Documents and Settings\Me\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html] -> [2010/02/05 12:11:47 | 000,848,896 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2008/10/25 08:52:00 | 000,604,056 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 05:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4393 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4392 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\] > -> HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-528782599-2496388250-353526557-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204 [Windows Genuine Advantage Validation Tool] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [Windows Live Safety Center Base Module] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 172.16.2.5 172.18.82.11 4.2.2.2 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{286109AB-BCDA-4BB4-BB4B-CFEB2A546527}\\DhcpNameServer -> 172.16.2.5 172.18.82.11 4.2.2.2   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 20:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
"{4F07DA45-8170-4859-9B5F-037EF2970034}" [HKLM] -> C:\Program Files\Tall Emu\Online Armor\oaevent.dll [OA Shell Helper] -> [2009/12/05 08:53:40 | 000,923,336 | ---- | M] (Tall Emu)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\system32\drivers\svchost.exe" -> C:\WINDOWS\System32\drivers\svchost.exe [%windir%\system32\drivers\svchost.exe:*:Enabled:svchost] -> File not found
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2007/04/27 16:17:26 | 000,050,736 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/10/10 12:53:46 | 000,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\DELL\MediaDirect\PCMService.exe" -> C:\Program Files\DELL\MediaDirect\PCMService.exe [C:\Program Files\DELL\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program] -> [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.)
"C:\Program Files\ExamSoft\SofTest\softest.exe" -> C:\Program Files\ExamSoft\SofTest.exe [C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
] -> File not found
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" -> C:\Program Files\ExamSoft\SoftLnch.exe [C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/10/28 21:21:22 | 010,358,048 | ---- | M] (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 07:03:18 | 000,337,264 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/11/24 23:16:44 | 001,020,776 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

SCHC · « **Reply #61 on:** March 16, 2010, 11:29:23 PM »

[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 19:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 19:09:57 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 19:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 19:11:54 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 07:18:50 | 000,172,880 | ---- | M] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 07:03:38 | 003,070,832 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 07:03:28 | 002,687,336 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/03 18:06:51 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 04:01:06 | 002,335,648 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 05:26:06 | 000,065,400 | ---- | M] (Microsoft Corporation)
{88d969c0-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c1-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c2-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c3-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c4-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{88d969c5-f192-11d4-a65f-0040963251e5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BAEB32D0-732D-11d2-8BF4-0060B0A4A9EA} [HKLM] -> C:\Program Files\AIM6\services\imApp\ver6_1_41_2\isAim.dll [aimlocator Class] -> [2007/04/27 16:15:23 | 000,083,504 | ---- | M] (America Online Inc)
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 03:34:20 | 000,798,584 | ---- | M] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 07:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 21:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2010/03/03 18:06:48 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M] (Microsoft Corporation)
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/10/04 22:16:26 | 003,789,728 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/10/28 21:21:16 | 000,111,912 | ---- | M] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 07:03:54 | 001,161,568 | ---- | M] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 05:23:50 | 000,022,432 | ---- | M] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 06:42:16 | 000,482,656 | ---- | M] ()
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{F3FFF5F4-A643-447E-A5A5-0B5F760C7F4A} [HKLM] -> C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll [Google Update Plugin] -> [2010/02/25 01:42:15 | 000,220,656 | ---- | M] (Google Inc.)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCD3-666F-4F81-8B69-745DE9F6D897} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2009/03/06 05:04:56 | 000,064,872 | ---- | M] (Microsoft Corporation)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{0006F033-0000-0000-C000-000000000046} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [Microsoft Outlook 8.0 Object Library] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation)
{0006F03A-0000-0000-C000-000000000046} [HKLM] -> Reg Error: Value error. [Microsoft Office Outlook] -> File not found
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Script Object] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{03F998B2-0E00-11D3-A498-00104B6EB52E} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/01/12 20:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{10072CEC-8CC1-11D1-986E-00A0C955B42E} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll [PeerDraw Class] -> [2007/07/12 18:31:54 | 000,765,952 | ---- | M] (Microsoft Corporation)
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKLM] -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll [MetaStreamCtl Class] -> [2007/10/07 11:03:44 | 000,254,022 | ---- | M] (Viewpoint Corporation)
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\swdir.dll [Shockwave ActiveX Control] -> [2008/03/19 19:36:22 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 17:27:12 | 000,128,512 | ---- | M] (Microsoft Corporation)
{31435657-9980-0010-8000-00AA00389B71} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{38481807-CA0E-42D2-BF39-B33AF135CC4D} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL [IETag Factory] -> [2009/04/02 13:01:44 | 000,177,520 | ---- | M] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2009/09/05 02:55:06 | 000,795,952 | ---- | M] (Apple Inc.)
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 001,554,256 | ---- | M] (Safer Networking Limited)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/03 18:06:51 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} [HKLM] -> C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [Yahoo! IE Suggest] -> [2008/01/14 16:09:20 | 000,233,472 | ---- | M] (Yahoo! Inc.)
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> C:\WINDOWS\Downloaded Program Files\wlscBase.dll [Windows Live Safety Center Base Module] -> [2009/03/16 14:01:08 | 000,452,488 | ---- | M] ()
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/03 18:06:51 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{8E5C8BEE-1887-414C-8AC9-7C3951F28476} [HKLM] -> C:\Program Files\Windows Live Safety Center\wlscCtrl.dll [Windows Live Safety Center Control Module] -> [2009/03/16 14:01:10 | 000,753,544 | ---- | M] (Microsoft Corporation)
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 05:23:08 | 000,140,168 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/02/05 12:11:33 | 000,279,664 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [Google Toolbar Notifier BHO] -> [2010/02/05 12:51:19 | 000,812,528 | ---- | M] (Google Inc.)
{BD96C556-65A3-11D0-983A-00C04FC29E36} [HKLM] -> C:\Program Files\Common Files\System\msadc\msadco.dll [RDS.DataSpace] -> [2008/04/13 19:11:58 | 000,143,360 | ---- | M] (Microsoft Corporation)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 07:18:46 | 000,054,152 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2006/05/16 21:31:20 | 000,296,584 | ---- | M] (Adobe Systems, Inc.)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx [Shockwave Flash Object] -> [2008/10/04 22:16:26 | 003,789,728 | R--- | M] (Adobe Systems, Inc.)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2009/10/28 21:21:16 | 000,111,912 | ---- | M] (Apple Inc.)
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [HKLM] -> C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx [QuickTimeCheck Class] -> [2009/09/05 02:55:06 | 000,136,496 | ---- | M] (Apple Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll [Microsoft Silverlight] -> [2010/01/06 01:33:56 | 000,876,872 | ---- | M] ( Microsoft Corporation)
{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [HKLM] -> C:\Program Files\Microsoft Office\Office12\NAME.DLL [NameCtrl Class] -> [2009/03/06 05:04:56 | 000,064,872 | ---- | M] (Microsoft Corporation)
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e3e02f12-2adb-478c-8742-5f0819f9f0f4} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{e473a65c-8087-49a3-affd-c5bc4a10669b} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2007/09/05 16:48:58 | 000,816,400 | ---- | M] (Yahoo! Inc.)
{F4430FE8-2638-42E5-B849-800749B94EED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fc345d4c-b8f4-4674-bff7-3c37d2e535ee} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{fd6484ed-ebe3-4c3d-938a-8238003b41b7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 19:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation)
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PNP Filter -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
aawservice -> C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> [2007/10/29 14:27:04 | 000,587,096 | ---- | M] (Lavasoft AB)
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PEVSystemStart -> Service
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
procexp90.Sys -> Driver
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
WinDefend -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)

