[code] WinPFind35 logfile created on: 19/02/2008 AM 01:40:33 WinPFind35U Version Beta52 Folder = C:\Documents and Settings\Kunal Goel\Desktop\WinPFind35u Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.43% Memory free 3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.27% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 98.79 Gb Total Space | 1.67 Gb Free Space | 1.69% Space Free | Partition Type: NTFS Drive D: | 11.97 Gb Total Space | 0.04 Gb Free Space | 0.38% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KUNAL Current User Name: Kunal Goel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 11/11/2005 AM 04:15:00 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 11/11/2005 AM 04:15:00 | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 22/01/2007 PM 10:19:34 | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 22/01/2007 PM 10:19:28 | Attr = ] ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 13/09/2007 PM 05:49:48 | Attr = ] pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 PM 06:30:14 | Attr = ] sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.8.804 | Size = 214408 bytes | Modified Date = 01/10/2007 PM 02:50:08 | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 PM 03:50:18 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 21/09/2007 PM 12:23:35 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 PM 01:28:18 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 PM 06:03:42 | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 258103 bytes | Modified Date = 16/08/2005 AM 11:49:52 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 18/12/2005 PM 06:26:54 | Attr = ] navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 23/05/2007 PM 12:13:38 | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 03/03/2006 PM 09:03:10 | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 2 | Size = 98304 bytes | Modified Date = 28/11/2005 PM 10:37:42 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.0.13 17Jun05 | Size = 729178 bytes | Modified Date = 20/06/2005 AM 02:20:08 | Attr = ] eabservr.exe -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 20, 6, 2 | Size = 409600 bytes | Modified Date = 08/12/2005 AM 12:26:56 | Attr = ] hp wireless assistant.exe -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 13/12/2005 PM 04:45:58 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 22/01/2007 PM 10:19:26 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 AM 02:41:10 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5171 | Size = 344064 bytes | Modified Date = 11/11/2005 AM 10:35:00 | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/07/2007 PM 07:52:10 | Attr = ] bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 577597 bytes | Modified Date = 16/08/2005 AM 11:56:00 | Attr = ] hpqtoa~1.exe -> %ProgramFiles%\HPQ\shared\HpqToaster.exe -> [Ver = 1, 0, 0, 6 | Size = 516182 bytes | Modified Date = 08/12/2005 PM 01:45:12 | Attr = ] btstac~1.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTStackServer.exe -> Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 1269844 bytes | Modified Date = 16/08/2005 AM 11:54:46 | Attr = ] nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 PM 01:36:28 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 11/02/2008 PM 11:27:03 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 AM 03:22:44 | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 16/02/2008 PM 01:03:26 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/07/2007 PM 04:56:36 | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 PM 01:28:18 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 389120 bytes | Modified Date = 11/11/2005 AM 04:15:00 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 PM 06:03:42 | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 258103 bytes | Modified Date = 16/08/2005 AM 11:49:52 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 192104 bytes | Modified Date = 22/01/2007 PM 10:19:28 | Attr = ] (ccISPwdSvc) Symantec Internet Security Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\CCPWDSVC.EXE -> Symantec Corporation [Ver = 9.1.0.34 | Size = 72328 bytes | Modified Date = 03/02/2006 PM 06:29:36 | Attr = ] (ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 104.0.16.1 | Size = 202088 bytes | Modified Date = 13/09/2007 PM 05:49:48 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 169576 bytes | Modified Date = 22/01/2007 PM 10:19:34 | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\COMHOST.EXE -> Symantec Corporation [Ver = 9.1.1.7 | Size = 45696 bytes | Modified Date = 16/01/2007 AM 11:25:28 