WinPFind3 logfile created on: 1/22/2008 4:18:29 PM WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Trevan\Desktop\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 766.98 Mb Total Physical Memory | 398.73 Mb Available Physical Memory | 51.99% Memory free 1.08 Gb Paging File | 0.70 Gb Available in Paging File | 64.82% Paging File free Paging file location(s): C:\pagefile.sys 384 1150; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 83.47 Gb Free Space | 74.72% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: CORN Current User Name: Trevan Logged in as Administrator. Current Boot Mode: Normal [Processes - All] smss.exe -> %System32%\smss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] services.exe -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] lsass.exe -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] -> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:50 PM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> [Wmi] -> File not found svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] -> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 8:39:50 PM | Attr = ] -> [Wmi] -> File not found svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] -> %System32%\appmgmts.dll [AppMgmt] -> File not found -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 4:59:42 AM | Attr = ] -> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/25/2005 8:39:46 PM | Attr = ] -> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 1:52:18 PM | Attr = ] -> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found -> %System32%\hidserv.dll [HidServ] -> File not found -> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 11:32:34 AM | Attr = ] -> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 4:28:28 AM | Attr = ] -> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 10:29:46 AM | Attr = ] -> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343) | Size = 181248 bytes | Modified Date = 5/14/2006 12:44:08 AM | Attr = ] -> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] -> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] -> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 1:52:18 PM | Attr = ] -> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 8:27:56 AM | Attr = ] -> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 1:52:18 PM | Attr = ] -> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\w32time.dll [w32time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 8:47:16 PM | Attr = ] -> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> [Wmi] -> File not found svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] -> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> [Wmi] -> File not found ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] -> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] -> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] -> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 12:17:02 PM | Attr = ] -> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 7:35:06 PM | Attr = ] -> [Wmi] -> File not found spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 3:53:32 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 4:31:10 AM | Attr = ] ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr = ] mcvsrte.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 94208 bytes | Modified Date = 10/4/2002 1:09:20 PM | Attr = ] pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 8/4/2007 6:52:06 PM | Attr = ] svchost.exe -> %System32%\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] -> %System32%\wiaservc.dll [stisvc] -> Microsoft Corporation [Ver = 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316) | Size = 333824 bytes | Modified Date = 12/19/2006 10:16:48 AM | Attr = ] -> [Wmi] -> File not found spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 1/4/2008 8:56:52 PM | Attr = ] mspmspsv.exe -> %System32%\MsPMSPSv.exe -> Microsoft Corporation [Ver = 7.00.00.1954 | Size = 53520 bytes | Modified Date = 6/26/2000 5:44:20 AM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 9/8/2001 4:00:00 AM | Attr = ] alg.exe -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] wscntfy.exe -> %System32%\wscntfy.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 139264 bytes | Modified Date = 1/12/2008 11:59:52 AM | Attr = ] msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 1/12/2008 12:00:48 PM | Attr = ] mnyexpr.exe -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corporation [Ver = 11.00.0716 | Size = 200767 bytes | Modified Date = 1/12/2008 12:00:34 PM | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1/12/2008 12:00:50 PM | Attr = ] ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 1/13/2008 8:14:46 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/12/2008 12:00:52 PM | Attr = ] em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.76.046 | Size = 37888 bytes | Modified Date = 3/19/2003 9:50:00 AM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/12/2002 7:28:14 AM | Attr = ] nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 0, 0, 3007 | Size = 118784 bytes | Modified Date = 2/5/2004 2:28:16 PM | Attr = ] hposol08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 147456 bytes | Modified Date = 6/11/2002 9:32:22 AM | Attr = ] csrss.exe -> %System32%\csrss.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] winlogon.exe -> %System32%\winlogon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] wscntfy.exe -> %System32%\wscntfy.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] mcvsshld.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 139264 bytes | Modified Date = 1/12/2008 11:59:52 AM | Attr = ] mnyexpr.exe -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corporation [Ver = 11.00.0716 | Size = 200767 bytes | Modified Date = 1/12/2008 12:00:34 PM | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1/12/2008 12:00:50 PM | Attr = ] ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 1/13/2008 8:14:46 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/12/2008 12:00:52 PM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 1/12/2008 12:01:04 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 1/16/2008 5:01:40 PM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/12/2002 7:28:14 AM | Attr = ] hpobnz08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 323646 bytes | Modified Date = 6/11/2002 9:31:50 AM | Attr = ] nkbmonitor.exe -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 0, 0, 3007 | Size = 118784 bytes | Modified Date = 2/5/2004 2:28:16 PM | Attr = ] hposol08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 147456 bytes | Modified Date = 6/11/2002 9:32:22 AM | Attr = ] em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.76.046 | Size = 37888 bytes | Modified Date = 3/19/2003 9:50:00 AM | Attr = ] hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 286720 bytes | Modified Date = 6/11/2002 9:45:10 AM | Attr = ] hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 1.00 | Size = 303104 bytes | Modified Date = 6/11/2002 10:03:12 AM | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ] [Win32 Services - All] (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %System32%\alg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] (AppMgmt) Application Management [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 33632 bytes | Modified Date = 4/13/2007 2:20:52 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Modified Date = 12/16/2006 6:42:48 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 12/20/2006 9:05:00 PM | Attr = ] (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 4:31:10 AM | Attr = ] (BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5632 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 68952 bytes | Modified Date = 4/13/2007 2:21:18 AM | Attr = ] (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 11:01:00 PM | Attr = ] (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] (dmserver) Logical Disk Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ] (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] (EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/15/2007 1:45:48 PM | Attr = ] (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 12:06:04 AM | Attr = ] (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 150016 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 9/8/2001 4:00:00 AM | Attr = ] (MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 94208 bytes | Modified Date = 10/4/2002 1:09:20 PM | Attr = ] (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 32768 bytes | Modified Date = 8/3/2004 11:56:52 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 3/21/2005 2:00:22 PM | Attr = ] (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (NMSSvc) Intel(R) NMS [Win32_Own | On_Demand | Stopped] -> %System32%\NMSSvc.Exe -> Intel Corporation [Ver = 2.1.8.2 | Size = 1118208 bytes | Modified Date = 10/10/2002 2:18:36 AM | Attr = ] (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 81920 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 7/28/2003 12:28:22 PM | Attr = ] (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 4, 5, 0, 802 | Size = 81920 bytes | Modified Date = 3/15/2002 12:37:46 PM | Attr = ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 8/4/2007 6:52:06 PM | Attr = ] (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\RSVP.EXE -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 132608 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/3/2004 11:56:50 PM | Attr = ] (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95744 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Modified Date = 6/10/2005 3:53:32 PM | Attr = ] (srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89600 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18432 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (w32time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 1/4/2008 8:56:52 PM | Attr = ] (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %System32%\MsPMSPSv.exe -> Microsoft Corporation [Ver = 7.00.00.1954 | Size = 53520 bytes | Modified Date = 6/26/2000 5:44:20 AM | Attr = ] (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\WBEM\wmiapsrv.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 913408 bytes | Modified Date = 10/18/2006 7:05:24 PM | Attr = ] (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] [Driver Services - All] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ABP480N5.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 23552 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr = ] (ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/3/2004 10:07:38 PM | Attr = ] (ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\ACPIEC.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ADPU160M.SYS -> Microsoft Corporation [Ver = v3.60a (Lab01_N(johnstra).010529-2218) | Size = 101888 bytes | Modified Date = 8/17/2001 12:07:32 PM | Attr = ] (aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/14/2006 4:22:26 PM | Attr = ] (AFD) AFD Networking Support Environment [Kernel | System | Running] -> %System32%\DRIVERS\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/3/2004 10:14:14 PM | Attr = ] (AFS2K) AFS2K [Kernel | System | Running] -> %System32%\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 5:16:04 PM | Attr = ] (agp440) Intel AGP Bus Filter [Kernel | Boot | Running] -> %System32%\DRIVERS\agp440.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42368 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr = ] (agpCPQ) Compaq AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\agpcpq.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44928 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\AHA154X.SYS -> Microsoft Corporation [Ver = v1.13b (XPClient.010817-1148) | Size = 12800 bytes | Modified Date = 8/17/2001 11:52:02 AM | Attr = ] (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\AIC78U2.SYS -> Microsoft Corporation [Ver = v3.60a (Lab01_N.010510-0033) | Size = 55168 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr = ] (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\AIC78XX.SYS -> Microsoft Corporation [Ver = v3.60a (Lab01_N.010510-0033) | Size = 56960 bytes | Modified Date = 8/17/2001 12:07:38 PM | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr = ] (alim1541) ALI AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\alim1541.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42752 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr = ] (amsint) amsint [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\AMSINT.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12032 bytes | Modified Date = 8/17/2001 11:52:04 AM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 11:52:00 AM | Attr = ] (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3350P.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 22400 bytes | Modified Date = 8/17/2001 11:52:04 AM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 11:51:58 AM | Attr = ] (AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 10:05:04 PM | Attr = ] (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\DRIVERS\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/3/2004 9:59:42 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6660 | Size = 1918464 bytes | Modified Date = 12/16/2006 6:50:30 PM | Attr = ] (Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/3/2004 9:58:30 PM | Attr = ] (audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\AUDSTUB.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 11:59:44 AM | Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 4:10:42 AM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 4:10:42 AM | Attr = ] (Beep) Beep [Kernel | System | Running] -> %System32%\drivers\BEEP.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Trevan\LOCALS~1\Temp\catchme.sys -> File not found (cbidf) cbidf [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CBIDF2K.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/17/2001 11:52:08 AM | Attr = ] (cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\CBIDF2K.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/17/2001 11:52:08 AM | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CD20XRNT.SYS -> Microsoft Corporation [Ver = v3.01 (XPClient.010817-1148) | Size = 7680 bytes | Modified Date = 8/17/2001 11:52:06 AM | Attr = ] (Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\CDAUDIO.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/3/2004 10:14:10 PM | Attr = ] (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Modified Date = 10/4/2006 6:42:44 PM | Attr = ] (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Modified Date = 10/4/2006 6:42:44 PM | Attr = ] (Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\DRIVERS\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 9:59:52 PM | Attr = ] (cdudf_xp) cdudf_xp [File_System | System | Running] -> %System32%\drivers\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 10:27:32 AM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 11:51:54 AM | Attr = ] (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\CPQARRAY.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 14976 bytes | Modified Date = 8/17/2001 11:52:06 AM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr = ] (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DAC960NT.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 14720 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr = ] (Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/3/2004 9:59:54 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 10:07:18 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 10:07:16 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\dmusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 10:07:38 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DPTI2O.SYS -> Microsoft Corporation [Ver = 2.09 (Lab01_N.010309-0027) | Size = 20192 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr = ] (drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/3/2004 10:07:58 PM | Attr = ] (DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 4:07:28 PM | Attr = ] (dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\DRIVERS\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 12:10:48 PM | Attr = S] (dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %System32%\drivers\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 4/2/2003 11:09:28 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 6.01.03.14 built by: WinDDK | Size = 140288 bytes | Modified Date = 1/20/2003 7:46:50 AM | Attr = ] (EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 10:11:06 AM | Attr = ] (Fastfat) Fastfat [File_System | Disabled | Running] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/3/2004 10:14:16 PM | Attr = ] (Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/3/2004 9:59:28 PM | Attr = ] (Fips) Fips [Kernel | System | Running] -> %System32%\drivers\FIPS.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/3/2004 9:59:28 PM | Attr = ] (FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\DRIVERS\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 1:14:58 AM | Attr = ] (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\FTDISK.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/17/2001 11:52:50 AM | Attr = ] (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %System32%\DRIVERS\gameenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10624 bytes | Modified Date = 8/3/2004 10:08:22 PM | Attr = ] (Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\DRIVERS\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/3/2004 10:04:12 PM | Attr = ] (hidgame) Microsoft Hid to Joystick Port Enabler [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\hidgame.