[Files/Folders - Created Within 90 Days]
OTS.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:43 | 000,637,952 | ---- | C] (OldTimer Tools)
radix_installer -> C:\Documents and Settings\Me\Desktop\radix_installer -> [2010/03/14 17:12:54 | 000,000,000 | ---D | C]
moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 17:13:44 | 003,558,912 | ---- | C] (Microsoft Corporation)
ComboFix -> C:\ComboFix -> [2010/03/09 15:54:33 | 000,000,000 | --SD | C]
temp -> C:\WINDOWS\temp -> [2010/03/09 15:06:52 | 000,000,000 | ---D | C]
RECYCLER -> C:\RECYCLER -> [2010/03/09 14:59:06 | 000,000,000 | -HSD | C]
cmdcons -> C:\cmdcons -> [2010/03/09 01:04:57 | 000,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/03/09 01:02:35 | 000,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/03/09 01:02:35 | 000,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/03/09 01:02:35 | 000,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/03/09 01:02:35 | 000,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2010/03/09 01:02:26 | 000,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2010/03/09 01:01:50 | 000,000,000 | ---D | C]
Rooter$ -> C:\Rooter$ -> [2010/03/05 01:36:01 | 000,000,000 | ---D | C]
Rooter.exe -> C:\Documents and Settings\Me\Desktop\Rooter.exe -> [2010/03/05 01:33:31 | 000,173,119 | ---- | C] (Eric_71)
MalwareBytes -> C:\Program Files\MalwareBytes -> [2010/03/03 22:21:55 | 000,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2010/03/03 22:04:51 | 000,000,000 | ---D | M]
Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/03/03 18:07:39 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010/03/03 16:00:28 | 000,000,000 | ---D | C]
SUPERAntiSpyware.com -> C:\Documents and Settings\Me\Application Data\SUPERAntiSpyware.com -> [2010/03/03 15:59:26 | 000,000,000 | ---D | C]
SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/03/03 15:59:26 | 000,000,000 | ---D | C]
Recent -> C:\Documents and Settings\Me\Recent -> [2010/03/03 15:36:16 | 000,000,000 | RH-D | C]
OnlineArmor -> C:\Documents and Settings\Me\Application Data\OnlineArmor -> [2010/03/03 15:19:38 | 000,000,000 | ---D | C]
OnlineArmor -> C:\Documents and Settings\All Users\Application Data\OnlineArmor -> [2010/03/03 15:19:38 | 000,000,000 | ---D | C]
OAnet.sys -> C:\WINDOWS\System32\drivers\OAnet.sys -> [2010/03/03 15:18:55 | 000,029,776 | ---- | C] (Tall Emu Pty Ltd)
OAmon.sys -> C:\WINDOWS\System32\drivers\OAmon.sys -> [2010/03/03 15:18:55 | 000,024,656 | ---- | C] (Tall Emu)
OADriver.sys -> C:\WINDOWS\System32\drivers\OADriver.sys -> [2010/03/03 15:18:54 | 000,223,312 | ---- | C] (Tall Emu)
Tall Emu -> C:\Program Files\Tall Emu -> [2010/03/03 15:18:53 | 000,000,000 | ---D | C]
CCleaner -> C:\Program Files\CCleaner -> [2010/03/03 12:49:08 | 000,000,000 | ---D | C]
avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/03/02 21:30:21 | 000,096,104 | ---- | C] (Avira GmbH)
avgntflt.sys -> C:\WINDOWS\System32\drivers\avgntflt.sys -> [2010/03/02 21:30:21 | 000,056,816 | ---- | C] (Avira GmbH)
avgntdd.sys -> C:\WINDOWS\System32\drivers\avgntdd.sys -> [2010/03/02 21:30:21 | 000,045,416 | ---- | C] (Avira GmbH)
avgntmgr.sys -> C:\WINDOWS\System32\drivers\avgntmgr.sys -> [2010/03/02 21:30:21 | 000,022,360 | ---- | C] (Avira GmbH)
ssmdrv.sys -> C:\WINDOWS\System32\drivers\ssmdrv.sys -> [2010/03/02 21:30:18 | 000,028,520 | ---- | C] (Avira GmbH)
Avira -> C:\Program Files\Avira -> [2010/03/02 21:30:17 | 000,000,000 | ---D | C]
Avira -> C:\Documents and Settings\All Users\Application Data\Avira -> [2010/03/02 21:30:17 | 000,000,000 | ---D | C]
mapp -> C:\Program Files\mapp -> [2010/03/02 21:01:51 | 000,000,000 | ---D | C]
Downloads -> C:\Documents and Settings\Me\My Documents\Downloads -> [2010/01/25 21:51:56 | 000,000,000 | ---D | C]
ymrpyb -> C:\Documents and Settings\Me\Local Settings\Application Data\ymrpyb -> [2010/01/22 03:12:43 | 000,000,000 | ---D | C]
aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 10:22:10 | 000,471,552 | ---- | C] (Microsoft Corporation)
Randoms -> C:\Documents and Settings\Me\My Documents\Randoms -> [2010/01/11 18:46:49 | 000,000,000 | ---D | C]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/11/01 07:37:13 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2009/04/19 11:57:28 | 000,000,000 | ---D | M]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/03/12 23:25:30 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/11/25 11:04:48 | 000,000,000 | ---D | M]
PCHealth -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth -> [2008/03/19 11:23:34 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2007/12/02 21:30:20 | 000,000,000 | --SD | M]
Apple -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple -> [2007/08/31 10:22:00 | 000,000,000 | ---D | M]
Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [2007/08/06 07:08:00 | 000,000,000 | ---D | M]
Intel -> C:\Documents and Settings\LocalService\Application Data\Intel -> [2007/08/06 07:08:00 | 000,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2004/08/10 12:57:26 | 000,000,000 | --SD | M]
Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( )
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->