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 01/02/2007 PM 09:27:40 | Attr = ] (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 2 | Size = 98304 bytes | Modified Date = 28/11/2005 PM 10:37:42 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 AM 12:41:10 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 15/01/2008 AM 03:22:44 | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.62.1 | Size = 73728 bytes | Modified Date = 18/12/2005 PM 06:26:54 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 25/07/2006 PM 06:03:42 | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 PM 06:30:14 | Attr = ] (navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.8.0.4 | Size = 139888 bytes | Modified Date = 23/05/2007 PM 12:13:38 | Attr = ] (NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 PM 01:36:28 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found (SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 27/08/2005 AM 02:52:48 | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.8.804 | Size = 214408 bytes | Modified Date = 01/10/2007 PM 02:50:08 | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 PM 03:50:18 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1247600 bytes | Modified Date = 21/09/2007 PM 12:23:35 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 PM 10:16:38 | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5171 | Size = 344064 bytes | Modified Date = 11/11/2005 AM 10:35:00 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 104.0.14.2 | Size = 52840 bytes | Modified Date = 22/01/2007 PM 10:19:26 | Attr = ] Cpqset -> %ProgramFiles%\HPQ\Default Settings\Cpqset.exe -> [Ver = | Size = 233534 bytes | Modified Date = 02/08/2005 AM 03:56:42 | Attr = ] eabconfg.cpl -> %ProgramFiles%\HPQ\Quick Launch Buttons\eabservr.exe -> Hewlett-Packard [Ver = 5, 20, 6, 2 | Size = 409600 bytes | Modified Date = 08/12/2005 AM 12:26:56 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19/02/2006 AM 02:41:10 | Attr = ] hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 3, 1 | Size = 507904 bytes | Modified Date = 13/12/2005 PM 04:45:58 | Attr = ] RecGuard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 6, 0, 66, 5 | Size = 1187840 bytes | Modified Date = 11/10/2005 PM 11:53:50 | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 PM 06:30:14 | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.0.13 17Jun05 | Size = 729178 bytes | Modified Date = 20/06/2005 AM 02:20:08 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/07/2007 PM 07:52:10 | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.23 | Size = 439872 bytes | Modified Date = 18/08/2007 AM 02:18:02 | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.23 | Size = 439872 bytes | Modified Date = 18/08/2007 AM 02:18:02 | Attr = ] < Run [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 06/07/2007 PM 07:52:10 | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 577597 bytes | Modified Date = 16/08/2005 AM 11:56:00 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Kunal Goel Startup Folder > -> C:\Documents and Settings\Kunal Goel\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 PM 07:16:50 | Attr = ] %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 PM 12:04:08 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4123 | Size = 47616 bytes | Modified Date = 11/11/2005 AM 04:16:00 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> //@install.mar@/ .[msni] -> My Computer -> //@mail.mar@/ .[msni] -> Local intranet -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> //@install.mar@/ .[msni] -> My Computer -> //@mail.mar@/ .[msni] -> Local intranet -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 PM 11:08:42 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] {9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 AM 09:50:26 | Attr = ] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 23/05/2007 PM 12:13:40 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 PM 11:55:32 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 06/07/2007 PM 07:52:06 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security 2006] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 AM 09:50:26 | Attr = ] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 PM 11:55:32 | Attr = R ] {C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 23/05/2007 PM 12:13:40 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 PM 11:55:32 | Attr = R ] ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 23/05/2007 PM 12:13:40 | Attr = ] WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security 2006] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 