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8576 bytes | Modified Date = 8/17/2001 1:02:32 PM | Attr = ] (HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/17/2001 11:02:20 AM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\HPN.SYS -> Microsoft Corporation [Ver = 5.1.2467.0 (Lab01_N(johnstra).010423-0023) | Size = 25952 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\hpzid412.sys -> HP [Ver = 4, 5, 0, 642 | Size = 50960 bytes | Modified Date = 2/15/2002 10:26:22 AM | Attr = ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZipr12.sys -> HP [Ver = 4, 5, 0, 479 | Size = 16112 bytes | Modified Date = 3/21/2002 9:37:52 AM | Attr = ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\HPZius12.sys -> HP [Ver = 4, 5, 0, 328 | Size = 22512 bytes | Modified Date = 3/8/2002 2:49:26 AM | Attr = ] (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSFHWBS2.sys -> Conexant Systems [Ver = 5.03.29.01 | Size = 170499 bytes | Modified Date = 10/9/2002 9:50:52 AM | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_DP.sys -> Conexant Systems [Ver = 5.03.29.01 | Size = 1175536 bytes | Modified Date = 10/9/2002 9:50:16 AM | Attr = ] (HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/16/2006 4:33:10 PM | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Running] -> %System32%\drivers\i2omgmt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 8192 bytes | Modified Date = 8/3/2004 10:00:50 PM | Attr = ] (i2omp) i2omp [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\i2omp.sys -> Microsoft Corporation [Ver = 1.0.0.6 (xpsp_sp2_rtm.040803-2158) | Size = 18560 bytes | Modified Date = 8/3/2004 10:00:50 PM | Attr = ] (i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\DRIVERS\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/3/2004 10:14:36 PM | Attr = ] (i81x) i81x [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/3/2004 9:29:36 PM | Attr = ] (iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/3/2004 9:29:38 PM | Attr = ] (iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/3/2004 9:29:38 PM | Attr = ] (iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/3/2004 9:29:38 PM | Attr = ] (iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/3/2004 9:29:48 PM | Attr = ] (iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/3/2004 9:29:50 PM | Attr = ] (iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/3/2004 9:29:42 PM | Attr = ] (iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/3/2004 9:29:42 PM | Attr = ] (iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found (iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/3/2004 9:29:44 PM | Attr = ] (iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/3/2004 9:29:46 PM | Attr = ] (Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\DRIVERS\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/3/2004 10:00:16 PM | Attr = ] (ini910u) ini910u [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\INI910U.SYS -> Microsoft Corporation [Ver = 2.17 (XPClient.010817-1148) | Size = 16000 bytes | Modified Date = 8/17/2001 11:52:08 AM | Attr = ] (IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\DRIVERS\intelide.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 8/3/2004 9:59:42 PM | Attr = ] (intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\DRIVERS\intelppm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36096 bytes | Modified Date = 8/3/2004 9:59:20 PM | Attr = ] (ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/3/2004 10:00:06 PM | Attr = ] (IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\IPFLTDRV.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/3/2004 10:04:46 PM | Attr = ] (IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/29/2004 2:28:38 PM | Attr = ] (IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\DRIVERS\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/3/2004 10:14:28 PM | Attr = ] (IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/3/2004 10:00:46 PM | Attr = ] (isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\ISAPNP.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/17/2001 11:58:02 AM | Attr = ] (Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\DRIVERS\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/3/2004 9:58:32 PM | Attr = ] (kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\DRIVERS\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 12:47:46 AM | Attr = ] (KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/3/2004 9:59:48 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.76.42.0 | Size = 25214 bytes | Modified Date = 3/4/2003 1:50:00 AM | Attr = ] (LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\LHidUsb.sys -> Logitech, Inc. [Ver = 2.20.200.0 | Size = 37804 bytes | Modified Date = 3/4/2003 1:50:00 AM | Attr = ] (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.76.42.0 | Size = 73134 bytes | Modified Date = 3/4/2003 1:50:00 AM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.1.009 | Size = 11027 bytes | Modified Date = 10/7/2002 8:29:48 AM | Attr = ] (mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %System32%\drivers\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 4/2/2003 11:09:28 AM | Attr = ] (mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\MNMDD.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/3/2004 10:08:06 PM | Attr = ] (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %System32%\DRIVERS\MODEMCSA.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16128 bytes | Modified Date = 8/17/2001 11:57:38 AM | Attr = ] (Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\DRIVERS\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/3/2004 9:58:32 PM | Attr = ] (mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/17/2001 1:48:00 PM | Attr = ] (MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/3/2004 9:58:30 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 11:52:12 AM | Attr = ] (MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\DRIVERS\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 8/3/2004 10:00:56 PM | Attr = ] (MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\DRIVERS\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 1:41:46 AM | Attr = ] (Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/3/2004 10:00:42 PM | Attr = ] (MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\mskssrv.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/3/2004 9:58:42 PM | Attr = ] (MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\mspclock.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/3/2004 9:58:38 PM | Attr = ] (MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\mspqm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/3/2004 9:58:40 PM | Attr = ] (mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/3/2004 10:07:48 PM | Attr = ] (Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/3/2004 10:15:20 PM | Attr = ] (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %System32%\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.0.1.104 | Size = 28164 bytes | Modified Date = 4/2/2003 11:06:04 AM | Attr = ] (NaiFiltr) NaiFiltr [File_System | On_Demand | Running] -> %System32%\DRIVERS\NaiFiltr.sys -> [Ver = | Size = 23296 bytes | Modified Date = 8/17/2001 9:22:04 AM | Attr = ] (NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/3/2004 10:14:28 PM | Attr = ] (NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\NDISTAPI.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/3/2004 10:03:12 PM | Attr = ] (NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/3/2004 10:14:32 PM | Attr = ] (NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\NDPROXY.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\DRIVERS\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/3/2004 10:03:22 PM | Attr = ] (NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\DRIVERS\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/3/2004 10:14:38 PM | Attr = ] (NMSCFG) NIC Management Service Configuration Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NMSCFG.SYS -> Intel Corporation [Ver = 2.1.3.0 | Size = 9868 bytes | Modified Date = 10/10/2002 2:18:58 AM | Attr = ] (Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/3/2004 10:00:44 PM | Attr = ] (Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.3081 (xpsp_sp2_gdr.070209-0028) | Size = 574464 bytes | Modified Date = 2/9/2007 3:10:36 AM | Attr = ] (Null) Null [Kernel | System | Running] -> %System32%\drivers\NULL.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 1550043 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NWLNKFLT.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NWLNKFWD.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 318, 0 | Size = 17153 bytes | Modified Date = 7/19/2002 8:22:08 AM | Attr = ] (P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\P16X.sys -> Creative Technology Ltd. [Ver = 5.12.01.124 | Size = 1293440 bytes | Modified Date = 8/30/2002 2:29:02 PM | Attr = ] (P3) Intel PentiumIII Processor Driver [Kernel | System | Stopped] -> %System32%\DRIVERS\p3.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/3/2004 9:59:20 PM | Attr = ] (Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/3/2004 9:59:06 PM | Attr = ] (PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\PARTMGR.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\PARVDM.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/3/2004 10:07:46 PM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\PCIIDE.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3328 bytes | Modified Date = 8/17/2001 11:51:52 AM | Attr = ] (Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/3/2004 10:07:46 PM | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\PERC2.SYS -> Microsoft Corporation [Ver = 5.1.2467.0 (Lab01_N(johnstra).010423-0023) | Size = 27296 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr = ] (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\PERC2HIB.SYS -> Microsoft Corporation [Ver = 5.1.2467.0 (Lab01_N(johnstra).010423-0023) | Size = 5504 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr = ] (pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 9/19/2003 3:47:24 PM | Attr = ] (PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\PFMODNT.SYS -> Creative Technology Ltd. [Ver = 2.0.0.0 | Size = 6752 bytes | Modified Date = 12/16/1999 11:00:00 PM | Attr = ] (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/3/2004 10:14:26 PM | Attr = ] (Processor) Processor Driver [Kernel | System | Stopped] -> %System32%\DRIVERS\processr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35328 bytes | Modified Date = 8/3/2004 9:59:18 PM | Attr = ] (PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\DRIVERS\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 10:04:20 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (pwd_2k) pwd_2k [Kernel | System | Running] -> %System32%\drivers\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 4/2/2003 11:09:28 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 9/27/2006 1:53:24 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr = ] (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL10WNT.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 33152 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 11:52:20 AM | Attr = ] (ql1240) ql1240 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1240.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 40448 bytes | Modified Date = 8/17/2001 11:52:16 AM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 11:52:18 AM | Attr = ] (RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\DRIVERS\RASACD.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\DRIVERS\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/3/2004 10:14:22 PM | Attr = ] (RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/3/2004 10:05:08 PM | Attr = ] (Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\DRIVERS\RASPTI.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (Rdbss) Rdbss [File_System | System | Running] -> %System32%\DRIVERS\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 5/5/2006 1:47:58 AM | Attr = ] (RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\DRIVERS\RDPCDD.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] (rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\rdpdr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 196864 bytes | Modified Date = 8/3/2004 10:01:16 PM | Attr = ] (RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 6/9/2005 8:09:46 PM | Attr = ] (redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\DRIVERS\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/3/2004 9:59:38 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] (SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> %System32%\DDMI2.sys -> File not found (SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:54 AM | Attr = ] (serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/3/2004 9:59:08 PM | Attr = ] (Serial) Serial port driver [Kernel | System | Running] -> %System32%\DRIVERS\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/3/2004 10:15:52 PM | Attr = ] (Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/3/2004 9:59:54 PM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 12:07:44 PM | Attr = ] (splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 6/14/2006 12:47:46 AM | Attr = ] (sr) System Restore Filter Driver [File_System | Boot | Running] -> %System32%\DRIVERS\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/3/2004 10:06:26 PM | Attr = ] (Srv) Srv [File_System | On_Demand | Running] -> %System32%\DRIVERS\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 2:34:42 AM | Attr = ] (SSFS0BB9) Spy Sweeper File System Filer Driver: 0BB9 [Kernel | Boot | Running] -> %System32%\DRIVERS\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] (SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %System32%\DRIVERS\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] (SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] (SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] (swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/3/2004 9:58:42 PM | Attr = ] (swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/17/2001 12:00:52 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 12:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 12:07:36 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 12:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 12:07:42 PM | Attr = ] (sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\DRIVERS\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/3/2004 10:15:56 PM | Attr = ] (Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\DRIVERS\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.3244 (xpsp_sp2_gdr.071030-1259) | Size = 360064 bytes | Modified Date = 10/30/2007 9:20:56 AM | Attr = ] (TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 12:01:08 AM | Attr = ] (TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 12:01:08 AM | Attr = ] (TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 12:01:08 AM | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\TOSIDE.SYS -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4992 bytes | Modified Date = 8/17/2001 11:51:56 AM | Attr = ] (UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %System32%\drivers\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 4/2/2003 11:09:28 AM | Attr = ] (Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/3/2004 10:00:32 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 11:52:22 AM | Attr = ] (Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\update.sys -> Microsoft Corporation [Ver = 5.1.2600.3124 (xpsp_sp2_gdr.070423-0049) | Size = 364160 bytes | Modified Date = 4/23/2007 2:32:54 AM | Attr = ] (usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/3/2004 10:08:46 PM | Attr = ] (usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 8/3/2004 10:08:38 PM | Attr = ] (usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/3/2004 10:08:42 PM | Attr = ] (usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 10:01:24 PM | Attr = ] (usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 9:58:46 PM | Attr = ] (USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\usbstor.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 10:08:46 PM | Attr = ] (usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/3/2004 10:08:38 PM | Attr = ] (VgaSave) VGA Display Controller. [Kernel | System | Running] -> %System32%\DRIVERS\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/3/2004 10:07:06 PM | Attr = ] (viaagp) VIA AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\viaagp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/3/2004 10:07:42 PM | Attr = ] (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\viaide.sys -> Microsoft Corporation [Ver = 1.00.01.01 | Size = 5376 bytes | Modified Date = 8/3/2004 9:59:42 PM | Attr = ] (VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/3/2004 10:00:16 PM | Attr = ] (Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/3/2004 10:04:58 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 1:00:46 AM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_CNXT.sys -> Conexant Systems [Ver = 5.03.29.01 | Size = 604240 bytes | Modified Date = 10/9/2002 9:44:10 AM | Attr = ] (WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 5:55:50 PM | Attr = ] (WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 6:00:34 PM | Attr = ] [Registry - All] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.76.042 | Size = 19968 bytes | Modified Date = 3/4/2003 1:50:00 AM | Attr = ] MCUpdateExe -> %SystemDrive%\PROGRA~1\mcafee.com\agent\McUpdate.exe -> File not found NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 5058560 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 741376 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 139264 bytes | Modified Date = 1/12/2008 11:59:52 AM | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 1/13/2008 8:14:46 PM | Attr = ] DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 1/12/2008 12:00:50 PM | Attr = ] MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe -> Microsoft Corporation [Ver = 11.00.0716 | Size = 200767 bytes | Modified Date = 1/12/2008 12:00:34 PM | Attr = ] MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 1/12/2008 12:00:48 PM | Attr = ] NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 49152 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 1/12/2008 12:01:04 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 1/16/2008 5:01:40 PM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 1/12/2008 12:00:52 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 1/12/2008 12:00:56 PM | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/12/2002 7:28:14 AM | Attr = ] %AllUsersStartup%\hp psc 2000 Series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 323646 bytes | Modified Date = 6/11/2002 9:31:50 AM | Attr = ] %AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 1.2.9 | Size = 169472 bytes | Modified Date = 3/26/2004 10:15:40 AM | Attr = ] %AllUsersStartup%\NkbMonitor.exe.lnk -> %ProgramFiles%\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 0, 0, 3007 | Size = 118784 bytes | Modified Date = 2/5/2004 2:28:16 PM | Attr = ] %AllUsersStartup%\officejet 6100.