[code] WinPFind35 logfile created on: 2/22/2008 10:47:10 AM WinPFind35U Version 1.0.0.1 Folder = C:\Documents and Settings\Dave\Desktop\WinPFind35U\WinPFind35u Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.00 Mb Total Physical Memory | 444.94 Mb Available Physical Memory | 43.49% Memory free 2.41 Gb Paging File | 1.81 Gb Available in Paging File | 75.09% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38.25 Gb Total Space | 6.63 Gb Free Space | 17.34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 114.49 Gb Total Space | 4.74 Gb Free Space | 4.14% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SILVERNELL Current User Name: Dave Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ] ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.0.8.2 | Size = 235168 bytes | Modified Date = 6/14/2006 1:48:42 PM | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 181608 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ] issvc.exe -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.0.5.14 | Size = 83584 bytes | Modified Date = 4/18/2005 7:49:24 PM | Attr = ] sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 11:24:03 AM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 197992 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [Ver = 2.51.000 | Size = 68608 bytes | Modified Date = 3/31/2005 10:36:23 AM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] cdantsrv.exe -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.27.000 | Size = 46080 bytes | Modified Date = 1/7/2003 5:28:44 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr = ] cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 1433616 bytes | Modified Date = 6/16/2004 12:07:54 PM | Attr = ] dcpflics.exe -> %ProgramFiles%\DCPFLICS\DCPFLICS.exe -> [Ver = | Size = 139266 bytes | Modified Date = 9/29/2003 12:21:26 PM | Attr = ] navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ] sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/22/2006 2:53:00 PM | Attr = ] gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 1:48:34 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 10/24/2004 5:08:48 PM | Attr = ] wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ] wusb54gc.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe -> Linksys [Ver = 1.1.0.2 | Size = 5527040 bytes | Modified Date = 8/28/2006 11:23:44 AM | Attr = ] asfagent.exe -> %ProgramFiles%\intel\ASF Agent\ASFAgent.exe -> Intel Corporation [Ver = 3.1 | Size = 221184 bytes | Modified Date = 8/7/2002 6:34:26 AM | Attr = ] calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ] mxoaldr.exe -> %SystemRoot%\MXOALDR.EXE -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 10/10/2003 10:23:48 AM | Attr = ] lvcomsx.exe -> %SystemRoot%\SYSTEM32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ] logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 58728 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] trayicon.exe -> %ProgramFiles%\AGEIA Technologies\TrayIcon.exe -> [Ver = | Size = 331776 bytes | Modified Date = 3/20/2006 2:43:16 PM | Attr = ] directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 1:28:00 PM | Attr = ] onetouch.exe -> %ProgramFiles%\Maxtor\OneTouch\Utils\OneTouch.exe -> Maxtor Corporation [Ver = 3, 0, 0, 0 | Size = 823296 bytes | Modified Date = 8/31/2004 8:23:42 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ] bagent.exe -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/30/2006 6:39:16 AM | Attr = ] ctsyncu.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.5.0 | Size = 700416 bytes | Modified Date = 6/12/2006 2:32:26 PM | Attr = ] robotaskbaricon.exe -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> Siber Systems [Ver = 6-9-87 | Size = 160592 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] webbuying.exe -> %ProgramFiles%\Web Buying\v1.8.8\webbuying.exe -> [Ver = | Size = 245760 bytes | Modified Date = 2/5/2008 12:58:42 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Modified Date = 9/21/2006 2:38:56 PM | Attr = ] steam.exe -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 2/6/2008 8:38:57 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 1:44:56 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35U\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr = ] aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 149184 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 104128 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 8/11/2006 9:32:16 AM | Attr = ] (ASFAgent) ASF Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\intel\ASF Agent\ASFAgent.exe -> Intel Corporation [Ver = 3.1 | Size = 221184 bytes | Modified Date = 8/7/2002 6:34:26 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/25/2004 10:26:56 AM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 6/10/2004 8:10:00 PM | Attr = ] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> [Ver = 2.51.000 | Size = 68608 bytes | Modified Date = 3/31/2005 10:36:23 AM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (C-DillaSrv) C-DillaSrv [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANTSRV.EXE -> C-Dilla Ltd [Ver = 3.27.000 | Size = 46080 bytes | Modified Date = 1/7/2003 5:28:44 PM | Attr = ] (CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 197992 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] (ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 103.0.8.2 | Size = 235168 bytes | Modified Date = 6/14/2006 1:48:42 PM | Attr = ] (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 79208 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 181608 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 12:01:00 PM | Attr = ] (CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 1433616 bytes | Modified Date = 6/16/2004 12:07:54 PM | Attr = ] (DCPFLICS) DCPFLICS [Win32_Own | Auto | Running] -> %ProgramFiles%\DCPFLICS\DCPFLICS.exe -> [Ver = | Size = 139266 bytes | Modified Date = 9/29/2003 12:21:26 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ] (iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ] (ISSVC) ISSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\ISSVC.exe -> Symantec Corporation [Ver = 8.0.5.14 | Size = 83584 bytes | Modified Date = 4/18/2005 7:49:24 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] (navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ] (NMSSvc) Intel(R) NMS [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\NMSSvc.Exe -> Intel Corporation [Ver = 2.2.11.798 | Size = 1118208 bytes | Modified Date = 7/30/2002 5:15:24 PM | Attr = ] (SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 2:59:36 PM | Attr = ] (SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 12:55:00 PM | Attr = ] (SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.5.0.18 | Size = 870624 bytes | Modified Date = 12/20/2005 8:44:24 AM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 11:24:03 AM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 10/24/2004 5:08:48 PM | Attr = ] (WUSB54GCSVC) WUSB54GCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 2:15:00 PM | Attr = ] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.3.0 [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 11/13/2007 6:41:32 PM | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6476 | Size = 787456 bytes | Modified Date = 8/25/2004 10:28:46 AM | Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (C-Dilla) C-Dilla [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDANT.SYS -> Macrovision [Ver = 3.27.000 | Size = 58160 bytes | Modified Date = 1/7/2003 5:28:44 PM | Attr = ] (CamDrL) Logitech QuickCam Pro 3000(CamDrl) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Camdrl.sys -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 326656 bytes | Modified Date = 10/8/2004 10:59:12 AM | Attr = ] (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Modified Date = 10/3/2006 12:21:46 PM | Attr = ] (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Modified Date = 10/3/2006 12:21:46 PM | Attr = ] (cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\cdudf_xp.sys -> Roxio [Ver = 5.3.4.21 built by: WinDDK | Size = 241152 bytes | Modified Date = 12/17/2002 1:27:32 PM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ] (CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CVirtA.sys -> Cisco Systems, Inc. [Ver = 4.0.0.106 | Size = 5220 bytes | Modified Date = 5/1/2003 12:26:34 PM | Attr = ] (CVPNDRVA) Cisco Systems IPsec Driver [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CVPNDRVA.sys -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 268872 bytes | Modified Date = 6/16/2004 12:07:00 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ] (DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dne2000.sys -> Deterministic Networks, Inc. [Ver = 2.21.7.233 | Size = 139604 bytes | Modified Date = 7/24/2003 5:55:50 PM | Attr = ] (dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Dvd_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 25898 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ] (E1000) Intel(R) PRO/1000 Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e1000325.sys -> Intel Corporation [Ver = 6.2.21.19 built by: WinDDK | Size = 99840 bytes | Modified Date = 11/12/2002 11:02:20 AM | Attr = ] (EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 1:11:06 PM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr = ] (hidparsee) hidparsee [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\hidparsee.sys -> [Ver = | Size = 86016 bytes | Modified Date = 2/5/2008 12:58:45 PM | Attr = ] (i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/4/2004 12:29:36 AM | Attr = ] (iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr = ] (iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr = ] (iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/4/2004 12:29:37 AM | Attr = ] (iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/4/2004 12:29:47 AM | Attr = ] (iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/4/2004 12:29:49 AM | Attr = ] (iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/4/2004 12:29:41 AM | Attr = ] (iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/4/2004 12:29:42 AM | Attr = ] (iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> System32\DRIVERS\wATV03nt.sys -> File not found (iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/4/2004 12:29:43 AM | Attr = ] (iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/4/2004 12:29:45 AM | Attr = ] (ikhlayer) Kernel Anti-Spyware Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ikhlayer.sys -> PCTools Research Pty Ltd. [Ver = 3, 5, 0, 2 | Size = 50048 bytes | Modified Date = 12/13/2005 3:18:50 PM | Attr = ] (Imagedrv) Imagedrv [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\imagedrv.sys -> ahead software gmbh and its licensors [Ver = 2.16.0.0 | Size = 74528 bytes | Modified Date = 4/6/2005 6:16:02 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 22016 bytes | Modified Date = 5/27/2005 8:31:28 AM | Attr = ] (mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Mmc_2k.sys -> Roxio [Ver = 5.3.4.59 | Size = 30630 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ] (MXOFX) USB Storage Adapter FX (MXO) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MXOFX.SYS -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 32640 bytes | Modified Date = 10/10/2003 10:23:48 AM | Attr = ] (MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,3,0 | Size = 14592 bytes | Modified Date = 8/9/2004 4:49:40 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080220.