AM 09:50:26 | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 PM 11:55:32 | Attr = R ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 23/05/2007 PM 12:13:40 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 PM 11:55:32 | Attr = R ] ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 23/05/2007 PM 12:13:40 | Attr = ] WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security 2006] -> Symantec Corporation [Ver = 9.0.0.73 | Size = 94336 bytes | Modified Date = 25/09/2005 AM 09:50:26 | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 PM 11:55:32 | Attr = R ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.8.0.4 | Size = 140912 bytes | Modified Date = 23/05/2007 PM 12:13:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 29/05/2003 PM 01:53:12 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/11/2005 AM 02:52:10 | Attr = ] CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\] > -> HKEY_USERS\S-1-5-21-1974758193-4249860321-1430741522-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 29/05/2003 PM 01:53:12 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {192FABD3-213E-4AED-BEEF-E7FE90A05E7C} -> () -> {211EC826-AFE5-4945-9459-3D9CD6218E22} -> (Sony Ericsson Device 049 USB Ethernet Emulation (NDIS 5)) -> {5712FCEE-B70F-4293-9B8B-E61BCD669344} -> (1394 Net Adapter) -> {62718DE0-F024-421E-B18E-850E246ADF34} -> () -> {63BB790C-F5CF-4719-A350-51D952BD1D5D} -> 202.56.215.55,202.56.215.54 (USB Remote NDIS Device) -> {8EF9CE27-B9CE-44D6-82A3-2DCCE3FD436B} -> (Broadcom 802.11a/b/g WLAN) -> {8F59C74F-C069-45E5-9D6D-D0602CB56339} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {C48740A1-5038-44E4-99D7-116936BBD2B5} -> 203.94.243.70,203.94.227.70 (USB Remote NDIS Device) -> {C9A50ED2-C410-47A8-BF42-031DDAC9E10E} -> () -> {DAAE1DA6-C0E1-4749-B5B8-B4C7557B40CD} -> 203.94.243.70,203.94.227.70 (USB Remote NDIS Device) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00B71CFB-6864-4346-A978-C0A14556272C}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab[Checkers Class] -> {14B87622-7E19-4EA8-93B3-97215F77A6BC}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab50997.cab[MessengerStatsClient Class] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {2917297F-F02B-4B9D-81DF-494B6333150B}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab50997.cab[Minesweeper Flags Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://arjungoel.spaces.live.com//PhotoUpload/MsnPUpld.cab[MSN Photo Upload Tool] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6A060448-60F9-11D5-A6CD-0002B31F7455}[HKEY_LOCAL_MACHINE] -> [ExentInf Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab[MessengerStatsClient Class] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {E6187999-9FEC-46A1-A20F-F4CA977D5643}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/Chess.cab50997.cab[ZoneChess Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 PM 11:19:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 PM 07:51:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 AM 10:07:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1024 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11490 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 AM 10:09:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 10/08/2004 PM 08:30:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 AM 10:09:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 17/02/2008 PM 11:21:56 | Attr = ] Valve -> %SystemDrive%\Valve -> [Folder | Created Date = 08/01/2008 AM 08:03:28 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 17/02/2008 PM 02:05:26 | Attr = ] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 25/11/2007 AM 12:14:37 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] HPZidr12.dll -> %SystemRoot%\System32\HPZidr12.dll -> HP [Ver = 10, 1, 1, 5 | Size = 282680 bytes | Modified Date = 03/03/2006 PM 09:03:38 | Attr = ] HPZinw12.exe -> %SystemRoot%\System32\HPZinw12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 65536 bytes | Modified Date = 03/03/2006 PM 09:03:22 | Attr = ] HPZipm12.exe -> %SystemRoot%\System32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 03/03/2006 PM 09:03:10 | Attr = ] HPZipr12.dll -> %SystemRoot%\System32\HPZipr12.dll -> HP [Ver = 10, 1, 1, 5 | Size = 204800 bytes | Modified Date = 03/03/2006 PM 09:02:58 | Attr = ] HPZipt12.dll -> %SystemRoot%\System32\HPZipt12.dll -> HP [Ver = 10, 1, 1, 5 | Size = 94208 bytes | Modified Date = 03/03/2006 PM 09:02:30 | Attr = ] HPZisn12.dll -> %SystemRoot%\System32\HPZisn12.dll -> HP [Ver = 10, 1, 1, 5 | Size = 57344 bytes | Modified Date = 03/03/2006 PM 09:02:04 | Attr = ] hpzll4pi.dll -> %SystemRoot%\System32\hpzll4pi.dll -> Hewlett-Packard Company [Ver = 60.061.243.00 | Size = 48640 bytes | Modified Date = 03/06/2006 PM 09:29:16 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 10/01/2008 PM 03:27:44 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 10/01/2008 PM 03:27:46 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 17/02/2008 PM 11:23:13 | Attr = ] HPHins12.dat -> %SystemRoot%\HPHins12.dat -> [Ver = | Size = 123979 bytes | Modified Date = 06/12/2007 PM 01:15:33 | Attr = ] hphmdl12.dat -> %SystemRoot%\hphmdl12.dat -> [Ver = | Size = 14916 bytes | Modified Date = 13/06/2006 AM 05:12:29 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 31/08/2000 AM 08:00:00 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 17/02/2008 PM 11:55:24 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Hamachi -> %AppData%\Hamachi -> [Folder | Created Date = 25/11/2007 AM 12:15:27 | Attr = ] Sports Interactive -> %AppData%\Sports Interactive -> [Folder | Created Date = 26/11/2007 PM 03:51:06 | Attr = ] Xfire -> %AppData%\Xfire -> [Folder | Created Date = 25/11/2007 AM 12:40:00 | Attr = ] Steam -> %UserProfile%\Local Settings\Application Data\Steam -> [Folder | Created Date = 14/01/2008 PM 10:28:44 | Attr = ] Sports Interactive -> %AllUsersProfile%\Documents\Sports Interactive -> [Folder | Created Date = 26/11/2007 PM 03:51:06 | Attr = ] 1french solved 9th.pdf -> %UserProfile%\My Documents\1french solved 9th.pdf -> [Ver = | Size = 49905 bytes | Modified Date = 18/02/2008 AM 11:35:20 | Attr = ] French IX Unsolved.pdf -> %UserProfile%\My Documents\French IX Unsolved.pdf -> [Ver = | Size = 1150866 bytes | Modified Date = 18/02/2008 AM 11:35:20 | Attr = ] Sports Interactive -> %UserProfile%\My Documents\Sports Interactive -> [Folder | Created Date = 26/11/2007 PM 03:51:06 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 01/02/2008 AM 02:49:07 | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 20/01/2008 PM 08:45:25 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1597661 bytes | Modified Date = 17/02/2008 PM 11:18:55 | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 19/02/2008 AM 01:22:17 | Attr = ] fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 69 bytes | Modified Date = 19/02/2008 AM 01:37:15 | Attr = ] fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 186 bytes | Modified Date = 19/02/2008 AM 01:35:30 | Attr = ] Football Manager.lnk -> %UserProfile%\Desktop\Football Manager.lnk -> [Ver = | Size = 1169 bytes | Modified Date = 26/11/2007 PM 07:36:43 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 17/02/2008 PM 11:58:39 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 19/02/2008 AM 01:38:30 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480802 bytes | Modified Date = 19/02/2008 AM 01:37:38 | Attr = ] Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 988 bytes | Modified Date = 14/07/2007 PM 04:59:27 | Attr = ] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 19/02/2008 AM 01:32:53 | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 08/02/2008 AM 12:31:06 | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 19/02/2008 AM 01:25:59 | Attr = H ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145636352 bytes | Modified Date = 19/02/2008 AM 12:41:11 | Attr = HS] hpqp.ini -> %SystemDrive%\hpqp.ini -> [Ver = | Size = 1230 bytes | Modified Date = 05/02/2008 AM 12:44:38 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/02/2008 AM 01:32:32 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 17/02/2008 PM 11:55:22 | Attr = ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 11/01/2008 AM 05:39:27 | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 232 bytes | Modified Date = 12/01/2008 PM 03:19:39 | Attr = H ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 232 bytes | Modified Date = 18/01/2008 AM 02:02:39 | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 20/01/2008 PM 06:54:51 | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 11/01/2008 AM 05:39:27 | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/01/2008 PM 03:19:39 | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 18/01/2008 AM 02:02:39 | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 20/01/2008 PM 06:54:51 | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 17/02/2008 PM 11:22:09 | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 25/11/2007 AM 12:12:47 | Attr = ] Valve -> %SystemDrive%\Valve -> [Folder | Modified Date = 14/01/2008 PM 09:54:14 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 17/02/2008 PM 