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -> Hewlett-Packard Co. [Ver = 2.00 | Size = 147456 bytes | Modified Date = 6/11/2002 9:32:22 AM | Attr = ] < IFEO [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %System32%\NTSD.EXE [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] < SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKLM] -> %System32%\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {7849596a-48ea-486e-8937-a2a3009f31a9} [HKLM] -> %System32%\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {35CEC8A3-2BE6-11D2-8773-92E220524153} [HKLM] -> %System32%\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKLM] -> %System32%\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 8:47:22 PM | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 4:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] {AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKLM] -> %System32%\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] < SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> {438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {8C7461EF-2B13-11d2-BE35-3078302C2030} [HKLM] -> %System32%\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> %System32%\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] schannel.dll -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:16 AM | Attr = ] digest.dll -> %System32%\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] msnsspc.dll -> %System32%\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %System32%\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 -> %System32%\rundll32.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] shell32 -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] "sysdm.cpl" -> %System32%\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 110592 bytes | Modified Date = 12/16/2006 6:44:04 PM | Attr = ] crypt32chain -> %System32%\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] cryptnet -> %System32%\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] cscdll -> %System32%\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] ScCertProp -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] Schedule -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] sclgntfy -> %System32%\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] SensLogn -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] termsrv -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] WgaLogon -> %System32%\WgaLogon.dll -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Modified Date = 6/19/2006 3:20:42 PM | Attr = ] wlballoon -> %System32%\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKCU: Start Page -> http://news.bbc.co.uk/ -> HKCU: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ] {243B17DE-77C7-46BF-B94B-0B5F309A0E64} [HKLM] -> %ProgramFiles%\Microsoft Money\System\MNYSIDE.DLL [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 11.00.0716 | Size = 163906 bytes | Modified Date = 7/17/2002 9:00:00 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/15/2007 1:45:44 PM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 6/19/2007 12:47:34 PM | Attr = ] < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4D5C8C25-D075-11d0-B416-00C04FB90376} [HKLM] -> %System32%\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [HKLM] -> %System32%\shdocvw.dll [Real.com] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {30D02401-6A81-11D0-8274-00C04FD5AE38} [HKLM] -> %System32%\ieframe.dll [IE Search Band] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} [HKLM] -> %System32%\shell32.dll [File Search Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {EFA24E61-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {EFA24E62-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [History Band] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/15/2007 1:45:44 PM | Attr = R ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKLM] -> %System32%\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 2/15/2007 1:45:44 PM | Attr = R ] WebBrowser\\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -> [ButtonText: ComcastHSI] -> File not found {8828075D-D097-4055-AA02-2DBFA9D85E8A} -> [ButtonText: Support] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found {97809617-3937-4F84-B335-9BB05EF1A8D4} -> [ButtonText: Help] -> File not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found {FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 1/12/2008 12:00:48 PM | Attr = ] < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> -> File not found < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {9B976843-FEA8-4238-A3AD-4152E62D4A53} -> (Intel(R) PRO/100 M Network Connection) -> < Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %System32%\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\RSVPSP.DLL -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\RSVPSP.DLL -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> about -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] cdl -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] dvd -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] file -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] ftp -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] gopher -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] http -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] http\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] http\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] https -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] https\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] https\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] ipp -> Reg Data - Key not found -> File not found ipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 6:04:28 PM | Attr = ] javascript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] local -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] mailto -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] mhtml -> %System32%\inetcomm.dll -> Microsoft Corporation [Ver = 6.00.2900.3198 (xpsp_sp2_gdr.070820-1448) | Size = 683520 bytes | Modified Date = 8/20/2007 10:15:44 PM | Attr = ] mk -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] msdaipp -> Reg Data - Key not found -> File not found msdaipp\0x00000001 -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] msdaipp\oledb -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 842816 bytes | Modified Date = 7/11/2003 2:25:22 AM | Attr = ] ms-its -> %System32%\itss.dll -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/26/2005 6:04:28 PM | Attr = ] ms-itss -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\MSITSS.DLL -> Microsoft Corporation [Ver = 5.40.1171.1 | Size = 221184 bytes | Modified Date = 6/19/2001 2:26:46 PM | Attr = ] mso-offdap11 -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL -> Microsoft Corporation [Ver = 11.0.6555 | Size = 8071360 bytes | Modified Date = 4/25/2005 12:29:56 PM | Attr = ] res -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] sysimage -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] tv -> %System32%\msvidctl.dll -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] vbscript -> %System32%\mshtml.dll -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] wia -> %System32%\wiascr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] < Protocol Filters [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> application/octet-stream -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ] application/x-complus -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ] application/x-msdownload -> %System32%\mscoree.dll -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ] Class Install Handler -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] deflate -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] gzip -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] lzdhtml -> %System32%\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 1159680 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] text/webviewhtml -> %System32%\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] text/xml -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -> Microsoft Corporation [Ver = 11.0.5510 | Size = 39488 bytes | Modified Date = 7/14/2003 10:45:12 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> Snapfish Activia - CodeBase = http://www2.snapfish.com/SnapfishActivia.cab -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> Groove Control - CodeBase = http://www.nick.com/common/groove/gx/GrooveAX27.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> {9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37857.669837963 -> {A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -> DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab -> {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> {FE5B9F54-7764-4C01-89F0-4862601EE954} -> DigWebHelper Class - CodeBase = http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 -> DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab -> Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab -> [Registry - Additional Scans - All] < ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -> {5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -> {73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> -> {7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install -> {89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll -> {89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -> <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP -> >{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -> < Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> {00022613-0000-0000-C000-000000000046} [HKLM] -> %System32%\mmsys.cpl [Multimedia File Property Sheet] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] {00BB2763-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft AutoComplete] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {00BB2764-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft History AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {00BB2765-6A77-11D0-A535-00C04FD7D062} [HKLM] -> %System32%\browseui.dll [Microsoft Multiple AutoComplete List Container] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found {01E04581-4EEE-11d0-BFE9-00AA005B4383} [HKLM] -> %System32%\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {03C036F1-A186-11D0-824A-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Microsoft Shell Folder AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {07798131-AF23-11d1-9111-00A0C98BA67D} [HKLM] -> %System32%\browseui.dll [Web Search] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {07C45BB1-4A8C-4642-A1F5-237E7215FF66} [HKLM] -> %System32%\ieframe.dll [IE Microsoft BrowserBand] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {08165EA0-E946-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheckWebCrawler] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {0A89A860-D7B1-11CE-8350-444553540000} [HKLM] -> %System32%\shdocvw.dll [Shell Automation Inproc Service] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {0B124F8F-91F0-11D1-B8B5-006008059382} [HKLM] -> %System32%\appwiz.cpl [Installed Apps Enumerator] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} [HKLM] -> %System32%\cabview.dll [.CAB file viewer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 84480 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {0D45D530-764B-11d0-A1CA-00AA00C16E65} [HKLM] -> %System32%\dsuiext.dll [Directory Property UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found {0EEA25CC-4362-4A12-850B-86EE61B0D3EB} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Droplist Combo Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {10CFC467-4392-11d2-8DB4-00C04FA31A66} [HKLM] -> %System32%\cscui.dll [Offline Files Folder Options] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {131A6951-7F78-11D0-A979-00C04FD705A2} [HKLM] -> %System32%\shdocvw.dll [ISFBand OC] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [HKLM] -> %SystemRoot%\MSAGENT\agentpsh.dll [Microsoft Agent Character Property Sheet Handler] -> Microsoft Corporation [Ver = 2.00.0.3422 | Size = 24064 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {163FDC20-2ABC-11d0-88F0-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Object Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [HKLM] -> %System32%\browseui.dll [In-pane search] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {176d6597-26d3-11d1-b350-080036a75b03} [HKLM] -> %System32%\ICMUI.DLL [ICM Scanner Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {1C1EDB47-CE22-4bbb-B608-77B48F83C823} [HKLM] -> %System32%\ieframe.dll [IE Fade Task] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] {1D2680C9-0E2A-469d-B787-065558BC7D43} [HKLM] -> %System32%\mscoree.dll [Fusion Cache] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 4/13/2007 2:21:14 AM | Attr = ] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.5216 | Size = 430152 bytes | Modified Date = 10/6/2003 2:16:00 PM | Attr = ] {1F2E5C40-9550-11CE-99D2-00AA006E086C} [HKLM] -> %System32%\rshx32.dll [NTFS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {205D7A97-F16D-4691-86EF-F3075DCCA57D} [HKLM] -> %System32%\ieframe.dll [IE Menu Desk Bar] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {21569614-B795-46b1-85F4-E737A8DC09AD} [HKLM] -> %System32%\browseui.dll [Shell Search Band] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {2206CDB2-19C1-11D1-89E0-00C04FD7A829} [HKLM] -> %CommonProgramFiles%\System\Ole DB\oledb32.dll [Microsoft Data Link] -> Microsoft Corporation [Ver = 2.81.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 487424 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {22BF0C20-6DA7-11D0-B373-00A0C9034938} [HKLM] -> %System32%\browseui.dll [Download Status] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Search] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Help and Support] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Run...] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Internet] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [E-mail] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [HKLM] -> %System32%\shdocvw.dll [Set Program Access and Defaults] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Time Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {3028902F-6374-48b2-8DC6-9725E775B926} [HKLM] -> %System32%\ieframe.dll [IE AutoComplete] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {30D02401-6A81-11d0-8274-00C04FD5AE38} [HKLM] -> %System32%\ieframe.dll [IE Search Band] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found {32714800-2E5F-11d0-8B85-00AA0044F941} [HKLM] -> %ProgramFiles%\Outlook Express\wabfind.dll [For &People...] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {352EC2B7-8B9A-11D1-B8AE-006008059382} [HKLM] -> %System32%\appwiz.cpl [Shell Application Manager] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] {35786D3C-B075-49b9-88DD-029876E11C01} [HKLM] -> %System32%\WpdShext.dll [Portable Devices] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 8:47:22 PM | Attr = ] {3C374A40-BAE4-11CF-BF7D-00AA006946EE} [HKLM] -> %System32%\ieframe.dll [Microsoft Url History Service] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [HKLM] -> %System32%\browseui.dll [Shell DeskBarApp] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [HKLM] -> %System32%\ieframe.dll [The Internet] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {3EA48300-8CF6-101B-84FB-666CCB9BCD32} [HKLM] -> %System32%\DOCPROP.DLL [OLE Docfile Property Page] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46080 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {3F30C968-480A-4C6C-862D-EFC0897BB84B} [HKLM] -> %System32%\shimgvw.dll [GDI+ file thumbnail extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {3F953603-1008-4f6e-A73A-04AAC7A992F1} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} [HKLM] -> %System32%\shmedia.dll [Video Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {41E300E0-78B6-11ce-849B-444553540000} [HKLM] -> %System32%\themeui.dll [PlusPack CPL Extension] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 385536 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {42042206-2D85-11D3-8CFF-005004838597} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> Microsoft Corporation [Ver = 11.0.5510 | Size = 67128 bytes | Modified Date = 7/14/2003 10:52:58 PM | Attr = ] {42071712-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\DESKADP.DLL [Display Adapter CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16384 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {42071713-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> %System32%\DESKMON.DLL [Display Monitor CPL Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 16896 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found {43886CD5-6529-41c4-A707-7B3C92C05E68} [HKLM] -> %System32%\ieframe.dll [IE Navigation Bar] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {44C76ECD-F7FA-411c-9929-1B77BA77F524} [HKLM] -> %System32%\ieframe.dll [IE Menu Site] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {4a7ded0a-ad25-11d0-98a8-0800361b1103} [HKLM] -> %System32%\mydocs.dll [MyDocs Properties] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {4B78D326-D922-44f9-AF2A-07805C2A3560} [HKLM] -> %System32%\ieframe.dll [IE Menu Band] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {4E40F770-369C-11d0-8922-00A024AB2DBB} [HKLM] -> %System32%\dssec.dll [DS Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51200 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} [HKLM] -> %System32%\slayerxp.dll [Compatibility Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {56117100-C0CD-101B-81E2-00AA004AE837} [HKLM] -> %System32%\shscrap.dll [Shell Scrap DataHandler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27648 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {58f1f272-9240-4f51-b6d4-fd63d1618591} [HKLM] -> %System32%\netplwiz.dll [Get a Passport Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {59099400-57FF-11CE-BD94-0020AF85B590} [HKLM] -> %System32%\DISKCOPY.DLL [Disk Copy Extension] -> Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 1501696 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {596AB062-B4D2-4215-9F74-E9109B0A8153} [HKLM] -> %System32%\twext.dll [Previous Versions Property Page] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {59be4990-f85c-11ce-aff7-00aa003ca9f6} [HKLM] -> %System32%\NTLANUI2.DLL [Shell extensions for Microsoft Windows Network objects] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14336 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {5DB2625A-54DF-11D0-B6C4-0800091AA605} [HKLM] -> %System32%\ICMUI.DLL [ICM