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 82256 bytes | Modified Date = 2/20/2008 4:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080220.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 895376 bytes | Modified Date = 2/20/2008 4:00:00 AM | Attr = ] (NetAlrt) NetAlrt [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\Netalrt.sys -> Intel Corporation [Ver = 3.0 | Size = 39680 bytes | Modified Date = 5/7/2002 5:05:56 PM | Attr = ] (NMSCFG) NIC Management Service Configuration Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NMSCFG.SYS -> Intel Corporation [Ver = 2.1.3.0 | Size = 9868 bytes | Modified Date = 7/30/2002 5:15:40 PM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:54 AM | Attr = ] (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 2:45:06 PM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) [Kernel | On_Demand | Stopped] -> System32\DRIVERS\CamDrL21.sys -> File not found (PlatAlrt) PlatAlrt [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\platalrt.sys -> Intel Corporation [Ver = 3.0 | Size = 23744 bytes | Modified Date = 5/7/2002 5:06:36 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ] (pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pwd_2K.sys -> Roxio [Ver = 5.3.4.59 | Size = 143834 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 10/3/2006 12:21:48 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ] (RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.02.0000 | Size = 245248 bytes | Modified Date = 11/24/2005 7:51:38 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] (SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 338056 bytes | Modified Date = 3/7/2005 2:59:44 PM | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 50312 bytes | Modified Date = 3/7/2005 2:59:50 PM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sfdrv01.sys -> Protection Technology [Ver = 1.32 | Size = 48640 bytes | Modified Date = 3/3/2005 12:53:57 PM | Attr = ] (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sfhlp02.sys -> Protection Technology [Ver = 2.2 | Size = 6656 bytes | Modified Date = 2/23/2005 10:59:54 AM | Attr = ] (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 12/3/2004 5:20:41 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:42 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3538 | Size = 539008 bytes | Modified Date = 12/19/2002 6:48:48 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,0,1,47 | Size = 341096 bytes | Modified Date = 7/21/2004 11:24:02 AM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symdns.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 11480 bytes | Modified Date = 3/28/2007 6:41:12 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 9/15/2006 10:52:12 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symfw.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 171928 bytes | Modified Date = 3/28/2007 6:41:14 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symids.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 37016 bytes | Modified Date = 3/28/2007 6:41:20 PM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080221.003\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 11:18:19 AM | Attr = ] (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 4608 bytes | Modified Date = 10/24/2004 5:08:49 PM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symndis.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 47192 bytes | Modified Date = 3/28/2007 6:41:18 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symredrv.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 18904 bytes | Modified Date = 3/28/2007 6:41:24 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symtdi.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 266552 bytes | Modified Date = 3/28/2007 6:41:26 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ] (UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\udfreadr_xp.sys -> Roxio [Ver = 5.3.4.60 built by: WinDDK | Size = 206464 bytes | Modified Date = 1/16/2004 3:48:15 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ] (vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\vsdatant.sys -> Zone Labs Inc. [Ver = 4.0.146.033 | Size = 189792 bytes | Modified Date = 8/28/2003 8:40:26 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (ZSMC301b) VIMICRO USB PC Camera [Kernel | On_Demand | Stopped] -> System32\Drivers\usbVM31b.sys -> File not found (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 1:48:34 PM | Attr = ] AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 12/17/2002 1:28:00 PM | Attr = ] AGEIA PhysX SysTray -> %ProgramFiles%\AGEIA Technologies\TrayIcon.exe -> [Ver = | Size = 331776 bytes | Modified Date = 3/20/2006 2:43:16 PM | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5120 | Size = 339968 bytes | Modified Date = 8/25/2004 12:52:00 PM | Attr = ] BigDogPath -> %SystemRoot%\VM_STI.EXE -> File not found ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 58728 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ] LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 2:24:32 PM | Attr = ] LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ] LVCOMSX -> %SystemRoot%\SYSTEM32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ] MaxtorOneTouch -> %ProgramFiles%\Maxtor\OneTouch\Utils\OneTouch.exe -> Maxtor Corporation [Ver = 3, 0, 0, 0 | Size = 823296 bytes | Modified Date = 8/31/2004 8:23:42 AM | Attr = ] MXOBG -> %SystemRoot%\MXOALDR.EXE -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 10/10/2003 10:23:48 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 5/22/2006 2:53:00 PM | Attr = ] RetroExpress -> %SystemDrive%\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe -> File not found SAClient -> %ProgramFiles%\Insight\BBClient\Programs\RegCon.exe -> AT&T [Ver = 5.6.1.0102 | Size = 299008 bytes | Modified Date = 6/1/2004 11:55:28 AM | Attr = ] Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 100056 bytes | Modified Date = 2/5/2008 1:44:44 PM | Attr = ] ymetray -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.5.0 | Size = 700416 bytes | Modified Date = 6/12/2006 2:32:26 PM | Attr = ] Drmupgds -> %ProgramFiles%\Drmupgds\Drmupgds.exe -> File not found LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> File not found LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 1:44:14 PM | Attr = ] Ncao -> %SystemDrive%\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe -> File not found Nzh -> %CommonProgramFiles%\Ѕуmantec\rυndll.exe -> File not found QuickenScheduledUpdates -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/30/2006 6:39:16 AM | Attr = ] RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> Siber Systems [Ver = 6-9-87 | Size = 160592 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> File not found Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ] Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 2/6/2008 8:38:57 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Modified Date = 9/21/2006 2:38:56 PM | Attr = ] WebBuying -> %ProgramFiles%\Web Buying\v1.8.8\webbuying.exe -> [Ver = | Size = 245760 bytes | Modified Date = 2/5/2008 12:58:42 PM | Attr = ] Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -> File not found < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.5.0 | Size = 700416 bytes | Modified Date = 6/12/2006 2:32:26 PM | Attr = ] Drmupgds -> %ProgramFiles%\Drmupgds\Drmupgds.exe -> File not found LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe -> File not found LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 1:44:14 PM | Attr = ] Ncao -> %SystemDrive%\DOCUME~1\Dave\APPLIC~1\MBOLS~1\spool32.exe -> File not found Nzh -> %CommonProgramFiles%\Ѕуmantec\rυndll.exe -> File not found QuickenScheduledUpdates -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 10/30/2006 6:39:16 AM | Attr = ] RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\robotaskbaricon.exe -> Siber Systems [Ver = 6-9-87 | Size = 160592 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> File not found Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 3.5.1.498 | Size = 1992928 bytes | Modified Date = 2/6/2006 2:40:16 PM | Attr = ] Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 2/6/2008 8:38:57 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Modified Date = 9/21/2006 2:38:56 PM | Attr = ] WebBuying -> %ProgramFiles%\Web Buying\v1.8.8\webbuying.exe -> [Ver = | Size = 245760 bytes | Modified Date = 2/5/2008 12:58:42 PM | Attr = ] Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (D) | Size = 1466384 bytes | Modified Date = 6/16/2004 12:08:02 PM | Attr = ] < Ava Startup Folder > -> C:\Documents and Settings\Ava\Start Menu\Programs\Startup -> < Dave Startup Folder > -> C:\Documents and Settings\Dave\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < Jessica Startup Folder > -> C:\Documents and Settings\Jessica\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] {E180F496-8A4B-44E2-9FE0-0364E345DB7F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtqpmj.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] awtqpmj -> awtqpmj.dll -> File not found hfvaulyi -> %SystemRoot%\SYSTEM32\hfvaulyi.dll -> [Ver = | Size = 163904 bytes | Modified Date = 2/5/2008 1:05:03 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://my.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> about:blank[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell.com -> HKEY_USERS\.DEFAULT\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell.com -> HKEY_USERS\S-1-5-18\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: Main\\Start Page -> http://my.yahoo.com/ -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: SearchURL\\ -> about:blank[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 9 domain(s) found. -> avsystemcare.com .[*] -> Trusted sites -> gomyhit.com .[*] -> Trusted sites -> imageservr.com .[*] -> Trusted sites -> onerateld.com .[*] -> Trusted sites -> safetydownload.com .[*] -> Trusted sites -> storageguardsoft.com .[*] -> Trusted sites -> trustedantivirus.com .[*] -> Trusted sites -> virusschlacht.com .[*] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1004 domain(s) found. -> avsystemcare.com .[*] -> Trusted sites -> gomyhit.com .[*] -> Trusted sites -> imageservr.com .[*] -> Trusted sites -> onerateld.com .[*] -> Trusted sites -> safetydownload.com .[*] -> Trusted sites -> storageguardsoft.com .[*] -> Trusted sites -> trustedantivirus.com .[*] -> Trusted sites -> virusschlacht.com .[*] -> Trusted sites -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1004 domain(s) found. -> avsystemcare.com .[*] -> Trusted sites -> gomyhit.com .[*] -> Trusted sites -> imageservr.com .[*] -> Trusted sites -> onerateld.com .[*] -> Trusted sites -> safetydownload.com .[*] -> Trusted sites -> storageguardsoft.com .[*] -> Trusted sites -> trustedantivirus.com .[*] -> Trusted sites -> virusschlacht.com .[*] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 21, 1 | Size = 399424 bytes | Modified Date = 11/21/2005 3:54:28 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {1347f26a-50eb-4e4c-989e-e69c12d5d0ee} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mgaxhudd.dll [Reg Error: Value does not exist or could not be read.] -> File not found {1DC893B6-66DF-4D6A-8E32-12BBD30F2275} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComPlus Applications\meroxef83122.dll [] -> File not found {381ED3A7-6B66-41FD-9454-7B0EBE9A8707} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ComPlus Applications\meroxef4444.dll [] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 5/12/2004 12:03:00 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.5.0.65 | Size = 786656 bytes | Modified Date = 12/9/2005 4:22:26 PM | Attr = ] {626FAA65-93DA-42AD-A126-436ACF588879} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found {65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 8:55:32 AM | Attr = ] {6C649CB3-5306-2ED9-5166-5F00B7CD81BA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvgnezgj.dll [Reg Error: Value does not exist or could not be read.] -> File not found {724d43a9-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Error: Value does not exist or could not be read.] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found {8943715f-ffb1-493c-a034-45dc427db685} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\gsqsmlw.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 171520 bytes | Modified Date = 2/5/2008 12:58:56 PM | Attr = ] {9A6BCADB-B633-41C0-C490-4F73ED345E01} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Windows NT\qudarugoz181.dll [Reg Error: Value does not exist or could not be read.] -> File not found {9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 8.0.0.64 | Size = 103568 bytes | Modified Date = 8/30/2004 9:29:54 PM | Attr = ] {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\hfvaulyi.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 163904 bytes | Modified Date = 2/5/2008 1:05:03 PM | Attr = ] {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\TwcToolbarBho.dll [TwcToolbarBhoApp Class] -> [Ver = 1, 0, 0, 0 | Size = 77824 bytes | Modified Date = 10/26/2006 7:12:36 AM | Attr = ] {B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ] {BDF3E430-B101-42AD-A544-FADC6B084872} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] {E180F496-8A4B-44E2-9FE0-0364E345DB7F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtqpmj.dll [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.0.0.64 | Size = 103568 bytes | Modified Date = 8/30/2004 9:29:54 PM | Attr = ] {2E5E800E-6AC0-411E-940A-369530A35E43} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\TwcToolbarIe7.dll [The Weather Channel Toolbar] -> [Ver = 1, 0, 0, 0 | Size = 249856 bytes | Modified Date = 10/26/2006 7:24:36 AM | Attr = ] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] {724d43a0-0d85-11d4-9908-00400523e39a} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 21, 1 | Size = 399424 bytes | Modified Date = 11/21/2005 3:54:28 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.0.0.64 | Size = 103568 bytes | Modified Date = 8/30/2004 9:29:54 PM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 21, 1 | Size = 399424 bytes | Modified Date = 11/21/2005 3:54:28 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Norton Internet Security] -> Symantec Corporation [Ver = 8.0.0.64 | Size = 103568 bytes | Modified Date = 8/30/2004 9:29:54 PM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-9-87 | Size = 5722952 bytes | Modified Date = 2/4/2008 4:29:14 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 21, 1 | Size = 399424 bytes | Modified Date = 11/21/2005 3:54:28 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ] {2E5E800E-6AC0-411E-940A-369530A35E43}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [The Weather Channel] -> File not found {320AF880-6646-11D3-ABEE-C5DBF3571F46}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Fill Forms] -> File not found {320AF880-6646-11D3-ABEE-C5DBF3571F49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Save] -> File not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] {724d43aa-0d85-11d4-9908-00400523e39a}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [RoboForm] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] &Viewpoint Search -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\ViewBar.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] Customize Menu -> -> File not found Fill Forms -> -> File not found RoboForm Toolbar -> -> File not found Save Forms -> -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> PC Tools [Ver = 3.5.0.277 | Size = 848048 bytes | Modified Date = 2/6/2006 2:51:34 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\] > -> HKEY_USERS\S-1-5-21-2052511184-1822268740-2979053989-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] &Viewpoint Search -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\ViewBar.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] Customize Menu -> -> File not found Fill Forms -> -> File not found RoboForm Toolbar -> -> File not found Save Forms -> -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1158656 bytes | Modified Date = 11/17/2006 9:06:06 AM | Attr = R ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {123B9EC6-C259-4C21-8D43-ECC0519BF478} -> (1394 Net Adapter) -> {4B0124E5-3E79-4D68-BA76-E0E641505943} -> (1394 Net Adapter) -> {61F32420-D073-4D2C-8E79-7577B0EC5DE3} -> (Compact Wireless-G USB Adapter) -> {990A2592-5065-4019-9FED-A3B6D0BCDC13} -> (1394 Net Adapter) -> {A2FF95CE-199D-41ED-A7B7-050A10A49319} -> (1394 Net Adapter) -> {DC1C6C1D-269B-45A4-A1E3-E231AC18680A} -> () -> {E5B34049-807E-487D-9E14-42FA44D63801} -> (Intel(R) PRO/1000 MTW Network Connection) -> {E8DC928C-F150-495D-9AC0-4337E86C4949} -> () -> {F4095464-D880-4A31-8602-A365523A7AD4} -> (1394 Net Adapter) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DE625294-70E6-45ED-B895-CFFA13AEB044}[HKEY_LOCAL_MACHINE] -> http://camera.buffalotrace.com/activex/AMC.cab[AxisMediaControlEmb Class] -> {EBD11638-B18C-4700-B11C-6CDF6F770B20}[HKEY_LOCAL_MACHINE] -> http://download.framefree.com/load_ffwp_activex_v3-3-18-2.cab[FrameFree Web Player-0] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] C:\WINDOWS\system32\vtsqr.dll -> %SystemRoot%\system32\vtsqr.dll -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1400 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\\MaxPacketSize -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\IISSUBA.DLL [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 15327 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.2946 (xpsp.060706-0011) | Size = 557568 bytes | Modified Date = 7/6/2006 3:49:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\btdownloadgui.exe -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Disabled:btdownloadgui] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmileCam\ezWebCam21_Server\ezWHostE.exe -> C:\Program Files\SmileCam\ezWebCam21_Server\ezWHostE.exe [C:\Program Files\SmileCam\ezWebCam21_Server\ezWHostE.exe:*:Enabled:ezWebCam21 Server] -> Sintec Corporation [Ver = 1.0.0.776 | Size = 1739264 bytes | Modified Date = 7/8/2003 6:16:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\3dsmax5\3dsmax.exe -> C:\3dsmax5\3dsmax.exe [C:\3dsmax5\3dsmax.exe:*:Enabled:3ds max application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Valve\Steam\Steam.exe -> C:\Program Files\Valve\Steam\Steam.exe [C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\3dsmax7\3dsmax.exe -> G:\3dsmax7\3dsmax.exe [G:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7] -> Discreet, a division of Autodesk, Inc. [Ver = 7.0.0.65 | Size = 5129728 bytes | Modified Date = 10/4/2004 6:22:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\3dsmax5\backburner2\monitor.exe -> C:\3dsmax5\backburner2\monitor.exe [C:\3dsmax5\backburner2\monitor.exe:*:Enabled:backburner 2.3 monitor] -> Discreet, a division of Autodesk, Inc. [Ver = 2.3.0.37 | Size = 274944 bytes | Modified Date = 10/4/2004 6:23:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\3dsmax5\backburner2\manager.exe -> C:\3dsmax5\backburner2\manager.exe [C:\3dsmax5\backburner2\manager.exe:*:Enabled:backburner 2.3 manager] -> Discreet, a division of Autodesk, Inc. [Ver = 2.3.0.37 | Size = 61440 bytes | Modified Date = 10/4/2004 6:23:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\3dsmax5\backburner2\server.exe -> C:\3dsmax5\backburner2\server.exe [C:\3dsmax5\backburner2\server.exe:*:Enabled:backburner 2.3 server] -> Discreet, a division of Autodesk, Inc. [Ver = 2.3.0.37 | Size = 57344 bytes | Modified Date = 10/4/2004 6:23:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> SmartSoft Ltd. [Ver = 2.0.1000.2 | Size = 5815968 bytes | Modified Date = 10/11/2006 6:20:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 4:31:58 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.2946 (xpsp.060706-0011) | Size = 557568 bytes | Modified Date = 7/6/2006 3:49:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A8B7DDDB-0B7D-49A4-B551-850E67D040ED} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{99F15984-798B-496B-8392-DB228D72EA69} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F4095464-D880-4A31-8602-A365523A7AD4} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E8DC928C-F150-495D-9AC0-4337E86C4949} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E5B34049-807E-487D-9E14-42FA44D63801} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] ctwdm32.dll -> %SystemRoot%\System32\dllcache\ctwdm32.dll -> Creative Technology Ltd. [Ver = 5.0.0.2001 | Size = 4096 bytes | Modified Date = 8/17/2001 10:36:12 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 167545 bytes | Modified Date = 2/5/2008 12:58:46 PM | Attr = ] hidparsee.sys -> %SystemRoot%\System32\drivers\hidparsee.sys -> [Ver = | Size = 86016 bytes | Modified Date = 2/5/2008 12:58:45 PM | Attr = ] bayeevrb.dll -> %SystemRoot%\System32\bayeevrb.dll -> [Ver = | Size = 94272 bytes | Modified Date = 2/5/2008 1:04:57 PM | Attr = ] cdjdjnef.ini -> %SystemRoot%\System32\cdjdjnef.ini -> [Ver = | Size = 1194504 bytes | Modified Date = 2/6/2008 4:16:06 PM | Attr = HS] ctwdm32.dll -> %SystemRoot%\System32\ctwdm32.dll -> Creative Technology Ltd. [Ver = 5.0.0.2001 | Size = 4096 bytes | Modified Date = 8/17/2001 10:36:12 PM | Attr = ] gsqsmlw.dll -> %SystemRoot%\System32\gsqsmlw.dll -> [Ver = | Size = 171520 bytes | Modified Date = 2/5/2008 12:58:56 PM | Attr = ] hfvaulyi.dll -> %SystemRoot%\System32\hfvaulyi.dll -> [Ver = | Size = 163904 bytes | Modified Date = 2/5/2008 1:05:03 PM | Attr = ] hfvaulyi.dllbox -> %SystemRoot%\System32\hfvaulyi.dllbox -> [Ver = | Size = 22426 bytes | Modified Date = 2/22/2008 10:39:39 AM | Attr = HS] IOSUBSYS -> %SystemRoot%\System32\IOSUBSYS -> [Folder | Created Date = 2/4/2008 4:27:59 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> kveohmdx.dll -> %SystemRoot%\System32\kveohmdx.dll -> [Ver = | Size = 95808 bytes | Modified Date = 2/7/2008 4:18:55 PM | Attr = ] lpalmvjn.ini -> %SystemRoot%\System32\lpalmvjn.ini -> [Ver = | Size = 1195104 bytes | Modified Date = 2/7/2008 5:00:18 PM | Attr = HS] m1 -> %SystemRoot%\System32\m1 -> [Folder | Created Date = 2/5/2008 12:58:40 PM | Attr = ] mctpqkwn.dll -> %SystemRoot%\System32\mctpqkwn.dll -> [Ver = | Size = 92224 bytes | Modified Date = 2/6/2008 4:18:14 PM | Attr = ] nGpxx01 -> %SystemRoot%\System32\nGpxx01 -> [Folder | Created Date = 2/5/2008 12:58:31 PM | Attr = ] p4 -> %SystemRoot%\System32\p4 -> [Folder | Created Date = 2/5/2008 12:58:40 PM | Attr = ] qalaqouq.ini -> %SystemRoot%\System32\qalaqouq.ini -> [Ver = | Size = 1195164 bytes | Modified Date = 2/8/2008 4:22:11 PM | Attr = HS] quoqalaq.dll -> %SystemRoot%\System32\quoqalaq.dll -> [Ver = | Size = 88640 bytes | Modified Date = 2/8/2008 4:21:38 PM | Attr = ] rqstv.ini -> %SystemRoot%\System32\rqstv.ini -> [Ver = | Size = 0 bytes | Modified Date = 2/9/2008 12:34:46 PM | Attr = HS] rqstv.ini2 -> %SystemRoot%\System32\rqstv.ini2 -> [Ver = | Size = 283644 bytes | Modified Date = 2/9/2008 12:32:30 PM | Attr = HS] s5 -> %SystemRoot%\System32\s5 -> [Folder | Created Date = 2/5/2008 12:58:40 PM | Attr = ] Smartvsd.vxd -> %SystemRoot%\System32\Smartvsd.vxd -> [Ver = | Size = 17986 bytes | Modified Date = 4/23/1999 10:22:00 PM | Attr = R ] SSubTmr6.dll -> %SystemRoot%\System32\SSubTmr6.dll -> vbAccelerator [Ver = 2.00 | Size = 53248 bytes | Modified Date = 4/25/2004 8:39:52 PM | Attr = R ] z6 -> %SystemRoot%\System32\z6 -> [Folder | Created Date = 2/5/2008 12:58:40 PM | Attr = ] b122.exe -> %SystemRoot%\b122.exe -> [Ver = | Size = 54272 bytes | Modified Date = 2/4/2008 9:13:36 AM | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 492 bytes | Modified Date = 2/5/2008 1:45:16 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/24/2008 10:34:12 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/24/2008 10:34:12 AM | Attr = H ] RGF2ZQ -> %SystemRoot%\RGF2ZQ -> [Folder | Created Date = 2/5/2008 12:58:50 PM | Attr = HS] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 2/22/2008 9:55:03 AM | Attr = ] Norton AntiVirus - Scan my computer - Dave.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Dave.job -> [Ver = | Size = 546 bytes | Modified Date = 2/18/2008 2:00:00 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2/6/2008 7:34:41 PM | Attr = ] RoboForm -> %AllUsersProfile%\Application Data\RoboForm -> [Folder | Created Date = 2/4/2008 4:30:18 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2/7/2008 11:49:41 AM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/6/2008 7:36:17 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Created Date = 1/25/2008 2:47:14 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/7/2008 11:48:16 AM | Attr = ] Viewpoint -> %AppData%\Viewpoint -> [Folder | Created Date = 12/21/2007 4:37:34 PM | Attr = ] ??mbols -> %AppData%\ѕуmbols -> [Folder | Modified Date = 2/7/2008 4:50:50 PM | Attr = ] My RoboForm Data -> %UserProfile%\My Documents\My RoboForm Data -> [Folder | Created Date = 2/4/2008 4:29:27 PM | Attr = ] 4000 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp -> AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/6/2008 7:35:32 PM | Attr = ] RoboForm Companion.lnk -> %AllUsersProfile%\Desktop\RoboForm Companion.lnk -> [Ver = | Size = 707 bytes | Modified Date = 2/4/2008 4:27:58 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2/7/2008 11:48:38 AM | Attr = ] Help and Support Center.lnk -> %UserProfile%\Desktop\Help and Support Center.lnk -> [Ver = | Size = 1932 bytes | Modified Date = 2/6/2008 4:14:47 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2/6/2008 5:11:43 PM | Attr = ] Windows Update.lnk -> %UserProfile%\Desktop\Windows Update.lnk -> [Ver = | Size = 1930 bytes | Modified Date = 2/6/2008 5:04:17 PM | Attr = ] WinPFind35U -> %UserProfile%\Desktop\WinPFind35U -> [Folder | Created Date = 2/22/2008 10:29:20 AM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 2/22/2008 10:26:40 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2/7/2008 11:44:28 AM | Attr = ] ??mantec -> %CommonProgramFiles%\Ѕуmantec -> [Folder | Modified Date = 2/9/2008 12:40:59 PM | Attr = ] [Files/Folders - Modified Within 30 days] BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 211 bytes | Modified Date = 2/6/2008 7:30:22 PM | Attr = RHS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072766976 bytes | Modified Date = 2/22/2008 10:34:56 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/22/2008 10:38:02 AM | Attr = ] 5557 C:\*.tmp files -> C:\*.tmp -> Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2/5/2008 12:58:58 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/22/2008 9:20:48 AM | Attr = ] core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 167545 bytes | Modified Date = 2/5/2008 12:58:46 PM | Attr = ] hidparsee.sys -> %SystemRoot%\System32\drivers\hidparsee.sys -> [Ver = | Size = 86016 bytes | Modified Date = 2/5/2008 12:58:45 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/12/2008 6:01:18 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> cdjdjnef.ini -> %SystemRoot%\System32\cdjdjnef.ini -> [Ver = | Size = 1194504 bytes | Modified Date = 2/6/2008 4:16:06 PM | Attr = HS] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 2/13/2008 3:14:22 AM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 2/13/2008 3:14:22 AM | Attr = ] gsqsmlw.dll -> %SystemRoot%\System32\gsqsmlw.dll -> [Ver = | Size = 171520 bytes | Modified Date = 2/5/2008 12:58:56 PM | Attr = ] hfvaulyi.dll -> %SystemRoot%\System32\hfvaulyi.dll -> [Ver = | Size = 163904 bytes | Modified Date = 2/5/2008 1:05:03 PM | Attr = ] hfvaulyi.dllbox -> %SystemRoot%\System32\hfvaulyi.dllbox -> [Ver = | Size = 22426 bytes | Modified Date = 2/22/2008 10:39:39 AM | Attr = HS] IOSUBSYS -> %SystemRoot%\System32\IOSUBSYS -> [Folder | Modified Date = 2/4/2008 4:27:59 PM | Attr = ] lpalmvjn.ini -> %SystemRoot%\System32\lpalmvjn.ini -> [Ver = | Size = 1195104 bytes | Modified Date = 2/7/2008 5:00:18 PM | Attr = HS] m1 -> %SystemRoot%\System32\m1 -> [Folder | Modified Date = 2/5/2008 1:20:32 PM | Attr = ] nGpxx01 -> %SystemRoot%\System32\nGpxx01 -> [Folder | Modified Date = 2/5/2008 1:16:28 PM | Attr = ] p4 -> %SystemRoot%\System32\p4 -> [Folder | Modified Date = 2/6/2008 9:33:31 AM | Attr = ] qalaqouq.ini -> %SystemRoot%\System32\qalaqouq.ini -> [Ver = | Size = 1195164 bytes | Modified Date = 2/8/2008 4:22:11 PM | Attr = HS] rqstv.ini -> %SystemRoot%\System32\rqstv.ini -> [Ver = | Size = 0 bytes | Modified Date = 2/9/2008 12:34:46 PM | Attr = HS] rqstv.ini2 -> %SystemRoot%\System32\rqstv.ini2 -> [Ver = | Size = 283644 bytes | Modified Date = 2/9/2008 12:32:30 PM | Attr = HS] s5 -> %SystemRoot%\System32\s5 -> [Folder | Modified Date = 2/5/2008 12:58:40 PM | Attr = ] Sweeper.cfg -> %SystemRoot%\System32\Sweeper.cfg -> [Ver = | Size = 0 bytes | Modified Date = 2/22/2008 10:34:48 AM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 2/22/2008 9:21:15 AM | Attr = ] z6 -> %SystemRoot%\System32\z6 -> [Folder | Modified Date = 2/5/2008 3:31:08 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/12/2008 5:58:21 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> b122.exe -> %SystemRoot%\b122.exe -> [Ver = | Size = 54272 bytes | Modified Date = 2/4/2008 9:13:36 AM | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 2/22/2008 10:35:16 AM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 492 bytes | Modified Date = 2/5/2008 1:45:16 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/13/2008 3:13:21 AM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 2/13/2008 3:14:41 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/7/2008 4:46:00 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/22/2008 10:45:12 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/24/2008 10:34:12 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/24/2008 10:34:12 AM | Attr = H ] RGF2ZQ -> %SystemRoot%\RGF2ZQ -> [Folder | Modified Date = 2/7/2008 10:59:14 AM | Attr = HS] SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 227 bytes | Modified Date = 2/6/2008 7:30:21 PM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2/22/2008 10:48:38 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/22/2008 9:34:31 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/22/2008 10:48:39 AM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 569 bytes | Modified Date = 2/6/2008 7:30:21 PM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 2/22/2008 9:55:03 AM | Attr = ] Norton AntiVirus - Scan my computer - Dave.