WinPFind3 logfile created on: 1/18/2008 1:39:48 AM WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Anwar Huneidi\Desktop\winpfind3u\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 1023.48 Mb Total Physical Memory | 633.68 Mb Available Physical Memory | 61.91% Memory free 1.65 Gb Paging File | 1.35 Gb Available in Paging File | 81.34% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 189.92 Gb Total Space | 32.33 Gb Free Space | 17.02% Space Free Drive D: | 5.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: ANWEEZY Current User Name: Anwar Huneidi Logged in as Administrator. Current Boot Mode: Normal [Processes - All] smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:50 PM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:50 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\appmgmts.dll [AppMgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 167936 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 4:59:42 AM | Attr = ] -> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 8:39:46 PM | Attr = ] -> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 1:52:18 PM | Attr = ] -> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found -> %System32%\hidserv.dll [HidServ] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21504 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] -> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 11:32:34 AM | Attr = ] -> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 4:28:28 AM | Attr = ] -> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 10:29:46 AM | Attr = ] -> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 2:47:18 AM | Attr = ] -> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 1:52:18 PM | Attr = ] -> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 8:27:56 AM | Attr = ] -> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 1:52:18 PM | Attr = ] -> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\w32time.dll [W32Time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 9:47:16 PM | Attr = ] -> %System32%\advapi32.dll [Wmi] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\regsvc.dll [RemoteRegistry] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 12:17:02 PM | Attr = ] -> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 7:35:06 PM | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 3:53:32 PM | Attr = ] explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] bdagent.exe -> %ProgramFiles%\Softwin\BitDefender10\bdagent.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 16 | Size = 69632 bytes | Modified Date = 4/14/2007 2:24:12 AM | Attr = ] wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 204288 bytes | Modified Date = 10/18/2006 8:05:26 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] sprtsvc.exe -> %ProgramFiles%\Comcast\Desktop Doctor\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 4/19/2007 2:21:40 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] -> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 10:16:48 AM | Attr = ] xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 1/13/2006 6:14:46 PM | Attr = ] bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 81920 bytes | Modified Date = 2/13/2007 12:39:50 PM | Attr = ] livesrv.exe -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 18 | Size = 237568 bytes | Modified Date = 10/26/2007 4:42:54 AM | Attr = ] wmpnetwk.exe -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 8:05:24 PM | Attr = ] vsserv.exe -> %ProgramFiles%\Softwin\BitDefender10\vsserv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 147 | Size = 462848 bytes | Modified Date = 10/26/2007 4:42:52 AM | Attr = ] alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] wuauclt.exe -> %System32%\wuauclt.exe -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 53080 bytes | Modified Date = 7/30/2007 6:19:16 PM | Attr = ] razertra.exe -> %ProgramFiles%\Razer\Copperhead\razertra.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 7/22/2005 3:00:04 PM | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ] [Win32 Services - All] (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ] (AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 12/20/2006 9:05:00 PM | Attr = ] (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 81920 bytes | Modified Date = 2/13/2007 12:39:50 PM | Attr = ] (BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (HidServ) HID Input Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 1:10:54 PM | Attr = ] (lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 18 | Size = 237568 bytes | Modified Date = 10/26/2007 4:42:54 AM | Attr = ] (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 11/10/2006 7:18:02 PM | Attr = ] (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 441136 bytes | Modified Date = 10/26/2006 7:49:34 PM | Attr = ] (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 10/26/2006 2:03:08 PM | Attr = ] (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 3:53:32 PM | Attr = ] (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) [Win32_Own | Auto | Running] -> %ProgramFiles%\Comcast\Desktop Doctor\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 4/19/2007 2:21:40 PM | Attr = ] (srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %System32%\tlntsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (usprserv) User Privilege Service [Win32_Own | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender10\vsserv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 147 | Size = 462848 bytes | Modified Date = 10/26/2007 4:42:52 AM | Attr = ] (W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 8:05:24 PM | Attr = ] (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 1/13/2006 6:14:46 PM | Attr = ] (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] [Driver Services - All] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/14/2006 4:22:26 PM | Attr = ] (AFD) AFD [Kernel | System | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %System32%\drivers\amdk7.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37376 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6660 | Size = 1918464 bytes | Modified Date = 12/16/2006 6:50:30 PM | Attr = ] (Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 5:59:44 AM | Attr = ] (bdfdll) bdfdll [Kernel | On_Demand | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdfdll.sys -> [Ver = | Size = 8704 bytes | Modified Date = 12/4/2006 3:51:44 PM | Attr = ] (Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> %System32%\drivers\bdfndisf.sys -> Softwin SRL [Ver = 2.0.1.17 | Size = 71040 bytes | Modified Date = 2/15/2007 7:41:10 AM | Attr = ] (BDFSDRV) BDFSDRV [Kernel | On_Demand | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdfsdrv.sys -> [Ver = | Size = 14145 bytes | Modified Date = 1/9/2006 6:50:34 PM | Attr = ] (bdftdif) BitDefender Firewall TDI Filter [Kernel | System | Running] -> %CommonProgramFiles%\Softwin\BitDefender Firewall\bdftdif.sys -> Softwin SRL [Ver = 2.0.1.6 | Size = 75264 bytes | Modified Date = 2/15/2007 8:41:18 AM | Attr = ] (bdpredir) bdpredir [Kernel | System | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdpredir.sys -> Softwin SRL [Ver = 1.0.0.14 | Size = 25984 bytes | Modified Date = 4/10/2007 12:47:26 PM | Attr = ] (BDRSDRV) BDRSDRV [Kernel | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdrsdrv.sys -> [Ver = | Size = 10768 bytes | Modified Date = 6/28/2006 5:13:54 PM | Attr = ] (Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\ANWARH~1\LOCALS~1\Temp\catchme.sys -> File not found (cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 3:07:40 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/3/2004 3:07:58 PM | Attr = ] (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\es1371mp.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 40704 bytes | Modified Date = 8/17/2001 4:19:34 AM | Attr = ] (FA312) NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\FA312nd5.sys -> NETGEAR Corp. [Ver = 5.00.119.0 | Size = 16074 bytes | Modified Date = 8/17/2001 12:12:32 PM | Attr = ] (Fastfat) Fastfat [File_System | Disabled | Stopped] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.41.00.0426 | Size = 42496 bytes | Modified Date = 12/16/2004 1:36:30 PM | Attr = ] (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 8/17/2001 4:13:08 AM | Attr = ] (Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 1:14:58 AM | Attr = ] (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> %System32%\drivers\gameenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10624 bytes | Modified Date = 8/3/2004 3:08:22 PM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ] (Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/17/2001 2:02:20 PM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/16/2006 4:33:10 PM | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/29/2004 2:28:38 PM | Attr = ] (IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %System32%\drivers\kbdhid.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14848 bytes | Modified Date = 8/3/2004 10:58:36 PM | Attr = ] (kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 12:47:46 AM | Attr = ] (KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (MountMgr) MountMgr [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 1:41:46 AM | Attr = ] (Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/3/2004 2:58:42 PM | Attr = ] (MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/3/2004 2:58:40 PM | Attr = ] (MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/3/2004 2:58:42 PM | Attr = ] (mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.3081 (xpsp_sp2_gdr.070209-0028) | Size = 574464 bytes | Modified Date = 2/9/2007 3:10:36 AM | Attr = ] (Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PartMgr) PartMgr [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found (Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 3:51:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Razerlow) Razer Copperhead Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Razerlow.sys -> Razer (Asia-Pacific) Pte Ltd [Ver = 1.0.0.3.0.0 | Size = 19020 bytes | Modified Date = 8/12/2005 10:11:10 AM | Attr = ] (Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 5/5/2006 1:47:58 AM | Attr = ] (RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rdpdr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 196864 bytes | Modified Date = 8/3/2004 11:01:16 PM | Attr = ] (RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 6/9/2005 8:09:46 PM | Attr = ] (redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/3/2004 2:59:38 PM | Attr = ] (ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rootmdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] (SCDEmu) SCDEmu [Kernel | System | Running] -> %System32%\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 31644 bytes | Modified Date = 1/19/2007 11:11:08 PM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr = ] (serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Serial) Serial port driver [Kernel | System | Running] -> %System32%\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 6/14/2006 12:47:46 AM | Attr = ] (sr) System Restore Filter Driver [File_System | Boot | Running] -> %System32%\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 2:34:42 AM | Attr = ] (swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/17/2001 6:00:52 AM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/3/2004 3:15:56 PM | Attr = ] (Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.3244 (xpsp_sp2_gdr.071030-1259) | Size = 360064 bytes | Modified Date = 10/30/2007 9:20:56 AM | Attr = ] (TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ] (usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 3:01:26 PM | Attr = ] (usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 10:58:46 PM | Attr = ] (usbser) Motorola A1000 USB Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbser.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Modified Date = 8/3/2004 11:08:44 PM | Attr = ] (USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 10:08:48 PM | Attr = ] (usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (VgaSave) VgaSave [Kernel | System | Running] -> %System32%\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (viaagp) VIA AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\VIAAGP.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/3/2004 3:07:44 PM | Attr = ] (ViaIde) ViaIde [Kernel | Boot | Running] -> %System32%\drivers\viaide.sys -> Microsoft Corporation [Ver = 1.00.01.01 | Size = 5376 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4180 built by: WinDDK | Size = 203648 bytes | Modified Date = 10/9/2006 12:58:48 PM | Attr = ] (VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 1:00:46 AM | Attr = ] (WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 6:55:50 PM | Attr = ] (WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 7:00:34 PM | Attr = ] [Registry - All] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BDAgent -> %ProgramFiles%\Softwin\BitDefender10\bdagent.