Monitor Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {5E44E225-A408-11CF-B581-008029601108} [HKLM] -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Shellex.dll [Adaptec DirectCD Shell Extension] -> Roxio [Ver = 5.3.4.21 | Size = 180224 bytes | Modified Date = 12/17/2002 10:27:34 AM | Attr = ] {5E6AB780-7743-11CF-A12B-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft Internet Toolbar] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {5F327514-6C5E-4d60-8F16-D07FA08A78ED} [HKLM] -> %System32%\wuaucpl.cpl [Auto Update Property Sheet Extension] -> Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 216408 bytes | Modified Date = 7/30/2007 6:19:28 PM | Attr = ] {60254CA5-953B-11CF-8C96-00AA00B8708C} [HKLM] -> %System32%\wshext.dll [Shell extensions for Windows Script Host] -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 65536 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {6038EF75-ABFC-4e59-AB6F-12D397F6568D} [HKLM] -> %System32%\ieframe.dll [IE Microsoft History AutoComplete List] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {60fd46de-f830-4894-a628-6fa81bc0190d} [HKLM] -> %System32%\photowiz.dll [%DESC_PublishDropTarget%] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 176128 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {62AE1F9A-126A-11D0-A14B-0800361B1103} [HKLM] -> %System32%\dsuiext.dll [Directory Context Menu Verbs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 113152 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {63da6ec0-2e98-11cf-8d82-444553540000} [HKLM] -> %System32%\msieftp.dll [FTP Folders Webview] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 248832 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {640167b4-59b0-47a6-b335-a6b3c0695aea} [HKLM] -> %System32%\audiodev.dll [Portable Media Devices] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 276992 bytes | Modified Date = 10/18/2006 8:47:08 PM | Attr = ] {6413BA2C-B461-11d1-A18A-080036B11A03} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder 2] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} [HKLM] -> %System32%\shimgvw.dll [Shell Image Data Factory] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {6756A641-DE71-11d0-831B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [MRU AutoComplete List] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {675F097E-4C4D-11D0-B6C1-0800091AA605} [HKLM] -> %System32%\ICMUI.DLL [ICM Printer Management] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {67EA19A0-CCEF-11d0-8024-00C04FD75D13} [HKLM] -> %System32%\shdocvw.dll [CDF Extension Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {692F0339-CBAA-47e6-B5B5-3B84DB604E87} [HKLM] -> %System32%\extmgr.dll [Extensions Manager Folder] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 132608 bytes | Modified Date = 10/10/2007 3:55:52 PM | Attr = ] {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [HKLM] -> %System32%\browseui.dll [Custom MRU AutoCompleted List] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {6A205B57-2567-4A2C-B881-F787FAB579A3} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Calendar Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {6b33163c-76a5-4b6c-bf21-45de9cd503a1} [HKLM] -> %System32%\netplwiz.dll [Shell Publishing Wizard Object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} [HKLM] -> %System32%\ieframe.dll [IE Tracking Shell Menu] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {6CF48EF8-44CD-45d2-8832-A16EA016311B} [HKLM] -> %System32%\ieframe.dll [IE IShellFolderBand] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {7007ACC7-3202-11D1-AAD2-00805FC1270E} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {7376D660-C583-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\browseui.dll [TridentImageExtractor] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {73CFD649-CD48-4fd8-A272-2070EA56526B} [HKLM] -> %System32%\ieframe.dll [IE BandProxy] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {7444C717-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto PKO Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {7444C719-39BF-11D1-8CD9-00C04FC29D45} [HKLM] -> %System32%\cryptext.dll [Crypto Sign Extension] -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53760 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files Menu] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found {77597368-7b15-11d0-a0c2-080036af3f03} [HKLM] -> %System32%\printui.dll [Web Printer Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 560640 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Shell Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {7988B573-EC89-11cf-9C00-00AA00A14F56} [HKLM] -> %System32%\DSKQUOUI.DLL [Disk Quota UI] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 144384 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {7A80E4A8-8005-11D2-BCF8-00C04F72C717} [HKLM] -> %System32%\mmcshext.dll [MMC Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found {7BA4C742-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\browseui.dll [Microsoft BrowserBand] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {7BD29E00-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\ieframe.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {7BD29E01-76C1-11CF-9DD0-00A0C9034933} [HKLM] -> %System32%\ieframe.dll [Temporary Internet Files] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 480624 bytes | Modified Date = 1/4/2008 8:56:54 PM | Attr = ] {7D559C10-9FE9-11d0-93F7-00AA0059CE02} [HKLM] -> %System32%\webcheck.dll [Code Download Agent] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {7e653215-fa25-46bd-a339-34a2790f3cb7} [HKLM] -> %System32%\browseui.dll [Accessible] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheck SyncMgr Handler] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {83bbcbf3-b28a-4919-a5aa-73027445d672} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found {85BBD920-42A0-1069-A2E4-08002B30309D} [HKLM] -> %System32%\syncui.dll [Briefcase] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 191488 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {871C5380-42A0-1069-A2EA-08002B30309D} [HKLM] -> %System32%\ieframe.dll [Internet Name Space] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} [HKLM] -> %System32%\shmedia.dll [Audio Media Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {87D62D94-71B3-4b9a-9489-5FE6850DC73E} [HKLM] -> %System32%\shmedia.dll [Avi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {883373C3-BF89-11D1-BE35-080036B11A03} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Shell Ext] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\HTICONS.DLL [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder SendTo Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {88C6C381-2E85-11D0-94DE-444553540000} [HKLM] -> %System32%\occache.dll [ActiveX Cache Folder] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 102400 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {8A23E65E-31C2-11d0-891C-00A024AB2DBB} [HKLM] -> %System32%\dsquery.dll [Directory Query UI] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {8DD448E6-C188-4aed-AF92-44956194EB1F} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Burn Audio CD Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 8:47:20 PM | Attr = ] {8EE97210-FD1F-4B19-91DA-67914005F020} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace ML Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {905667aa-acd6-11d2-8080-00805f6596d2} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {91EA3F8B-C99B-11d0-9815-00C04FD91972} [HKLM] -> %System32%\browseui.dll [Augmented Shell Folder] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {9461b922-3c5a-11d2-bf8b-00c04fb93661} [HKLM] -> %System32%\shdocvw.dll [Search Assistant OC] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} [HKLM] -> %System32%\ieframe.dll [IE MRU AutoComplete List] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {992CFFA0-F557-101A-88EC-00DD010CCC48} [HKLM] -> %System32%\netshell.dll [Network Connections] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1708032 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} [HKLM] -> %System32%\ieframe.dll [IE RSS Feeder Folder] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} [HKLM] -> %System32%\ieframe.dll [IE Microsoft Shell Folder AutoComplete List] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {9DB7A13C-F208-4981-8353-73CC61AE2783} [HKLM] -> %System32%\twext.dll [Previous Versions] -> Microsoft Corporation [Ver = 6.00.3800.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44032 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {9DBD2C50-62AD-11d0-B806-00C04FD706EC} [HKLM] -> %System32%\shimgvw.dll [Summary Info Thumbnail handler (DOCFILES)] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {9E51E0D0-6E0F-11d2-9601-00C04FA31A86} [HKLM] -> %System32%\dsquery.dll [Shell properties for a DS object] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} [HKLM] -> %System32%\sendmail.dll [Sendmail service] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 55296 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {A08C11D2-A228-11d0-825B-00AA005B4383} [HKLM] -> %System32%\browseui.dll [Address EditBox] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [HKLM] -> %System32%\shdocvw.dll [IE4 Suite Splash Screen] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [HKLM] -> %System32%\shdocvw.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {A6FD9E45-6E44-43f9-8644-08598F5A74D9} [HKLM] -> %System32%\shmedia.dll [Midi Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {A9CF0EAE-901A-4739-A481-E35B73E47F6D} [HKLM] -> %System32%\docprop2.dll [Microsoft DocProp Inplace Edit Box Control] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [Subscription Mgr] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {acf35015-526e-4230-9596-becbe19f0ac9} [HKLM] -> %System32%\browseui.dll [Track Popup Bar] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {add36aa8-751a-4579-a266-d66f5202ccbb} [HKLM] -> %System32%\netplwiz.dll [Print Ordering via the Web] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {AF4F6510-F982-11d0-8595-00AA004CD6D8} [HKLM] -> %System32%\browseui.dll [Registry Tree Options Utility] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [HKLM] -> %System32%\cscui.dll [Offline Files Folder] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {B31C5FAE-961F-415b-BAF0-E697A5178B94} [HKLM] -> %System32%\ieframe.dll [IE Microsoft Multiple AutoComplete List Container] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} [HKLM] -> %System32%\ieframe.dll [Microsoft Browser Architecture] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {BD472F60-27FA-11cf-B8B4-444553540000} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder Right Drag Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {BD84B380-8CA2-1069-AB1D-08000948F534} [HKLM] -> %System32%\fontext.dll [Fonts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382976 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {BDEADF00-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> Microsoft Corporation [Ver = 11.0.5510.0 | Size = 1292872 bytes | Modified Date = 7/11/2003 2:15:48 AM | Attr = ] {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} [HKLM] -> %System32%\ieframe.dll [IE Shell Rebar BandSite] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {c5a40261-cd64-4ccf-84cb-c394da41d590} [HKLM] -> %System32%\shmedia.dll [Video Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {CC6EEFFB-43F6-46c5-9619-51D571967F7D} [HKLM] -> %System32%\netplwiz.dll [Web Publishing Wizard] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 875008 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Play as Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 8:47:20 PM | Attr = ] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %System32%\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {CFCCC7A0-A282-11D1-9082-006008059382} [HKLM] -> %System32%\appwiz.cpl [Darwin App Publisher] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] {D20EA4E1-3957-11d2-A40B-0C5020524152} [HKLM] -> %System32%\shdocvw.dll [Fonts] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {D20EA4E1-3957-11d2-A40B-0C5020524153} [HKLM] -> %System32%\shdocvw.dll [Administrative Tools] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {D6277990-4C6A-11CF-8D87-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Scheduled Tasks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} [HKLM] -> %System32%\WpdShext.dll [Portable Devices Menu] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 2603008 bytes | Modified Date = 10/18/2006 8:47:22 PM | Attr = ] {D8BD2030-6FC9-11D0-864F-00AA006809D9} [HKLM] -> %System32%\webcheck.dll [PostAgent] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {DBCE2480-C732-101B-BE72-BA78E9AD5B27} [HKLM] -> %System32%\ICMUI.DLL [ICC Profile] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 54784 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} [HKLM] -> %System32%\mstask.dll [Tasks Folder Icon Handler] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274944 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [HKLM] -> %System32%\browseui.dll [User Assist] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {E0E11A09-5CB8-4B6C-8332-E00720A168F2} [HKLM] -> %System32%\browseui.dll [Address Bar Parser] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {E211B736-43FD-11D1-9EFB-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} [HKLM] -> %System32%\dfshim.dll [Shell Icon Handler for Application References] -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 9/23/2005 7:28:38 AM | Attr = ] {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [HKLM] -> %System32%\webcheck.dll [WebCheckChannelAgent] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {E4B29F9D-D390-480b-92FD-7DDB47101D71} [HKLM] -> %System32%\shmedia.dll [Wav Properties Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 151552 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [HKLM] -> %System32%\webcheck.dll [ConnectionAgent] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {E6EE9AAC-F76B-4947-8260-A9F136138E11} [HKLM] -> %System32%\ieframe.dll [IE Shell Band Site Menu] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKLM] -> %System32%\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [HKLM] -> %System32%\ieframe.dll [Shell DocObject Viewer] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {e82a2d71-5b2f-43a0-97b8-81be15854de8} [HKLM] -> %System32%\dfshim.dll [ShellLink for Application References] -> Microsoft Corporation [Ver = 2.0.50727.42 (RTM.050727-4200) | Size = 83456 bytes | Modified Date = 9/23/2005 7:28:38 AM | Attr = ] {e84fda7c-1d6a-45f6-b725-cb260c236066} [HKLM] -> %System32%\shimgvw.dll [Shell Image Verbs] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} [HKLM] -> %System32%\zipfldr.dll [Compressed (zipped) Folder] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 337920 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [HKLM] -> %System32%\webcheck.dll [TrayAgent] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {EAB841A0-9550-11cf-8C16-00805F1408F3} [HKLM] -> %System32%\shimgvw.dll [HTML Thumbnail Extractor] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {eb9b1153-3b57-4e68-959a-a3266bc3d7fe} [HKLM] -> %System32%\shimgvw.dll [Shell Image Property Handler] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 438272 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} [HKLM] -> %System32%\dfsshlex.dll [DfsShell] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell DeskBar] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Rebar BandSite] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [HKLM] -> %System32%\browseui.dll [Shell Band Site Menu] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {ECF03A32-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Drop Target] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {ECF03A33-103D-11d2-854D-006008059367} [HKLM] -> %System32%\mydocs.dll [MyDocs Copy Hook] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [HKLM] -> %System32%\browseui.dll [Global Folder Settings] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {EFA24E61-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Favorites Band] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {EFA24E64-B078-11d0-89E4-00C04FC9E26E} [HKLM] -> %System32%\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1497600 bytes | Modified Date = 10/23/2006 7:34:22 AM | Attr = ] {F0152790-D56E-4445-850E-4F3117DB740C} [HKLM] -> %System32%\remotepg.dll [Remote Sessions CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {F020E586-5264-11d1-A532-0000F8757D7E} [HKLM] -> %System32%\dsquery.dll [Directory Start/Search Find] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239104 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1946 | Size = 49198 bytes | Modified Date = 12/27/2004 10:21:16 PM | Attr = ] {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} [HKLM] -> %System32%\wmpshell.dll [Windows Media Player Add to Playlist Context Menu Handler] -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 99840 bytes | Modified Date = 10/18/2006 8:47:20 PM | Attr = ] {F2CF5485-4E02-4f68-819C-B92DE9277049} [HKLM] -> %System32%\ieframe.dll [&Links] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} [HKLM] -> %System32%\rshx32.dll [Printers Security Page] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {F5175861-2688-11d0-9C5E-00AA00A45957} [HKLM] -> %System32%\webcheck.dll [Subscription Folder] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 232960 bytes | Modified Date = 10/10/2007 3:56:00 PM | Attr = ] {F61FFEC1-754F-11d0-80CA-00AA005B4383} [HKLM] -> %System32%\browseui.dll [BandProxy] -> Microsoft Corporation [Ver = 6.00.2900.3020 (xpsp.061023-0222) | Size = 1022976 bytes | Modified Date = 10/23/2006 7:34:20 AM | Attr = ] {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Shell extensions for sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} [HKLM] -> %System32%\ieframe.dll [IE Registry Tree Options Utility] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {f92e8c40-3d33-11d2-b1aa-080036a75b03} [HKLM] -> %System32%\DESKPERF.DLL [Display TroubleShoot CPL Extension] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} [HKLM] -> %System32%\ieframe.dll [IE User Assist] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} [HKLM] -> %System32%\wiashext.dll [Scanners & Cameras] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 589312 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ] {FBF23B40-E3F0-101B-8488-00AA003E56F8} [HKLM] -> %System32%\ieframe.dll [InternetShortcut] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} [HKLM] -> %System32%\ieframe.dll [IE Custom MRU AutoCompleted List] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] {FF393560-C2A7-11CF-BFF4-444553540000} [HKLM] -> %System32%\ieframe.dll [History] -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 728 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> KY»u CËìeZ‘2 0De2312e88 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> …I”¯n ñó -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> ÍÎ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> qMGÞ~¶ôî¨8E -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> ¹ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> €oã”øyÄ -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11494 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe -> C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe -> C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Enabled:CoDUOMP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0DB23765-61C9-45EE-BC9B-89B439B928B0} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9B976843-FEA8-4238-A3AD-4152E62D4A53} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {0D2E74C4-3C34-11d2-A27E-00C04FC30871} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {24F14F01-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {24F14F02-7B1C-11d1-838f-0000F80461CF} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {66742402-F9B9-11D1-A202-0000F81FEDEE} [HKLM] -> %System32%\shell32.dll [Reg Data - Value does not exist] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ] < ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ -> {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} [HKLM] -> %System32%\shell32.dll [Start Menu Pin] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 61440 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] {8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 144944 bytes | Modified Date = 5/30/2007 4:29:46 AM | Attr = ] {750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {09799AFB-AD67-11d1-ABCD-00C04FC30936} [HKLM] -> %System32%\shell32.dll [Open With] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [Open With EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found < ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} [HKLM] -> %System32%\shell32.dll [Send To] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 480624 bytes | Modified Date = 1/4/2008 8:56:54 PM | Attr = ] < ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shell\ -> %SystemRoot%\Explorer.exe -> %SystemRoot%\explorer.exe [find] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Bookmark] -> Nullsoft [Ver = 2.80 | Size = 643072 bytes | Modified Date = 4/26/2002 10:52:48 AM | Attr = ] "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Enqueue] -> Nullsoft [Ver = 2.80 | Size = 643072 bytes | Modified Date = 4/26/2002 10:52:48 AM | Attr = ] "C:\Program Files\Winamp\Winamp.exe" "%1" -> %ProgramFiles%\Winamp\winamp.exe [Winamp.Play] -> Nullsoft [Ver = 2.80 | Size = 643072 bytes | Modified Date = 4/26/2002 10:52:48 AM | Attr = ] < ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ -> {CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 61440 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] {8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 144944 bytes | Modified Date = 5/30/2007 4:29:46 AM | Attr = ] {A470F8CF-A1E8-4f65-8335-227475AA5C46} [HKLM] -> %System32%\shell32.dll [EncryptionMenu] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] {750fdf0e-2a26-11d1-a3ea-080036587f03} [HKLM] -> %System32%\cscui.dll [Offline Files] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 326656 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [HKLM] -> %System32%\ntshrui.dll [Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143872 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] Reg Data - Value does not exist [HKLM] -> Reg Data - Key not found [ShellExtension] -> File not found < ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} [HKLM] -> %System32%\shell32.dll [New] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] < ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shell\ -> "C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\\psp.exe" "/Browse" "%L" -> %ProgramFiles%\Jasc Software Inc\Paint Shop Pro 7\psp.exe [Browse With Paint Shop Pro 7] -> Jasc Software, Inc. [Ver = 7.05 Release Try & Buy | Size = 9367552 bytes | Modified Date = 3/21/2002 2:28:42 PM | Attr = ] %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> %SystemRoot%\explorer.exe [explore] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] %SystemRoot%\Explorer.exe /idlist,%I,%L -> %SystemRoot%\explorer.exe [open] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] < ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ -> {7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %ProgramFiles%\Webroot\Spy Sweeper\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 480624 bytes | Modified Date = 1/4/2008 8:56:54 PM | Attr = ] < ControlSets > -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found -> .cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} -> .hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found -> .hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> .html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} -> .inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found -> .pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found -> .reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found -> .txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found -> .vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} -> .wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found -> .wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found -> < Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping -> {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -> 8197 - Reg Data - Value does not exist -> {8828075D-D097-4055-AA02-2DBFA9D85E8A} -> 8198 - Reg Data - Value does not exist -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8196 - Reg Data - Value does not exist -> {97809617-3937-4F84-B335-9BB05EF1A8D4} -> 8199 - Reg Data - Value does not exist -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> 8194 - Reg Data - Value does not exist -> {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> 8193 - Reg Data - Value does not exist -> {FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger -> NextId -> 8201 -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11494 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe -> C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe -> C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Enabled:CoDUOMP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0DB23765-61C9-45EE-BC9B-89B439B928B0} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9B976843-FEA8-4238-A3AD-4152E62D4A53} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> < Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\SYSTEM32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> -> %systemroot% -> -> %systemroot%\system32\wbem -> -> C:\Program Files\Common Files\Adaptec Shared\System -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> .EXE -> -> .BAT -> -> .CMD -> -> .VBS -> -> .VBE -> -> .JS -> -> .JSE -> -> .WSF -> -> .WSH -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] batfile [open] -> "%1" %* -> batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 3:22:02 PM | Attr = ] cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] cmdfile [open] -> "%1" %* -> cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] comfile [open] -> "%1" %* -> cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] exefile [open] -> "%1" %* -> helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 283648 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 45568 bytes | Modified Date = 10/17/2006 11:56:10 AM | Attr = ] htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 11.0.5510 | Size = 55360 bytes | Modified Date = 7/14/2003 10:52:56 PM | Attr = ] htmlfile [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 2:59:52 AM | Attr = ] htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 2:59:52 AM | Attr = ] htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] http [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" -nohome -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 2:59:52 AM | Attr = ] https [open] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" -> Mozilla [Ver = 1.0.1 | Size = 6626916 bytes | Modified Date = 2/25/2005 7:27:00 PM | Attr = ] inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 6065664 bytes | Modified Date = 10/10/2007 3:55:54 PM | Attr = ] InternetShortcut [print] -> rundll32.exe %System32%\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 7.00.6000.16587 (vista_gdr.071026-1500) | Size = 3590656 bytes | Modified Date = 10/30/2007 3:42:28 PM | Attr = ] jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] piffile [open] -> "%1" %* -> regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/3/2004 11:56:56 PM | Attr = ] regfile [merge] -> Reg Data - Key not found -> regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] scrfile [open] -> "%1" /S -> txtfile [edit] -> Reg Data - Key not found -> txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 11:56:54 PM | Attr = ] wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 7:34:02 PM | Attr = ] Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Directory [Winamp.Bookmark] -> "%ProgramFiles%\Winamp\Winamp.exe" /BOOKMARK "%1" -> Nullsoft [Ver = 2.80 | Size = 643072 bytes | Modified Date = 4/26/2002 10:52:48 AM | Attr = ] Directory [Winamp.Enqueue] -> "%ProgramFiles%\Winamp\Winamp.exe" /ADD "%1" -> Nullsoft [Ver = 2.80 | Size = 643072 bytes | Modified Date = 4/26/2002 10:52:48 AM | Attr = ] Directory [Winamp.Play] -> "%ProgramFiles%\Winamp\Winamp.exe" "%1" -> Nullsoft [Ver = 2.80 | Size = 643072 bytes | Modified Date = 4/26/2002 10:52:48 AM | Attr = ] Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 2:23:08 AM | Attr = ] Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE" %1 -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 625152 bytes | Modified Date = 10/10/2007 2:59:52 AM | Attr = ] CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" -> File not found < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {01A4AEDE-F219-49A2-B855-16A016EAF9A4} -> Intel(R) PROSet II -> {01F9D88C-3C86-4E82-840A-101A3221F67A} -> Microsoft Money 2003 -> {02B42D23-10F2-4862-ADA4-3DF1EA0021B2} -> Microsoft Money 2003 System Pack -> {03410014-3975-4267-9F39-1DC4745090B7} -> Microsoft Encarta Encyclopedia Standard 2003 -> {0DEA94ED-915A-4834-A87E-388D012C8E02} -> Medal of Honor Allied Assault -> {11F1920A-56A2-4642-B6E0-3B31A12C9288} -> Dell Solution Center -> {12BDDF23-B1DB-49C8-92D3-3E6841CCED61} -> Microsoft Streets and Trips 2002 -> {151C555A-A9E7-4A2E-B6D7-165D04A3C956} -> Dell Picture Studio - Dell Image Expert -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer -> {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP -> {369B36BE-3D64-4641-9AEA-808D436FE132} -> Microsoft Picture It! Photo 7.0 -> {37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) -> {37F79672-76E1-11D6-B2FB-0002A5E32BEF} -> BVHE-Beauty and the Beast Magical Ballroom -> {3DE5E7D4-7B88-403C-A3FD-2017A8240C5B} -> Google Earth -> {4F661F5D-A485-48CE-837C-6B55D1915827} -> Call of Duty(TM) Game of the Year Edition -> {56CFA833-F44F-4199-8C58-7F8B38F2BC7B} -> Medal of Honor Pacific Assault(tm) -> {5809E7CF-4DCF-11D4-9875-00105ACE7734} -> Logitech MouseWare 9.76 -> {609F7AC8-C510-11D4-A788-009027ABA5D0} -> Easy CD Creator 5 Basic -> {64116298-93C5-401D-B06C-39D8E3338508} -> DAO -> {6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD -> {6815FCDD-401D-481E-BA88-31B4754C2B46} -> Macromedia Flash Player 8 -> {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 -> {764D06D8-D8DE-411E-A1C8-D9E9380F8A84} -> Microsoft Works 7.0 -> {76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1 -> Spy Sweeper -> {7914BE1E-F186-4790-B8F4-9F63C52A41C1} -> Medal of Honor Allied Assault(tm) Spearhead -> {7EE9DE0D-9228-4C33-B80E-FDD1773600DF} -> Microsoft Works Suite Add-in for Microsoft Word -> {7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} -> DellSupport -> {7F142D56-3326-11D5-B229-002078017FBF} -> Modem Helper -> {823A68CC-3049-4A6B-8F63-7DC85E4BB1C9} -> Medal of Honor Allied Assault(tm) Breakthrough -> {82DFB852-9594-4668-9C66-28BB6E94BCB2} -> HP Photo and Imaging 1.0 - PSC 2000 Series -> {900B1197-53F5-4F46-A882-2CFFFE2EEDCB} -> Logitech Desktop Messenger -> {90D55A3F-1D99-4C94-A77E-46DC14F0BF08} -> Help and Support Customization -> {91120409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Standard Edition 2003 -> {96E16100-A77F-4B31-B9AD-FFBA040EE1BD} -> Sound Blaster Live! -> {98DF85D9-96C0-4F57-A92E-C3539477EF5E} -> DVDSentry -> {9BFFB382-0B2C-11D6-AB3E-000102B0F79A} -> Readiris 7.5 -> {9D98F245-3010-43C6-B3B0-67A464DA298E} -> ELNKInst -> {A662E280-64A8-4CF5-8407-13D0808602B3} -> Call of Duty - United Offensive -> {AC1E4C93-C1E7-11D6-9D10-00010240CE95} -> Java 2 Runtime Environment, SE v1.4.0_03 -> {AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0.8 -> {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy -> {B43357AA-3A6D-4D94-B56E-43C44D09E548} -> Microsoft .NET Framework (English) -> {BC019EBE-613F-491F-9A83-08E3E8A74CE6} -> EarthLink Free Trial -> {C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) -> {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition -> {D0A05794-48C2-4424-A15A-9F20FCFDD374} -> Call of Duty(R) 2 -> {D2FCC1AE-6311-47C5-8130-C6C66D77DD71} -> Nikon Message Center -> {D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6} -> Works Suite OS Pack -> {D6DE02C7-1F47-11D4-9515-00105AE4B89A} -> Paint Shop Pro 7 -> {DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer -> {DF9046D6-5F1F-40B6-9782-3DC2D902D391} -> Medal of Honor Allied Assault(tm) Breakthrough Patch v2.40 -> {E3436EE2-D5CB-4249-840B-3A0140CC34C3} -> Classic PhoneTools -> {E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect -> {ED93995E-8BF2-480F-8EA4-7D29E29A7052} -> HP Photo and Imaging 1.0 - PSC 2000 Series Drivers -> {EE7C3A14-1D20-49F6-B903-491561076F0F} -> ArcSoft Software Suite -> {FF3999BE-1A7B-4738-88AA-97BF14094A4A} -> PictureProject -> 3DGroove -> 3D Groove Playback Engine -> Ad-Aware SE Personal -> Ad-Aware SE Personal -> Adobe Atmosphere Player -> Adobe Atmosphere Player for Acrobat and Adobe Reader -> Adobe Flash Player Plugin -> Adobe Flash Player Plugin -> AdobeESD -> Adobe Download Manager 1.2 (Remove Only) -> All ATI Software -> ATI - Software Uninstall Utility -> ArcSoft Software Suite -> ArcSoft Software Suite -> ATI Display Driver -> ATI Display Driver -> AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 -> Chipmunk Coloring Book -> Chipmunk Coloring Book -> CNXT_MODEM_PCI_VEN_14F1&DEV_2702 -> Conexant SmartHSFi V92 56K Speakerphone PCI Modem -> Combat Flight Simulator 1.00 -> Microsoft Combat Flight Simulator -> ComcastHSI -> Comcast High-Speed Internet Install Wizard -> D.W. the Picky Eater 1.0 -> D.W. the Picky Eater -> EarthLink 5.0 -> EarthLink 5.0 -> ffdshow -> ffdshow (remove only) -> GameSpy Arcade -> GameSpy Arcade -> HijackThis -> HijackThis 2.0.2 -> hp instant support -> hp instant support -> hp psc 2100 series_Driver -> hp psc 2100 series -> I Want to Read! -> I Want to Read! -> IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs -> ie7 -> Windows Internet Explorer 7 -> InstallShield_{4F661F5D-A485-48CE-837C-6B55D1915827} -> Call of Duty(TM) Game of the Year Edition -> InstallShield_{9D98F245-3010-43C6-B3B0-67A464DA298E} -> Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present -> InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3} -> Call of Duty - United Offensive -> InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374} -> Call of Duty(R) 2 -> Java Web Start -> Java Web Start -> Kaspersky Online Scanner -> Kaspersky Online Scanner -> KB834707 -> Windows XP Hotfix - KB834707 -> KB867282 -> Windows XP Hotfix - KB867282 -> KB873333 -> Windows XP Hotfix - KB873333 -> KB873339 -> Windows XP Hotfix - KB873339 -> KB883939 -> Security Update for Windows XP (KB883939) -> KB885250 -> Windows XP Hotfix - KB885250 -> KB885835 -> Windows XP Hotfix - KB885835 -> KB885836 -> Windows XP Hotfix - KB885836 -> KB885884 -> Windows XP Hotfix - KB885884 -> KB886185 -> Windows XP Hotfix - KB886185 -> KB887472 -> Windows XP Hotfix - KB887472 -> KB887742 -> Windows XP Hotfix - KB887742 -> KB888113 -> Windows XP Hotfix - KB888113 -> KB888302 -> Windows XP Hotfix - KB888302 -> KB890046 -> Security Update for Windows XP (KB890046) -> KB890047 -> Windows XP Hotfix - KB890047 -> KB890175 -> Windows XP Hotfix - KB890175 -> KB890859 -> Windows XP Hotfix - KB890859 -> KB890923 -> Windows XP Hotfix - KB890923 -> KB891781 -> Windows XP Hotfix - KB891781 -> KB892130 -> Windows Genuine Advantage Validation Tool (KB892130) -> KB893066 -> Windows XP Hotfix - KB893066 -> KB893086 -> Windows XP Hotfix - KB893086 -> KB893756 -> Security Update for Windows XP (KB893756) -> KB893803 -> Windows Installer 3.1 (KB893803) -> KB893803v2 -> Windows Installer 3.1 (KB893803) -> KB894391 -> Update for Windows XP (KB894391) -> KB896358 -> Security Update for Windows XP (KB896358) -> KB896422 -> Security Update for Windows XP (KB896422) -> KB896423 -> Security Update for Windows XP (KB896423) -> KB896424 -> Security Update for Windows XP (KB896424) -> KB896428 -> Security Update for Windows XP (KB896428) -> KB896688 -> Security Update for Windows XP (KB896688) -> KB896727 -> Update for Windows XP (KB896727) -> KB898458 -> Security Update for Step By Step Interactive Training (KB898458) -> KB898461 -> Update for Windows XP (KB898461) -> KB899587 -> Security Update for Windows XP (KB899587) -> KB899588 -> Security Update for Windows XP (KB899588) -> KB899591 -> Security Update for Windows XP (KB899591) -> KB900485 -> Update for Windows XP (KB900485) -> KB900725 -> Security Update for Windows XP (KB900725) -> KB901017 -> Security Update for Windows XP (KB901017) -> KB901214 -> Security Update for Windows XP (KB901214) -> KB902400 -> Security Update for Windows XP (KB902400) -> KB903235 -> Security Update for Windows XP (KB903235) -> KB904706 -> Security Update for Windows XP (KB904706) -> KB904942 -> Update for Windows XP (KB904942) -> KB905414 -> Security Update for Windows XP (KB905414) -> KB905749 -> Security Update for Windows XP (KB905749) -> KB905915 -> Security Update for Windows XP (KB905915) -> KB908519 -> Security Update for