SCHC · « **Reply #62 on:** March 16, 2010, 11:29:49 PM »

Code: [Select]

 
[Files/Folders - Modified Within 90 Days]
 OTS.exe -> C:\Documents and Settings\Me\Desktop\OTS.exe -> [2010/03/17 00:20:46 | 000,637,952 | ---- | M] (OldTimer Tools)
 nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2010/03/17 00:10:55 | 000,091,562 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/03/16 17:47:01 | 000,000,886 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/16 17:17:00 | 000,436,778 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/16 17:17:00 | 000,378,878 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/16 17:17:00 | 000,052,450 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/03/16 17:15:32 | 000,000,330 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/03/16 17:12:40 | 000,000,882 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/16 17:12:36 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/16 17:12:24 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/03/16 17:12:15 | 2145,579,008 | -HS- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Me\NTUSER.DAT -> [2010/03/16 17:11:39 | 005,767,168 | -H-- | M] ()
 IconCache.db -> C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db -> [2010/03/16 17:11:23 | 006,291,456 | -H-- | M] ()
 SystemLook.exe -> C:\Documents and Settings\Me\Desktop\SystemLook.exe -> [2010/03/16 14:24:49 | 000,100,908 | ---- | M] ()
 radix_installer.zip -> C:\Documents and Settings\Me\Desktop\radix_installer.zip -> [2010/03/14 17:12:30 | 000,216,498 | ---- | M] ()
 Beers.xlsx -> C:\Documents and Settings\Me\My Documents\Beers.xlsx -> [2010/03/10 00:23:47 | 000,013,345 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/03/09 15:09:37 | 000,000,027 | ---- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Me\Desktop\ComboFix.exe -> [2010/03/09 14:58:05 | 003,884,919 | R--- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/03/09 11:47:07 | 000,000,664 | ---- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010/03/09 01:11:15 | 000,000,227 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/03/09 01:05:02 | 000,000,281 | RHS- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/06 18:21:53 | 000,000,626 | ---- | M] ()
 mbr.exe -> C:\Documents and Settings\Me\Desktop\mbr.exe -> [2010/03/06 18:16:29 | 000,077,312 | ---- | M] ()
 Win32kDiag.exe -> C:\Documents and Settings\Me\Desktop\Win32kDiag.exe -> [2010/03/05 10:31:18 | 000,047,616 | ---- | M] ()
 Cheetah-Anti-Rogue.zip -> C:\Documents and Settings\Me\Desktop\Cheetah-Anti-Rogue.zip -> [2010/03/05 01:41:14 | 000,013,251 | ---- | M] ()
 CKScanner.exe -> C:\Documents and Settings\Me\Desktop\CKScanner.exe -> [2010/03/05 01:39:03 | 000,451,584 | ---- | M] ()
 LockSearch.exe -> C:\Documents and Settings\Me\Desktop\LockSearch.exe -> [2010/03/05 01:36:58 | 000,032,653 | ---- | M] ()
 Rooter.exe -> C:\Documents and Settings\Me\Desktop\Rooter.exe -> [2010/03/05 01:33:37 | 000,173,119 | ---- | M] (Eric_71)
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/03 21:20:16 | 000,000,284 | ---- | M] ()
 hosts.idx -> C:\WINDOWS\System32\drivers\etc\hosts.idx -> [2010/03/03 15:19:40 | 000,001,644 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Me\ntuser.ini -> [2010/03/03 04:31:00 | 000,000,178 | -HS- | M] ()
 March 1 Notes.docx -> C:\Documents and Settings\Me\My Documents\March 1 Notes.docx -> [2010/03/01 12:06:54 | 000,015,817 | ---- | M] ()
 MpSigStub.exe -> C:\WINDOWS\System32\MpSigStub.exe -> [2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation)
 Google SketchUp 7.lnk -> C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk -> [2010/02/14 15:18:19 | 000,001,762 | ---- | M] ()
 Food.xlsx -> C:\Documents and Settings\Me\My Documents\Food.xlsx -> [2010/02/11 15:36:28 | 000,008,362 | ---- | M] ()
 To Do.docx -> C:\Documents and Settings\Me\My Documents\To Do.docx -> [2010/02/10 11:47:55 | 000,011,054 | ---- | M] ()
 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/06 21:44:58 | 000,001,915 | ---- | M] ()
 90s.xlsx -> C:\Documents and Settings\Me\My Documents\90s.xlsx -> [2010/01/31 23:37:58 | 000,009,164 | ---- | M] ()
 MPRE Admission Ticket.pdf -> C:\Documents and Settings\Me\My Documents\MPRE Admission Ticket.pdf -> [2010/01/31 20:41:15 | 000,019,559 | ---- | M] ()
 nvModes.dat -> C:\WINDOWS\System32\nvModes.dat -> [2010/01/21 16:41:51 | 000,091,562 | ---- | M] ()
 Spring 2010 Schedule.xlsx -> C:\Documents and Settings\Me\My Documents\Spring 2010 Schedule.xlsx -> [2010/01/19 02:40:58 | 000,009,823 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 17:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
 wininet.dll -> C:\WINDOWS\System32\dllcache\wininet.dll -> [2010/01/05 05:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation)
 urlmon.dll -> C:\WINDOWS\System32\dllcache\urlmon.dll -> [2010/01/05 05:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation)
 mstime.dll -> C:\WINDOWS\System32\mstime.dll -> [2010/01/05 05:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
 mstime.dll -> C:\WINDOWS\System32\dllcache\mstime.dll -> [2010/01/05 05:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation)
 webcheck.dll -> C:\WINDOWS\System32\dllcache\webcheck.dll -> [2010/01/05 05:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\WINDOWS\System32\url.dll -> [2010/01/05 05:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