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 16 | Size = 69632 bytes | Modified Date = 4/14/2007 2:24:12 AM | Attr = ] KernelFaultCheck -> -> File not found < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ] WMPNSCFG -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 204288 bytes | Modified Date = 10/18/2006 8:05:26 PM | Attr = ] < User Startup > -> C:\Documents and Settings\Anwar Huneidi\Start Menu\Programs\Startup -> %UserStartup%\Azureus.lnk -> %ProgramFiles%\Azureus\Azureus.exe -> Aelitis [Ver = 1.0.0.0 | Size = 155648 bytes | Modified Date = 5/10/2006 6:05:12 PM | Attr = ] < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 73728 bytes | Modified Date = 1/26/2006 8:19:52 PM | Attr = ] < IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %System32%\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] < SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 9:47:22 PM | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] {AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] < SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> {438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:16 AM | Attr = ] digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] "sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 110592 bytes | Modified Date = 12/16/2006 6:44:04 PM | Attr = ] crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] WgaLogon -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.7 | Size = 236928 bytes | Modified Date = 4/10/2007 2:00:46 PM | Attr = ] wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Start Page -> http://www.comcast.net/ -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKCU: Start Page -> http://www.comcast.net/ -> HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKLM] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor] -> File not found {4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] {FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 8:24:38 AM | Attr = HS] < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0B924A4E-7B97-4B20-8912-BD34602A7CF8} -> (NETGEAR FA311 Fast Ethernet Adapter) -> {22EE2CEB-6B5E-4BF1-A205-B095E1E23A00} -> (NETGEAR FA311 Fast Ethernet Adapter) -> {509FE22D-330A-4173-88E7-5AC6340F3419} -> (VIA Rhine II Fast Ethernet Adapter) -> < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\rsvpsp.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] ipp -> Reg Data - Key not found -> File not found ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 6:04:28 PM | Attr = ] javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2900.3198 (xpsp_sp2_gdr.070820-1448) | Size = 683520 bytes | Modified Date = 8/20/2007 10:15:44 PM | Attr = ] mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] msdaipp -> Reg Data - Key not found -> File not found msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1011488 bytes | Modified Date = 10/26/2006 7:49:48 PM | Attr = ] ms-help -> %CommonProgramFiles%\Microsoft Shared\Help\hxds.dll -> Microsoft Corporation [Ver = 2.05.50727.198 (QFE.050727-1900) | Size = 873216 bytes | Modified Date = 10/26/2006 1:45:02 PM | Attr = ] ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 6:04:28 PM | Attr = ] res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] < Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 615424 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] text/xml -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\MSOXMLMF.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 44344 bytes | Modified Date = 10/26/2006 9:41:48 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {48DD0448-9209-4F81-9F6D-D83562940134} -> MySpace Uploader Control - CodeBase = http://lads.myspace.com/upload/MySpaceUploader1005.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> {FC11A119-C2F7-46F4-9E32-937ABA26816E} -> AMI DicomDir TreeView Control 2.1 - CodeBase = file://D:\CDVIEWER\CdViewer.cab -> [Registry - Additional Scans - All] < ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -> {4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf -> {5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -> {7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install -> {89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll -> {89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP -> >{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -> < Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> {00020D75-0000-0000-C000-000000000046} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 21312 bytes | Modified Date = 10/26/2006 8:55:12 PM | Attr = ] {00022613-0000-0000-C000-000000000046} [HKLM] -> %System32%\mmsys.cpl [Multimedia File Property Sheet] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {0006F045-0000-0000-C000-000000000046} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 254776 bytes | Modified Date = 10/26/2006 8:55:44 PM | Attr = ] {00BB2763-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft AutoComplete] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {00BB2764-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft History AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {00BB2765-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft Multiple AutoComplete List Container] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found {01E04581-4EEE-11d0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {03C036F1-A186-11D0-824A-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Microsoft Shell Folder AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {07798131-AF23-11d1-9111-00A0C98BA67D} [HKLM] -> %System32%\browseui.dll [Web Search] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {08165EA0-E946-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheckWebCrawler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {0A89A860-D7B1-11CE-8350-444553540000} [HKLM] -> %System32%\shdocvw.dll [Shell Automation Inproc Service] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {0B124F8F-91F0-11D1-B8B5-006008059382} [HKLM] -> %System32%\appwiz.cpl [Installed Apps Enumerator] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} [HKLM] -> %System32%\cabview.dll [.CAB file viewer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 84480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {0D45D530-764B-11d0-A1CA-00AA00C16E65} [HKLM] -> %System32%\dsuiext.dll [Directory Property UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Droplist Combo Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {10CFC467-4392-11d2-8DB4-00C04FA31A66} [HKLM] -> %System32%\cscui.dll [Offline Files Folder Options] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {131A6951-7F78-11D0-A979-00C04FD705A2} [HKLM] -> %System32%\shdocvw.dll [ISFBand OC] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [HKLM] -> %SystemRoot%\msagent\agentpsh.dll [Microsoft Agent Character Property Sheet Handler] -> Microsoft Corporation [Ver = 2.00.0.3422 | Size = 24064 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Object Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [HKLM] -> %System32%\browseui.dll [In-pane search] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {176d6597-26d3-11d1-b350-080036a75b03} [HKLM] -> %System32%\icmui.dll [ICM Scanner Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {1F2E5C40-9550-11CE-99D2-00AA006E086C} [HKLM] -> %System32%\rshx32.dll [NTFS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {21569614-B795-46b1-85F4-E737A8DC09AD} [HKLM] -> %System32%\browseui.dll [Shell Search Band] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {2206CDB2-19C1-11D1-89E0-00C04FD7A829} [HKLM] -> %CommonProgramFiles%\System\Ole DB\oledb32.dll [Microsoft Data Link] -> Microsoft Corporation [Ver = 2.81.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 487424 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {22BF0C20-6DA7-11D0-B373-00A0C9034938} [HKLM] -> %System32%\browseui.dll [Download Status] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Search] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Run...] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Internet] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [E-mail] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Set Program Access and Defaults] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Time Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {30D02401-6A81-11d0-8274-00C04FD5AE38} [HKLM] -> %System32%\browseui.dll [Search Band] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {32714800-2E5F-11d0-8B85-00AA0044F941} [HKLM] -> %ProgramFiles%\Outlook Express\wabfind.dll [For &People...] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {352EC2B7-8B9A-11D1-B8AE-006008059382} [HKLM] -> %System32%\appwiz.cpl [Shell Application Manager] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {35786D3C-B075-49b9-88DD-029876E11C01} [HKLM] -> %System32%\WpdShext.dll [Portable Devices] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 9:47:22 PM | Attr = ] {3C374A40-BAE4-11CF-BF7D-00AA006946EE} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url History Service] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [HKLM] -> %System32%\browseui.dll [Shell DeskBarApp] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [HKLM] -> %System32%\shdocvw.dll [The Internet] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {3EA48300-8CF6-101B-84FB-666CCB9BCD32} [HKLM] -> %System32%\docprop.dll [OLE Docfile Property Page] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46080 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {3F30C968-480A-4C6C-862D-EFC0897BB84B} [HKLM] -> %System32%\shimgvw.dll [GDI+ file thumbnail extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {3F953603-1008-4f6e-A73A-04AAC7A992F1} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} [HKLM] -> %System32%\shmedia.dll [Video Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {41E300E0-78B6-11ce-849B-444553540000} [HKLM] -> %System32%\themeui.dll [PlusPack CPL Extension] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 385536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {42042206-2D85-11D3-8CFF-005004838597} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\MSOHEVI.DLL [Microsoft Office HTML Icon Handler] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 61240 bytes | Modified Date = 10/26/2006 8:12:30 PM | Attr = ] {42071712-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\deskadp.dll [Display Adapter CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16384 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {42071713-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\deskmon.dll [Display Monitor CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16896 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found {4a7ded0a-ad25-11d0-98a8-0800361b1103} [HKLM] -> %System32%\mydocs.dll [MyDocs Properties] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {4E40F770-369C-11d0-8922-00A024AB2DBB} [HKLM] -> %System32%\dssec.dll [DS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51200 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} [HKLM] -> %System32%\slayerxp.dll [Compatibility Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {56117100-C0CD-101B-81E2-00AA004AE837} [HKLM] -> %System32%\shscrap.dll [Shell Scrap DataHandler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27648 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {58f1f272-9240-4f51-b6d4-fd63d1618591} [HKLM] -> %System32%\netplwiz.dll [Get a Passport Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {59099400-57FF-11CE-BD94-0020AF85B590} [HKLM] -> %System32%\diskcopy.dll [Disk Copy Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 1501696 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {596AB062-B4D2-4215-9F74-E9109B0A8153} [HKLM] -> %System32%\twext.dll [Previous Versions Property Page] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {59be4990-f85c-11ce-aff7-00aa003ca9f6} [HKLM] -> %System32%\ntlanui2.dll [Shell extensions for Microsoft Windows Network objects] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14336 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {5DB2625A-54DF-11D0-B6C4-0800091AA605} [HKLM] -> %System32%\icmui.dll [ICM Monitor Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {5E6AB780-7743-11CF-A12B-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft Internet Toolbar] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {5F327514-6C5E-4d60-8F16-D07FA08A78ED} [HKLM] -> %System32%\wuaucpl.cpl [Auto Update Property Sheet Extension] -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 216408 bytes | Modified Date = 7/30/2007 6:19:28 PM | Attr = ] {60254CA5-953B-11CF-8C96-00AA00B8708C} [HKLM] -> %System32%\wshext.dll [Shell extensions for Windows Script Host] -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 65536 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {60fd46de-f830-4894-a628-6fa81bc0190d} [HKLM] -> %System32%\photowiz.dll [%DESC_PublishDropTarget%] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 176128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {62AE1F9A-126A-11D0-A14B-0800361B1103} [HKLM] -> %System32%\dsuiext.dll [Directory Context Menu Verbs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {63da6ec0-2e98-11cf-8d82-444553540000} [HKLM] -> %System32%\msieftp.dll [FTP Folders Webview] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 248832 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {640167b4-59b0-47a6-b335-a6b3c0695aea} [HKLM] -> %System32%\audiodev.dll [Portable Media Devices] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 276992 bytes | Modified Date = 10/18/2006 9:47:08 PM | Attr = ] {6413BA2C-B461-11d1-A18A-080036B11A03} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder 2] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} [HKLM] -> %System32%\shimgvw.dll [Shell Image Data Factory] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {6756A641-DE71-11d0-831B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [MRU AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {675F097E-4C4D-11D0-B6C1-0800091AA605} [HKLM] -> %System32%\icmui.dll [ICM Printer Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {67EA19A0-CCEF-11d0-8024-00C04FD75D13} [HKLM] -> %System32%\shdocvw.dll [CDF Extension Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {692F0339-CBAA-47e6-B5B5-3B84DB604E87} [HKLM] -> %System32%\extmgr.dll [Extensions Manager Folder] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 55808 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [HKLM] -> %System32%\browseui.dll [Custom MRU AutoCompleted List] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {6A205B57-2567-4A2C-B881-F787FAB579A3} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Calendar Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {6b33163c-76a5-4b6c-bf21-45de9cd503a1} [HKLM] -> %System32%\netplwiz.dll [Shell Publishing Wizard Object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7007ACC7-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7376D660-C583-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\browseui.dll [TridentImageExtractor] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {7444C717-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto PKO Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7444C719-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto Sign Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files Menu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found {77597368-7b15-11d0-a0c2-080036af3f03} [HKLM] -> %System32%\printui.dll [Web Printer Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 560640 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7988B573-EC89-11cf-9C00-00AA00A14F56} [HKLM] -> %System32%\dskquoui.dll [Disk Quota UI] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 144384 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7A80E4A8-8005-11D2-BCF8-00C04F72C717} [HKLM] -> %System32%\mmcshext.dll [MMC Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found {7BA4C742-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft BrowserBand] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {7BD29E00-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\shdocvw.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {7BD29E01-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\shdocvw.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {7D559C10-9FE9-11d0-93F7-00AA0059CE02} [HKLM] -> %System32%\webcheck.dll [Code Download Agent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {7e653215-fa25-46bd-a339-34a2790f3cb7} [HKLM] -> %System32%\browseui.dll [Accessible] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {7F1CF152-04F8-453A-B34C-E609530A9DC8} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 11/15/2005 11:07:16 AM | Attr = ] {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheck SyncMgr Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {83bbcbf3-b28a-4919-a5aa-73027445d672} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found {85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [Briefcase] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {871C5380-42A0-1069-A2EA-08002B30309D} [HKLM] -> %System32%\shdocvw.dll [Internet Name Space] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [HKLM] -> %System32%\shmedia.dll [Audio Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {87D62D94-71B3-4b9a-9489-5FE6850DC73E} [HKLM] -> %System32%\shmedia.dll [Avi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {883373C3-BF89-11D1-BE35-080036B11A03} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Shell Ext] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {88C6C381-2E85-11D0-94DE-444553540000} [HKLM] -> %System32%\occache.dll [ActiveX Cache Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 96256 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {8A23E65E-31C2-11d0-891C-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Query UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {8DD448E6-C188-4aed-AF92-44956194EB1F} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ] {8EE97210-FD1F-4B19-91DA-67914005F020} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {905667aa-acd6-11d2-8080-00805f6596d2} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {91EA3F8B-C99B-11d0-9815-00C04FD91972} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {9461b922-3c5a-11d2-bf8b-00c04fb93661} [HKLM] -> %System32%\shdocvw.dll [Search Assistant OC] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 204800 bytes | Modified Date = 1/19/2007 11:08:54 PM | Attr = ] {992CFFA0-F557-101A-88EC-00DD010CCC48} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 932688 bytes | Modified Date = 10/26/2006 8:13:06 PM | Attr = ] {9DB7A13C-F208-4981-8353-73CC61AE2783} [HKLM] -> %System32%\twext.dll [Previous Versions] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {9DBD2C50-62AD-11d0-B806-00C04FD706EC} [HKLM] -> %System32%\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [HKLM] -> %System32%\dsquery.dll [Shell properties for a DS object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {A08C11D2-A228-11d0-825B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Address EditBox] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\shdocvw.dll [IE4 Suite Splash Screen] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [HKLM] -> %System32%\shdocvw.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {A6FD9E45-6E44-43f9-8644-08598F5A74D9} [HKLM] -> %System32%\shmedia.dll [Midi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {A9CF0EAE-901A-4739-A481-E35B73E47F6D} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [Subscription Mgr] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {acf35015-526e-4230-9596-becbe19f0ac9} [HKLM] -> %System32%\browseui.dll [Track Popup Bar] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {add36aa8-751a-4579-a266-d66f5202ccbb} [HKLM] -> %System32%\netplwiz.dll [Print Ordering via the Web] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {AF4F6510-F982-11d0-8595-00AA004CD6D8} [HKLM] -> %System32%\browseui.dll [Registry Tree Options Utility] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [HKLM] -> %System32%\cscui.dll [Offline Files Folder] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {B327765E-D724-4347-8B16-78AE18552FC3} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 11/15/2005 11:07:16 AM | Attr = ] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 132392 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ] {BD472F60-27FA-11cf-B8B4-444553540000} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {BD84B380-8CA2-1069-AB1D-08000948F534} [HKLM] -> %System32%\fontext.dll [Fonts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382976 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {BDEADF00-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 970528 bytes | Modified Date = 10/26/2006 7:49:46 PM | Attr = ] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 932688 bytes | Modified Date = 10/26/2006 8:13:06 PM | Attr = ] {c5a40261-cd64-4ccf-84cb-c394da41d590} [HKLM] -> %System32%\shmedia.dll [Video Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {CC6EEFFB-43F6-46c5-9619-51D571967F7D} [HKLM] -> %System32%\netplwiz.dll [Web Publishing Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Play as Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\shdocvw.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {CFCCC7A0-A282-11D1-9082-006008059382} [HKLM] -> %System32%\appwiz.cpl [Darwin App Publisher] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {D20EA4E1-3957-11d2-A40B-0C5020524152} [HKLM] -> %System32%\shdocvw.dll [Fonts] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {D20EA4E1-3957-11d2-A40B-0C5020524153} [HKLM] -> %System32%\shdocvw.dll [Administrative Tools] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {D6277990-4C6A-11CF-8D87-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Scheduled Tasks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} [HKLM] -> %System32%\WpdShext.dll [Portable Devices Menu] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 9:47:22 PM | Attr = ] {D8BD2030-6FC9-11D0-864F-00AA006809D9} [HKLM] -> %System32%\webcheck.dll [PostAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {DBCE2480-C732-101B-BE72-BA78E9AD5B27} [HKLM] -> %System32%\icmui.dll [ICC Profile] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [HKLM] -> %System32%\browseui.dll [User Assist] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {E211B736-43FD-11D1-9EFB-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheckChannelAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E4B29F9D-D390-480b-92FD-7DDB47101D71} [HKLM] -> %System32%\shmedia.dll [Wav Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [ConnectionAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [HKLM] -> %System32%\shdocvw.dll [Shell DocObject Viewer] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {e84fda7c-1d6a-45f6-b725-cb260c236066} [HKLM] -> %System32%\shimgvw.dll [Shell Image Verbs] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [HKLM] -> %System32%\webcheck.dll [TrayAgent] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {EAB841A0-9550-11cf-8C16-00805F1408F3} [HKLM] -> %System32%\shimgvw.dll [HTML Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [HKLM] -> %System32%\shimgvw.dll [Shell Image Property Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [HKLM] -> %System32%\dfsshlex.dll [DfsShell] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell DeskBar] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Rebar BandSite] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Band Site Menu] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {ECF03A32-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Drop Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {ECF03A33-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [HKLM] -> %System32%\browseui.dll [Global Folder Settings] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {EFA24E61-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {EFA24E64-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {F0152790-D56E-4445-850E-4F3117DB740C} [HKLM] -> %System32%\remotepg.dll [Remote Sessions CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {F020E586-5264-11d1-A532-0000F8757D7E} [HKLM] -> %System32%\dsquery.dll [Directory Start/Search Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Add to Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ] {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [HKLM] -> %System32%\rshx32.dll [Printers Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {f39a0dc0-9cc8-11d0-a599-00c04fd64433} [HKLM] -> %System32%\cdfview.dll [Channel File] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 151040 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} [HKLM] -> %System32%\cdfview.dll [Channel Shortcut] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 151040 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} [HKLM] -> %System32%\cdfview.dll [Channel Handler Object] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 151040 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {f3da0dc0-9cc8-11d0-a599-00c04fd64437} [HKLM] -> %System32%\cdfview.dll [Channel Menu] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 151040 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} [HKLM] -> %System32%\cdfview.dll [Channel Properties] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 151040 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {F5175861-2688-11d0-9C5E-00AA00A45957} [HKLM] -> %System32%\webcheck.dll [Subscription Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {F61FFEC1-754F-11d0-80CA-00AA005B4383} [HKLM] -> %System32%\browseui.dll [BandProxy] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1023488 bytes | Modified Date = 10/10/2007 10:13:44 PM | Attr = ] {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {f92e8c40-3d33-11d2-b1aa-080036a75b03} [HKLM] -> %System32%\deskperf.dll [Display TroubleShoot CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {FBF23B40-E3F0-101B-8488-00AA003E56F8} [HKLM] -> %System32%\shdocvw.dll [InternetShortcut] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] {FF393560-C2A7-11CF-BFF4-444553540000} [HKLM] -> %System32%\shdocvw.dll [History] -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 772 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> ÉJDPžÐ‹@Âp\:ýkSeae41366 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> Rm´Ç,31 T -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> T‰Z¢- -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> àä}¿ÓÈ™Ç*€‚@ -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> ±©ÅÍÇ -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4126 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {0D2E74C4-3C34-11d2-A27E-00C04FC30871} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {24F14F01-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {24F14F02-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {7D4D6379-F301-4311-BEBA-E26EB0561882} [HKLM] -> %CommonProgramFiles%\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalColumnHandler Class] -> Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Modified Date = 11/15/2005 11:07:16 AM | Attr = ] {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.0.0.0 | Size = 372736 bytes | Modified Date = 10/22/2006 11:28:04 PM | Attr = ] < ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ -> {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} [HKLM] -> %System32%\shell32.dll [Start Menu Pin] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 61440 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] {D653647D-D607-4df6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender10\bdshelxt.dll [BDMenu Class] -> [Ver = 1, 0, 0, 2 | Size = 58368 bytes | Modified Date = 5/15/2006 6:02:16 PM | Attr = ] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 7, 2, 0 | Size = 73728 bytes | Modified Date = 11/10/2006 7:18:26 PM | Attr = ] {DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 6/5/2006 2:06:22 PM | Attr = ] {750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {09799AFB-AD67-11d1-ABCD-00C04FC30936} [HKLM] -> %System32%\shell32.dll [Open With] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [Open With EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 204800 bytes | Modified Date = 1/19/2007 11:08:54 PM | Attr = ] Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ] < ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\shell32.dll [Send To] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] < ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\ -> %SystemRoot%\Explorer.exe -> %SystemRoot%\explorer.exe [find] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Bookmark] -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/9/2007 9:29:14 PM | Attr = ] "C:\Program Files\Winamp\winamp.exe" /ADD "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Enqueue] -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/9/2007 9:29:14 PM | Attr = ] "C:\Program Files\Winamp\winamp.exe" "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Play] -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/9/2007 9:29:14 PM | Attr = ] < ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ -> {CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 61440 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] {A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] {DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 6/5/2006 2:06:22 PM | Attr = ] {750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 204800 bytes | Modified Date = 1/19/2007 11:08:54 PM | Attr = ] {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ] < ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} [HKLM] -> %System32%\shell32.dll [New] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] < ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shell\ -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> %SystemRoot%\explorer.exe [explore] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] %SystemRoot%\Explorer.exe /idlist,%I,%L -> %SystemRoot%\explorer.exe [open] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] < ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ -> {D653647D-D607-4df6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender10\bdshelxt.dll [BDMenu Class] -> [Ver = 1, 0, 0, 2 | Size = 58368 bytes | Modified Date = 5/15/2006 6:02:16 PM | Attr = ] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 7, 2, 0 | Size = 73728 bytes | Modified Date = 11/10/2006 7:18:26 PM | Attr = ] {DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 6/5/2006 2:06:22 PM | Attr = ] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> %ProgramFiles%\PowerISO\PWRISOSH.DLL [PowerISO] -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 204800 bytes | Modified Date = 1/19/2007 11:08:54 PM | Attr = ] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 12/3/2006 2:53:06 PM | Attr = ] < ControlSets > -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ] C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ] C:^Documents and Settings^Anwar Huneidi^Start Menu^Programs^Startup^Anapod Manager.lnk -> %ProgramFiles%\Red Chair Software\Anapod Explorer\anamgr.exe -> Red Chair Software, Inc. [Ver = 9, 0, 0, 0 | Size = 1076276 bytes | Modified Date = 1/1/2007 11:55:02 AM | Attr = ] < Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> File not found Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ] AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ] ddoctorv2 -> %ProgramFiles%\Comcast\Desktop Doctor\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 4/19/2007 2:21:40 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 1:11:04 PM | Attr = ] KernelFaultCheck -> -> File not found MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe -> [Ver = 1.0.673.0 | Size = 5181440 bytes | Modified Date = 3/6/2007 9:06:56 PM | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr = ] PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 6, 0, 0 | Size = 200704 bytes | Modified Date = 1/19/2007 11:09:42 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/14/2007 11:43:10 PM | Attr = ] Steam -> %ProgramFiles%\Valve\Steam\steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 11/30/2007 1:12:30 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ] WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 10/9/2007 9:28:32 PM | Attr = ] < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found -> .cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found -> .hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> .html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> .inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found -> .pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found -> .reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found -> .txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found -> .vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found -> .wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found -> < Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8194 - Reg Data - Value does not exist -> {FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger -> NextId -> 8196 -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4126 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> < Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> -> %systemroot% -> -> %systemroot%\system32\wbem -> -> C:\Program Files\QuickTime\QTSystem -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> .EXE -> -> .BAT -> -> .CMD -> -> .VBS -> -> .VBE -> -> .JS -> -> .JSE -> -> .WSF -> -> .WSH -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] batfile [open] -> "%1" %* -> batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 3:22:02 PM | Attr = ] cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] cmdfile [open] -> "%1" %* -> cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] comfile [open] -> "%1" %* -> cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] exefile [open] -> "%1" %* -> helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] htmlfile [edit] -> Reg Data - Key not found -> htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/1/2007 12:14:02 AM | Attr = ] inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320) | Size = 1494528 bytes | Modified Date = 10/10/2007 10:13:46 PM | Attr = ] InternetShortcut [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246) | Size = 3058688 bytes | Modified Date = 10/30/2007 2:16:34 AM | Attr = ] jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] piffile [open] -> "%1" %* -> regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] regfile [merge] -> Reg Data - Key not found -> regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Data - Key not found -> txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 7:36:52 PM | Attr = ] Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/9/2007 9:29:14 PM | Attr = ] Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\winamp.exe" /ADD "%1" -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/9/2007 9:29:14 PM | Attr = ] Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\winamp.exe" "%1" -> Nullsoft [Ver = 5,5,0,1640 | Size = 1250816 bytes | Modified Date = 10/9/2007 9:29:14 PM | Attr = ] Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|javascript:1|vbscript:1|acrobat:2|file:2|mailto:2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam(TM) -> {12B60D3B-90B4-4175-BB90-FCE19ACD9B02} -> CUE Splitter -> {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate -> {235BBFC6-D863-4066-A01A-3BD504C31033} -> Nero 7 Ultra Edition -> {3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3 -> {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {48FEB597-0410-4A17-B134-0DEF3083B944} -> eMusic Download Manager -> {4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Starter Edition 3.0 -> {4F5CE18C-D97D-48FF-A510-A0D90C918294} -> iTunes -> {5B28116D-E7FB-454C-AE54-88A70913732D} -> BitDefender Internet Security v10 -> {76E41F43-59D2-4F30-BA42-9A762EE1E8DE} -> Avanquest update -> {789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client -> {7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec -> {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player -> {90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12 -> {90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007 -> {90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007 -> {90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007 -> {90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007 -> {90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007 -> {90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007 -> {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 -> {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 -> {90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007 -> {90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007 -> {90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007 -> {90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007 -> {90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007 -> {90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007 -> {91120000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional Plus 2007 -> {9763E36A-08E9-4228-BBCE-12989A4EB1A8} -> QuickTime -> {AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8 -> {B13A7C41581B411290FBC0395694E2A9} -> DivX Converter -> {B5C209B1-8DDB-4642-A573-375B951514CB} -> Apple Mobile Device Support -> {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player -> {B74F042E-E1B9-4A5B-8D46-387BB172F0A4} -> Apple Software Update -> {BAD8CA9C-77C0-4663-B00B-A8D3B13C341B} -> Motorola Phone Tools -> {C8C8387B-A98B-44E8-807A-1A9B7F51FFDA} -> Blaze Media Pro -> {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition -> {D45EC259-4A19-4656-B588-C2C360DD18EA} -> Half-Life(R) 2 -> {D87149B3-7A1D-4548-9CBF-032B791E5908} -> Desktop Doctor -> {E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1} -> Motorola Phone Tools -> ACE-HIGH MP3 WAV WMA OGG Converter -> ACE-HIGH MP3 WAV WMA OGG Converter -> Adobe Flash Player Plugin -> Adobe Flash Player Plugin -> Adobe Shockwave Player -> Adobe Shockwave Player -> AOL Instant Messenger -> AOL Instant Messenger -> ATI Display Driver -> ATI Display Driver -> Azureus -> Azureus -> Blaze Media Pro -> Blaze Media Pro -> ComcastHSI -> Comcast High-Speed Internet Install Wizard -> CrystalVoiceClick-to-Talk -> CrystalVoice Click-to-Talk -> DivX Content Uploader -> DivX Content Uploader -> EPSON Printer and Utilities -> EPSON Printer Software -> FriendAdder Combo Pack -> FriendAdder Combo Pack -> HijackThis -> HijackThis 2.0.2 -> KB873339 -> Windows XP Hotfix - KB873339 -> KB885835 -> Windows XP Hotfix - KB885835 -> KB885836 -> Windows XP Hotfix - KB885836 -> KB886185 -> Windows XP Hotfix - KB886185 -> KB887472 -> Windows XP Hotfix - KB887472 -> KB888302 -> Windows XP Hotfix - KB888302 -> KB890859 -> Windows XP Hotfix - KB890859 -> KB891781 -> Windows XP Hotfix - KB891781 -> KB893756 -> Security Update for Windows XP (KB893756) -> KB893803v2 -> Windows Installer 3.1 (KB893803) -> KB894391 -> Update for Windows XP (KB894391) -> KB896358 -> Security Update for Windows XP (KB896358) -> KB896423 -> Security Update