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Dave.job -> [Ver = | Size = 546 bytes | Modified Date = 2/18/2008 2:00:00 AM | Attr = ] Norton AntiVirus - Scan my computer - Jessica.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Jessica.job -> [Ver = | Size = 552 bytes | Modified Date = 2/15/2008 8:00:00 PM | Attr = ] QIC Autoupdate.job -> %SystemRoot%\tasks\QIC Autoupdate.job -> [Ver = | Size = 414 bytes | Modified Date = 2/22/2008 10:04:22 AM | Attr = ] QIC Messenger Bkup.job -> %SystemRoot%\tasks\QIC Messenger Bkup.job -> [Ver = | Size = 450 bytes | Modified Date = 2/22/2008 10:36:18 AM | Attr = ] QIC Messenger Periodic.job -> %SystemRoot%\tasks\QIC Messenger Periodic.job -> [Ver = | Size = 450 bytes | Modified Date = 2/22/2008 9:30:19 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/22/2008 10:36:12 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5440 bytes | Modified Date = 2/22/2008 10:04:23 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2/22/2008 10:04:25 AM | Attr = ] getseal[1].com&size=M&use_flash=YES&use_transparent=YES&lang=en -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PA30HM7\getseal[1].com -> [Ver = | Size = 3565 bytes | Modified Date = 11/28/2005 10:24:17 PM | Attr = ] red[1].com&scx=1280&scy=1024&scc=32&wrd=ae02&sta=,,,1,,,,,,,0,5,0,16687,16464,14658,387,609&iid=113021&bid=205113&dat=;ord=45050784 -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PA30HM7\red[1].com -> [Ver = | Size = 4972 bytes | Modified Date = 11/28/2005 6:34:33 PM | Attr = ] getseal[1].com&size=S&use_flash=YES&use_transparent=NO -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\7X2LPOJ9\getseal[1].com -> [Ver = | Size = 3564 bytes | Modified Date = 11/29/2005 3:59:22 PM | Attr = ] getseal[1].com&size=M&use_flash=NO&use_transparent=YES&lang=en -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\7X2LPOJ9\getseal[1].com -> [Ver = | Size = 1884 bytes | Modified Date = 11/29/2005 3:59:53 PM | Attr = ] a[1].com -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXYV45IZ\a[1].com -> [Ver = | Size = 326 bytes | Modified Date = 11/28/2005 6:17:59 PM | Attr = ] red[1].com&scx=1280&scy=1024&scc=32&wrd=ce06&sta=,,,1,,,,,,,0,5,0,16687,16464,14658,387,609&iid=113021&bid=210202&dat=;ord=72042682 -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXYV45IZ\red[1].com -> [Ver = | Size = 5142 bytes | Modified Date = 11/28/2005 6:37:25 PM | Attr = ] www.curiouslabs[1].com -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\YBQPIMB9\www.curiouslabs[1].com -> [Ver = | Size = 19018 bytes | Modified Date = 11/29/2005 12:55:09 PM | Attr = ] !update.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\!update.exe -> [Ver = | Size = 70656 bytes | Modified Date = 2/8/2008 5:06:16 PM | Attr = ] snapsnet.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\snapsnet.exe -> [Ver = | Size = 111859 bytes | Modified Date = 2/5/2008 1:06:39 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Dave\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] wavvsnet.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\wavvsnet.exe -> [Ver = 0, 0, 0, 0 | Size = 148046 bytes | Modified Date = 2/5/2008 1:15:48 PM | Attr = ] _quicktour_deluxe.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\_quicktour_deluxe.exe -> [Ver = 1.00.1591 | Size = 317440 bytes | Modified Date = 6/25/2004 6:57:51 PM | Attr = ] 1330 C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp -> Setup.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\pft1C~tmp\Setup.exe -> InstallShield Software Corporation [Ver = 6, 22, 100, 1441 | Size = 54216 bytes | Modified Date = 2/19/2003 3:04:44 AM | Attr = ] MPASSUPG.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\pft7~tmp\MPASSUPG.exe -> [Ver = 1, 0, 0, 1 | Size = 114688 bytes | Modified Date = 9/28/2001 8:01:36 PM | Attr = ] QuestViewer.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\Quest3D0\QuestViewer.exe -> [Ver = | Size = 61440 bytes | Modified Date = 9/1/2006 8:12:21 AM | Attr = ] QuestViewer.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\Quest3D1\QuestViewer.exe -> [Ver = | Size = 61440 bytes | Modified Date = 9/1/2006 8:23:59 AM | Attr = ] Setup.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\Setup.exe -> [Ver = | Size = 449144 bytes | Modified Date = 3/3/2004 3:06:46 AM | Attr = ] SETUP.EXE -> C:\Documents and Settings\Dave\Local Settings\Temp\SFX23F.tmp\SETUP.EXE -> Alex Fauland [Ver = 2.1.0.0 | Size = 49152 bytes | Modified Date = 7/10/2001 8:10:08 PM | Attr = ] mpsetup.exe -> C:\Documents and Settings\Dave\Local Settings\Temp\WMC0000.tmp\mpsetup.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 12653296 bytes | Modified Date = 9/29/2004 2:23:54 PM | Attr = ] SIntf16.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 6/3/2005 2:07:59 PM | Attr = ] SIntf32.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\SIntf32.dll -> [Ver = | Size = 19924 bytes | Modified Date = 6/3/2005 2:07:59 PM | Attr = ] SIntfNT.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24512 bytes | Modified Date = 6/3/2005 2:07:59 PM | Attr = ] swt-gdip-win32-3325.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\swt-gdip-win32-3325.dll -> Eclipse Foundation [Ver = 3.325 | Size = 73728 bytes | Modified Date = 5/21/2007 6:54:03 PM | Attr = ] swt-gdip-win32-3344.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\swt-gdip-win32-3344.dll -> Eclipse Foundation [Ver = 3.344 | Size = 77824 bytes | Modified Date = 6/18/2007 5:34:05 PM | Attr = ] swt-gdip-win32-3347.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\swt-gdip-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 77824 bytes | Modified Date = 11/13/2007 9:41:54 PM | Attr = ] swt-win32-3325.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\swt-win32-3325.dll -> Eclipse Foundation [Ver = 3.325 | Size = 303104 bytes | Modified Date = 5/21/2007 6:13:51 PM | Attr = ] swt-win32-3344.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\swt-win32-3344.dll -> Eclipse Foundation [Ver = 3.344 | Size = 307200 bytes | Modified Date = 6/18/2007 5:33:55 PM | Attr = ] swt-win32-3347.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\swt-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 11/13/2007 9:37:23 PM | Attr = ] tsdetect.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\tsdetect.dll -> [Ver = | Size = 40960 bytes | Modified Date = 7/18/2001 3:02:00 PM | Attr = ] unicows.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 2/10/2005 8:52:42 AM | Attr = ] vorbis.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\vorbis.dll -> [Ver = | Size = 137848 bytes | Modified Date = 3/18/2004 7:23:04 PM | Attr = ] vorbisfile.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\vorbisfile.dll -> [Ver = | Size = 20600 bytes | Modified Date = 3/18/2004 7:23:04 PM | Attr = ] Window.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Window.dll -> [Ver = | Size = 416376 bytes | Modified Date = 3/18/2004 7:23:04 PM | Attr = ] wisesupp.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\wisesupp.dll -> [Ver = | Size = 49152 bytes | Modified Date = 10/30/1999 5:31:06 AM | Attr = ] 1330 C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp -> dpvs.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\_rtre_viewer_000\dpvs.dll -> [Ver = | Size = 134144 bytes | Modified Date = 9/1/2006 9:14:09 AM | Attr = ] msvcp70.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\_rtre_viewer_000\msvcp70.dll -> Microsoft Corporation [Ver = 7.00.9466.0 | Size = 487424 bytes | Modified Date = 9/1/2006 9:14:10 AM | Attr = ] msvcr70.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\_rtre_viewer_000\msvcr70.dll -> Microsoft Corporation [Ver = 7.00.9466.0 | Size = 344064 bytes | Modified Date = 9/1/2006 9:14:10 AM | Attr = ] Renderer_DX8.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\_rtre_viewer_000\Renderer_DX8.dll -> Cubicspace Ltd. [Ver = 1, 1, 0, 212 | Size = 765952 bytes | Modified Date = 9/1/2006 9:14:09 AM | Attr = ] Renderer_GL.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\_rtre_viewer_000\Renderer_GL.dll -> Cubicspace Ltd. [Ver = 1, 1, 0, 212 | Size = 675840 bytes | Modified Date = 9/1/2006 9:14:10 AM | Attr = ] RTREView.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\_rtre_viewer_000\RTREView.dll -> [Ver = | Size = 1728512 bytes | Modified Date = 9/1/2006 9:14:10 AM | Attr = ] mon321.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\pft7~tmp\mon321.dll -> Canon Information Systems [Ver = 3.21 | Size = 61440 bytes | Modified Date = 5/22/2001 7:05:04 AM | Attr = ] mon330.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\pft7~tmp\mon330.dll -> Canon Information Systems [Ver = 3.30 | Size = 45056 bytes | Modified Date = 5/22/2001 10:11:46 PM | Attr = ] HighPoly.