WinPFind3 logfile created on: 2/1/2008 6:00:24 PM WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\HP_Owner\Desktop\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 383.48 Mb Total Physical Memory | 168.71 Mb Available Physical Memory | 44.00% Memory free 920.48 Mb Paging File | 604.15 Mb Available in Paging File | 65.63% Paging File free Paging file location(s): c:\pagefile.sys 576 1152; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.96 Gb Total Space | 126.29 Gb Free Space | 88.34% Space Free Drive D: | 6.07 Gb Total Space | 0.70 Gb Free Space | 11.47% Space Free E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: YOUR-03667082DE Current User Name: HP_Owner Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 65536 bytes | Modified Date = 9/23/2005 10:02:20 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 11:01:56 AM | Attr = ] alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 12:47:52 PM | Attr = ] aolhostmanager.exe -> %CommonProgramFiles%\AOL\1150760259\ee\AOLHostManager.exe -> America Online, Inc. [Ver = 1.3.5.0 | Size = 159832 bytes | Modified Date = 8/2/2005 1:33:04 PM | Attr = ] aolservicehost.exe -> %CommonProgramFiles%\AOL\1150760259\ee\AOLServiceHost.exe -> America Online, Inc. [Ver = 1.3.5.0 | Size = 151640 bytes | Modified Date = 8/2/2005 1:33:04 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ] frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 11/17/2006 1:37:44 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] hphmon06.exe -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 7:42:30 PM | Attr = ] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 327680 bytes | Modified Date = 12/18/2004 8:14:42 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 00, 100, 1161 | Size = 69632 bytes | Modified Date = 4/13/2004 6:07:18 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 278528 bytes | Modified Date = 12/18/2004 12:20:14 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 9:02:48 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 11/17/2006 3:06:00 AM | Attr = ] naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11/17/2006 1:40:56 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 10/21/2004 7:58:40 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3034 | Size = 180269 bytes | Modified Date = 10/21/2004 7:39:50 PM | Attr = ] shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 112216 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.826 | Size = 1123008 bytes | Modified Date = 5/8/2006 9:49:58 PM | Attr = ] udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11/17/2006 1:39:58 PM | Attr = ] vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ] wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ] wusb54gv4.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe -> Linksys [Ver = 4.6.2.10 | Size = 1513472 bytes | Modified Date = 3/24/2005 9:02:00 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 6:31:10 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] (iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 327680 bytes | Modified Date = 12/18/2004 8:14:42 PM | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 11/17/2006 1:37:44 PM | Attr = ] (McShield) McAfee McShield [Win32_Own | Auto | Paused] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] (McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.5.3 | Size = 311112 bytes | Modified Date = 11/2/2007 5:24:58 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.5.24 | Size = 1418056 bytes | Modified Date = 11/2/2007 5:25:04 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.826 | Size = 1123008 bytes | Modified Date = 5/8/2006 9:49:58 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Stopped] -> -> File not found (WUSB54Gv4SVC) WUSB54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 10:56:14 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 3:25:42 AM | Attr = ] Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ] AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 11:01:56 AM | Attr = ] AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 12:47:52 PM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1150760259\ee\AOLHostManager.exe -> America Online, Inc. [Ver = 1.3.5.0 | Size = 159832 bytes | Modified Date = 8/2/2005 1:33:04 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] HPHmon06 -> %System32%\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 7:42:30 PM | Attr = ] HPHUPD06 -> %ProgramFiles%\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Modified Date = 6/7/2004 7:53:26 PM | Attr = ] hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 5:04:38 PM | Attr = ] IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 11:55:14 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 00, 100, 1131 | Size = 196608 bytes | Modified Date = 4/17/2004 12:41:30 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 00, 100, 1161 | Size = 69632 bytes | Modified Date = 4/13/2004 6:07:18 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.7.1.30 | Size = 278528 bytes | Modified Date = 12/18/2004 12:20:14 AM | Attr = ] KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 9:02:48 PM | Attr = ] LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 10:54:32 PM | Attr = ] McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 11/17/2006 1:39:58 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 10/21/2004 7:58:40 PM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 9:43:46 PM | Attr = ] ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 112216 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] SiSPower -> %System32%\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3630 | Size = 49152 bytes | Modified Date = 9/24/2004 10:49:34 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:36 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3034 | Size = 180269 bytes | Modified Date = 10/21/2004 7:39:50 PM | Attr = ] UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 9:01:00 AM | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersStartup%\Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 10/21/2004 8:25:36 PM | Attr = ] < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 6:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 11:50:54 PM | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Search Page -> http://www.google.com -> HKLM: Start Page -> http://www.google.com -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKCU: Start Page -> http://www.google.com -> HKCU: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found HKCU: ProxyEnable -> 0 -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/23/2005 8:12:08 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 12:41:14 PM | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan Enterprise\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = R ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> [HKLM] -> Reg Data - Key not found [ScriptInocUI Class] -> File not found {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = R ] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP View] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ] {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 12:41:14 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP View] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ] WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = R ] WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKLM] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> %ProgramFiles%\HP\Digital Imaging\bin\HPDTLK02.dll [HP View] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Modified Date = 11/21/2003 1:26:28 PM | Attr = ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKLM] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 12:41:14 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 8/4/2005 9:54:42 PM | Attr = ] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found {3369AF0D-62E9-4bda-8103-B4C75499B578} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ] < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ -> .csm -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .csml -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .cub -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .cube -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .dx -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .emb -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .embl -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .gau -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .jdx -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .mol -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .mop -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .pdb -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .rxn -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .scr -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .skc -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .spt -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .tgf -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] .xyz -> %ProgramFiles%\Internet Explorer\PLUGINS\npchime.dll [MDL Chime 2.6 SP6] -> MDL Information Systems, Inc. [Ver = 2, 6, 6,0000 | Size = 1650688 bytes | Modified Date = 3/1/2004 12:24:58 PM | Attr = ] < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {5F925446-3761-4FC8-A567-BCBCE8CCF8BA} -> (1394 Net Adapter) -> {76C3331A-7487-4338-804D-A2E6BFAFA771} -> () -> {7A7312A8-687D-4660-934D-9A308CF41D45} -> () -> {AA70644E-FDA6-4B51-9614-25990428193E} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 -> {31E68DE2-5548-4B23-88F0-C51E6A0F695E} -> Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196721323593 -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132107705592 -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -> [Files/Folders - Created Within 30 days] backreg -> %SystemDrive%\backreg -> [Folder | Created Date = 1/16/2008 1:27:52 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/30/2008 7:26:07 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 402182144 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 1/30/2008 4:56:27 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 1/30/2008 4:53:55 PM | Attr = ] $NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 1/4/2008 12:30:33 PM | Attr = H ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/30/2008 7:26:48 AM | Attr = ] guard.bmp -> %SystemRoot%\guard.bmp -> [Ver = | Size = 57556 bytes | Created Date = 1/16/2008 1:23:52 PM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 1/31/2008 5:08:33 PM | Attr = ] lsoon.ini -> %SystemRoot%\lsoon.ini -> [Ver = | Size = 77 bytes | Created Date = 1/16/2008 6:39:51 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/30/2008 4:56:25 PM | Attr = ] winstart.bat -> %SystemRoot%\winstart.bat -> [Ver = | Size = 2 bytes | Created Date = 1/16/2008 1:26:34 PM | Attr = RHS] XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 368 bytes | Created Date = 1/5/2008 12:15:56 PM | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 1/26/2008 11:57:08 AM | Attr = ] asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 1/26/2008 11:57:46 AM | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 1/26/2008 11:57:12 AM | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/13/2008 4:30:45 PM | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/13/2008 4:30:45 PM | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/13/2008 4:30:45 PM | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/13/2008 4:30:45 PM | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 1/11/2008 4:50:44 PM | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 1/26/2008 11:57:11 AM | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 1/30/2008 4:56:25 PM | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/30/2008 4:56:25 PM | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/30/2008 4:56:25 PM | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4878 bytes | Created Date = 1/6/2008 7:02:46 PM | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 1/26/2008 11:57:13 AM | Attr = ] VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 1/30/2008 4:56:25 PM | Attr = ] ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 1/26/2008 11:57:46 AM | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 1/24/2008 2:29:41 PM | Attr = ] ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1036 built by: WinDDK | Size = 41288 bytes | Created Date = 1/6/2008 6:29:32 PM | Attr = ] iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Created Date = 1/6/2008 6:29:32 PM | Attr = ] iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Created Date = 1/6/2008 6:29:32 PM | Attr = ] kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29000 bytes | Created Date = 1/6/2008 6:29:32 PM | Attr = ] hosts.20080122-204056.backup -> %System32%\drivers\etc\hosts.20080122-204056.backup -> [Ver = | Size = 734 bytes | Created Date = 1/22/2008 8:40:56 PM | Attr = ] [Files/Folders - Modified