for Windows XP (KB896423) -> KB896424 -> Security Update for Windows XP (KB896424) -> KB896428 -> Security Update for Windows XP (KB896428) -> KB898461 -> Update for Windows XP (KB898461) -> KB899587 -> Security Update for Windows XP (KB899587) -> KB899591 -> Security Update for Windows XP (KB899591) -> KB900485 -> Update for Windows XP (KB900485) -> KB900725 -> Security Update for Windows XP (KB900725) -> KB901017 -> Security Update for Windows XP (KB901017) -> KB901214 -> Security Update for Windows XP (KB901214) -> KB902400 -> Security Update for Windows XP (KB902400) -> KB904706 -> Security Update for Windows XP (KB904706) -> KB905414 -> Security Update for Windows XP (KB905414) -> KB905749 -> Security Update for Windows XP (KB905749) -> KB908519 -> Security Update for Windows XP (KB908519) -> KB908531 -> Update for Windows XP (KB908531) -> KB910437 -> Update for Windows XP (KB910437) -> KB911280 -> Update for Windows XP (KB911280) -> KB911562 -> Security Update for Windows XP (KB911562) -> KB911564 -> Security Update for Windows Media Player (KB911564) -> KB911567 -> Security Update for Windows XP (KB911567) -> KB911927 -> Security Update for Windows XP (KB911927) -> KB912919 -> Security Update for Windows XP (KB912919) -> KB913580 -> Security Update for Windows XP (KB913580) -> KB914388 -> Security Update for Windows XP (KB914388) -> KB914389 -> Security Update for Windows XP (KB914389) -> KB916595 -> Update for Windows XP (KB916595) -> KB917344 -> Security Update for Windows XP (KB917344) -> KB917422 -> Security Update for Windows XP (KB917422) -> KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734) -> KB917953 -> Security Update for Windows XP (KB917953) -> KB918118 -> Security Update for Windows XP (KB918118) -> KB918439 -> Security Update for Windows XP (KB918439) -> KB919007 -> Security Update for Windows XP (KB919007) -> KB920213 -> Security Update for Windows XP (KB920213) -> KB920214 -> Security Update for Windows XP (KB920214) -> KB920670 -> Security Update for Windows XP (KB920670) -> KB920683 -> Security Update for Windows XP (KB920683) -> KB920685 -> Security Update for Windows XP (KB920685) -> KB920872 -> Update for Windows XP (KB920872) -> KB921398 -> Security Update for Windows XP (KB921398) -> KB921503 -> Security Update for Windows XP (KB921503) -> KB922582 -> Update for Windows XP (KB922582) -> KB922616 -> Security Update for Windows XP (KB922616) -> KB922760 -> Security Update for Windows XP (KB922760) -> KB922819 -> Security Update for Windows XP (KB922819) -> KB923191 -> Security Update for Windows XP (KB923191) -> KB923414 -> Security Update for Windows XP (KB923414) -> KB923689 -> Security Update for Windows XP (KB923689) -> KB923694 -> Security Update for Windows XP (KB923694) -> KB923789 -> Security Update for Windows XP (KB923789) -> KB923980 -> Security Update for Windows XP (KB923980) -> KB924191 -> Security Update for Windows XP (KB924191) -> KB924270 -> Security Update for Windows XP (KB924270) -> KB924667 -> Security Update for Windows XP (KB924667) -> KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) -> KB925454 -> Security Update for Windows XP (KB925454) -> KB925486 -> Security Update for Windows XP (KB925486) -> KB925902 -> Security Update for Windows XP (KB925902) -> KB926239 -> Hotfix for Windows XP (KB926239) -> KB926255 -> Security Update for Windows XP (KB926255) -> KB926436 -> Security Update for Windows XP (KB926436) -> KB927779 -> Security Update for Windows XP (KB927779) -> KB927802 -> Security Update for Windows XP (KB927802) -> KB927891 -> Update for Windows XP (KB927891) -> KB928090 -> Security Update for Windows XP (KB928090) -> KB928255 -> Security Update for Windows XP (KB928255) -> KB928843 -> Security Update for Windows XP (KB928843) -> KB929123 -> Security Update for Windows XP (KB929123) -> KB929338 -> Update for Windows XP (KB929338) -> KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) -> KB929969 -> Security Update for Windows XP (KB929969) -> KB930178 -> Security Update for Windows XP (KB930178) -> KB930916 -> Update for Windows XP (KB930916) -> KB931261 -> Security Update for Windows XP (KB931261) -> KB931768 -> Security Update for Windows XP (KB931768) -> KB931784 -> Security Update for Windows XP (KB931784) -> KB931836 -> Update for Windows XP (KB931836) -> KB932168 -> Security Update for Windows XP (KB932168) -> KB933360 -> Update for Windows XP (KB933360) -> KB933729 -> Security Update for Windows XP (KB933729) -> KB935839 -> Security Update for Windows XP (KB935839) -> KB935840 -> Security Update for Windows XP (KB935840) -> KB936021 -> Security Update for Windows XP (KB936021) -> KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) -> KB936782_WMP9 -> Security Update for Windows Media Player 9 (KB936782) -> KB937143 -> Security Update for Windows XP (KB937143) -> KB937894 -> Security Update for Windows XP (KB937894) -> KB938127 -> Security Update for Windows XP (KB938127) -> KB938828 -> Update for Windows XP (KB938828) -> KB938829 -> Security Update for Windows XP (KB938829) -> KB939653 -> Security Update for Windows XP (KB939653) -> KB939683 -> Hotfix for Windows Media Player 11 (KB939683) -> KB941202 -> Security Update for Windows XP (KB941202) -> KB941568 -> Security Update for Windows XP (KB941568) -> KB941569 -> Security Update for Windows XP (KB941569) -> KB941644 -> Security Update for Windows XP (KB941644) -> KB942615 -> Security Update for Windows XP (KB942615) -> KB942763 -> Update for Windows XP (KB942763) -> KB942840 -> Update for Windows XP (KB942840) -> KB943460 -> Security Update for Windows XP (KB943460) -> KB943485 -> Security Update for Windows XP (KB943485) -> KB944653 -> Security Update for Windows XP (KB944653) -> KB946627 -> Update for Windows XP (KB946627) -> Magic ISO Maker v5.3 (build 0221) -> Magic ISO Maker v5.3 (build 0221) -> MicroMedia Player_is1 -> MicroMedia 2.0 -> Mozilla Firefox (2.0.0.11) -> Mozilla Firefox (2.0.0.11) -> MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP -> MySpaceIM -> MySpaceIM -> PowerISO -> PowerISO -> PROPLUSR -> Microsoft Office Professional Plus 2007 -> RealAlt_is1 -> Real Alternative 1.51 -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> Steam App 218 -> Source SDK Base 2007 -> Steam App 3010 -> Xpand Rally -> Steam App 400 -> Portal -> ViewpointMediaPlayer -> Viewpoint Media Player -> VLC media player -> VideoLAN VLC media player 0.8.6c -> VN_VUIns_Rhine_VIA -> VIA Rhine-Family Fast Ethernet Adapter -> WgaNotify -> Windows Genuine Advantage Notifications (KB905474) -> Winamp -> Winamp -> Windows Media Format Runtime -> Windows Media Format 11 runtime -> Windows Media Player -> Windows Media Player 11 -> WinRAR archiver -> WinRAR archiver -> WMFDist11 -> Windows Media Format 11 runtime -> wmp11 -> Windows Media Player 11 -> Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 -> < WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW -> cmdline -> %SystemRoot%\system32\ntvdm.exe -> wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 -> < EventViewer Logs > -> Errors and Warnings -> Description System - Error - 1/11/2008 4:01:11 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/11/2008 4:01:12 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/11/2008 4:01:12 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/11/2008 4:01:13 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/11/2008 4:01:14 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/11/2008 4:46:33 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/11/2008 5:09:13 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/11/2008 7:11:15 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/11/2008 4:03:09 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/11/2008 7:17:13 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Warning - 1/11/2008 11:36:41 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/12/2008 3:08:49 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 3:08:50 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 3:08:50 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 3:08:51 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 3:08:52 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/12/2008 2:29:29 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/12/2008 4:29:52 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Warning - 1/12/2008 4:29:52 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Error - 1/12/2008 4:30:10 PM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Warning - 1/12/2008 4:48:18 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Error - 1/12/2008 5:39:42 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:39:42 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:39:42 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:39:43 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:39:44 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/12/2008 5:40:58 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/12/2008 5:57:22 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:57:22 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:57:23 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:57:23 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 5:57:24 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:19:05 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:19:05 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:19:06 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:19:06 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:19:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/12/2008 6:20:00 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/12/2008 6:38:52 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:38:52 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:38:53 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:38:53 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 6:38:54 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:00:35 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:00:35 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:00:36 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:00:36 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:00:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:12:10 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:12:11 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:12:11 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:12:12 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:12:13 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:28:56 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:28:57 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:28:57 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:28:58 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:28:59 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:50:58 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:50:59 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:50:59 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:51:00 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 7:51:01 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:10:46 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:10:46 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:10:47 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:10:48 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:10:49 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:26:20 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:26:20 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:26:20 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:26:21 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:26:22 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:45:25 PM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\SYSTEM - Source = Print -> Description = System - Error - 1/12/2008 8:45:06 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:45:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:45:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:45:08 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:45:09 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:58:20 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:58:20 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:58:21 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:58:21 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 8:58:22 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 9:15:14 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 9:15:14 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 9:15:15 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 9:15:15 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/12/2008 9:15:16 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/12/2008 9:26:24 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Warning - 1/12/2008 9:26:24 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Warning - 1/13/2008 12:21:31 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/13/2008 5:56:29 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/13/2008 10:54:42 