 url.dll -> C:\WINDOWS\System32\dllcache\url.dll -> [2010/01/05 05:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation)
 occache.dll -> C:\WINDOWS\System32\dllcache\occache.dll -> [2010/01/05 05:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\WINDOWS\System32\pngfilt.dll -> [2010/01/05 05:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
 pngfilt.dll -> C:\WINDOWS\System32\dllcache\pngfilt.dll -> [2010/01/05 05:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation)
 mshtmled.dll -> C:\WINDOWS\System32\dllcache\mshtmled.dll -> [2010/01/05 05:00:27 | 000,477,696 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\WINDOWS\System32\msrating.dll -> [2010/01/05 05:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
 msrating.dll -> C:\WINDOWS\System32\dllcache\msrating.dll -> [2010/01/05 05:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation)
 mshtml.dll -> C:\WINDOWS\System32\dllcache\mshtml.dll -> [2010/01/05 05:00:26 | 003,599,360 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\msfeedsbs.dll -> [2010/01/05 05:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
 msfeedsbs.dll -> C:\WINDOWS\System32\dllcache\msfeedsbs.dll -> [2010/01/05 05:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\inetcpl.cpl -> [2010/01/05 05:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
 inetcpl.cpl -> C:\WINDOWS\System32\dllcache\inetcpl.cpl -> [2010/01/05 05:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\msfeeds.dll -> [2010/01/05 05:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
 msfeeds.dll -> C:\WINDOWS\System32\dllcache\msfeeds.dll -> [2010/01/05 05:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation)
 iertutil.dll -> C:\WINDOWS\System32\dllcache\iertutil.dll -> [2010/01/05 05:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\iepeers.dll -> [2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
 iepeers.dll -> C:\WINDOWS\System32\dllcache\iepeers.dll -> [2010/01/05 05:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\WINDOWS\System32\iernonce.dll -> [2010/01/05 05:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
 iernonce.dll -> C:\WINDOWS\System32\dllcache\iernonce.dll -> [2010/01/05 05:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\jsproxy.dll -> [2010/01/05 05:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
 jsproxy.dll -> C:\WINDOWS\System32\dllcache\jsproxy.dll -> [2010/01/05 05:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation)
 ieframe.dll -> C:\WINDOWS\System32\dllcache\ieframe.dll -> [2010/01/05 05:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\iedkcs32.dll -> [2010/01/05 05:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
 iedkcs32.dll -> C:\WINDOWS\System32\dllcache\iedkcs32.dll -> [2010/01/05 05:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\WINDOWS\System32\ieapfltr.dll -> [2010/01/05 05:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
 ieapfltr.dll -> C:\WINDOWS\System32\dllcache\ieapfltr.dll -> [2010/01/05 05:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\WINDOWS\System32\ieaksie.dll -> [2010/01/05 05:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
 ieaksie.dll -> C:\WINDOWS\System32\dllcache\ieaksie.dll -> [2010/01/05 05:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\WINDOWS\System32\dxtrans.dll -> [2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
 dxtrans.dll -> C:\WINDOWS\System32\dllcache\dxtrans.dll -> [2010/01/05 05:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\WINDOWS\System32\ieakeng.dll -> [2010/01/05 05:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
 ieakeng.dll -> C:\WINDOWS\System32\dllcache\ieakeng.dll -> [2010/01/05 05:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation)
 extmgr.dll -> C:\WINDOWS\System32\dllcache\extmgr.dll -> [2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation)
 ieencode.dll -> C:\WINDOWS\System32\ieencode.dll -> [2010/01/05 05:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
 ieencode.dll -> C:\WINDOWS\System32\dllcache\ieencode.dll -> [2010/01/05 05:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation)
 icardie.dll -> C:\WINDOWS\System32\dllcache\icardie.dll -> [2010/01/05 05:00:21 | 000,063,488 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\WINDOWS\System32\dxtmsft.dll -> [2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
 dxtmsft.dll -> C:\WINDOWS\System32\dllcache\dxtmsft.dll -> [2010/01/05 05:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation)
 advpack.dll -> C:\WINDOWS\System32\dllcache\advpack.dll -> [2010/01/05 05:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation)
 corpol.dll -> C:\WINDOWS\System32\dllcache\corpol.dll -> [2010/01/05 05:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
 corpol.dll -> C:\WINDOWS\System32\corpol.dll -> [2010/01/05 05:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation)
 srv.sys -> C:\WINDOWS\System32\dllcache\srv.sys -> [2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation)
 html.iec -> C:\WINDOWS\System32\html.iec -> [2009/12/31 10:33:27 | 000,389,120 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\ie4uinit.exe -> [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