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Quest3D0\HighPoly.dll -> [Ver = | Size = 126976 bytes | Modified Date = 9/1/2006 8:12:21 AM | Attr = ] HighPoly.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Quest3D1\HighPoly.dll -> [Ver = | Size = 126976 bytes | Modified Date = 9/1/2006 8:23:59 AM | Attr = ] Core.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\Core.dll -> [Ver = | Size = 756344 bytes | Modified Date = 3/3/2004 3:06:45 AM | Attr = ] dbghelp.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\dbghelp.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 489984 bytes | Modified Date = 12/12/2003 4:34:03 PM | Attr = ] Engine.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\Engine.dll -> [Ver = | Size = 4610680 bytes | Modified Date = 3/3/2004 3:06:46 AM | Attr = ] IFC23.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\IFC23.dll -> Immersion Corporation [Ver = 2.3.5 | Size = 237568 bytes | Modified Date = 10/9/2003 6:41:15 PM | Attr = ] MSVCR71.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\MSVCR71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 10/1/2003 9:45:38 PM | Attr = ] ogg.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\ogg.dll -> [Ver = | Size = 13944 bytes | Modified Date = 3/3/2004 3:06:46 AM | Attr = ] vorbis.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\vorbis.dll -> [Ver = | Size = 137848 bytes | Modified Date = 3/3/2004 3:06:47 AM | Attr = ] vorbisfile.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\vorbisfile.dll -> [Ver = | Size = 20600 bytes | Modified Date = 3/3/2004 3:06:47 AM | Attr = ] Window.dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\Window.dll -> [Ver = | Size = 416376 bytes | Modified Date = 3/3/2004 3:06:47 AM | Attr = ] PRScript[1].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\09QNS96R\PRScript[1].dll -> [Ver = | Size = 8889 bytes | Modified Date = 11/29/2005 7:38:29 PM | Attr = ] PRScript[1].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PA30HM7\PRScript[1].dll -> [Ver = | Size = 8798 bytes | Modified Date = 11/28/2005 6:22:55 PM | Attr = ] PRScript[1].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\5KUN3NNC\PRScript[1].dll -> [Ver = | Size = 9981 bytes | Modified Date = 11/29/2005 2:23:46 PM | Attr = ] PRScript[1].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9ER4PI3\PRScript[1].dll -> [Ver = | Size = 9774 bytes | Modified Date = 11/29/2005 6:22:46 AM | Attr = ] PRScript[2].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTYZGX6N\PRScript[2].dll -> [Ver = | Size = 9890 bytes | Modified Date = 11/28/2005 7:19:26 PM | Attr = ] PRScript[3].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MR412R\PRScript[3].dll -> [Ver = | Size = 10097 bytes | Modified Date = 11/30/2005 7:21:39 AM | Attr = ] PRScript[2].dll -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\YBQPIMB9\PRScript[2].dll -> [Ver = | Size = 9005 bytes | Modified Date = 11/29/2005 4:54:11 PM | Attr = ] index.dat -> C:\Documents and Settings\Dave\Local Settings\Temp\Adod\index.dat -> [Ver = | Size = 319 bytes | Modified Date = 2/8/2008 5:06:14 PM | Attr = ] 3 C:\Documents and Settings\Dave\Local Settings\Temp\Adod\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\Adod\*.tmp -> index.dat -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 8372224 bytes | Modified Date = 11/30/2005 7:35:45 AM | Attr = ] setup.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\setup.ini -> [Ver = | Size = 4403 bytes | Modified Date = 8/18/2007 9:43:18 PM | Attr = ] User.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\User.ini -> [Ver = | Size = 161 bytes | Modified Date = 4/14/2005 2:40:16 PM | Attr = ] 1330 C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dave\Local Settings\Temp\*.tmp -> 0x0409.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is267\0x0409.ini -> [Ver = | Size = 5495 bytes | Modified Date = 6/8/2005 3:40:17 PM | Attr = ] Setup.INI -> C:\Documents and Settings\Dave\Local Settings\Temp\_is267\Setup.INI -> [Ver = | Size = 2006 bytes | Modified Date = 6/8/2005 3:40:17 PM | Attr = ] _ISMSIDEL.INI -> C:\Documents and Settings\Dave\Local Settings\Temp\_is267\_ISMSIDEL.INI -> [Ver = | Size = 190 bytes | Modified Date = 6/8/2005 3:40:17 PM | Attr = ] 0x0407.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\0x0407.ini -> [Ver = | Size = 5140 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] 0x0409.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\0x0409.ini -> [Ver = | Size = 4632 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] 0x040a.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\0x040a.ini -> [Ver = | Size = 5275 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] 0x040c.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\0x040c.ini -> [Ver = | Size = 5406 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] 0x0410.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\0x0410.ini -> [Ver = | Size = 5130 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] 0x0411.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\0x0411.ini -> [Ver = | Size = 5014 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] Setup.INI -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\Setup.INI -> [Ver = | Size = 1349 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] _ISMSIDEL.INI -> C:\Documents and Settings\Dave\Local Settings\Temp\_is2F0\_ISMSIDEL.INI -> [Ver = | Size = 434 bytes | Modified Date = 8/27/2005 8:36:45 AM | Attr = ] CabReg.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CREATIVE_MEDIASOURCE_U\CabReg.ini -> [Ver = | Size = 988 bytes | Modified Date = 9/26/2005 10:48:36 AM | Attr = ] CTShared.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CREATIVE_MEDIASOURCE_U\CTShared.ini -> [Ver = | Size = 795 bytes | Modified Date = 12/13/2005 11:03:48 AM | Attr = ] PlayOrg.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CREATIVE_MEDIASOURCE_U\PlayOrg.ini -> [Ver = | Size = 5227 bytes | Modified Date = 3/27/2006 2:29:26 PM | Attr = ] CDBurner.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CTXINSTALLER\Common\CDBurner.ini -> [Ver = | Size = 4142 bytes | Modified Date = 10/17/2005 11:22:28 AM | Attr = ] MTP.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CTXINSTALLER\Common\MTP.ini -> [Ver = | Size = 2118 bytes | Modified Date = 12/20/2005 10:47:34 AM | Attr = ] NetCont.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CTXINSTALLER\Common\NetCont.ini -> [Ver = | Size = 4159 bytes | Modified Date = 10/24/2005 9:17:50 AM | Attr = ] Nmjbt2.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CTXINSTALLER\Common\Nmjbt2.ini -> [Ver = | Size = 2150 bytes | Modified Date = 12/20/2005 10:45:20 AM | Attr = ] PlayOrg.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CTXINSTALLER\Common\PlayOrg.ini -> [Ver = | Size = 5227 bytes | Modified Date = 3/27/2006 2:29:26 PM | Attr = ] SkinPack.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\CTXINSTALLER\Common\SkinPack.ini -> [Ver = | Size = 3700 bytes | Modified Date = 9/9/2005 4:58:16 PM | Attr = ] CTShared.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_NET_CONTENT_U\CTShared.ini -> [Ver = | Size = 49 bytes | Modified Date = 8/12/2005 9:27:30 AM | Attr = ] NetCont.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_NET_CONTENT_U\NetCont.ini -> [Ver = | Size = 4159 bytes | Modified Date = 10/24/2005 9:17:50 AM | Attr = ] CabReg.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_CDBURNER_U\CabReg.ini -> [Ver = | Size = 76 bytes | Modified Date = 6/3/2005 5:00:00 AM | Attr = ] CDBurner.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_CDBURNER_U\CDBurner.ini -> [Ver = | Size = 4142 bytes | Modified Date = 10/17/2005 11:22:28 AM | Attr = ] CTShared.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_CDBURNER_U\CTShared.ini -> [Ver = | Size = 0 bytes | Modified Date = 6/3/2005 5:00:00 AM | Attr = ] CabReg.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_MTP_U\CabReg.ini -> [Ver = | Size = 104 bytes | Modified Date = 8/16/2005 9:35:00 AM | Attr = ] CTShared.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_MTP_U\CTShared.ini -> [Ver = | Size = 724 bytes | Modified Date = 7/6/2006 10:13:32 AM | Attr = ] MTP.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_MTP_U\MTP.ini -> [Ver = | Size = 2118 bytes | Modified Date = 12/20/2005 10:47:34 AM | Attr = ] CabReg.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\CabReg.ini -> [Ver = | Size = 107 bytes | Modified Date = 6/16/2005 10:52:34 AM | Attr = ] CTShared.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\CTShared.ini -> [Ver = | Size = 69 bytes | Modified Date = 11/16/2005 11:48:58 AM | Attr = ] Nmjbt2.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Nmjbt2.ini -> [Ver = | Size = 2150 bytes | Modified Date = 12/20/2005 10:45:20 AM | Attr = ] CTShared.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\MEDIASOURCE_PLAYER_SKINPACK_U\CTShared.ini -> [Ver = | Size = 0 bytes | Modified Date = 6/3/2005 5:00:00 AM | Attr = ] SkinPack.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\{9442D180-CEFF-4963-857A-94AA380532C9}\{23CEA9AB-3158-4458-AED2-9E77F989D541}\MEDIASOURCE_PLAYER_SKINPACK_U\SkinPack.ini -> [Ver = | Size = 3700 bytes | Modified Date = 9/9/2005 4:58:16 PM | Attr = ] Setup.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\pft1C~tmp\Setup.ini -> [Ver = | Size = 81 bytes | Modified Date = 8/25/2003 5:33:04 PM | Attr = ] Manifest.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\Manifest.ini -> [Ver = | Size = 277672 bytes | Modified Date = 3/3/2004 10:42:51 PM | Attr = ] User.