[code] WinPFind35 logfile created on: 25/02/2008 8:06:50 PM WinPFind35U Version 1.0.0.1 Folder = C:\Documents and Settings\User\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1023.22 Mb Total Physical Memory | 491.74 Mb Available Physical Memory | 48.06% Memory free 2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.39% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 42.88 Gb Total Space | 16.62 Gb Free Space | 38.77% Space Free | Partition Type: NTFS Drive D: | 190.00 Gb Total Space | 176.73 Gb Free Space | 93.02% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 74.53 Gb Total Space | 31.99 Gb Free Space | 42.92% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BOX Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 21/06/2007 10:54:46 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 2:09:16 PM | Attr = ] atkkbservice.exe -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 241152 bytes | Modified Date = 18/10/2005 4:00:10 PM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 28/10/2007 5:46:24 PM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 29/06/2007 5:14:50 PM | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21/12/2007 4:49:26 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8265 | Size = 143427 bytes | Modified Date = 14/12/2005 5:51:00 PM | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 21/06/2007 10:54:46 PM | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21/12/2007 4:49:25 PM | Attr = ] launch~1.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 15/06/2006 12:36:18 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/12/2007 12:10:26 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 26/08/2007 7:41:16 PM | Attr = ] pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (506) | Size = 1449984 bytes | Modified Date = 27/06/2006 4:21:14 PM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 AM | Attr = RHS] servicelayer.exe -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 5/06/2006 1:59:18 PM | Attr = ] mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> Nokia Corporation [Ver = 6.81.161.1 | Size = 471552 bytes | Modified Date = 9/06/2006 10:37:18 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/12/2007 12:10:16 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 21/02/2008 7:41:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 31/10/2007 2:09:16 PM | Attr = ] (ATKKeyboardService) ATK Keyboard Service [Win32_Own | Auto | Running] -> %SystemRoot%\ATKKBService.exe -> ASUSTeK COMPUTER INC. [Ver = 1, 0, 0, 0 | Size = 241152 bytes | Modified Date = 18/10/2005 4:00:10 PM | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 28/10/2007 5:46:24 PM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 29/06/2007 5:14:50 PM | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21/12/2007 4:49:26 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 11/08/2007 6:21:48 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/12/2007 12:10:16 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8265 | Size = 143427 bytes | Modified Date = 14/12/2005 5:51:00 PM | Attr = ] (sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.1.23 | Size = 708424 bytes | Modified Date = 11/08/2007 5:47:01 PM | Attr = ] (sdCoreService) Spyware Doctor Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.1.64 | Size = 1309264 bytes | Modified Date = 11/08/2007 5:48:26 PM | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 81, 60, 0 | Size = 174080 bytes | Modified Date = 5/06/2006 1:59:18 PM | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 21/06/2007 10:54:46 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 17/08/2001 2:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 4/08/2004 12:07:44 AM | Attr = ] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060701-2226) | Size = 36864 bytes | Modified Date = 1/07/2006 11:39:40 PM | Attr = ] (AmdLLD) AMD Low Level Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AmdLLD.sys -> AMD, Inc. [Ver = 1.0.0.0 | Size = 33280 bytes | Modified Date = 1/11/2006 3:42:14 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 17/08/2001 2:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 17/08/2001 2:51:58 PM | Attr = ] (asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\atkkbnt.sys -> ASUSTeK COMPUTER INC. [Ver = 1.0.0.1 | Size = 11008 bytes | Modified Date = 18/10/2005 4:01:38 PM | Attr = ] (AtcL001) NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\atl01_xp.sys -> Attansic Technology corporation. [Ver = 1.7.3790.7 | Size = 35840 bytes | Modified Date = 31/10/2006 2:10:06 PM | Attr = R ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 4/08/2004 9:29:28 AM | Attr = ] (autorun) autorun [Kernel | On_Demand | Stopped] -> %SystemDrive%\huadio.tmp -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 5311 bytes | Modified Date = 15/03/2005 1:23:53 AM | Attr = ] (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 28/10/2007 5:46:20 PM | Attr = ] (Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 29/06/2007 5:14:52 PM | Attr = ] (Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 29/06/2007 5:14:53 PM | Attr = ] (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21/12/2007 4:49:28 PM | Attr = ] (AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 29/06/2007 5:14:54 PM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 17/08/2001 1:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 17/08/2001 2:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] (EIO) EIO [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\EIO.sys -> ASUSTeK Computer Inc. [Ver = 1.91 | Size = 11264 bytes | Modified Date = 20/10/2005 3:00:00 AM | Attr = R ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 3:44:04 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 7/01/2005 6:07:18 PM | Attr = ] (IKFileFlt) File Filter Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 39376 bytes | Modified Date = 23/05/2007 5:58:38 PM | Attr = ] (IKFileSec) File Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1027 | Size = 53840 bytes | Modified Date = 23/05/2007 5:58:42 PM | Attr = ] (IkSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1019 | Size = 57424 bytes | Modified Date = 23/05/2007 5:58:46 PM | Attr = ] (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 83024 bytes | Modified Date = 23/05/2007 5:58:50 PM | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5294 built by: WinDDK | Size = 4377600 bytes | Modified Date = 7/09/2006 11:04:12 AM | Attr = R ] (kl1) kl1 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Modified Date = 31/05/2007 1:03:48 AM | Attr = ] (KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Modified Date = 31/05/2007 1:03:50 AM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 2:52:12 PM | Attr = ] (MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 13/08/2004 1:56:20 PM | Attr = R ] (mv614x) mv614x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mv614x.sys -> [Ver = | Size = 63232 bytes | Modified Date = 4/07/2006 4:21:54 AM | Attr = ] (Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.80.5.0 | Size = 8704 bytes | Modified Date = 29/05/2006 8:26:36 AM | Attr = ] (Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.80.5.0 | Size = 13312 bytes | Modified Date = 29/05/2006 8:26:36 AM | Attr = ] (Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.80.5.0 | Size = 127488 bytes | Modified Date = 29/05/2006 8:26:38 AM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8265 | Size = 3580480 bytes | Modified Date = 14/12/2005 5:51:00 PM | Attr = ] (nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0464 built by: WinDDK | Size = 67968 bytes | Modified Date = 2/09/2004 2:24:40 PM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 17/08/2001 2:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 17/08/2001 2:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 17/08/2001 2:52:18 PM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 4/08/2004 9:31:34 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 9:25:53 PM | Attr = ] (Si3114r5) SiI-3114 SoftRaid 5 Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Si3114r5.sys -> Silicon Image, Inc [Ver = 1, 1, 0, 0 | Size = 166400 bytes | Modified Date = 21/07/2004 12:02:00 PM | Attr = ] (SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SiWinAcc.sys -> Silicon Image, Inc. [Ver = 1.0.0.8 | Size = 10240 bytes | Modified Date = 15/10/2003 11:28:00 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 4/08/2004 12:07:44 AM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 3:07:44 PM | Attr = ] (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 172, 0 | Size = 50416 bytes | Modified Date = 11/06/2007 1:44:10 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 17/08/2001 3:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 17/08/2001 3:07:36 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 17/08/2001 3:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 17/08/2001 3:07:42 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 17/08/2001 2:52:22 PM | Attr = ] (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 31/10/2007 2:09:14 PM | Attr = ] (viamraid) viamraid [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\viamraid.sys -> VIA Technologies inc,.ltd [Ver = 5.1.2600.310 | Size = 74112 bytes | Modified Date = 18/05/2004 3:55:26 PM | Attr = ] (videX32) videX32 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\videX32.sys -> VIA Technologies, Inc. [Ver = 6.0.3790.160 | Size = 9216 bytes | Modified Date = 17/10/2006 11:22:26 PM | Attr = R ] (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Modified Date = 21/06/2007 10:54:52 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (xfilt) VIA SATA IDE Hot-plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\xfilt.sys -> VIA Technologies,Inc [Ver = 6.0.5728.160 | Size = 17920 bytes | Modified Date = 18/10/2006 8:39:58 PM | Attr = R ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe -> AMD [Ver = 1, 1, 1, 0 | Size = 77824 bytes | Modified Date = 17/11/2006 5:49:48 PM | Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21/12/2007 4:49:25 