02:30:05 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 19/02/2008 AM 01:37:59 | Attr = ] XP_TV.ini -> %SystemDrive%\XP_TV.ini -> [Ver = | Size = 40 bytes | Modified Date = 03/02/2008 PM 03:11:03 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 17/02/2008 PM 11:49:38 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 17/02/2008 PM 11:49:38 | Attr = ] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 25/11/2007 AM 12:14:37 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 19/02/2008 AM 01:16:19 | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 07/12/2007 PM 10:41:34 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 17/02/2008 PM 11:46:28 | Attr = ] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 11/01/2008 PM 08:20:33 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 15/02/2008 AM 02:35:59 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 17/02/2008 PM 11:55:27 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4 | Size = 57344 bytes | Modified Date = 10/01/2008 PM 03:27:44 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4 | Size = 90112 bytes | Modified Date = 10/01/2008 PM 03:27:46 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 17/02/2008 PM 11:29:04 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 19/02/2008 AM 12:42:36 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/02/2008 PM 07:50:34 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 19/02/2008 AM 12:41:21 | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 19/02/2008 AM 01:16:20 | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 19/02/2008 AM 01:34:05 | Attr = ] HPHins12.dat -> %SystemRoot%\HPHins12.dat -> [Ver = | Size = 123979 bytes | Modified Date = 06/12/2007 PM 01:15:33 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 15/02/2008 AM 02:33:53 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 15/02/2008 AM 02:35:10 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 19/02/2008 AM 01:16:20 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 19/02/2008 AM 01:26:01 | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 19/02/2008 AM 01:39:25 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 17/01/2008 PM 02:43:55 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 19/02/2008 AM 12:41:58 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 17/02/2008 PM 11:49:52 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 19/02/2008 AM 01:22:19 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 17/02/2008 PM 11:42:57 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 19/02/2008 AM 01:26:28 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 669 bytes | Modified Date = 08/02/2008 AM 12:31:06 | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 59 bytes | Modified Date = 06/12/2007 PM 01:10:34 | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 19/02/2008 AM 01:26:02 | Attr = ] Norton AntiVirus - Run Full System Scan - Kunal Goel.job -> %SystemRoot%\tasks\Norton AntiVirus - Run Full System Scan - Kunal Goel.job -> [Ver = | Size = 558 bytes | Modified Date = 16/02/2008 PM 09:05:15 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 19/02/2008 AM 12:41:32 | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 11424 bytes | Modified Date = 19/02/2008 AM 12:42:50 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 11424 bytes | Modified Date = 19/02/2008 AM 12:42:50 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 26/08/2007 AM 12:28:07 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 14/06/2007 PM 07:13:56 | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 14/06/2007 PM 07:14:56 | Attr = ] Setup.exe -> C:\Documents and Settings\Kunal Goel\Local Settings\Temp\Adobe Reader 8\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.2 | Size = 304520 bytes | Modified Date = 12/01/2008 AM 09:15:08 | Attr = ] nos_10824.dat -> C:\Documents and Settings\Kunal Goel\Local Settings\Temp\Adobe_Downloads\nos_10824.dat -> [Ver = 1.0.0.921 | Size = 23454528 bytes | Modified Date = 19/02/2008 AM 01:22:12 | Attr = ] {AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\Kunal Goel\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 753 bytes | Modified Date = 19/02/2008 AM 01:25:59 | Attr = ] abcpy.ini -> C:\Documents and Settings\Kunal Goel\Local Settings\Temp\Adobe Reader 8\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 15/11/2006 PM 09:08:14 | Attr = ] setup.ini -> C:\Documents and Settings\Kunal Goel\Local Settings\Temp\Adobe Reader 8\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 25/08/2006 PM 10:30:33 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 19/02/2008 