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Setup028307\User.ini -> [Ver = | Size = 496 bytes | Modified Date = 3/18/2004 7:39:18 PM | Attr = ] SETUP.INI -> C:\Documents and Settings\Dave\Local Settings\Temp\SFX23F.tmp\SETUP.INI -> [Ver = | Size = 209 bytes | Modified Date = 6/4/2002 6:16:36 PM | Attr = ] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/20/2005 11:01:56 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\09QNS96R\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/12/2005 5:52:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\3E9853FZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/13/2005 2:38:49 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\4L030J8R\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/29/2005 8:33:14 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PA30HM7\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/28/2005 6:04:46 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\5KUN3NNC\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/20/2005 11:01:57 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\7X2LPOJ9\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/20/2005 11:01:57 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\92RX1UGI\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/13/2005 2:38:49 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\99OQKVPB\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/13/2005 2:38:49 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\AD83ADYX\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/29/2005 8:33:14 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\G96R0HYN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/12/2005 5:52:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9ER4PI3\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/12/2005 5:52:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTKXMR09\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/29/2005 8:33:14 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTYZGX6N\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/28/2005 6:04:46 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXYV45IZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/28/2005 6:04:46 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\K5MR412R\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/12/2005 5:52:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\MZIJUTQN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/29/2005 8:33:14 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\UIVXHRT7\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/13/2005 2:38:49 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\W96RCLMR\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 11/28/2005 6:04:46 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y9KV61C9\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/20/2005 11:01:57 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Dave\Local Settings\Temp\Temporary Internet Files\Content.IE5\YBQPIMB9\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/20/2005 11:01:57 PM | Attr = HS] Odbc32.dll -> C:\WINDOWS\Temp\_ISTMP4.DIR\Odbc32.dll -> Microsoft Corporation [Ver = 3.0.2822 | Size = 230672 bytes | Modified Date = 9/5/2000 9:10:32 AM | Attr = R ] Odbccp32.dll -> C:\WINDOWS\Temp\_ISTMP4.DIR\Odbccp32.dll -> Microsoft Corporation [Ver = 3.0.2822 | Size = 87824 bytes | Modified Date = 9/5/2000 9:10:32 AM | Attr = R ] Odbcint.dll -> C:\WINDOWS\Temp\_ISTMP4.DIR\Odbcint.dll -> Microsoft Corporation [Ver = 3.0.2822 | Size = 67072 bytes | Modified Date = 9/5/2000 9:10:32 AM | Attr = R ] Riched32.dll -> C:\WINDOWS\Temp\_ISTMP4.DIR\Riched32.dll -> Microsoft Corporation [Ver = 4.00.993.4 | Size = 174352 bytes | Modified Date = 9/5/2000 9:10:32 AM | Attr = R ] _RegTLB.dll -> C:\WINDOWS\Temp\_ISTMP4.DIR\_RegTLB.dll -> [Ver = | Size = 32256 bytes | Modified Date = 9/5/2000 9:10:32 AM | Attr = R ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2/6/2008 7:34:41 PM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1755 bytes | Modified Date = 1/28/2008 1:03:02 AM | Attr = ] RoboForm -> %AllUsersProfile%\Application Data\RoboForm -> [Folder | Modified Date = 2/4/2008 4:30:18 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/7/2008 11:49:41 AM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Modified Date = 2/4/2008 4:27:26 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/6/2008 7:36:17 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 1/25/2008 2:47:28 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/7/2008 11:48:16 AM | Attr = ] ??mbols -> %AppData%\ѕуmbols -> [Folder | Modified Date = 2/7/2008 4:50:50 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 55296 bytes | Modified Date = 2/4/2008 11:17:54 PM | Attr = ] Azureus Downloads -> %UserProfile%\My Documents\Azureus Downloads -> [Folder | Modified Date = 2/4/2008 3:12:38 PM | Attr = ] 4000 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp -> My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 1/25/2008 6:34:45 PM | Attr = R ] My RoboForm Data -> %UserProfile%\My Documents\My RoboForm Data -> [Folder | Modified Date = 2/4/2008 4:29:27 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 564 bytes | Modified Date = 2/12/2008 7:06:27 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/6/2008 7:35:32 PM | Attr = ] RoboForm Companion.lnk -> %AllUsersProfile%\Desktop\RoboForm Companion.lnk -> [Ver = | Size = 707 bytes | Modified Date = 2/4/2008 4:27:58 PM | Attr = ] SmartFTP Client.lnk -> %AllUsersProfile%\Desktop\SmartFTP Client.lnk -> [Ver = | Size = 2243 bytes | Modified Date = 2/5/2008 2:40:57 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2/7/2008 11:48:38 AM | Attr = ] Help and Support Center.lnk -> %UserProfile%\Desktop\Help and Support Center.lnk -> [Ver = | Size = 1932 bytes | Modified Date = 2/6/2008 4:14:47 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2/6/2008 5:11:43 PM | Attr = ] Windows Update.lnk -> %UserProfile%\Desktop\Windows Update.lnk -> [Ver = | Size = 1930 bytes | Modified Date = 2/6/2008 5:04:17 PM | Attr = ] WinPFind35U -> %UserProfile%\Desktop\WinPFind35U -> [Folder | Modified Date = 2/22/2008 10:29:20 AM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 2/22/2008 10:26:40 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier Designer -> %CommonProgramFiles%\Designer -> [Folder | Modified Date = 2/4/2008 4:28:01 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2/22/2008 9:46:25 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2/7/2008 11:44:28 AM | Attr = ] ??mantec -> %CommonProgramFiles%\Ѕуmantec -> [Folder | Modified Date = 2/9/2008 12:40:59 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = RH ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = S] Sun -> C:\Documents and Settings\Administrator\Application Data\Sun -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 2/4/2008 4:30:18 PM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 3/26/2007 10:34:36 AM | Attr = ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 8/11/2006 9:32:22 AM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 11/13/2007 6:51:45 PM | Attr = ] AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads -> [Folder | Modified Date = 8/18/2007 9:43:07 PM | Attr = ] AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [Folder | Modified Date = 8/27/2007 4:53:47 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 10/20/2005 4:02:46 PM | Attr = ] Autodesk -> C:\Documents and Settings\All Users\Application Data\Autodesk -> [Folder | Modified Date = 11/13/2007 9:49:05 PM | Attr = ] Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [Folder | Modified Date = 5/21/2007 6:13:51 PM | Attr = ] Creative -> C:\Documents and Settings\All Users\Application Data\Creative -> [Folder | Modified Date = 1/17/2007 1:25:16 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 9/21/2006 2:38:57 PM | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 2/6/2008 7:34:41 PM | Attr = ] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [Folder | Modified Date = 3/18/2006 10:53:50 AM | Attr = ] Macromedia -> C:\Documents and Settings\All Users\Application Data\Macromedia -> [Folder | Modified Date = 9/29/2006 8:39:37 PM | Attr = ] Macrovision -> C:\Documents and Settings\All Users\Application Data\Macrovision -> [Folder | Modified Date = 10/14/2004 6:49:21 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 11/13/2007 6:42:57 PM | Attr = S] MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 -> [Folder | Modified Date = 9/19/2004 10:09:52 AM | Attr = ] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [Folder | Modified Date = 7/16/2004 10:11:02 PM | Attr = ] RetroExp -> C:\Documents and Settings\All Users\Application Data\RetroExp -> [Folder | Modified Date = 11/13/2007 8:04:16 PM | Attr = ] RoboForm -> C:\Documents and Settings\All Users\Application Data\RoboForm -> [Folder | Modified Date = 2/4/2008 4:30:18 PM | Attr = ] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [Folder | Modified Date = 1/16/2004 3:43:58 PM | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 8/1/2004 7:16:56 PM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/7/2008 11:49:41 AM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 10/24/2004 5:15:42 PM | Attr = ] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 12/21/2007 4:37:33 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 1/13/2006 4:11:12 PM | Attr = ] Windows Live Toolbar -> C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar -> [Folder | Modified Date = 11/16/2006 1:50:30 PM | Attr = ] YAHOO -> C:\Documents and Settings\All Users\Application Data\YAHOO -> [Folder | Modified Date = 1/17/2007 1:27:23 PM | Attr = ] yahoo! -> C:\Documents and Settings\All Users\Application Data\yahoo! -> [Folder | Modified Date = 9/11/2005 9:46:43 AM | Attr = ] Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion -> [Folder | Modified Date = 9/11/2005 9:46:40 AM | Attr = ] C:\Documents and Settings\Ava\Application Data\ -> C:\Documents and Settings\Ava\Application Data -> [Folder | Modified Date = 9/23/2004 8:21:15 AM | Attr = RH ] Adobe -> C:\Documents and Settings\Ava\Application Data\Adobe -> [Folder | Modified Date = 8/11/2006 7:53:50 AM | Attr = ] Identities -> C:\Documents and Settings\Ava\Application Data\Identities -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = ] Ipswitch -> C:\Documents and Settings\Ava\Application Data\Ipswitch -> [Folder | Modified Date = 7/15/2004 9:53:43 PM | Attr = ] Macromedia -> C:\Documents and Settings\Ava\Application Data\Macromedia -> [Folder | Modified Date = 7/15/2004 9:53:59 PM | Attr = ] Microsoft -> C:\Documents and Settings\Ava\Application Data\Microsoft -> [Folder | Modified Date = 9/29/2004 6:39:00 PM | Attr = S] Real -> C:\Documents and Settings\Ava\Application Data\Real -> [Folder | Modified Date = 1/3/2005 8:41:12 PM | Attr = ] Sun -> C:\Documents and Settings\Ava\Application Data\Sun -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = ] C:\Documents and Settings\Dave\Application Data\ -> C:\Documents and Settings\Dave\Application Data -> [Folder | Modified Date = 2/7/2008 11:48:16 AM | Attr = RH ] ACD Systems -> C:\Documents and Settings\Dave\Application Data\ACD Systems -> [Folder | Modified Date = 9/4/2005 9:51:12 AM | Attr = ] Adobe -> C:\Documents and Settings\Dave\Application Data\Adobe -> [Folder | Modified Date = 1/21/2008 5:32:07 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Dave\Application Data\AdobeUM -> [Folder | Modified Date = 3/26/2007 10:21:19 AM | Attr = ] Apple Computer -> C:\Documents and Settings\Dave\Application Data\Apple Computer -> [Folder | Modified Date = 10/20/2005 4:08:55 PM | Attr = ] Autodesk -> C:\Documents and Settings\Dave\Application Data\Autodesk -> [Folder | Modified Date = 4/6/2005 6:39:03 PM | Attr = ] Azureus -> C:\Documents and Settings\Dave\Application Data\Azureus -> [Folder | Modified Date = 2/4/2008 4:27:26 PM | Attr = ] Creative -> C:\Documents and Settings\Dave\Application Data\Creative -> [Folder | Modified Date = 1/19/2007 5:22:24 PM | Attr = ] CyberLink -> C:\Documents and Settings\Dave\Application Data\CyberLink -> [Folder | Modified Date = 2/9/2006 7:32:08 PM | Attr = ] FrameFree -> C:\Documents and Settings\Dave\Application Data\FrameFree -> [Folder | Modified Date = 10/27/2006 6:28:41 PM | Attr = ] Google -> C:\Documents and Settings\Dave\Application Data\Google -> [Folder | Modified Date = 9/21/2006 4:40:51 PM | Attr = ] Grisoft -> C:\Documents and Settings\Dave\Application Data\Grisoft -> [Folder | Modified Date = 2/6/2008 7:36:17 PM | Attr = ] Help -> C:\Documents and Settings\Dave\Application Data\Help -> [Folder | Modified Date = 11/11/2005 8:58:01 AM | Attr = ] Identities -> C:\Documents and Settings\Dave\Application Data\Identities -> [Folder | Modified Date = 1/27/2005 6:34:45 PM | Attr = ] Intuit -> C:\Documents and Settings\Dave\Application Data\Intuit -> [Folder | Modified Date = 3/26/2006 2:56:33 PM | Attr = ] Ipswitch -> C:\Documents and Settings\Dave\Application Data\Ipswitch -> [Folder | Modified Date = 7/16/2004 6:24:42 AM | Attr = ] Leadertech -> C:\Documents and Settings\Dave\Application Data\Leadertech -> [Folder | Modified Date = 4/18/2004 3:13:27 PM | Attr = ] Macromedia -> C:\Documents and Settings\Dave\Application Data\Macromedia -> [Folder | Modified Date = 9/29/2006 8:42:12 PM | Attr = ] Microsoft -> C:\Documents and Settings\Dave\Application Data\Microsoft -> [Folder | Modified Date = 11/16/2006 1:50:27 PM | Attr = S] Microsoft Games -> C:\Documents and Settings\Dave\Application Data\Microsoft Games -> [Folder | Modified Date = 9/26/2005 4:11:54 PM | Attr = ] Move Networks -> C:\Documents and Settings\Dave\Application Data\Move Networks -> [Folder | Modified Date = 1/25/2008 2:47:28 PM | Attr = ] Opera -> C:\Documents and Settings\Dave\Application Data\Opera -> [Folder | Modified Date = 9/25/2006 7:00:13 PM | Attr = ] PC Tools -> C:\Documents and Settings\Dave\Application Data\PC Tools -> [Folder | Modified Date = 1/13/2006 1:52:50 PM | Attr = ] Real -> C:\Documents and Settings\Dave\Application Data\Real -> [Folder | Modified Date = 10/19/2004 6:35:27 PM | Attr = ] Reallusion -> C:\Documents and Settings\Dave\Application Data\Reallusion -> [Folder | Modified Date = 6/14/2006 12:39:53 PM | Attr = ] SecuROM -> C:\Documents and Settings\Dave\Application Data\SecuROM -> [Folder | Modified Date = 8/19/2005 9:26:50 PM | Attr = RH ] SmartFTP -> C:\Documents and Settings\Dave\Application Data\SmartFTP -> [Folder | Modified Date = 2/1/2006 3:39:40 PM | Attr = ] Sun -> C:\Documents and Settings\Dave\Application Data\Sun -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\Dave\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/7/2008 11:48:16 AM | Attr = ] Symantec -> C:\Documents and Settings\Dave\Application Data\Symantec -> [Folder | Modified Date = 1/16/2006 3:03:45 PM | Attr = ] temp -> C:\Documents and Settings\Dave\Application Data\temp -> [Folder | Modified Date = 6/14/2006 12:58:16 PM | Attr = ] Viewpoint -> C:\Documents and Settings\Dave\Application Data\Viewpoint -> [Folder | Modified Date = 12/21/2007 4:37:34 PM | Attr = ] vlc -> C:\Documents and Settings\Dave\Application Data\vlc -> [Folder | Modified Date = 7/29/2005 5:14:17 PM | Attr = ] ??mbols -> C:\Documents and Settings\Dave\Application Data\ѕуmbols -> [Folder | Modified Date = 2/7/2008 4:50:50 PM | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = S] Sun -> C:\Documents and Settings\Default User\Application Data\Sun -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = ] C:\Documents and Settings\Guest\Application Data\ -> C:\Documents and Settings\Guest\Application Data -> [Folder | Modified Date = 6/26/2005 8:14:59 AM | Attr = RH ] Identities -> C:\Documents and Settings\Guest\Application Data\Identities -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = ] Microsoft -> C:\Documents and Settings\Guest\Application Data\Microsoft -> [Folder | Modified Date = 6/21/2005 3:22:56 PM | Attr = S] Real -> C:\Documents and Settings\Guest\Application Data\Real -> [Folder | Modified Date = 11/14/2004 10:09:40 AM | Attr = ] Sun -> C:\Documents and Settings\Guest\Application Data\Sun -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = ] C:\Documents and Settings\Jessica\Application Data\ -> C:\Documents and Settings\Jessica\Application Data -> [Folder | Modified Date = 3/18/2006 10:55:12 AM | Attr = RH ] Adobe -> C:\Documents and Settings\Jessica\Application Data\Adobe -> [Folder | Modified Date = 8/11/2006 7:53:50 AM | Attr = ] AdobeUM -> C:\Documents and Settings\Jessica\Application Data\AdobeUM -> [Folder | Modified Date = 9/11/2005 4:07:14 PM | Attr = ] Aim -> C:\Documents and Settings\Jessica\Application Data\Aim -> [Folder | Modified Date = 10/22/2004 5:57:32 PM | Attr = ] Autodesk -> C:\Documents and Settings\Jessica\Application Data\Autodesk -> [Folder | Modified Date = 9/11/2005 2:52:57 PM | Attr = ] Help -> C:\Documents and Settings\Jessica\Application Data\Help -> [Folder | Modified Date = 7/10/2004 11:07:34 PM | Attr = ] Identities -> C:\Documents and Settings\Jessica\Application Data\Identities -> [Folder | Modified Date = 1/16/2004 3:10:34 PM | Attr = ] Intuit -> C:\Documents and Settings\Jessica\Application Data\Intuit -> [Folder | Modified Date = 3/18/2006 10:55:12 AM | Attr = ] Ipswitch -> C:\Documents and Settings\Jessica\Application Data\Ipswitch -> [Folder | Modified Date = 7/15/2004 6:40:11 PM | Attr = ] Macromedia -> C:\Documents and Settings\Jessica\Application Data\Macromedia -> [Folder | Modified Date = 7/8/2004 8:40:16 PM | Attr = ] Microsoft -> C:\Documents and Settings\Jessica\Application Data\Microsoft -> [Folder | Modified Date = 1/14/2007 5:17:19 PM | Attr = S] MSN6 -> C:\Documents and Settings\Jessica\Application Data\MSN6 -> [Folder | Modified Date = 9/19/2004 10:09:57 AM | Attr = ] PC Tools -> C:\Documents and Settings\Jessica\Application Data\PC Tools -> [Folder | Modified Date = 1/14/2006 12:23:04 PM | Attr = ] Real -> C:\Documents and Settings\Jessica\Application Data\Real -> [Folder | Modified Date = 10/12/2004 8:24:02 PM | Attr = ] Sun -> C:\Documents and Settings\Jessica\Application Data\Sun -> [Folder | Modified Date = 1/16/2004 3:35:38 PM | Attr = ] Symantec -> C:\Documents and Settings\Jessica\Application Data\Symantec -> [Folder | Modified Date = 10/24/2004 5:17:57 PM | Attr = ] Yahoo! Messenger -> C:\Documents and Settings\Jessica\Application Data\Yahoo! Messenger -> [Folder | Modified Date = 3/20/2005 3:12:27 PM | Attr = ] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 2/5/2008 12:58:55 PM | Attr = ] Intuit -> C:\Documents and Settings\LocalService\Application Data\Intuit -> [Folder | Modified Date = 10/4/2006 4:59:30 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 12/29/2006 9:35:36 AM | Attr = S] NetMon -> C:\Documents and Settings\LocalService\Application Data\NetMon -> [Folder | Modified Date = 2/5/2008 12:58:55 PM | Attr = ] Symantec -> C:\Documents and Settings\LocalService\Application Data\Symantec -> [Folder | Modified Date = 7/30/2007 9:05:23 AM | Attr = ] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 1/16/2004 3:10:32 PM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 9/2/2005 1:00:08 AM | Attr = S] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 2/22/2008 9:34:31 AM | Attr = S] Check Updates for Windows Live Toolbar.job -> C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 2/22/2008 9:55:03 AM | Attr = ] DESKTOP.INI -> C:\WINDOWS\Tasks\DESKTOP.INI -> [Ver = | Size = 65 bytes | Modified Date = 8/29/2002 6:00:00 AM | Attr = RH ] Norton AntiVirus - Scan my computer - Dave.job -> C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Dave.job -> [Ver = | Size = 546 bytes | Modified Date = 2/18/2008 2:00:00 AM | Attr = ] Norton AntiVirus - Scan my computer - Jessica.job -> C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jessica.job -> [Ver = | Size = 552 bytes | Modified Date = 2/15/2008 8:00:00 PM | Attr = ] QIC Autoupdate.job -> C:\WINDOWS\Tasks\QIC Autoupdate.job -> [Ver = | Size = 414 bytes | Modified Date = 2/22/2008 10:04:22 AM | Attr = ] QIC Messenger Bkup.job -> C:\WINDOWS\Tasks\QIC Messenger Bkup.job -> [Ver = | Size = 450 bytes | Modified Date = 2/22/2008 10:36:18 AM | Attr = ] QIC Messenger Periodic.job -> C:\WINDOWS\Tasks\QIC Messenger Periodic.job -> [Ver = | Size = 450 bytes | Modified Date = 2/22/2008 9:30:19 AM | Attr = ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/22/2008 10:36:12 AM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] C:\Program Files\Common Files\??mantec\ -> C:\Program Files\Common Files\Ѕуmantec -> [Folder | Modified Date = 2/9/2008 12:40:59 PM | Attr = ] C:\Documents and Settings\Dave\Application Data\??mbols\ -> C:\Documents and Settings\Dave\Application Data\ѕуmbols -> [Folder | Modified Date = 2/7/2008 4:50:50 PM | Attr = ] ??mbols -> C:\Documents and Settings\Dave\Application Data\ѕуmbols\ѕуmbols -> [Folder | Modified Date = 2/5/2008 12:59:13 PM | Attr = ] < End of report > [/code]