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/12/2007 12:10:26 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.8265 | Size = 7323648 bytes | Modified Date = 14/12/2005 5:51:00 PM | Attr = ] PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 81, 61, 4 | Size = 229376 bytes | Modified Date = 15/06/2006 12:36:18 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 10:56:54 AM | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 21/06/2007 10:54:46 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PcSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (506) | Size = 1449984 bytes | Modified Date = 27/06/2006 4:21:14 PM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 AM | Attr = RHS] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 26/08/2007 7:41:16 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 28/10/2007 5:46:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 28/10/2007 5:46:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 28/10/2007 5:46:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_Run -> %ProgramFiles%\Grisoft\AVG7\avgw.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.502 | Size = 219136 bytes | Modified Date = 28/10/2007 5:46:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PcSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (506) | Size = 1449984 bytes | Modified Date = 27/06/2006 4:21:14 PM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 AM | Attr = RHS] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 26/08/2007 7:41:16 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (226635 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.myspace.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\: Main\\Start Page -> http://www.myspace.com/ -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4223 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4233 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4233 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4233 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4233 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4233 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4233 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 3/11/2003 3:17:44 PM | Attr = ] {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mysidesearch_sidebar.dll [MySidesearch Search Assistant] -> [Ver = 1, 0, 1, 4 | Size = 335872 bytes | Modified Date = 9/02/2008 1:52:36 AM | Attr = ] {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iebrowserc.dll [BrowserCmp] -> [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 18/01/2008 9:06:18 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 AM | Attr = ] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\EWPBrowseLoader.dll [EWPBrowseObject Class] -> [Ver = 2, 6, 4, 1 | Size = 34304 bytes | Modified Date = 9/06/2006 3:37:54 PM | Attr = ] {733716E1-76D2-4003-AC39-845281C0EF85} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nsf4F.dll [dcads] -> [Ver = 4, 5, 1, 0 | Size = 233472 bytes | Modified Date = 9/02/2008 4:53:02 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 4:43:40 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 12:55:32 AM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 26/08/2007 7:41:16 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {315108E4-E3AF-460F-B264-F2ACC9E1ACEB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mysidesearch_sidebar.dll [SE Sidebar] -> [Ver = 1, 0, 1, 4 | Size = 335872 bytes | Modified Date = 9/02/2008 1:52:36 AM | Attr = ] < Internet Explorer Bars [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {315108E4-E3AF-460F-B264-F2ACC9E1ACEB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mysidesearch_sidebar.dll [SE Sidebar] -> [Ver = 1, 0, 1, 4 | Size = 335872 bytes | Modified Date = 9/02/2008 1:52:36 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 12:55:32 AM | Attr = R ] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 12:55:32 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/01/2007 12:55:32 AM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 14/03/2007 4:43:41 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 4:43:40 AM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\] > -> HKEY_USERS\S-1-5-21-2152018447-106238271-4083529351-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 9/06/2006 3:39:38 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {354F08CD-5EBB-4D10-AAC4-086C425ABA9A} -> (Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab[Java Plug-in 1.6.0_01] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 16/06/2005 4:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 26/04/2007 1:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 3:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 824 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 10983 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 11:44:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 1:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 5:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe -> C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe [C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner] -> [Ver = | Size = 118784 bytes | Modified Date = 31/05/2007 1:03:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 21/12/2007 4:49:27 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 28/10/2007 5:46:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 21/12/2007 4:49:25 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 21/12/2007 4:49:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 11:44:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent161.exe -> C:\Program Files\utorrent161.exe [C:\Program Files\utorrent161.