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Warning - 1/13/2008 4:39:12 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/13/2008 5:32:10 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:32:11 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:32:11 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:32:12 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:32:13 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:59:12 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:59:12 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:59:13 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:59:14 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 5:59:15 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/13/2008 6:44:41 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/13/2008 7:18:10 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/13/2008 7:48:55 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/13/2008 7:54:06 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/13/2008 7:54:34 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/13/2008 8:54:26 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/13/2008 8:54:50 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Warning - 1/13/2008 8:54:53 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/13/2008 9:55:27 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect System - Error - 1/13/2008 9:55:28 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service failed to start due to the following error 1053 System - Warning - 1/13/2008 10:12:31 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/13/2008 10:27:27 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/13/2008 10:54:12 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/13/2008 10:55:03 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/13/2008 10:58:04 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 10:58:04 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 10:58:05 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 10:58:06 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 10:58:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 11:07:54 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 11:07:54 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 11:07:55 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 11:07:55 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/13/2008 11:07:56 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/13/2008 11:09:23 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Warning - 1/13/2008 11:09:24 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Error - 1/13/2008 11:25:44 PM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Error - 1/13/2008 11:54:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/14/2008 12:53:54 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/14/2008 1:03:08 AM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Error - 1/14/2008 1:03:36 AM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Error - 1/14/2008 1:03:57 AM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Error - 1/14/2008 1:04:02 AM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Warning - 1/14/2008 3:43:53 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/14/2008 3:55:07 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/14/2008 3:55:35 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Warning - 1/14/2008 3:59:53 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/14/2008 4:41:30 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/14/2008 12:28:37 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 12:28:37 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 12:28:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 12:28:39 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 12:28:40 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/14/2008 12:31:11 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/14/2008 12:53:44 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/14/2008 1:45:10 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/14/2008 2:45:43 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/14/2008 2:45:45 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/14/2008 10:58:35 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/14/2008 11:05:06 PM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Warning - 1/14/2008 11:05:08 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Warning - 1/14/2008 11:05:09 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Error - 1/14/2008 11:05:48 PM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Warning - 1/14/2008 11:24:38 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezJFOUE2QjhDLTZDOUEtNDFGRi1BNTk5LTQwMDY1RDFFMDYzMX0uMC4xNzc2NkZGNgavi from IP address 1921681100 due to error 0x80070002 System - Error - 1/14/2008 11:28:40 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 11:28:40 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 11:28:40 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 11:28:41 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 11:28:42 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/14/2008 11:32:50 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = The BitDefender Scan Server service terminated unexpectedly It has done this 1 time(s) System - Error - 1/15/2008 12:45:44 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 12:46:13 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/15/2008 1:45:35 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 6:57:49 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 10:00:01 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 11:00:00 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/15/2008 12:45:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/15/2008 1:58:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Warning - 1/15/2008 1:58:07 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = WMPNetworkSvc -> Description = The Windows Media Player Network Sharing Service cannot process the request for URI http192168110110243WMPNSSv329691743970ezlGNDlCNDAwLTcxMkEtNDIwOC1COTlFLTQyOEY3NEJENzU0M30uMC40MDBGNTJCNwavialbumArt=true from IP address 1921681100 due to error 0x80070490 System - Error - 1/15/2008 1:58:20 PM -> Computer Name = ANWEEZY - User Name = NT AUTHORITY\NETWORK SERVICE - Source = DCOM -> Description = System - Error - 1/15/2008 3:01:02 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 4:01:54 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 4:02:22 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/15/2008 5:01:58 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 5:02:26 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/15/2008 6:01:53 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/15/2008 6:02:14 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/15/2008 7:00:54 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/15/2008 10:22:28 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Warning - 1/15/2008 11:06:57 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/15/2008 11:42:02 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:42:02 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:42:03 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:42:04 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:42:05 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:52:08 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:52:08 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:52:09 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:52:09 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/15/2008 11:52:10 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 1:08:37 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/16/2008 2:08:23 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/16/2008 2:45:14 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/16/2008 3:09:02 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 7:26:53 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 7:26:53 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 7:26:54 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 7:26:55 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 7:26:56 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 8:09:51 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 8:10:19 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/16/2008 9:10:08 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 9:10:37 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/16/2008 9:35:01 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 9:35:01 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 9:35:02 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 9:35:02 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 9:35:03 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/16/2008 10:11:03 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 10:11:31 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/16/2008 11:10:12 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 11:10:40 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/16/2008 12:09:19 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 1:10:57 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 1:11:26 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/16/2008 4:09:30 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 6:10:19 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/16/2008 6:10:48 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/16/2008 7:09:35 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/16/2008 10:27:13 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Warning - 1/16/2008 11:14:29 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Error - 1/17/2008 9:53:43 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 9:53:44 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 9:53:44 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 9:53:45 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 9:53:46 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 9:55:00 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect System - Error - 1/17/2008 9:55:00 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service failed to start due to the following error 1053 System - Error - 1/17/2008 10:09:35 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 10:09:36 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 10:09:36 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 10:09:37 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 10:09:38 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:08:49 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:08:50 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:08:50 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:08:51 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:08:52 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:26:47 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/17/2008 11:27:16 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the (null) service System - Error - 1/17/2008 12:26:01 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/17/2008 5:03:00 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 5:03:00 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 5:03:01 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 5:03:02 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 5:03:03 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 6:19:24 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Warning - 1/17/2008 10:58:28 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/17/2008 11:06:27 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:06:27 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:06:27 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:06:28 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/17/2008 11:06:29 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/17/2008 11:08:06 PM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = System - Error - 1/18/2008 12:37:38 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:37:38 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:37:38 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:37:39 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:37:41 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:39:18 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect System - Error - 1/18/2008 12:39:18 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service failed to start due to the following error 1053 System - Error - 1/18/2008 12:45:36 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:45:36 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:45:36 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:45:37 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 12:45:39 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:03:45 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the VSSERV service System - Error - 1/18/2008 1:22:10 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:22:11 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:22:11 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:22:12 