Within 30 days] backreg -> %SystemDrive%\backreg -> [Folder | Modified Date = 1/16/2008 6:39:54 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/30/2008 7:16:54 AM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/30/2008 7:26:08 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/6/2008 6:57:24 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 402182144 bytes | Modified Date = 1/31/2008 5:03:28 PM | Attr = HS] hp -> %SystemDrive%\hp -> [Folder | Modified Date = 1/16/2008 5:12:10 PM | Attr = H ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/31/2008 5:00:56 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 1/31/2008 5:12:44 PM | Attr = ] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 1/28/2008 3:18:34 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 1/6/2008 7:00:40 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/24/2008 2:20:44 PM | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 1/22/2008 6:21:24 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/1/2008 5:57:00 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 1/30/2008 4:53:56 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/10/2008 8:33:24 AM | Attr = H ] $NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 1/4/2008 12:30:36 PM | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 1/15/2008 7:30:18 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/31/2008 5:03:28 PM | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 26914 bytes | Modified Date = 1/4/2008 1:57:36 PM | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 1/22/2008 5:56:02 PM | Attr = HS] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/30/2008 7:28:18 AM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 1/31/2008 5:01:14 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/4/2008 12:32:06 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/31/2008 5:11:30 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/30/2008 7:16:46 AM | Attr = HS] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 1/31/2008 5:08:34 PM | Attr = ] lsoon.ini -> %SystemRoot%\lsoon.ini -> [Ver = | Size = 77 bytes | Modified Date = 1/16/2008 6:39:52 PM | Attr = ] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 402210816 bytes | Modified Date = 1/16/2008 7:07:20 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 1/16/2008 7:07:24 PM | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 1/22/2008 6:21:24 AM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 1/22/2008 6:23:54 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/1/2008 5:59:14 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/24/2008 2:12:08 PM | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 1/22/2008 6:22:26 AM | Attr = H ] system -> %SystemRoot%\system -> [Folder | Modified Date = 1/22/2008 6:20:18 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/31/2008 5:03:56 PM | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 1/31/2008 5:00:56 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/31/2008 5:01:04 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/1/2008 5:58:24 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 699 bytes | Modified Date = 1/22/2008 6:23:16 AM | Attr = ] winstart.bat -> %SystemRoot%\winstart.bat -> [Ver = | Size = 2 bytes | Modified Date = 1/16/2008 1:32:04 PM | Attr = RHS] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/31/2008 5:03:42 PM | Attr = H ] XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 368 bytes | Modified Date = 1/29/2008 6:38:20 AM | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 1/26/2008 11:58:10 AM | Attr = ] AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Modified Date = 1/16/2008 1:32:04 PM | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/15/2008 11:45:50 PM | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/31/2008 5:08:28 PM | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 1/31/2008 5:01:26 PM | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 1/16/2008 1:32:04 PM | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/22/2008 6:23:14 AM | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 1/31/2008 5:12:50 PM | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 181040 bytes | Modified Date = 1/22/2008 9:24:56 PM | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 1/26/2008 12:03:26 PM | Attr = ] mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 57 bytes | Modified Date = 1/15/2008 7:30:06 PM | Attr = ] NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 1/11/2008 4:52:24 PM | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 1/26/2008 12:03:26 PM | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55324 bytes | Modified Date = 1/6/2008 6:31:34 PM | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 386360 bytes | Modified Date = 1/6/2008 6:31:34 PM | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 448136 bytes | Modified Date = 1/6/2008 6:31:34 PM | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 1/24/2008 2:20:44 PM | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 4878 bytes | Modified Date = 1/6/2008 8:05:08 PM | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 1/26/2008 12:03:26 PM | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12674 bytes | Modified Date = 1/31/2008 5:06:22 PM | Attr = ] etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/31/2008 5:03:48 PM | Attr = ] iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 56832 bytes | Modified Date = 1/6/2008 6:33:54 PM | Attr = ] iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1025a | Size = 74240 bytes | Modified Date = 1/6/2008 6:33:54 PM | Attr = ] hosts.20080122-204056.backup -> %System32%\drivers\etc\hosts.20080122-204056.backup -> [Ver = | Size = 734 bytes | Modified Date = 1/6/2008 8:05:06 PM | Attr = ] [File String Scan - Non-Microsoft Only] File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (402210816 bytes) -> WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.0.43 | Size = 18694144 bytes | Modified Date = 4/18/2005 10:03:48 AM | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] Thawte Consulting , USERTRUST , -> %System32%\epoPGPsdk.dll -> PGP Corporation [Ver = 3.5.3 | Size = 1495552 bytes | Modified Date = 11/17/2006 3:06:00 AM | Attr = ] PTech , -> %System32%\igfxhcsy.lhp -> [Ver = | Size = 59914 bytes | Modified Date = 8/20/2004 11:56:24 PM | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] UPX! , UPX0 , -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] < End of report >