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 19/03/2007 4:28:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [Ver = | Size = 159744 bytes | Modified Date = 22/06/2006 1:58:33 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 1:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 5:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 11/12/2007 12:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Alcmtr hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 4/05/2005 1:43:28 PM | Attr = R ] NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12/01/2006 4:40:44 PM | Attr = ] NvMediaCenter hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.10.8265 | Size = 86016 bytes | Modified Date = 14/12/2005 5:51:00 PM | Attr = ] nwiz hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 14/12/2005 5:51:00 PM | Attr = ] OpwareSE4 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe -> ScanSoft, Inc. [Ver = 15.0 | Size = 75304 bytes | Modified Date = 11/10/2006 1:45:12 PM | Attr = ] QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 10:56:54 AM | Attr = ] RTHDCPL hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.9.6 | Size = 16262656 bytes | Modified Date = 7/09/2006 6:44:20 AM | Attr = R ] SkyTel hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 17/05/2006 1:04:26 PM | Attr = R ] SSBkgdUpdate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe -> Nuance Communications, Inc. [Ver = 5,0,0,0 | Size = 185896 bytes | Modified Date = 28/09/2006 2:16:20 PM | Attr = ] SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 4:43:44 AM | Attr = ] [Files/Folders - Created Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 4/01/2008 4:02:46 PM | Attr = RH ] 1 C:\*.tmp files -> C:\*.tmp -> sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/12/2007 8:31:41 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/02/2008 5:10:43 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/12/2007 8:31:41 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/02/2008 5:10:43 PM | Attr = H ] usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 31/10/2007 2:09:14 PM | Attr = ] dcads-remove.exe -> %SystemRoot%\System32\dcads-remove.exe -> [Ver = | Size = 80112 bytes | Modified Date = 11/02/2008 8:14:03 AM | Attr = ] DcadsSocial-uninstall.exe -> %SystemRoot%\System32\DcadsSocial-uninstall.exe -> [Ver = | Size = 46300 bytes | Modified Date = 25/01/2008 3:01:01 PM | Attr = ] dcads_sidebar.dll -> %SystemRoot%\System32\dcads_sidebar.dll -> [Ver = 1, 0, 0, 8 | Size = 319488 bytes | Modified Date = 25/12/2007 12:07:08 AM | Attr = ] dcads_sidebar_uninstall.exe -> %SystemRoot%\System32\dcads_sidebar_uninstall.exe -> [Ver = | Size = 77360 bytes | Modified Date = 2/01/2008 4:03:21 PM | Attr = ] iebrowserc.dll -> %SystemRoot%\System32\iebrowserc.dll -> [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 18/01/2008 9:06:18 PM | Attr = ] mysidesearch_sidebar.dll -> %SystemRoot%\System32\mysidesearch_sidebar.dll -> [Ver = 1, 0, 1, 4 | Size = 335872 bytes | Modified Date = 9/02/2008 1:52:36 AM | Attr = ] mysidesearch_sidebar_uninstall.exe -> %SystemRoot%\System32\mysidesearch_sidebar_uninstall.exe -> [Ver = | Size = 84729 bytes | Modified Date = 9/02/2008 7:22:03 PM | Attr = ] nsf4F.dll -> %SystemRoot%\System32\nsf4F.dll -> [Ver = 4, 5, 1, 0 | Size = 233472 bytes | Modified Date = 9/02/2008 4:53:02 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Modified Date = 11/12/2007 10:57:06 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Modified Date = 11/12/2007 10:57:06 AM | Attr = ] superiorads-uninst.exe -> %SystemRoot%\System32\superiorads-uninst.exe -> [Ver = | Size = 40731 bytes | Modified Date = 2/01/2008 11:40:37 AM | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2537 bytes | Modified Date = 22/02/2008 9:31:44 PM | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 22/02/2008 9:24:03 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] urlredir.cfg -> %AppData%\urlredir.cfg -> [Ver = | Size = 209 bytes | Modified Date = 24/02/2008 6:49:14 PM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 28/12/2007 3:13:15 PM | Attr = ] Doc1.doc -> D:\My Documents\Doc1.doc -> [Ver = | Size = 62464 bytes | Modified Date = 10/12/2007 9:12:15 PM | Attr = ] The Pyramid Rock Festival.mht -> D:\My Documents\The Pyramid Rock Festival.mht -> [Ver = | Size = 181587 bytes | Modified Date = 11/12/2007 8:20:53 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 