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:22:13 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:23:26 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect System - Error - 1/18/2008 1:23:36 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Service Control Manager -> Description = The Application Layer Gateway Service service failed to start due to the following error 1053 System - Error - 1/18/2008 1:26:19 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:26:19 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:26:20 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:26:21 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:26:22 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:33:32 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:33:33 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:33:33 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:33:34 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Error - 1/18/2008 1:33:35 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = ati2mtag -> Description = System - Warning - 1/18/2008 1:34:32 AM -> Computer Name = ANWEEZY - User Name = (blank) - Source = Tcpip -> Description = [Files/Folders - Created Within 60 days] !KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 11/23/2007 8:45:27 PM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 11/24/2007 1:34:48 PM | Attr = RH ] net_save.dna -> %SystemDrive%\net_save.dna -> [Ver = | Size = 1140 bytes | Created Date = 12/26/2007 8:46:38 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/11/2008 2:26:46 AM | Attr = ] $NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Created Date = 12/14/2007 4:01:17 AM | Attr = H ] $NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/14/2007 3:57:30 AM | Attr = H ] $NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/14/2007 3:58:19 AM | Attr = H ] $NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Created Date = 1/12/2008 3:00:53 AM | Attr = H ] $NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ -> [Folder | Created Date = 12/14/2007 3:56:13 AM | Attr = H ] $NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/14/2007 3:58:59 AM | Attr = H ] $NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ -> [Folder | Created Date = 12/14/2007 4:01:01 AM | Attr = H ] $NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Created Date = 1/12/2008 3:00:46 AM | Attr = H ] $NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/14/2007 3:54:10 AM | Attr = H ] $NtUninstallKB946627$ -> %SystemRoot%\$NtUninstallKB946627$ -> [Folder | Created Date = 12/22/2007 3:03:36 AM | Attr = H ] ComcastWebmail.ico -> %SystemRoot%\ComcastWebmail.ico -> [Ver = | Size = 15086 bytes | Created Date = 12/26/2007 8:49:44 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/11/2008 2:27:05 AM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 1/18/2008 1:37:43 AM | Attr = ] NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/11/2008 2:26:43 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/13/2008 5:42:56 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/13/2008 5:42:56 AM | Attr = H ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 11/24/2007 1:36:10 PM | Attr = ] appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 11/25/2007 3:36:28 AM | Attr = ] avcodec-51.dll -> %System32%\avcodec-51.dll -> [Ver = | Size = 1986048 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] avformat-51.dll -> %System32%\avformat-51.dll -> [Ver = | Size = 258560 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] avutil-49.dll -> %System32%\avutil-49.dll -> [Ver = | Size = 18944 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Created Date = 12/9/2007 4:09:51 AM | Attr = ] FFMpegSource.dll -> %System32%\FFMpegSource.dll -> [Ver = | Size = 188416 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] fftw3.dll -> %System32%\fftw3.dll -> [Ver = | Size = 1627136 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/23/2007 11:32:55 PM | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 12/23/2007 11:32:55 PM | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/23/2007 11:32:55 PM | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 12/23/2007 11:32:55 PM | Attr = ] libFLAC_dynamic.dll -> %System32%\libFLAC_dynamic.dll -> [Ver = | Size = 266240 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] libsndfile-1.dll -> %System32%\libsndfile-1.dll -> [Ver = | Size = 116736 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] postproc-51.dll -> %System32%\postproc-51.dll -> [Ver = | Size = 24576 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 1/11/2008 2:26:43 AM | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/11/2008 2:26:43 AM | Attr = ] swscale-0.dll -> %System32%\swscale-0.dll -> [Ver = | Size = 133120 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/11/2008 2:26:43 AM | Attr = ] VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 1/11/2008 2:26:43 AM | Attr = ] zlib1.dll -> %System32%\zlib1.dll -> [Ver = 1.2.3 | Size = 59904 bytes | Created Date = 12/9/2007 12:06:25 AM | Attr = ] copperhd.sys -> %System32%\drivers\copperhd.sys -> Razer (Asia-Pacific) Pte Ltd [Ver = 1.0.0.3.0.0 | Size = 11596 bytes | Created Date = 1/18/2008 1:19:32 AM | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 11/23/2007 9:01:11 PM | Attr = ] Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Created Date = 11/24/2007 1:35:19 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 11/24/2007 10:22:49 PM | Attr = ] SupportSoft -> %AllUsersAppData%\SupportSoft -> [Folder | Created Date = 12/26/2007 8:49:41 PM | Attr = ] Help -> %UserAppData%\Help -> [Folder | Created Date = 1/13/2008 6:42:39 PM | Attr = ] SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 11/24/2007 10:22:43 PM | Attr = ] Help -> %LocalAppData%\Help -> [Folder | Created Date = 1/13/2008 6:42:39 PM | Attr = ] Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Created Date = 11/24/2007 1:35:43 PM | Attr = ] SupportSoft -> %LocalAppData%\SupportSoft -> [Folder | Created Date = 12/26/2007 8:45:27 PM | Attr = ] cover letter..rtf -> %UserDocuments%\cover letter..rtf -> [Ver = | Size = 1543 bytes | Created Date = 11/20/2007 4:39:16 AM | Attr = ] e7.jpg -> %UserDocuments%\e7.jpg -> [Ver = | Size = 28139 bytes | Created Date = 12/24/2007 5:50:48 AM | Attr = ] images.jpg -> %UserDocuments%\images.jpg -> [Ver = | Size = 4954 bytes | Created Date = 12/24/2007 5:49:27 AM | Attr = ] l_872483dc8450fd7c4d3720fbe8d48186.jpg -> %UserDocuments%\l_872483dc8450fd7c4d3720fbe8d48186.jpg -> [Ver = | Size = 39811 bytes | Created Date = 12/24/2007 2:52:27 PM | Attr = ] resume.rtf -> %UserDocuments%\resume.rtf -> [Ver = | Size = 2765 bytes | Created Date = 11/20/2007 5:01:42 AM | Attr = ] webscr.htm -> %UserDocuments%\webscr.htm -> [Ver = | Size = 16052 bytes | Created Date = 12/14/2007 3:44:58 AM | Attr = ] Comcast Desktop Doctor.lnk -> %AllUsersDesktop%\Comcast Desktop Doctor.lnk -> [Ver = | Size = 1960 bytes | Created Date = 12/26/2007 8:49:37 PM | Attr = ] CUE Splitter.lnk -> %AllUsersDesktop%\CUE Splitter.lnk -> [Ver = | Size = 766 bytes | Created Date = 1/10/2008 1:11:31 AM | Attr = ] iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 1804 bytes | Created Date = 12/7/2007 2:22:07 PM | Attr = ] QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 12/7/2007 2:18:22 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/11/2008 2:36:35 AM | Attr = ] 6017520676343.wmv -> %UserDesktop%\6017520676343.wmv -> [Ver = | Size = 2022234 bytes | Created Date = 12/12/2007 11:48:38 PM | Attr = ] anja -> %UserDesktop%\anja -> [Folder | Created Date = 12/20/2007 4:19:50 PM | Attr = ] ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1496020 bytes | Created Date = 1/11/2008 2:16:34 AM | Attr = ] Comcast Webmail.url -> %UserDesktop%\Comcast Webmail.url -> [Ver = | Size = 119 bytes | Created Date = 12/26/2007 8:49:45 PM | Attr = ] Copperhead-V6.20.s19 -> %UserDesktop%\Copperhead-V6.20.s19 -> [Ver = | Size = 32768 bytes | Created Date = 1/18/2008 1:18:49 AM | Attr = ] Friend Adder.lnk -> %UserDesktop%\Friend Adder.lnk -> [Ver = | Size = 932 bytes | Created Date = 1/13/2008 7:09:42 PM | Attr = ] Friend Commenter.lnk -> %UserDesktop%\Friend Commenter.lnk -> [Ver = | Size = 980 bytes | Created Date = 1/13/2008 7:09:42 PM | Attr = ] Friend Messenger.lnk -> %UserDesktop%\Friend Messenger.lnk -> [Ver = | Size = 980 bytes | Created Date = 1/13/2008 7:09:42 PM | Attr = ] HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 1/7/2008 1:28:36 AM | Attr = ] HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 1/7/2008 1:25:32 AM | Attr = ] l_cab1d494834d9bc59b8a75c73a31bcc5.jpg -> %UserDesktop%\l_cab1d494834d9bc59b8a75c73a31bcc5.jpg -> [Ver = | Size = 26288 bytes | Created Date = 11/24/2007 9:47:58 PM | Attr = ] noname.jpg -> %UserDesktop%\noname.jpg -> [Ver = | Size = 24518 bytes | Created Date = 11/24/2007 9:57:22 PM | Attr = ] reports -> %UserDesktop%\reports -> [Folder | Created Date = 1/11/2008 2:35:55 AM | Attr = ] Shortcut to Startup.lnk -> %UserDesktop%\Shortcut to Startup.lnk -> [Ver = | Size = 793 bytes | Created Date = 1/7/2008 5:50:56 AM | Attr = ] SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/11/2008 2:26:06 AM | Attr = ] winpfind3u -> %UserDesktop%\winpfind3u -> [Folder | Created Date = 1/15/2008 11:29:51 PM | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Created Date = 1/15/2008 11:29:33 PM | Attr = ] [4]-Submit_2008-01-11@23.47.zip -> %UserDesktop%\[4]-Submit_2008-01-11@23.47.zip -> [Ver = | Size = 2850 bytes | Created Date = 1/11/2008 11:48:06 PM | Attr = ] Azureus.lnk -> %UserStartup%\Azureus.lnk -> [Ver = | Size = 678 bytes | Created Date = 1/8/2008 3:03:54 AM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 11/24/2007 1:44:45 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 12/23/2007 11:32:14 PM | Attr = ] SupportSoft -> %CommonProgramFiles%\SupportSoft -> [Folder | Created Date = 12/26/2007 8:45:22 PM | Attr = ] [Files/Folders - Modified Within 60 days] !KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 11/23/2007 8:45:28 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/13/2008 6:50:40 PM | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 12/20/2007 6:38:26 PM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 11/24/2007 1:34:50 PM | Attr = RH ] net_save.dna -> %SystemDrive%\net_save.dna -> [Ver = | Size = 1140 bytes | Modified Date = 12/26/2007 8:46:40 PM | Attr = ] New Folder -> %SystemDrive%\New Folder -> [Folder | Modified Date = 11/24/2007 4:33:36 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/18/2008 12:42:00 AM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/12/2008 3:33:28 PM | Attr = ] Razr Drivers -> %SystemDrive%\Razr Drivers -> [Folder | Modified Date = 1/18/2008 1:36:36 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 12/20/2007 4:21:02 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/18/2008 1:37:44 AM | Attr = ] @Alternate Data Stream - 41074 bytes -> %SystemRoot%:    -> @Alternate Data Stream - 1325568 bytes -> %SystemRoot%:   .exe -> $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 4:16:40 PM | Attr = H ] $NtUninstallKB937894$ -> %SystemRoot%\$NtUninstallKB937894$ -> [Folder | Modified Date = 12/14/2007 4:01:20 AM | Attr = H ] $NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Modified Date = 12/14/2007 3:57:32 AM | Attr = H ] $NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Modified Date = 12/14/2007 3:58:42 AM | Attr = H ] $NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Modified Date = 1/12/2008 3:00:54 AM | Attr = H ] $NtUninstallKB942615$ -> %SystemRoot%\$NtUninstallKB942615$ -> [Folder | Modified Date = 12/14/2007 3:56:22 AM | Attr = H ] $NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Modified Date = 12/14/2007 3:59:02 AM | Attr = H ] $NtUninstallKB942840$ -> %SystemRoot%\$NtUninstallKB942840$ -> [Folder | Modified Date = 12/14/2007 4:01:04 AM | Attr = H ] $NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Modified Date = 1/12/2008 3:00:48 AM | Attr = H ] $NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Modified Date = 12/14/2007 3:54:12 AM | Attr = H ] $NtUninstallKB946627$ -> %SystemRoot%\$NtUninstallKB946627$ -> [Folder | Modified Date = 12/22/2007 3:03:38 AM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/18/2008 1:33:36 AM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 1/7/2008 5:18:46 AM | Attr = HS] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/10/2008 1:17:18 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/11/2008 2:34:30 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 11/24/2007 1:42:30 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/13/2008 6:42:40 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/12/2008 3:00:52 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/18/2008 1:38:54 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/11/2008 2:36:38 AM | Attr = HS] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 1/18/2008 1:38:06 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/15/2008 11:52:12 PM | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 