 ie4uinit.exe -> C:\WINDOWS\System32\dllcache\ie4uinit.exe -> [2009/12/31 10:33:06 | 000,070,656 | ---- | M] (Microsoft Corporation)
 ieudinit.exe -> C:\WINDOWS\System32\ieudinit.exe -> [2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
 ieudinit.exe -> C:\WINDOWS\System32\dllcache\ieudinit.exe -> [2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation)
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/19 23:56:30 | 000,002,206 | ---- | M] ()
 msrecovery.cfc -> C:\Documents and Settings\All Users\msrecovery.cfc -> [2009/12/18 12:19:14 | 000,000,034 | ---- | M] ()
 iexplore.exe -> C:\WINDOWS\System32\dllcache\iexplore.exe -> [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\WINDOWS\System32\ieakui.dll -> [2009/12/18 08:04:09 | 000,161,792 | ---- | M] (Microsoft Corporation)
 ieakui.dll -> C:\WINDOWS\System32\dllcache\ieakui.dll -> [2009/12/18 08:04:09 | 000,161,792 | ---- | M] (Microsoft Corporation)
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 SystemLook.exe -> C:\Documents and Settings\Me\Desktop\SystemLook.exe -> [2010/03/16 14:24:48 | 000,100,908 | ---- | C] ()
 radix_installer.zip -> C:\Documents and Settings\Me\Desktop\radix_installer.zip -> [2010/03/14 17:12:28 | 000,216,498 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2010/03/09 01:05:02 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2010/03/09 01:04:58 | 000,260,272 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/03/09 01:02:35 | 000,261,632 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/03/09 01:02:35 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/03/09 01:02:35 | 000,080,412 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/03/09 01:02:35 | 000,077,312 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/03/09 01:02:35 | 000,068,096 | ---- | C] ()
 ComboFix.exe -> C:\Documents and Settings\Me\Desktop\ComboFix.exe -> [2010/03/09 00:56:36 | 003,884,919 | R--- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/06 18:21:53 | 000,000,626 | ---- | C] ()
 mbr.exe -> C:\Documents and Settings\Me\Desktop\mbr.exe -> [2010/03/06 18:16:28 | 000,077,312 | ---- | C] ()
 Win32kDiag.exe -> C:\Documents and Settings\Me\Desktop\Win32kDiag.exe -> [2010/03/05 10:31:17 | 000,047,616 | ---- | C] ()
 Cheetah-Anti-Rogue.zip -> C:\Documents and Settings\Me\Desktop\Cheetah-Anti-Rogue.zip -> [2010/03/05 01:41:13 | 000,013,251 | ---- | C] ()
 CKScanner.exe -> C:\Documents and Settings\Me\Desktop\CKScanner.exe -> [2010/03/05 01:39:02 | 000,451,584 | ---- | C] ()
 LockSearch.exe -> C:\Documents and Settings\Me\Desktop\LockSearch.exe -> [2010/03/05 01:36:57 | 000,032,653 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/03/03 11:37:29 | 2145,579,008 | -HS- | C] ()
 March 1 Notes.docx -> C:\Documents and Settings\Me\My Documents\March 1 Notes.docx -> [2010/03/01 12:06:54 | 000,015,817 | ---- | C] ()
 Beers.xlsx -> C:\Documents and Settings\Me\My Documents\Beers.xlsx -> [2010/02/20 17:24:21 | 000,013,345 | ---- | C] ()
 Google SketchUp 7.lnk -> C:\Documents and Settings\All Users\Desktop\Google SketchUp 7.lnk -> [2010/02/14 15:18:19 | 000,001,762 | ---- | C] ()
 Food.xlsx -> C:\Documents and Settings\Me\My Documents\Food.xlsx -> [2010/02/11 15:36:28 | 000,008,362 | ---- | C] ()
 Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2010/02/06 21:44:58 | 000,001,915 | ---- | C] ()
 90s.xlsx -> C:\Documents and Settings\Me\My Documents\90s.xlsx -> [2010/01/31 23:37:58 | 000,009,164 | ---- | C] ()
 MPRE Admission Ticket.pdf -> C:\Documents and Settings\Me\My Documents\MPRE Admission Ticket.pdf -> [2010/01/31 20:41:15 | 000,019,559 | ---- | C] ()
 Spring 2010 Schedule.xlsx -> C:\Documents and Settings\Me\My Documents\Spring 2010 Schedule.xlsx -> [2010/01/18 21:06:06 | 000,009,823 | ---- | C] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2007/12/12 19:39:28 | 000,000,127 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2007/08/06 07:15:47 | 000,000,061 | ---- | C] ()
 _psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2007/08/06 07:13:45 | 000,198,144 | ---- | C] ()
 rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2007/08/06 06:45:55 | 000,016,480 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2007/08/06 06:45:17 | 001,703,936 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2007/08/06 06:45:17 | 001,019,904 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2007/08/06 06:45:16 | 001,474,560 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2007/08/06 06:45:16 | 000,466,944 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2007/08/06 06:44:15 | 000,001,118 | ---- | C] ()
 ESxUtil.dll -> C:\WINDOWS\System32\ESxUtil.dll -> [2005/08/10 11:56:00 | 000,028,672 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
 Co2c40en.dll -> C:\WINDOWS\System32\Co2c40en.dll -> [1996/11/18 01:00:00 | 000,748,160 | ---- | C] ()
 P2sodbc.dll -> C:\WINDOWS\System32\P2sodbc.dll -> [1996/11/18 01:00:00 | 000,131,072 | ---- | C] ()
 P2irdao.dll -> C:\WINDOWS\System32\P2irdao.dll -> [1996/11/18 01:00:00 | 000,054,272 | ---- | C] ()
 P2ctdao.dll -> C:\WINDOWS\System32\P2ctdao.dll -> [1996/11/18 01:00:00 | 000,050,176 | ---- | C] ()
 P2bbnd.dll -> C:\WINDOWS\System32\P2bbnd.dll -> [1996/11/18 01:00:00 | 000,036,352 | ---- | C] ()
 fxtls432.dll -> C:\WINDOWS\System32\fxtls432.dll -> [1996/05/25 17:00:00 | 000,107,008 | ---- | C] ()
 