Windows XP (KB908519) -> KB908531 -> Security Update for Windows XP (KB908531) -> KB910437 -> Update for Windows XP (KB910437) -> KB911280 -> Security Update for Windows XP (KB911280) -> KB911562 -> Security Update for Windows XP (KB911562) -> KB911564 -> Security Update for Windows Media Player (KB911564) -> KB911565 -> Security Update for Windows Media Player 9 (KB911565) -> KB911567 -> Security Update for Windows XP (KB911567) -> KB911927 -> Security Update for Windows XP (KB911927) -> KB912812 -> Security Update for Windows XP (KB912812) -> KB912919 -> Security Update for Windows XP (KB912919) -> KB913446 -> Security Update for Windows XP (KB913446) -> KB913580 -> Security Update for Windows XP (KB913580) -> KB914388 -> Security Update for Windows XP (KB914388) -> KB914389 -> Security Update for Windows XP (KB914389) -> KB914440 -> Hotfix for Windows XP (KB914440) -> KB915865 -> Hotfix for Windows XP (KB915865) -> KB916281 -> Security Update for Windows XP (KB916281) -> KB916595 -> Update for Windows XP (KB916595) -> KB917159 -> Security Update for Windows XP (KB917159) -> KB917344 -> Security Update for Windows XP (KB917344) -> KB917422 -> Security Update for Windows XP (KB917422) -> KB917734_WMP10 -> Security Update for Windows Media Player 10 (KB917734) -> KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734) -> KB917953 -> Security Update for Windows XP (KB917953) -> KB918118 -> Security Update for Windows XP (KB918118) -> KB918439 -> Security Update for Windows XP (KB918439) -> KB918899 -> Security Update for Windows XP (KB918899) -> KB919007 -> Security Update for Windows XP (KB919007) -> KB920213 -> Security Update for Windows XP (KB920213) -> KB920214 -> Security Update for Windows XP (KB920214) -> KB920670 -> Security Update for Windows XP (KB920670) -> KB920683 -> Security Update for Windows XP (KB920683) -> KB920685 -> Security Update for Windows XP (KB920685) -> KB920872 -> Update for Windows XP (KB920872) -> KB921398 -> Security Update for Windows XP (KB921398) -> KB921503 -> Security Update for Windows XP (KB921503) -> KB921883 -> Security Update for Windows XP (KB921883) -> KB922582 -> Update for Windows XP (KB922582) -> KB922616 -> Security Update for Windows XP (KB922616) -> KB922760 -> Security Update for Windows XP (KB922760) -> KB922819 -> Security Update for Windows XP (KB922819) -> KB923191 -> Security Update for Windows XP (KB923191) -> KB923414 -> Security Update for Windows XP (KB923414) -> KB923689 -> Security Update for Windows XP (KB923689) -> KB923694 -> Security Update for Windows XP (KB923694) -> KB923723 -> Security Update for Step By Step Interactive Training (KB923723) -> KB923980 -> Security Update for Windows XP (KB923980) -> KB924191 -> Security Update for Windows XP (KB924191) -> KB924270 -> Security Update for Windows XP (KB924270) -> KB924496 -> Security Update for Windows XP (KB924496) -> KB924667 -> Security Update for Windows XP (KB924667) -> KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) -> KB925454 -> Security Update for Windows XP (KB925454) -> KB925486 -> Security Update for Windows XP (KB925486) -> KB925902 -> Security Update for Windows XP (KB925902) -> KB926239 -> Hotfix for Windows XP (KB926239) -> KB926255 -> Security Update for Windows XP (KB926255) -> KB926436 -> Security Update for Windows XP (KB926436) -> KB927779 -> Security Update for Windows XP (KB927779) -> KB927802 -> Security Update for Windows XP (KB927802) -> KB927891 -> Update for Windows XP (KB927891) -> KB928090-IE7 -> Security Update for Windows Internet Explorer 7 (KB928090) -> KB928255 -> Security Update for Windows XP (KB928255) -> KB928365.T1_1ToU569_1 -> Security Update for Microsoft .NET Framework 2.0 (KB928365) -> KB928843 -> Security Update for Windows XP (KB928843) -> KB929123 -> Security Update for Windows XP (KB929123) -> KB929338 -> Update for Windows XP (KB929338) -> KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) -> KB929969 -> Security Update for Windows Internet Explorer 7 (KB929969) -> KB930178 -> Security Update for Windows XP (KB930178) -> KB930916 -> Update for Windows XP (KB930916) -> KB931261 -> Security Update for Windows XP (KB931261) -> KB931768-IE7 -> Security Update for Windows Internet Explorer 7 (KB931768) -> KB931784 -> Security Update for Windows XP (KB931784) -> KB931836 -> Update for Windows XP (KB931836) -> KB932168 -> Security Update for Windows XP (KB932168) -> KB933360 -> Update for Windows XP (KB933360) -> KB933566-IE7 -> Security Update for Windows Internet Explorer 7 (KB933566) -> KB933729 -> Security Update for Windows XP (KB933729) -> KB935839 -> Security Update for Windows XP (KB935839) -> KB935840 -> Security Update for Windows XP (KB935840) -> KB936021 -> Security Update for Windows XP (KB936021) -> KB936357 -> Update for Windows XP (KB936357) -> KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) -> KB937143-IE7 -> Security Update for Windows Internet Explorer 7 (KB937143) -> KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127) -> KB938828 -> Update for Windows XP (KB938828) -> KB938829 -> Security Update for Windows XP (KB938829) -> KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653) -> KB939683 -> Hotfix for Windows Media Player 11 (KB939683) -> KB941202 -> Security Update for Windows XP (KB941202) -> KB941568 -> Security Update for Windows XP (KB941568) -> KB941569 -> Security Update for Windows XP (KB941569) -> KB941644 -> Security Update for Windows XP (KB941644) -> KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615) -> KB942763 -> Update for Windows XP (KB942763) -> KB943460 -> Security Update for Windows XP (KB943460) -> KB943485 -> Security Update for Windows XP (KB943485) -> KB944653 -> Security Update for Windows XP (KB944653) -> KG_2.4b -> JumpStart Kindergarten v2.4b -> LinksLS99DeinstKey -> Links LS 1999 -> LucasArts' Outlaws -> LucasArts' Outlaws -> Mcafee.com SecurityCenter -> McAfee.com SecurityCenter -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 -> Microsoft .NET Framework Full v1.0.3705 (1033) -> Microsoft .NET Framework (English) v1.0.3705 -> Mozilla Firefox (1.0.1) -> Mozilla Firefox (1.0.1) -> MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP -> MSN Music Assistant -> MSN Music Assistant -> MUSICMATCH Jukebox -> MUSICMATCH Jukebox -> Netscape Browser -> Netscape Browser (remove only) -> NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs -> NVIDIA -> NVIDIA Windows 2000/XP Display Drivers -> NVIDIA Display Driver -> NVIDIA Display Driver -> Panda ActiveScan -> Panda ActiveScan -> pet95 -> Time to Play (TM) Pet Shop -> Picasa2 -> Picasa 2 -> PROSet -> Intel(R) PRO Ethernet Adapter and Software -> PSC 2000 Series -> HP Photo and Imaging 1.0 - PSC 2000 Series -> QuickTime -> QuickTime -> RealArcade 1.2 -> RealArcade -> RealPlayer 6.0 -> RealPlayer -> Security Task Manager -> Security Task Manager 1.6f -> Shockwave -> Shockwave -> ShockwaveFlash -> Adobe Flash Player 9 ActiveX -> Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 -> Support.com -> ComcastSUPPORT -> VirusScan Online -> McAfee.com VirusScan Online -> WGA -> Windows Genuine Advantage Validation Tool (KB892130) -> WgaNotify -> Windows Genuine Advantage Notifications (KB905474) -> Winamp -> Winamp (remove only) -> Windows Media Format Runtime -> Windows Media Format 11 runtime -> Windows Media Player -> Windows Media Player 11 -> Windows XP Service Pack -> Windows XP Service Pack 2 -> WMFDist11 -> Windows Media Format 11 runtime -> wmp11 -> Windows Media Player 11 -> Works2003Setup -> Microsoft Works 2003 Setup Launcher -> Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 -> < WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW -> cmdline -> %SystemRoot%\system32\ntvdm.exe -> wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 -> < EventViewer Logs > -> Errors and Warnings -> Description Application - Warning - 1/15/2008 4:23:54 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:23:54 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:23:58 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:23:58 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:24:00 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:24:00 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:29:42 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:29:42 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:29:44 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:29:44 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:29:45 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:29:45 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:35:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:35:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:35:54 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:35:54 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:35:55 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:35:55 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:42:02 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:42:02 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:42:04 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:42:04 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 4:42:05 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 4:42:05 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:46:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:46:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:46:20 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:46:20 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:51:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:51:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:51:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:51:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:57:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:57:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:57:54 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:57:54 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:57:56 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:57:56 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:58:55 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:58:55 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:58:57 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:58:57 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 7:58:58 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 7:58:58 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:02:46 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:02:46 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:02:49 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:02:49 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:02:49 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:02:49 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:15:51 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:15:51 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:15:53 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:15:53 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:20:17 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:20:17 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:20:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:20:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:20:19 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:20:19 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:20:27 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:20:27 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:24:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:24:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:29:13 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:29:13 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:33:14 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:33:14 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/15/2008 8:38:04 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/15/2008 8:38:04 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/15/2008 8:39:52 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/15/2008 10:13:16 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Warning - 1/16/2008 5:05:48 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:05:48 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:05:50 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:05:50 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:05:51 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:05:51 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:06:24 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:06:24 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:06:25 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:06:25 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:06:27 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:06:27 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:11:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:11:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:11:37 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:11:37 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:11:37 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:11:37 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:17:30 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:17:30 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:17:32 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:17:32 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:17:32 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:17:32 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:21:33 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:21:33 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:21:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:21:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 5:21:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 5:21:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:09:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:09:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:09:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:09:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:10:40 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:10:40 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:10:42 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:10:42 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:10:43 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:10:43 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:13:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:13:16 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:13:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:13:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:13:19 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:13:19 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:26:27 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:26:27 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:26:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:26:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:26:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:26:35 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:31:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:31:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:31:22 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:31:22 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:31:23 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:31:23 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:34:09 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:34:09 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:34:13 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:34:13 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 6:35:20 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 6:35:20 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 7:48:17 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 7:48:17 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 7:48:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 7:48:18 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 7:48:19 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 7:48:19 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 8:06:38 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 8:06:38 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 8:06:40 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 8:06:40 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 8:06:40 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/16/2008 8:06:40 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/16/2008 10:11:16 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Warning - 1/17/2008 1:57:54 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 1:57:54 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/17/2008 2:01:56 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/17/2008 2:01:56 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:01:56 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:01:58 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:01:58 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:02:12 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:02:12 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/17/2008 2:03:19 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/17/2008 2:03:47 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:03:47 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/17/2008 2:04:32 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/17/2008 2:06:00 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:06:00 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:06:13 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:06:13 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:07:20 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:07:20 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:07:22 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:07:22 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:07:23 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:07:23 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:08:55 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:08:55 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:15:53 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:15:53 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:19:17 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:19:17 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:24:34 