AM 01:25:58 | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 15/02/2008 AM 02:35:49 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 19/02/2008 AM 01:08:34 | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 19/02/2008 AM 01:09:00 | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 03/02/2008 AM 01:39:50 | Attr = ] Hamachi -> %AppData%\Hamachi -> [Folder | Modified Date = 25/11/2007 AM 12:32:11 | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 08/02/2008 PM 11:34:13 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 08/12/2007 PM 09:00:43 | Attr = S] Sports Interactive -> %AppData%\Sports Interactive -> [Folder | Modified Date = 26/11/2007 PM 03:51:06 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 17/02/2008 PM 01:41:19 | Attr = ] Xfire -> %AppData%\Xfire -> [Folder | Modified Date = 25/11/2007 AM 01:10:47 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 03/02/2008 AM 01:42:33 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 176128 bytes | Modified Date = 17/02/2008 PM 10:33:19 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1575148 bytes | Modified Date = 08/01/2008 AM 10:40:44 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 26/01/2008 AM 03:08:04 | Attr = ] Steam -> %UserProfile%\Local Settings\Application Data\Steam -> [Folder | Modified Date = 14/01/2008 PM 10:28:44 | Attr = ] Sports Interactive -> %AllUsersProfile%\Documents\Sports Interactive -> [Folder | Modified Date = 26/11/2007 PM 03:51:06 | Attr = ] 1french solved 9th.pdf -> %UserProfile%\My Documents\1french solved 9th.pdf -> [Ver = | Size = 49905 bytes | Modified Date = 18/02/2008 AM 11:35:20 | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 18/02/2008 AM 12:01:50 | Attr = ] French IX Unsolved.pdf -> %UserProfile%\My Documents\French IX Unsolved.pdf -> [Ver = | Size = 1150866 bytes | Modified Date = 18/02/2008 AM 11:35:20 | Attr = ] Important -> %UserProfile%\My Documents\Important -> [Folder | Modified Date = 18/02/2008 PM 12:03:01 | Attr = ] Misc -> %UserProfile%\My Documents\Misc -> [Folder | Modified Date = 09/02/2008 AM 01:42:13 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 08/02/2008 AM 02:26:42 | Attr = R ] My eBooks -> %UserProfile%\My Documents\My eBooks -> [Folder | Modified Date = 26/01/2008 AM 12:07:18 | Attr = ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Modified Date = 18/02/2008 AM 12:04:31 | Attr = ] My Movies -> %UserProfile%\My Documents\My Movies -> [Folder | Modified Date = 04/02/2008 AM 02:38:13 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 07/12/2007 PM 10:43:08 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 09/12/2007 PM 04:38:02 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 18/02/2008 AM 12:03:50 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 588 bytes | Modified Date = 15/02/2008 AM 02:26:00 | Attr = ] My Softwares -> %UserProfile%\My Documents\My Softwares -> [Folder | Modified Date = 18/02/2008 AM 12:04:31 | Attr = ] My TV Shows -> %UserProfile%\My Documents\My TV Shows -> [Folder | Modified Date = 31/01/2008 AM 03:03:34 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 04/02/2008 AM 02:38:45 | Attr = R ] Sports Interactive -> %UserProfile%\My Documents\Sports Interactive -> [Folder | Modified Date = 11/01/2008 PM 08:03:54 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 01/02/2008 AM 02:49:07 | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 20/01/2008 PM 08:45:25 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1597661 bytes | Modified Date = 17/02/2008 PM 11:18:55 | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 19/02/2008 AM 01:22:17 | Attr = ] fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 69 bytes | Modified Date = 19/02/2008 AM 01:37:15 | Attr = ] fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 186 bytes | Modified Date = 19/02/2008 AM 01:35:30 | Attr = ] Football Manager.lnk -> %UserProfile%\Desktop\Football Manager.lnk -> [Ver = | Size = 1169 bytes | Modified Date = 26/11/2007 PM 07:36:43 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 17/02/2008 PM 11:58:39 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 10/01/2008 PM 05:52:32 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 19/02/2008 AM 01:38:30 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480802 bytes | Modified Date = 19/02/2008 AM 01:37:38 | Attr = ] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 19/02/2008 AM 01:32:53 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 19/02/2008 AM 01:25:17 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 19/02/2008 AM 01:16:36 | Attr = ] < End of report > [/code]