11/24/2007 1:41:16 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/18/2008 1:39:38 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/7/2008 5:09:36 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/13/2008 5:42:58 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/13/2008 5:42:58 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 1/2/2008 1:10:34 AM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 11/24/2007 1:44:08 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/13/2008 6:50:40 PM | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 1/18/2008 1:39:16 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/18/2008 1:38:06 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 714 bytes | Modified Date = 1/18/2008 1:01:22 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 11/24/2007 1:46:08 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/11/2008 12:46:04 PM | Attr = ] Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 276 bytes | Modified Date = 1/15/2008 11:20:02 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/18/2008 1:33:40 AM | Attr = H ] appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 12/20/2007 6:50:54 PM | Attr = ] bdod.bin -> %System32%\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 1/18/2008 1:39:12 AM | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 12/14/2007 3:55:44 AM | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/18/2008 1:34:00 AM | Attr = ] CmdLineExt.dll -> %System32%\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 12/9/2007 4:09:52 AM | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 11/24/2007 1:47:00 PM | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/18/2008 1:38:10 AM | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 1/18/2008 1:38:06 AM | Attr = ] DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 1/18/2008 1:38:08 AM | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 267008 bytes | Modified Date = 11/25/2007 1:44:02 AM | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40836 bytes | Modified Date = 12/2/2007 2:25:04 AM | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 314508 bytes | Modified Date = 12/2/2007 2:25:04 AM | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356738 bytes | Modified Date = 12/2/2007 2:25:04 AM | Attr = ] wbem -> %System32%\wbem -> [Folder | Modified Date = 12/2/2007 2:25:04 AM | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/18/2008 1:35:04 AM | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 11/23/2007 9:01:14 PM | Attr = ] Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 11/24/2007 1:41:16 PM | Attr = S] Microsoft Help -> %AllUsersAppData%\Microsoft Help -> [Folder | Modified Date = 11/24/2007 1:47:46 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 11/24/2007 10:22:50 PM | Attr = ] SupportSoft -> %AllUsersAppData%\SupportSoft -> [Folder | Modified Date = 12/26/2007 8:49:42 PM | Attr = ] Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/4/2008 2:56:46 AM | Attr = ] Azureus -> %UserAppData%\Azureus -> [Folder | Modified Date = 1/18/2008 1:34:50 AM | Attr = ] Help -> %UserAppData%\Help -> [Folder | Modified Date = 1/13/2008 6:42:40 PM | Attr = ] Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 1/5/2008 4:22:54 AM | Attr = S] SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 11/24/2007 10:22:44 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 101376 bytes | Modified Date = 1/16/2008 3:10:34 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 69536 bytes | Modified Date = 12/23/2007 11:30:02 PM | Attr = ] Help -> %LocalAppData%\Help -> [Folder | Modified Date = 1/13/2008 6:42:40 PM | Attr = ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 12/2/2007 2:25:02 AM | Attr = ] Microsoft Help -> %LocalAppData%\Microsoft Help -> [Folder | Modified Date = 11/24/2007 1:35:44 PM | Attr = ] SupportSoft -> %LocalAppData%\SupportSoft -> [Folder | Modified Date = 12/26/2007 8:45:28 PM | Attr = ] cover letter..rtf -> %UserDocuments%\cover letter..rtf -> [Ver = | Size = 1543 bytes | Modified Date = 11/20/2007 4:39:36 AM | Attr = ] e7.jpg -> %UserDocuments%\e7.jpg -> [Ver = | Size = 28139 bytes | Modified Date = 12/24/2007 5:50:50 AM | Attr = ] filelib -> %UserDocuments%\filelib -> [Folder | Modified Date = 12/20/2007 7:21:44 PM | Attr = ] images.jpg -> %UserDocuments%\images.jpg -> [Ver = | Size = 4954 bytes | Modified Date = 12/24/2007 5:49:30 AM | Attr = ] l_872483dc8450fd7c4d3720fbe8d48186.jpg -> %UserDocuments%\l_872483dc8450fd7c4d3720fbe8d48186.jpg -> [Ver = | Size = 39811 bytes | Modified Date = 12/24/2007 2:52:28 PM | Attr = ] My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/2/2008 2:09:22 PM | Attr = RH ] resume.rtf -> %UserDocuments%\resume.rtf -> [Ver = | Size = 2765 bytes | Modified Date = 11/20/2007 5:01:44 AM | Attr = ] webscr.htm -> %UserDocuments%\webscr.htm -> [Ver = | Size = 16052 bytes | Modified Date = 12/14/2007 3:45:02 AM | Attr = ] Comcast Desktop Doctor.lnk -> %AllUsersDesktop%\Comcast Desktop Doctor.lnk -> [Ver = | Size = 1960 bytes | Modified Date = 12/26/2007 8:49:38 PM | Attr = ] CUE Splitter.lnk -> %AllUsersDesktop%\CUE Splitter.lnk -> [Ver = | Size = 766 bytes | Modified Date = 1/10/2008 1:11:32 AM | Attr = ] iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 1804 bytes | Modified Date = 12/7/2007 2:22:08 PM | Attr = ] QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 12/7/2007 2:18:24 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/11/2008 2:36:36 AM | Attr = ] 6017520676343.wmv -> %UserDesktop%\6017520676343.wmv -> [Ver = | Size = 2022234 bytes | Modified Date = 12/12/2007 11:48:50 PM | Attr = ] anja -> %UserDesktop%\anja -> [Folder | Modified Date = 12/20/2007 4:19:56 PM | Attr = ] cd music -> %UserDesktop%\cd music -> [Folder | Modified Date = 11/22/2007 5:31:56 PM | Attr = ] ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1496020 bytes | Modified Date = 1/11/2008 2:16:26 AM | Attr = ] Comcast Webmail.url -> %UserDesktop%\Comcast Webmail.url -> [Ver = | Size = 119 bytes | Modified Date = 12/26/2007 8:49:46 PM | Attr = ] Copperhead-V6.20.s19 -> %UserDesktop%\Copperhead-V6.20.s19 -> [Ver = | Size = 32768 bytes | Modified Date = 1/18/2008 1:18:46 AM | Attr = ] Friend Adder.lnk -> %UserDesktop%\Friend Adder.lnk -> [Ver = | Size = 932 bytes | Modified Date = 1/13/2008 7:09:44 PM | Attr = ] Friend Commenter.lnk -> %UserDesktop%\Friend Commenter.lnk -> [Ver = | Size = 980 bytes | Modified Date = 1/13/2008 7:09:44 PM | Attr = ] Friend Messenger.lnk -> %UserDesktop%\Friend Messenger.lnk -> [Ver = | Size = 980 bytes | Modified Date = 1/13/2008 7:09:44 PM | Attr = ] hijackthis -> %UserDesktop%\hijackthis -> [Folder | Modified Date = 1/7/2008 1:17:54 AM | Attr = ] HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 1/7/2008 1:28:38 AM | Attr = ] HJTInstall.exe -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/7/2008 1:25:20 AM | Attr = ] l_cab1d494834d9bc59b8a75c73a31bcc5.jpg -> %UserDesktop%\l_cab1d494834d9bc59b8a75c73a31bcc5.jpg -> [Ver = | Size = 26288 bytes | Modified Date = 11/24/2007 9:48:04 PM | Attr = ] New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 1/10/2008 1:00:54 AM | Attr = ] noname.jpg -> %UserDesktop%\noname.jpg -> [Ver = | Size = 24518 bytes | Modified Date = 11/24/2007 9:57:24 PM | Attr = ] reports -> %UserDesktop%\reports -> [Folder | Modified Date = 1/18/2008 1:16:34 AM | Attr = ] Shortcut to Startup.lnk -> %UserDesktop%\Shortcut to Startup.lnk -> [Ver = | Size = 793 bytes | Modified Date = 1/7/2008 5:50:58 AM | Attr = ] SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/11/2008 2:26:12 AM | Attr = ] winpfind3u -> %UserDesktop%\winpfind3u -> [Folder | Modified Date = 1/15/2008 11:29:52 PM | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Modified Date = 1/15/2008 11:29:22 PM | Attr = ] [4]-Submit_2008-01-11@23.47.zip -> %UserDesktop%\[4]-Submit_2008-01-11@23.47.zip -> [Ver = | Size = 2850 bytes | Modified Date = 1/11/2008 11:48:08 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 11/24/2007 1:44:46 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 12/23/2007 11:32:16 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 11/24/2007 1:46:30 PM | Attr = ] SupportSoft -> %CommonProgramFiles%\SupportSoft -> [Folder | Modified Date = 12/26/2007 8:45:24 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 11/24/2007 1:36:32 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/11/2008 2:36:18 AM | Attr = ] [File String Scan - All] @Alternate Data Stream - 41074 bytes -> %SystemRoot%:    -> @Alternate Data Stream - 1325568 bytes -> %SystemRoot%:   .exe -> UPX! , UPX0 , -> %System32%\AdjMmsEng.dll -> MultiMedia Soft [Ver = 5, 7, 0, 8 | Size = 668672 bytes | Modified Date = 2/8/2007 7:49:44 AM | Attr = ] aspack , -> %System32%\d3dx9_25.dll -> Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Modified Date = 3/18/2005 5:19:58 PM | Attr = ] aspack , -> %System32%\d3dx9_26.dll -> Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Modified Date = 5/26/2005 3:34:52 PM | Attr = ] aspack , -> %System32%\d3dx9_27.dll -> Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Modified Date = 7/22/2005 7:59:04 PM | Attr = ] aspack , -> %System32%\d3dx9_28.dll -> Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Modified Date = 12/5/2005 6:09:18 PM | Attr = ] aspack , -> %System32%\d3dx9_29.dll -> Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Modified Date = 2/3/2006 8:43:16 AM | Attr = ] aspack , -> %System32%\d3dx9_30.dll -> Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Modified Date = 3/31/2006 12:40:58 PM | Attr = ] aspack , -> %System32%\d3dx9_33.dll -> Microsoft Corporation [Ver = 9.18.904.0015 | Size = 3495784 bytes | Modified Date = 3/12/2007 4:42:30 PM | Attr = ] aspack , -> %System32%\d3dx9_34.dll -> Microsoft Corporation [Ver = 9.19.949.0046 | Size = 3497832 bytes | Modified Date = 5/16/2007 4:45:16 PM | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 11/15/2006 12:56:14 PM | Attr = ] Thawte Consulting , USERTRUST , -> %System32%\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] UPX! , UPX0 , -> %System32%\Lame.exe -> [Ver = | Size = 145408 bytes | Modified Date = 11/5/2005 3:34:50 PM | Attr = ] PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corporation [Ver = 1.7.0018.7 | Size = 1476992 bytes | Modified Date = 4/10/2007 2:02:50 PM | Attr = ] UPX! , UPX0 , -> %System32%\libsndfile-1.dll -> [Ver = | Size = 116736 bytes | Modified Date = 8/31/2006 9:35:30 PM | Attr = ] PECompact2 , aspack , -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.37.2298.0 | Size = 17642616 bytes | Modified Date = 1/2/2008 10:21:36 AM | Attr = ] WSUD , -> %System32%\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] aspack , -> %System32%\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] WSUD , -> %System32%\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] UPX! , UPX0 , -> %System32%\OggEnc.exe -> [Ver = | Size = 157696 bytes | Modified Date = 7/19/2002 8:48:22 AM | Attr = ] Umonitor , -> %System32%\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 10/7/2006 5:18:32 AM | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] PTech , -> %System32%\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.7 | Size = 336768 bytes | Modified Date = 4/10/2007 2:01:18 PM | Attr = ] PEC2 , WSUD , -> %System32%\wmploc.dll -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ] UPX! , -> %System32%\dllcache\hwxcht.dll -> Microsoft Corporation [Ver = 1.0.0304.0 | Size = 10096640 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] UPX! , WSUD , -> %System32%\dllcache\hwxkor.dll -> Microsoft Corporation [Ver = 1.0.1038.0 | Size = 10129408 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Thawte Consulting , USERTRUST , -> %System32%\dllcache\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] WSUD , -> %System32%\dllcache\ntbackup.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] aspack , -> %System32%\dllcache\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] WSUD , -> %System32%\dllcache\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] Umonitor , -> %System32%\dllcache\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ] PTech , -> %System32%\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.7.0018.7 | Size = 336768 bytes | Modified Date = 4/10/2007 2:01:18 PM | Attr = ] PEC2 , WSUD , -> %System32%\dllcache\wmploc.dll -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Modified Date = 10/18/2006 9:47:20 PM | Attr = ] @Alternate Data Stream - 109 bytes -> %AllUsersAppData%\TEMP:4B7BEAFF -> @Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable -> UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1496020 bytes | Modified Date = 1/11/2008 2:16:26 AM | Attr = ] WSUD , -> %UserDesktop%\DJ Bedz - Old School Party To Go Volume #3 (Hosted by Young MC).zip -> [Ver = | Size = 76754534 bytes | Modified Date = 10/1/2007 4:16:06 AM | Attr = ] UPX! , UPX0 , -> %UserDesktop%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 1/7/2008 1:25:20 AM | Attr = ] Thawte Consulting , -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/11/2008 2:26:12 AM | Attr = ] < End of report >