[File - Lop Check]
 Examsoft -> C:\Documents and Settings\All Users\Application Data\Examsoft -> [2009/12/18 12:19:14 | 000,000,000 | ---D | M]
 OnlineArmor -> C:\Documents and Settings\All Users\Application Data\OnlineArmor -> [2010/03/03 15:39:38 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/10/07 11:03:45 | 000,000,000 | ---D | M]
 {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/11/03 16:36:26 | 000,000,000 | ---D | M]
 {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/07/09 00:17:03 | 000,000,000 | ---D | M]
 acccore -> C:\Documents and Settings\Me\Application Data\acccore -> [2007/08/31 16:22:54 | 000,000,000 | ---D | M]
 OnlineArmor -> C:\Documents and Settings\Me\Application Data\OnlineArmor -> [2010/03/09 16:21:57 | 000,000,000 | ---D | M]
 tmp -> C:\Documents and Settings\Me\Application Data\tmp -> [2009/09/15 13:37:51 | 000,000,000 | ---D | M]
 Viewpoint -> C:\Documents and Settings\Me\Application Data\Viewpoint -> [2007/10/07 11:03:47 | 000,000,000 | ---D | M]
 MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/03/16 17:15:32 | 000,000,330 | -H-- | M] ()
 
[File - Purity Scan]
 