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:24:34 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/17/2008 2:25:07 PM -> Computer Name = CORN - User Name = (blank) - Source = Application Hang -> Description = Hanging application iexploreexe version 70600016574 hang module hungapp version 0000 hang address 0x00000000 Application - Error - 1/17/2008 2:25:07 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/17/2008 2:26:21 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:26:21 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:26:46 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:26:46 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:35:01 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:35:01 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/17/2008 2:39:12 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/17/2008 2:39:36 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:39:36 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:39:38 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:39:38 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:41:34 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:41:34 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:43:30 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:43:30 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 2:43:48 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 2:43:48 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 7:52:45 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 7:52:45 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 7:52:47 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 7:52:47 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 7:52:59 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 7:52:59 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 7:53:50 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 7:53:50 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 9:06:30 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 9:06:30 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Error - 1/17/2008 9:06:57 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Product Microsoft Money 2003 -- Error 1706No valid source could be found for product Microsoft Money 2003 The Windows installer cannot continue Application - Warning - 1/17/2008 9:06:57 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 9:06:57 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 9:06:58 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 9:06:58 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 9:07:06 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram component 8C64D78C-54BA-11D6-91B1-00500462BE80 failed The resource CProgram FilesMicrosoft MoneySystemmnyexprexe does not exist Application - Warning - 1/17/2008 9:07:06 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = MsiInstaller -> Description = Detection of product 01F9D88C-3C86-4E82-840A-101A3221F67A feature featProgram failed during request for component 8C64DA94-54BA-11D6-91B1-00500462BE80 Application - Warning - 1/17/2008 9:35:59 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Warning - 1/17/2008 10:02:59 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Warning - 1/18/2008 2:04:29 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = Userenv -> Description = Application - Warning - 1/18/2008 2:04:32 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Warning - 1/18/2008 10:22:31 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Error - 1/19/2008 11:15:49 AM -> Computer Name = CORN - User Name = (blank) - Source = crypt32 -> Description = Failed extract of third-party root list from auto update cab at with error A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file Application - Warning - 1/19/2008 9:44:04 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Warning - 1/20/2008 12:18:46 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Error - 1/20/2008 2:31:02 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = McLogEvent -> Description = Application - Error - 1/20/2008 2:31:06 PM -> Computer Name = CORN - User Name = (blank) - Source = Application Error -> Description = Application - Warning - 1/20/2008 5:43:41 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Error - 1/20/2008 8:44:18 PM -> Computer Name = CORN - User Name = (blank) - Source = Application Hang -> Description = Hanging application iexploreexe version 70600016574 hang module hungapp version 0000 hang address 0x00000000 Application - Error - 1/20/2008 8:44:19 PM -> Computer Name = CORN - User Name = (blank) - Source = Application Hang -> Description = Hanging application iexploreexe version 70600016574 hang module hungapp version 0000 hang address 0x00000000 Application - Warning - 1/20/2008 8:44:56 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = Application - Error - 1/21/2008 8:36:44 AM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = McLogEvent -> Description = Application - Error - 1/21/2008 8:36:47 AM -> Computer Name = CORN - User Name = (blank) - Source = Application Error -> Description = Application - Warning - 1/21/2008 9:43:49 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = Userenv -> Description = System - Error - 1/15/2008 4:24:27 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 1/15/2008 4:24:58 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Warning - 1/16/2008 5:29:43 PM -> Computer Name = CORN - User Name = (blank) - Source = E100B -> Description = System - Error - 1/16/2008 5:55:36 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the combofix service to connect System - Error - 1/16/2008 5:55:36 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The combofix service failed to start due to the following error 1053 System - Error - 1/17/2008 2:03:41 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 1/17/2008 2:04:10 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Warning - 1/17/2008 9:14:05 PM -> Computer Name = CORN - User Name = (blank) - Source = dnscache -> Description = The DNS Client service could not contact any DNS servers fora repeated number of attempts For the next 30 seconds theDNS Client service will not use the network to avoid furthernetwork performance problems It will resume its normal behaviorafter that If this problem persists verify your TCPIPconfiguration specifically check that you have a preferred(and possibly an alternate) DNS server configured If the problemcontinues verify network conditions to these DNS servers or contactyour network administrator System - Error - 1/17/2008 9:17:49 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the combofix service to connect System - Error - 1/17/2008 9:17:49 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The combofix service failed to start due to the following error 1053 System - Error - 1/17/2008 9:17:49 PM -> Computer Name = CORN - User Name = (blank) - Source = PlugPlayManager -> Description = The device RootLEGACYLHIDUSBB0000 disappeared from the system without first being prepared for removal System - Error - 1/17/2008 9:38:42 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/18/2008 6:15:19 AM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/18/2008 10:41:44 AM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 1/18/2008 10:42:14 AM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 1/18/2008 10:46:11 AM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Warning - 1/18/2008 1:56:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0007E9E4BD6A The followingerror occurred 121Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server System - Error - 1/18/2008 2:07:06 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/18/2008 2:21:43 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Error - 1/18/2008 3:22:35 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Error - 1/19/2008 9:55:15 AM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/19/2008 9:34:40 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Error - 1/20/2008 9:38:24 AM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/20/2008 12:18:19 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the combofix service to connect System - Error - 1/20/2008 12:18:19 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The combofix service failed to start due to the following error 1053 System - Error - 1/20/2008 12:21:49 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/20/2008 1:59:05 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Error - 1/20/2008 2:36:07 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The McAfeecom McShield service terminated unexpectedly It has done this 1 time(s) System - Error - 1/20/2008 5:31:30 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 1/20/2008 5:32:01 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service System - Error - 1/20/2008 5:46:18 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31 System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31 System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error 31 System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31 System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The Webroot Spy Sweeper Engine service failed to start due to the following error 1053 System - Error - 1/20/2008 5:46:43 PM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AFDAVG Anti-Spyware DrivercdudfxpFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssSASDIFSVSASKUTILTcpip System - Error - 1/20/2008 5:46:49 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/20/2008 7:53:17 PM -> Computer Name = CORN - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = System - Error - 1/20/2008 7:55:53 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/20/2008 8:47:56 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = System - Error - 1/21/2008 8:41:48 AM -> Computer Name = CORN - User Name = (blank) - Source = Service Control Manager -> Description = The McAfeecom McShield service terminated unexpectedly It has done this 1 time(s) System - Warning - 1/21/2008 10:25:49 AM -> Computer Name = CORN - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized System - Error - 1/21/2008 6:31:40 PM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Error - 1/22/2008 9:47:27 AM -> Computer Name = CORN - User Name = CORN\Teresa - Source = DCOM -> Description = System - Error - 1/22/2008 4:10:20 PM -> Computer Name = CORN - User Name = CORN\Trevan - Source = DCOM -> Description = [Files/Folders - Created Within 60 days] 252.tmp -> %SystemDrive%\252.tmp -> [Ver = | Size = 307859456 bytes | Created Date = 1/20/2008 8:34:12 PM | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 1/17/2008 9:10:40 PM | Attr = ] ComboFix.txt -> %SystemDrive%\ComboFix.txt -> [Ver = | Size = 13788 bytes | Created Date = 1/20/2008 12:29:17 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804306944 bytes | Created Date = 1/1/1601 8:00:00 AM | Attr = HS] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 1/12/2008 11:46:04 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/16/2008 5:30:13 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/13/2008 6:42:21 PM | Attr = ] VundoFix.txt -> %SystemDrive%\VundoFix.txt -> [Ver = | Size = 3299 bytes | Created Date = 1/13/2008 6:42:21 PM | Attr = ] $NtUninstallKB941568$ -> %SystemRoot%\$NtUninstallKB941568$ -> [Folder | Created Date = 12/12/2007 10:05:24 PM | Attr = H ] $NtUninstallKB941569$ -> %SystemRoot%\$NtUninstallKB941569$ -> [Folder | Created Date = 12/12/2007 10:07:08 PM | Attr = H ] $NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Created Date = 1/8/2008 9:08:46 PM | Attr = H ] $NtUninstallKB942763$ -> %SystemRoot%\$NtUninstallKB942763$ -> [Folder | Created Date = 12/12/2007 10:07:21 PM | Attr = H ] $NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Created Date = 1/8/2008 9:08:18 PM | Attr = H ] $NtUninstallKB944653$ -> %SystemRoot%\$NtUninstallKB944653$ -> [Folder | Created Date = 12/12/2007 10:05:13 PM | Attr = H ] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Created Date = 12/29/2007 12:27:51 PM | Attr = ] CODUO.ini -> %SystemRoot%\CODUO.ini -> [Ver = | Size = 397 bytes | Created Date = 12/2/2007 2:34:33 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 1/16/2008 5:30:31 PM | Attr = ] KB941568.log -> %SystemRoot%\KB941568.log -> [Ver = | Size = 20529 bytes | Created Date = 12/12/2007 10:03:56 AM | Attr = ] KB941569.log -> %SystemRoot%\KB941569.log -> [Ver = | Size = 24950 bytes | Created Date = 12/12/2007 10:06:04 PM | Attr = ] KB941644.log -> %SystemRoot%\KB941644.log -> [Ver = | Size = 11084 bytes | Created Date = 1/8/2008 11:55:11 AM | Attr = ] KB942615-IE7.log -> %SystemRoot%\KB942615-IE7.log -> [Ver = | Size = 32249 bytes | Created Date = 12/12/2007 10:03:59 AM | Attr = ] KB942763.log -> %SystemRoot%\KB942763.log -> [Ver = | Size = 38535 bytes | Created Date = 12/12/2007 10:04:18 AM | Attr = ] KB943485.log -> %SystemRoot%\KB943485.log -> [Ver = | Size = 11288 bytes | Created Date = 1/8/2008 11:54:56 AM | Attr = ] KB944653.log -> %SystemRoot%\KB944653.log -> [Ver = | Size = 21359 bytes | Created Date = 12/12/2007 10:03:40 AM | Attr = ] NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/16/2008 5:30:06 PM | Attr = ] ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 436222 bytes | Created Date = 1/13/2008 7:57:35 PM | Attr = ] pavsig.txt -> %SystemRoot%\pavsig.txt -> [Ver = | Size = 32 bytes | Created Date = 1/20/2008 8:49:39 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/20/2008 12:29:18 PM | Attr = ] UpdReg.EXE -> %SystemRoot%\UpdReg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Created Date = 1/11/2008 1:24:26 PM | Attr = ] WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Created Date = 1/14/2008 4:02:14 PM | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/20/2008 8:00:32 PM | Attr = ] asfiles.txt -> %System32%\asfiles.txt -> [Ver = | Size = 0 bytes | Created Date = 1/20/2008 8:15:37 PM | Attr = ] asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/20/2008 8:01:14 PM | Attr = ] ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Created Date = 1/11/2008 1:25:14 PM | Attr = ] DSentry.exe -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 2, 0 | Size = 28672 bytes | Created Date = 1/11/2008 4:27:09 PM | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/20/2008 8:00:36 PM | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 1/19/2008 11:19:11 AM | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/20/2008 8:00:35 PM | Attr = ] ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Created Date = 1/14/2008 4:02:14 PM | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 1/16/2008 5:30:06 PM | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/16/2008 5:30:06 PM | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/16/2008 5:30:06 PM | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/20/2008 8:00:37 PM | Attr = ] VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 1/16/2008 5:30:06 PM | Attr = ] WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Created Date = 1/14/2008 4:02:26 PM | Attr = ] wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26480 bytes | Created Date = 1/14/2008 4:02:15 PM | Attr = ] ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/20/2008 8:01:14 PM | Attr = ] ctfmon.exe -> %System32%\dllcache\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Created Date = 1/11/2008 1:25:14 PM | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 1/20/2008 5:39:31 PM | Attr = ] SDTHOOK.SYS -> %System32%\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 1/20/2008 8:27:55 PM | Attr = ] sqswftodbclv.sys -> %System32%\drivers\sqswftodbclv.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Created Date = 1/20/2008 8:24:35 PM | Attr = ] SSFS0BB9.sys -> %System32%\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Created Date = 1/14/2008 4:02:28 PM | Attr = ] sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Created Date = 1/14/2008 4:02:28 PM | Attr = ] ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Created Date = 1/14/2008 4:02:28 PM | Attr = ] sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Created Date = 1/14/2008 4:02:28 PM | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 1/12/2008 8:13:33 PM | Attr = ] Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 1/19/2008 11:19:12 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/14/2008 6:16:58 PM | Attr = ] Webroot -> %AllUsersAppData%\Webroot -> [Folder | Created Date = 1/14/2008 4:00:03 PM | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 1/20/2008 5:40:18 PM | Attr = ] SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 1/14/2008 6:16:34 PM | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Created Date = 1/14/2008 3:58:25 PM | Attr = ] vundofix.txt -> %UserDocuments%\vundofix.txt -> [Ver = | Size = 4015 bytes | Created Date = 1/13/2008 8:10:13 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 1/20/2008 5:39:38 PM | Attr = ] Call of Duty - United Offensive Multiplayer.lnk -> %AllUsersDesktop%\Call of Duty - United Offensive Multiplayer.lnk -> [Ver = | Size = 1625 bytes | Created Date = 12/2/2007 2:34:36 PM | Attr = ] Call of Duty - United Offensive Single Player.lnk -> %AllUsersDesktop%\Call of Duty - United Offensive Single Player.lnk -> [Ver = | Size = 1625 bytes | Created Date = 12/2/2007 2:34:36 PM | Attr = ] Spy Sweeper.lnk -> %AllUsersDesktop%\Spy Sweeper.lnk -> [Ver = | Size = 1641 bytes | Created Date = 1/14/2008 4:02:27 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/14/2008 6:16:41 PM | Attr = ] Activescan.txt -> %UserDesktop%\Activescan.txt -> [Ver = | Size = 464052 bytes | Created Date = 1/20/2008 10:20:29 PM | Attr = ] avgas-setup-7.5.1.43-3339.exe -> %UserDesktop%\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Created Date = 1/12/2008 1:19:05 PM | Attr = ] avgas-setup-8.5.1.43-3339.exe -> %UserDesktop%\avgas-setup-8.