3/01/2008 8:32:32 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 28/12/2007 3:14:47 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 22/02/2008 9:36:55 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 25/02/2008 8:04:29 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 25/02/2008 7:59:26 PM | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 22/02/2008 9:43:54 PM | Attr = RH ] 1 C:\*.tmp files -> C:\*.tmp -> Program Files -> %ProgramFiles% -> [Folder | Modified Date = 24/02/2008 1:55:58 PM | Attr = R ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/12/2007 8:31:41 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 16/02/2008 5:10:43 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/12/2007 8:31:41 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 16/02/2008 5:10:43 PM | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 25/02/2008 7:01:48 AM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 21/12/2007 4:49:28 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 21/12/2007 4:49:22 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 22/02/2008 9:39:27 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 226635 bytes | Modified Date = 22/02/2008 9:39:27 PM | Attr = R ] hosts.20080222-213927.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080222-213927.backup -> [Ver = | Size = 226635 bytes | Modified Date = 22/02/2008 9:38:07 PM | Attr = R ] hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn -> [Ver = | Size = 226635 bytes | Modified Date = 22/02/2008 9:39:27 PM | Attr = R ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 42512416 bytes | Modified Date = 25/02/2008 7:59:27 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 503096 bytes | Modified Date = 25/02/2008 7:12:04 AM | Attr = HS] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 25/02/2008 5:25:09 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dcads-remove.exe -> %SystemRoot%\System32\dcads-remove.exe -> [Ver = | Size = 80112 bytes | Modified Date = 11/02/2008 8:14:03 AM | Attr = ] DcadsSocial-uninstall.exe -> %SystemRoot%\System32\DcadsSocial-uninstall.exe -> [Ver = | Size = 46300 bytes | Modified Date = 25/01/2008 3:01:01 PM | Attr = ] dcads_sidebar.dll -> %SystemRoot%\System32\dcads_sidebar.dll -> [Ver = 1, 0, 0, 8 | Size = 319488 bytes | Modified Date = 25/12/2007 12:07:08 AM | Attr = ] dcads_sidebar_uninstall.exe -> %SystemRoot%\System32\dcads_sidebar_uninstall.exe -> [Ver = | Size = 77360 bytes | Modified Date = 2/01/2008 4:03:21 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 25/02/2008 7:01:18 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 24/02/2008 9:45:50 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 28/12/2007 3:12:41 PM | Attr = ] iebrowserc.dll -> %SystemRoot%\System32\iebrowserc.dll -> [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 18/01/2008 9:06:18 PM | Attr = ] mysidesearch_sidebar.dll -> %SystemRoot%\System32\mysidesearch_sidebar.dll -> [Ver = 1, 0, 1, 4 | Size = 335872 bytes | Modified Date = 9/02/2008 1:52:36 AM | Attr = ] mysidesearch_sidebar_uninstall.exe -> %SystemRoot%\System32\mysidesearch_sidebar_uninstall.exe -> [Ver = | Size = 84729 bytes | Modified Date = 9/02/2008 7:22:03 PM | Attr = ] nsf4F.dll -> %SystemRoot%\System32\nsf4F.dll -> [Ver = 4, 5, 1, 0 | Size = 233472 bytes | Modified Date = 9/02/2008 4:53:02 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 61465 bytes | Modified Date = 25/02/2008 5:07:27 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Modified Date = 11/12/2007 10:57:06 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Modified Date = 11/12/2007 10:57:06 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 28/12/2007 3:12:39 PM | Attr = ] superiorads-uninst.exe -> %SystemRoot%\System32\superiorads-uninst.exe -> [Ver = | Size = 40731 bytes | Modified Date = 2/01/2008 11:40:37 AM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 53263 bytes | Modified Date = 25/02/2008 5:07:23 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 25/02/2008 5:07:38 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 24/02/2008 9:45:59 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 25/02/2008 5:06:50 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 28/01/2008 6:47:57 PM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 28/01/2008 6:55:09 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 24/02/2008 9:45:09 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 24/02/2008 9:45:57 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24/02/2008 9:46:05 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28/01/2008 6:55:10 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 25/02/2008 8:06:32 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 24/02/2008 8:40:59 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/02/2008 8:04:45 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 25/02/2008 5:07:39 PM | Attr = H ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 25/02/2008 7:01:18 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 