< End of report >

Dr Jay · « **Reply #63 on:** March 17, 2010, 02:00:22 PM »

This should get rid of those entries at startup.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
Registry::
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"khefdadrv"=-
"vtttstsys"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

SCHC · « **Reply #64 on:** March 20, 2010, 09:37:49 PM »

ComboFix 10-03-20.01 - Me 03/20/2010 22:23:18.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1405 [GMT -5:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Me\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2010-02-21 to 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-10 22:13 . 2009-10-23 15:28   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2010-03-05 06:36 . 2010-03-05 06:36   --------   d-----w-   C:\Rooter$
2010-03-04 03:21 . 2010-03-06 23:21   --------   d-----w-   c:\program files\MalwareBytes
2010-03-03 23:07 . 2010-03-03 23:07   61440   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-sse.dll
2010-03-03 23:07 . 2010-03-03 23:07   503808   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcp71.dll
2010-03-03 23:07 . 2010-03-03 23:07   499712   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\jmc.dll
2010-03-03 23:07 . 2010-03-03 23:07   348160   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-54eb42d2-n\msvcr71.dll
2010-03-03 23:07 . 2010-03-03 23:07   12800   ----a-w-   c:\documents and settings\Me\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-19b5e70a-n\decora-d3d.dll
2010-03-03 23:07 . 2010-03-03 23:06   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-03 21:01 . 2010-03-03 21:01   52224   ----a-w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-03 21:01 . 2010-03-03 21:01   117760   ----a-w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-03 21:00 . 2010-03-03 21:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-03 20:59 . 2010-03-03 20:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-03 20:59 . 2010-03-03 20:59   --------   d-----w-   c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
2010-03-03 20:19 . 2010-03-09 21:21   --------   d-----w-   c:\documents and settings\Me\Application Data\OnlineArmor
2010-03-03 20:19 . 2010-03-03 20:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-03-03 20:18 . 2009-12-05 13:28   24656   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-03-03 20:18 . 2009-12-05 13:27   29776   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-03-03 20:18 . 2009-12-05 13:27   223312   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-03-03 20:18 . 2010-03-03 20:18   --------   d-----w-   c:\program files\Tall Emu
2010-03-03 17:49 . 2010-03-03 17:49   --------   d-----w-   c:\program files\CCleaner
2010-03-03 02:30 . 2009-11-25 17:19   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-03-03 02:30 . 2009-03-30 15:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-03-03 02:30 . 2009-02-13 17:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-03-03 02:30 . 2009-02-13 17:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-03-03 02:30 . 2010-03-03 02:30   --------   d-----w-   c:\program files\Avira
2010-03-03 02:30 . 2010-03-03 02:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-03-03 02:01 . 2010-03-03 22:58   --------   d-----w-   c:\program files\mapp
2010-03-03 01:28 . 2010-03-03 01:28   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-11 18:19 . 2007-08-14 01:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 16:47 . 2008-03-09 01:17   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-03-07 16:41 . 2008-08-26 20:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-03 23:12 . 2007-08-06 12:04   --------   d-----w-   c:\program files\Java
2010-03-03 23:07 . 2007-08-06 12:04   --------   d-----w-   c:\program files\Common Files\Java
2010-03-03 20:58 . 2007-12-03 02:29   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-03 17:55 . 2007-12-03 05:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-24 15:16 . 2009-10-03 18:26   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-14 20:18 . 2007-08-14 02:23   --------   d-----w-   c:\program files\Google
2010-01-21 21:41 . 2007-08-06 11:51   91562   ----a-w-   c:\windows\system32\nvModes.dat
2010-01-21 13:54 . 2009-06-02 04:54   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-15 00:11 . 2008-09-19 02:31   5115824   ----a-w-   c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2008-08-26 20:16   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2008-08-26 20:16   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-10 17:51   832512   ------w-   c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 17:51   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 17:50   17408   ------w-   c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-10 17:51   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-06-09 16:29 . 2009-06-09 16:20   724952   ----a-w-   c:\program files\avenger.zip
2008-08-27 16:50 . 2008-08-27 16:50   1495112   ----a-w-   c:\program files\install_flash_player.exe
2008-08-26 21:07 . 2008-08-26 20:44   7499056   ----a-w-   c:\program files\Firefox Setup 3.0.1.exe
2008-08-12 23:14 . 2008-08-12 23:14   2367160   ----a-w-   c:\program files\LinksysWebConnectPC.exe
2008-07-06 20:16 . 2008-07-06 20:16   9390251   ----a-w-   c:\program files\vlc-0.8.6h-win32.exe
2008-01-04 03:10 . 2008-01-04 03:10   13413048   ----a-w-   c:\program files\Google_Earth_BZXD.exe
2007-08-30 12:08 . 2007-08-30 12:08   238450   ----a-w-   c:\program files\SecureW2_2kXP.exe
2007-08-27 12:43 . 2007-08-27 12:43   50009400   ----a-w-   c:\program files\iTunesSetup.exe
2007-08-06 12:09 . 2007-08-06 12:09   76   --sh--r-   c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-03-09_06.11.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-16 22:12 . 2010-03-16 22:12   16384 c:\windows\temp\Perflib_Perfdata_704.dat
- 2007-08-06 12:13 . 2009-05-26 11:40   17272 c:\windows\system32\spmsg.dll
+ 2007-08-06 12:13 . 2008-07-08 13:02   17272 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2010-03-16 22:17   52450 c:\windows\system32\perfc009.dat
- 2004-08-10 17:51 . 2010-03-03 22:55   52450 c:\windows\system32\perfc009.dat
+ 2010-03-19 13:47 . 2010-03-19 13:47   22528 c:\windows\Installer\da57593.msi
- 2007-08-14 02:02 . 2010-02-10 16:34   35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-10 17:51 . 2010-03-03 22:55   378878 c:\windows\system32\perfh009.dat
+ 2004-08-10 17:51 . 2010-03-16 22:17   378878 c:\windows\system32\perfh009.dat
+ 2007-08-14 02:02 . 2010-03-11 18:18   888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-02-04 23:24 . 2010-02-04 23:24   9122304 c:\windows\Installer\7f458d0.msp
+ 2010-02-21 07:00 . 2010-02-21 07:00   8480768 c:\windows\Installer\7f458ba.msp
+ 2010-02-04 06:59 . 2010-02-04 06:59   5031936 c:\windows\Installer\7f458a4.msp
- 2007-08-14 02:02 . 2010-02-10 16:34   1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-08-14 02:02 . 2010-02-10 16:34   1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-08-14 02:02 . 2010-03-11 18:18   1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-12-05 05:54 . 2010-03-02 05:30   31648712 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-6 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DELL\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/3/2010 3:18 PM 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/3/2010 3:18 PM 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/3/2010 3:18 PM 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2010 9:30 PM 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [3/3/2010 3:18 PM 1282248]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 gupdate1c9a393ba0b99a0;Google Update Service (gupdate1c9a393ba0b99a0);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 11:25 PM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [3/3/2010 3:18 PM 3291336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:25]