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Created Date = 1/20/2008 5:36:05 PM | Attr = ] backups -> %UserDesktop%\backups -> [Folder | Created Date = 1/21/2008 1:22:24 PM | Attr = ] ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1551923 bytes | Created Date = 1/16/2008 5:28:00 PM | Attr = ] ComboFix.txt -> %UserDesktop%\ComboFix.txt -> [Ver = | Size = 11611 bytes | Created Date = 1/18/2008 1:57:35 PM | Attr = ] Copy of Activescan.txt -> %UserDesktop%\Copy of Activescan.txt -> [Ver = | Size = 25437 bytes | Created Date = 1/21/2008 11:13:07 AM | Attr = ] Copy of Report-Scan-20080120-195112.txt -> %UserDesktop%\Copy of Report-Scan-20080120-195112.txt -> [Ver = | Size = 24454 bytes | Created Date = 1/21/2008 10:41:26 AM | Attr = ] Find And Fix Errors.lnk -> %UserDesktop%\Find And Fix Errors.lnk -> [Ver = | Size = 2572 bytes | Created Date = 12/11/2007 6:43:08 PM | Attr = ] Help and Support Center.lnk -> %UserDesktop%\Help and Support Center.lnk -> [Ver = | Size = 1938 bytes | Created Date = 1/13/2008 1:32:38 PM | Attr = ] HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 1/13/2008 8:49:00 PM | Attr = ] hijackthis.log -> %UserDesktop%\hijackthis.log -> [Ver = | Size = 9478 bytes | Created Date = 1/13/2008 9:01:35 PM | Attr = ] install_flash_player.exe -> %UserDesktop%\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Created Date = 1/4/2008 12:27:37 PM | Attr = ] kaspersky.txt -> %UserDesktop%\kaspersky.txt -> [Ver = | Size = 48504 bytes | Created Date = 1/19/2008 1:14:03 PM | Attr = ] log2.txt -> %UserDesktop%\log2.txt -> [Ver = | Size = 12044 bytes | Created Date = 1/17/2008 9:47:17 PM | Attr = ] Repair System Registry.lnk -> %UserDesktop%\Repair System Registry.lnk -> [Ver = | Size = 1570 bytes | Created Date = 12/11/2007 6:43:08 PM | Attr = ] Report-Scan-20080120-195112.txt -> %UserDesktop%\Report-Scan-20080120-195112.txt -> [Ver = | Size = 1079806 bytes | Created Date = 1/20/2008 7:51:54 PM | Attr = ] Shortcut to ComboFix.txt.lnk -> %UserDesktop%\Shortcut to ComboFix.txt.lnk -> [Ver = | Size = 415 bytes | Created Date = 1/16/2008 6:09:43 PM | Attr = ] spybotsd15-1.exe -> %UserDesktop%\spybotsd15-1.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 1/12/2008 7:50:21 AM | Attr = ] spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Created Date = 1/12/2008 7:48:31 AM | Attr = ] ssftrialsnrsetup1_24617547-1.exe -> %UserDesktop%\ssftrialsnrsetup1_24617547-1.exe -> Webroot Software, Inc. [Ver = 5.5.7.103 | Size = 14651520 bytes | Created Date = 1/12/2008 11:44:53 AM | Attr = ] ssftrialsnrsetup1_24617547.exe -> %UserDesktop%\ssftrialsnrsetup1_24617547.exe -> Webroot Software, Inc. [Ver = 5.5.7.103 | Size = 14651520 bytes | Created Date = 1/12/2008 11:41:32 AM | Attr = ] SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 1/14/2008 6:14:47 PM | Attr = ] VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 1/13/2008 6:41:49 PM | Attr = ] Windows Update.lnk -> %UserDesktop%\Windows Update.lnk -> [Ver = | Size = 1932 bytes | Created Date = 1/13/2008 1:32:41 PM | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 1/22/2008 4:15:08 PM | Attr = ] winpfind3u-1.exe -> %UserDesktop%\winpfind3u-1.exe -> [Ver = | Size = 404656 bytes | Created Date = 1/22/2008 4:13:57 PM | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Created Date = 1/22/2008 4:12:20 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 1/14/2008 6:15:36 PM | Attr = ] [Files/Folders - Modified Within 30 days] 252.tmp -> %SystemDrive%\252.tmp -> [Ver = | Size = 307859456 bytes | Modified Date = 1/20/2008 8:43:58 PM | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 1/20/2008 12:29:20 PM | Attr = ] ComboFix.txt -> %SystemDrive%\ComboFix.txt -> [Ver = | Size = 13788 bytes | Modified Date = 1/20/2008 12:29:18 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/14/2008 3:51:46 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 804306944 bytes | Modified Date = 1/22/2008 9:22:12 AM | Attr = HS] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 1/14/2008 4:01:30 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/18/2008 1:55:54 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/20/2008 12:29:18 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/13/2008 8:13:50 PM | Attr = HS] Trevy -> %SystemDrive%\Trevy -> [Folder | Modified Date = 1/1/2008 2:14:46 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/14/2008 7:53:56 PM | Attr = ] VundoFix.txt -> %SystemDrive%\VundoFix.txt -> [Ver = | Size = 3299 bytes | Modified Date = 1/14/2008 7:55:22 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/21/2008 1:25:20 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 11:55:12 AM | Attr = H ] $NtUninstallKB941644$ -> %SystemRoot%\$NtUninstallKB941644$ -> [Folder | Modified Date = 1/8/2008 9:08:48 PM | Attr = H ] $NtUninstallKB943485$ -> %SystemRoot%\$NtUninstallKB943485$ -> [Folder | Modified Date = 1/8/2008 9:08:20 PM | Attr = H ] .jagex_cache_32 -> %SystemRoot%\.jagex_cache_32 -> [Folder | Modified Date = 12/29/2007 12:27:52 PM | Attr = ] 0.LOG -> %SystemRoot%\0.LOG -> [Ver = | Size = 0 bytes | Modified Date = 1/22/2008 9:23:16 AM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 1/20/2008 10:07:36 PM | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 1/22/2008 9:22:14 AM | Attr = ] COMSETUP.LOG -> %SystemRoot%\COMSETUP.LOG -> [Ver = | Size = 409280 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/20/2008 10:08:00 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 1/17/2008 9:18:06 PM | Attr = ] FaxSetup.log -> %SystemRoot%\FaxSetup.log -> [Ver = | Size = 1215871 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] IIS6.LOG -> %SystemRoot%\IIS6.LOG -> [Ver = | Size = 191984 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/8/2008 9:08:40 PM | Attr = ] imsins.log -> %SystemRoot%\imsins.log -> [Ver = | Size = 1355 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 1/20/2008 8:01:32 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/17/2008 9:07:08 PM | Attr = HS] KB941644.log -> %SystemRoot%\KB941644.log -> [Ver = | Size = 11084 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] KB943485.log -> %SystemRoot%\KB943485.log -> [Ver = | Size = 11288 bytes | Modified Date = 1/8/2008 9:08:40 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 15760 bytes | Modified Date = 1/19/2008 2:18:28 PM | Attr = ] MSGSOCM.LOG -> %SystemRoot%\MSGSOCM.LOG -> [Ver = | Size = 61312 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] ntbtlog.txt -> %SystemRoot%\ntbtlog.txt -> [Ver = | Size = 436222 bytes | Modified Date = 1/20/2008 5:46:22 PM | Attr = ] ntdtcsetup.log -> %SystemRoot%\ntdtcsetup.log -> [Ver = | Size = 248059 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] OCGEN.LOG -> %SystemRoot%\OCGEN.LOG -> [Ver = | Size = 598625 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] OCMSN.LOG -> %SystemRoot%\OCMSN.LOG -> [Ver = | Size = 62934 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] pavsig.txt -> %SystemRoot%\pavsig.txt -> [Ver = | Size = 32 bytes | Modified Date = 1/20/2008 8:49:40 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/22/2008 4:15:46 PM | Attr = ] SchedLgU.Txt -> %SystemRoot%\SchedLgU.Txt -> [Ver = | Size = 32376 bytes | Modified Date = 1/22/2008 3:39:02 PM | Attr = ] SETUPACT.LOG -> %SystemRoot%\SETUPACT.LOG -> [Ver = | Size = 192931 bytes | Modified Date = 1/15/2008 4:07:22 PM | Attr = ] setupapi.log -> %SystemRoot%\setupapi.log -> [Ver = | Size = 842877 bytes | Modified Date = 1/20/2008 8:01:36 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/20/2008 10:15:56 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 243 bytes | Modified Date = 1/20/2008 12:20:42 PM | Attr = ] SYSTEM32 -> %System32% -> [Folder | Modified Date = 1/20/2008 10:19:40 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/20/2008 12:18:22 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/22/2008 4:09:44 PM | Attr = ] TSOC.LOG -> %SystemRoot%\TSOC.LOG -> [Ver = | Size = 472499 bytes | Modified Date = 1/8/2008 9:08:54 PM | Attr = ] UpdReg.EXE -> %SystemRoot%\UpdReg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 1/12/2008 11:59:34 AM | Attr = ] VHJldmFu -> %SystemRoot%\VHJldmFu -> [Folder | Modified Date = 1/12/2008 8:13:36 PM | Attr = HS] WIADEBUG.LOG -> %SystemRoot%\WIADEBUG.LOG -> [Ver = | Size = 159 bytes | Modified Date = 1/22/2008 9:22:44 AM | Attr = ] WIASERVC.LOG -> %SystemRoot%\WIASERVC.LOG -> [Ver = | Size = 49 bytes | Modified Date = 1/22/2008 9:22:40 AM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 1423 bytes | Modified Date = 1/20/2008 8:12:40 PM | Attr = ] WindowsUpdate.log -> %SystemRoot%\WindowsUpdate.log -> [Ver = | Size = 1664128 bytes | Modified Date = 1/22/2008 9:24:18 AM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 659 bytes | Modified Date = 1/12/2008 8:35:42 AM | Attr = ] wmsetup.log -> %SystemRoot%\wmsetup.log -> [Ver = | Size = 122374 bytes | Modified Date = 1/21/2008 9:12:42 PM | Attr = ] WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Modified Date = 1/4/2008 8:56:58 PM | Attr = ] McAfee.com Update Check (CORN-Teresa).job -> %SystemRoot%\tasks\McAfee.com Update Check (CORN-Teresa).job -> [Ver = | Size = 494 bytes | Modified Date = 1/22/2008 4:18:02 PM | Attr = ] McAfee.com Update Check (CORN-Trevan).job -> %SystemRoot%\tasks\McAfee.com Update Check (CORN-Trevan).job -> [Ver = | Size = 496 bytes | Modified Date = 1/22/2008 4:19:02 PM | Attr = ] McAfee.com Update Check (D3HN0N21-Owner).job -> %SystemRoot%\tasks\McAfee.com Update Check (D3HN0N21-Owner).job -> [Ver = | Size = 492 bytes | Modified Date = 1/22/2008 4:18:02 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/22/2008 9:22:18 AM | Attr = H ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/20/2008 10:16:04 PM | Attr = ] asfiles.txt -> %System32%\asfiles.txt -> [Ver = | Size = 0 bytes | Modified Date = 1/20/2008 8:15:38 PM | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/22/2008 9:47:28 AM | Attr = ] CONFIG -> %System32%\CONFIG -> [Folder | Modified Date = 1/20/2008 10:16:34 PM | Attr = ] ctfmon.exe -> %System32%\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 1/13/2008 8:14:46 PM | Attr = ] DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 1/17/2008 9:12:42 PM | Attr = RHS] DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 1/20/2008 11:34:18 PM | Attr = ] DSentry.exe -> %System32%\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 2, 0 | Size = 28672 bytes | Modified Date = 1/12/2008 11:59:38 AM | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/20/2008 8:49:34 PM | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 1/19/2008 11:19:12 AM | Attr = ] MRT.exe -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.37.2298.0 | Size = 17642616 bytes | Modified Date = 1/2/2008 10:21:36 AM | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/20/2008 8:49:34 PM | Attr = ] PnkBstrB.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 1/21/2008 9:05:48 AM | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 1/12/2008 4:39:30 PM | Attr = ] ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/20/2008 8:49:34 PM | Attr = ] WBEM -> %System32%\WBEM -> [Folder | Modified Date = 1/20/2008 10:19:26 PM | Attr = ] WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 1/22/2008 4:09:38 PM | Attr = ] WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26480 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] ctfmon.exe -> %System32%\dllcache\ctfmon.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 1/13/2008 8:14:46 PM | Attr = ] ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 1/20/2008 12:20:30 PM | Attr = ] PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 1/21/2008 9:06:06 AM | Attr = ] SSFS0BB9.sys -> %System32%\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 1/12/2008 8:13:34 PM | Attr = ] Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 1/19/2008 11:19:14 AM | Attr = ] SecTaskMan -> %AllUsersAppData%\SecTaskMan -> [Folder | Modified Date = 1/20/2008 12:18:08 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/12/2008 8:36:08 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/14/2008 6:17:00 PM | Attr = ] Webroot -> %AllUsersAppData%\Webroot -> [Folder | Modified Date = 1/14/2008 4:00:04 PM | Attr = ] Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 1/4/2008 12:29:12 PM | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 1/20/2008 5:40:20 PM | Attr = ] SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 1/14/2008 6:16:36 PM | Attr = ] Webroot -> %UserAppData%\Webroot -> [Folder | Modified Date = 1/14/2008 3:58:26 PM | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2658978 bytes | Modified Date = 1/12/2008 8:04:40 PM | Attr = H ] Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/11/2008 8:04:20 PM | Attr = ] My Money.mny -> %UserDocuments%\My Money.mny -> [Ver = | Size = 6213632 bytes | Modified Date = 1/19/2008 9:43:30 PM | Attr = ] vundofix.txt -> %UserDocuments%\vundofix.txt -> [Ver = | Size = 4015 bytes | Modified Date = 1/13/2008 8:10:14 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 1/20/2008 5:39:40 PM | Attr = ] Spy Sweeper.lnk -> %AllUsersDesktop%\Spy Sweeper.lnk -> [Ver = | Size = 1641 bytes | Modified Date = 1/14/2008 4:02:28 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/14/2008 6:16:42 PM | Attr = ] Activescan.txt -> %UserDesktop%\Activescan.txt -> [Ver = | Size = 464052 bytes | Modified Date = 1/20/2008 10:20:30 PM | Attr = ] avgas-setup-7.5.1.43-3339.exe -> %UserDesktop%\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Modified Date = 1/12/2008 1:20:20 PM | Attr = ] avgas-setup-8.5.1.43-3339.exe -> %UserDesktop%\avgas-setup-8.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Modified Date = 1/20/2008 5:38:16 PM | Attr = ] backups -> %UserDesktop%\backups -> [Folder | Modified Date = 1/21/2008 1:22:26 PM | Attr = ] ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1551923 bytes | Modified Date = 1/16/2008 5:28:02 PM | Attr = ] ComboFix.txt -> %UserDesktop%\ComboFix.txt -> [Ver = | Size = 11611 bytes | Modified Date = 1/18/2008 1:57:36 PM | Attr = ] Copy of Activescan.txt -> %UserDesktop%\Copy of Activescan.txt -> [Ver = | Size = 25437 bytes | Modified Date = 1/21/2008 11:16:28 AM | Attr = ] Copy of Report-Scan-20080120-195112.txt -> %UserDesktop%\Copy of Report-Scan-20080120-195112.txt -> [Ver = | Size = 24454 bytes | Modified Date = 1/21/2008 10:51:40 AM | Attr = ] Help and Support Center.lnk -> %UserDesktop%\Help and Support Center.lnk -> [Ver = | Size = 1938 bytes | Modified Date = 1/13/2008 1:32:40 PM | Attr = ] HiJackThis.exe -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 1/13/2008 8:49:12 PM | Attr = ] hijackthis.log -> %UserDesktop%\hijackthis.log -> [Ver = | Size = 9478 bytes | Modified Date = 1/21/2008 1:44:18 PM | Attr = ] install_flash_player.exe -> %UserDesktop%\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Modified Date = 1/4/2008 12:27:30 PM | Attr = ] kaspersky.txt -> %UserDesktop%\kaspersky.txt -> [Ver = | Size = 48504 bytes | Modified Date = 1/19/2008 1:14:06 PM | Attr = ] log2.txt -> %UserDesktop%\log2.txt -> [Ver = | Size = 12044 bytes | Modified Date = 1/17/2008 9:47:18 PM | Attr = ] Microsoft Money 2003.lnk -> %UserDesktop%\Microsoft Money 2003.lnk -> [Ver = | Size = 2381 bytes | Modified Date = 1/19/2008 9:43:10 PM | Attr = ] Report-Scan-20080120-195112.txt -> %UserDesktop%\Report-Scan-20080120-195112.txt -> [Ver = | Size = 1079806 bytes | Modified Date = 1/20/2008 7:51:56 PM | Attr = ] Shortcut to ComboFix.txt.lnk -> %UserDesktop%\Shortcut to ComboFix.txt.lnk -> [Ver = | Size = 415 bytes | Modified Date = 1/16/2008 6:09:44 PM | Attr = ] Solitaire (2).lnk -> %UserDesktop%\Solitaire (2).lnk -> [Ver = | Size = 1479 bytes | Modified Date = 1/14/2008 4:12:38 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 1/12/2008 7:53:30 AM | Attr = ] spybotsd15-1.exe -> %UserDesktop%\spybotsd15-1.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 1/12/2008 7:50:22 AM | Attr = ] spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd. [Ver = 1.5.1.15 | Size = 7467056 bytes | Modified Date = 1/12/2008 7:48:22 AM | Attr = ] ssftrialsnrsetup1_24617547-1.exe -> %UserDesktop%\ssftrialsnrsetup1_24617547-1.exe -> Webroot Software, Inc. [Ver = 5.5.7.103 | Size = 14651520 bytes | Modified Date = 1/12/2008 11:44:54 AM | Attr = ] ssftrialsnrsetup1_24617547.exe -> %UserDesktop%\ssftrialsnrsetup1_24617547.exe -> Webroot Software, Inc. [Ver = 5.5.7.103 | Size = 14651520 bytes | Modified Date = 1/12/2008 11:41:56 AM | Attr = ] SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/14/2008 6:15:02 PM | Attr = ] VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 1/13/2008 6:41:48 PM | Attr = ] Windows Update.lnk -> %UserDesktop%\Windows Update.lnk -> [Ver = | Size = 1932 bytes | Modified Date = 1/13/2008 1:32:44 PM | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 1/22/2008 4:15:10 PM | Attr = ] winpfind3u-1.exe -> %UserDesktop%\winpfind3u-1.exe -> [Ver = | Size = 404656 bytes | Modified Date = 1/22/2008 4:13:54 PM | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Modified Date = 1/22/2008 4:12:20 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 1/14/2008 6:15:38 PM | Attr = ] [File String Scan - All] File scan skipped for file %SystemDrive%\252.tmp -> File size too big (307859456 bytes) -> WSUD , -> %SystemRoot%\afs.bmp -> [Ver = | Size = 11614518 bytes | Modified Date = 7/27/2005 8:50:48 PM | Attr = ] PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] Thawte Consulting , USERTRUST , -> %System32%\initpki.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 147456 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ] PTech , -> %System32%\LegitCheckControl.dll -> Microsoft Corporation [Ver = 1.7.0036.0 | Size = 1485696 bytes | Modified Date = 4/24/2007 10:32:06 AM | Attr = ] PECompact2 , aspack , -> %System32%\MRT.exe -> Microsoft Corporation [Ver = 1.37.2298.0 | Size = 17642616 bytes | Modified Date = 1/2/2008 10:21:36 AM | Attr = ] aspack , -> %System32%\ntdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Modified Date = 8/3/2004 11:56:36 PM | Attr = ] WSUD , -> %System32%\nusrmgr.cpl -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Modified Date = 8/3/2004 11:56:58 PM | Attr = ] Umonitor , -> %System32%\rasdlg.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 3:00:00 AM | Attr = ] PTech , -> %System32%\WgaTray.exe -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Modified Date = 6/19/2006 3:19:26 PM | Attr = ] PEC2 , WSUD , -> %System32%\wmploc.dll -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Modified Date = 10/18/2006 8:47:20 PM | Attr = ] PTech , -> %System32%\dllcache\WgaTray.exe -> Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Modified Date = 6/19/2006 3:19:26 PM | Attr = ] PEC2 , WSUD , -> %System32%\dllcache\wmploc.dll -> Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Modified Date = 10/18/2006 8:47:20 PM | Attr = ] PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 8/3/2004 9:41:38 PM | Attr = ] UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1551923 bytes | Modified Date = 1/16/2008 5:28:02 PM | Attr = ] UPX! , UPX0 , -> %UserDesktop%\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 1/13/2008 8:49:12 PM | Attr = ] Thawte Consulting , -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 1/14/2008 6:15:02 PM | Attr = ] PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 1/13/2008 6:41:48 PM | Attr = ] < End of report >