2010-03-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Me\Application Data\Mozilla\Firefox\Profiles\xs21qfhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://law.wustl.edu/
FF - plugin: c:\documents and settings\Me\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-awurstdrv - rqrstu.dll
HKLM-Run-hgfcdasys - jkhfde.dll

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *·*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2492)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-03-20 22:30:17
ComboFix-quarantined-files.txt 2010-03-21 03:30
ComboFix2.txt 2010-03-09 06:13

Pre-Run: 85,792,276,480 bytes free
Post-Run: 85,824,356,352 bytes free

- - End Of File - - D12FB91C67DA83F2C61211706535D38B

Dr Jay · « **Reply #65 on:** March 21, 2010, 01:22:11 PM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

SCHC · « **Reply #66 on:** March 23, 2010, 07:41:55 AM »

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=018ad093406da747a08d41abf6095aaa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-23 06:07:31
# local_time=2010-03-23 01:07:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 94 0 41032469 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=6401 16777214 66 100 0 8381936 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=60838
# found=4
# cleaned=4
# scan_time=3300
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkhfde.dll.vir   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrstu.dll.vir   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP684\A0072083.dll   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP684\A0072084.dll   a variant of Win32/Kryptik.CUN trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Dr Jay · « **Reply #67 on:** March 23, 2010, 11:18:07 AM »

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

SCHC · « **Reply #68 on:** March 25, 2010, 11:11:08 AM »

Malwarebytes' Anti-Malware 1.44
Database version: 3913
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/25/2010 12:10:04 PM
mbam-log-2010-03-25 (12-10-04).txt

Scan type: Quick Scan
Objects scanned: 129368
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #69 on:** March 25, 2010, 11:12:42 AM »

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

SCHC · « **Reply #70 on:** March 25, 2010, 12:01:26 PM »

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Online Armor 4.0
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Adobe Flash Player 10
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Tall Emu Online Armor OAcat.exe
Windows Defender MsMpEng.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Dr Jay · « **Reply #71 on:** March 25, 2010, 03:08:02 PM »

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

====================================================

See this page for more info about malware and prevention.

Any more questions?

SCHC · « **Reply #72 on:** March 25, 2010, 06:57:53 PM »

All done. If there's nothing else, I don't think I have any more questions. Sorry this took so long; didn't have time to check up on the progress of this very often. You've been patient and helpful throughout.

Thanks.

Dr Jay · « **Reply #73 on:** March 25, 2010, 07:05:57 PM »

You're welcome.

Dr Jay · « **Reply #74 on:** April 05, 2010, 08:38:24 PM »

Since this appears to be resolved, this topic is now closed. Glad we could help!

=>CLOSED

Computer Hope Forum

News:

Author Topic: Problem - Please Help (Read 70379 times)

SCHC

Dr Jay

SCHC

SCHC

SCHC

SCHC

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

SCHC

SCHC

Dr Jay

SCHC

SCHC

Dr Jay

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

SCHC

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay

SCHC

Dr Jay