28/12/2007 3:13:15 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 25/02/2008 5:07:26 PM | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2537 bytes | Modified Date = 22/02/2008 9:31:44 PM | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 22/02/2008 9:24:03 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 615 bytes | Modified Date = 19/02/2008 6:56:50 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 28/12/2007 3:13:03 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 22/02/2008 10:04:03 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/02/2008 5:07:06 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 24/02/2008 4:32:32 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 24/02/2008 4:32:32 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 30/06/2007 6:17:33 PM | Attr = ] aupd.exe -> C:\Documents and Settings\User\Local Settings\Temp\aupd.exe -> [Ver = | Size = 251560 bytes | Modified Date = 11/02/2008 8:14:01 AM | Attr = ] patch.exe -> C:\Documents and Settings\User\Local Settings\Temp\patch.exe -> [Ver = | Size = 35328 bytes | Modified Date = 29/10/2003 10:00:00 PM | Attr = R ] 247 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> setup.exe -> C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.5531\setup.exe -> [Ver = | Size = 1294773 bytes | Modified Date = 23/11/2007 6:11:50 PM | Attr = ] iTunesSetupAdmin[1].exe -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\DXHL3E2S\iTunesSetupAdmin[1].exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 116024 bytes | Modified Date = 30/06/2007 10:22:27 PM | Attr = ] patchw32.dll -> C:\Documents and Settings\User\Local Settings\Temp\patchw32.dll -> [Ver = | Size = 205312 bytes | Modified Date = 29/10/2003 10:00:00 PM | Attr = R ] 247 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> ISRT.DLL -> C:\Documents and Settings\User\Local Settings\Temp\{20D4A895-748C-4D88-871C-FDB1695B0169}\ISRT.DLL -> InstallShield Software Corporation [Ver = 7,04, 0, 377 | Size = 335872 bytes | Modified Date = 30/06/2007 3:33:16 PM | Attr = ] _ISRES.DLL -> C:\Documents and Settings\User\Local Settings\Temp\{20D4A895-748C-4D88-871C-FDB1695B0169}\_ISRES.DLL -> InstallShield Software Corporation [Ver = 7","04, 0, 248 | Size = 290816 bytes | Modified Date = 30/06/2007 3:33:16 PM | Attr = ] _ISUSER.DLL -> C:\Documents and Settings\User\Local Settings\Temp\{20D4A895-748C-4D88-871C-FDB1695B0169}\_ISUSER.DLL -> [Ver = | Size = 106496 bytes | Modified Date = 30/06/2007 3:33:16 PM | Attr = ] SecurityUtil.dll -> C:\Documents and Settings\User\Local Settings\Temp\is-S8NMU.tmp\SecurityUtil.dll -> [Ver = 2, 0, 0, 18 | Size = 86016 bytes | Modified Date = 27/09/2005 12:23:36 PM | Attr = ] index.dat -> C:\Documents and Settings\User\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 30/06/2007 10:30:25 PM | Attr = HS] index.dat -> C:\Documents and Settings\User\Local Settings\Temp\History\History.IE5\index.dat -> [Ver = | Size = 65536 bytes | Modified Date = 30/06/2007 10:18:09 PM | Attr = HS] index.dat -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 376832 bytes | Modified Date = 30/06/2007 10:18:09 PM | Attr = HS] IsConfig.INI -> C:\Documents and Settings\User\Local Settings\Temp\{20D4A895-748C-4D88-871C-FDB1695B0169}\IsConfig.INI -> [Ver = | Size = 10 bytes | Modified Date = 30/06/2007 3:33:16 PM | Attr = ] desktop.ini -> C:\Documents and Settings\User\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 30/06/2007 9:40:34 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 30/06/2007 9:40:34 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\DXHL3E2S\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 30/06/2007 9:40:34 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\J68NYFPD\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 30/06/2007 9:40:34 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\QRJTSRFN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 30/06/2007 9:40:34 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\RVXNJKBA\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 30/06/2007 9:40:34 PM | Attr = HS] Perflib_Perfdata_478.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_478.dat -> [Ver = | Size = 16384 bytes | Modified Date = 30/06/2007 6:17:55 PM | Attr = ] Perflib_Perfdata_9a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/06/2007 11:51:50 PM | Attr = ] 139 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = ] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4TENS5MR\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KLMBOPER\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S5MB01UJ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WDY7GHQN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 29/06/2007 3:38:13 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 22/02/2008 9:25:49 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Modified Date = 20/01/2008 4:17:38 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 23/02/2008 10:25:21 AM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 17/02/2008 4:45:56 PM | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 24/02/2008 6:49:29 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 23/02/2008 6:37:38 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 13/02/2008 11:13:23 AM | Attr = S] NMM-MetaData.db -> %AppData%\NMM-MetaData.db -> [Ver = | Size = 1714327 bytes | Modified Date = 24/12/2007 1:03:42 PM | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Modified Date = 24/12/2007 1:01:26 PM | Attr = ] urlredir.cfg -> %AppData%\urlredir.cfg -> [Ver = | Size = 209 bytes | Modified Date = 24/02/2008 6:49:14 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 24/02/2008 9:43:35 PM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 28/12/2007 3:13:15 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 16896 bytes | Modified Date = 24/02/2008 6:52:28 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 6395046 bytes | Modified Date = 28/12/2007 3:17:32 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 13/02/2008 11:13:11 AM | Attr = ] Doc1.doc -> D:\My Documents\Doc1.doc -> [Ver = | Size = 62464 bytes | Modified Date = 10/12/2007 9:12:15 PM | Attr = ] My Pictures -> D:\My Documents\My Pictures -> [Folder | Modified Date = 10/12/2007 9:10:12 PM | Attr = R ] My Received Files -> D:\My Documents\My Received Files -> [Folder | Modified Date = 20/02/2008 6:00:03 PM | Attr = ] My Sharing Folders.lnk -> D:\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 384 bytes | Modified Date = 25/02/2008 7:53:31 PM | Attr = ] The Pyramid Rock Festival.mht -> D:\My Documents\The Pyramid Rock Festival.mht -> [Ver = | Size = 181587 bytes | Modified Date = 11/12/2007 8:20:53 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 3/01/2008 8:32:32 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 28/12/2007 3:14:47 PM | Attr = ] Brendan's stuff -> %UserProfile%\Desktop\Brendan's stuff -> [Folder | Modified Date = 24/02/2008 4:04:40 PM | Attr = ] Brett's stuff -> %UserProfile%\Desktop\Brett's stuff -> [Folder | Modified Date = 25/02/2008 5:51:42 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 22/02/2008 9:36:55 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 13824 bytes | Modified Date = 9/01/2008 10:07:18 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 25/02/2008 8:04:29 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 25/02/2008 7:59:26 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 28/01/2008 6:55:09 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 15/03/2005 1:13:31 AM | Attr = RH ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 15/03/2005 1:10:17 AM | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 28/06/2007 11:11:34 PM | Attr = S] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 7/11/2007 9:02:34 PM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 29/06/2007 10:54:13 PM | Attr = ] Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [Folder | Modified Date = 29/06/2007 5:46:25 PM | Attr = ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 30/06/2007 10:25:03 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 30/06/2007 12:46:04 AM | Attr = ] avg7 -> C:\Documents and Settings\All Users\Application Data\avg7 -> [Folder | Modified Date = 22/02/2008 9:25:49 PM | Attr = ] CanonBJ -> C:\Documents and Settings\All Users\Application Data\CanonBJ -> [Folder | Modified Date = 30/06/2007 4:42:20 PM | Attr = H ] DVD Shrink -> C:\Documents and Settings\All Users\Application Data\DVD Shrink -> [Folder | Modified Date = 20/01/2008 4:17:38 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 11/08/2007 5:44:57 PM | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 29/06/2007 5:18:20 PM | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 30/06/2007 4:45:53 PM | Attr = ] MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [Folder | Modified Date = 29/06/2007 5:04:05 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 5/08/2007 8:09:54 PM | Attr = S] nView_Profiles -> C:\Documents and Settings\All Users\Application Data\nView_Profiles -> [Folder | Modified Date = 29/06/2007 4:32:53 PM | Attr = ] PC Suite -> C:\Documents and Settings\All Users\Application Data\PC Suite -> [Folder | Modified Date = 7/11/2007 9:03:06 PM | Attr = ] ScanSoft -> C:\Documents and Settings\All Users\Application Data\ScanSoft -> [Folder | Modified Date = 30/06/2007 4:45:48 PM | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 23/02/2008 10:25:21 AM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 29/06/2007 10:59:11 PM | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 15/03/2005 1:13:31 AM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 15/03/2005 1:10:17 AM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 28/06/2007 11:11:34 PM | Attr = S] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 29/06/2007 5:14:55 PM | Attr = ] AVG7 -> C:\Documents and Settings\LocalService\Application Data\AVG7 -> [Folder | Modified Date = 29/06/2007 5:14:55 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 29/06/2007 5:14:38 PM | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 15/03/2005 1:13:06 AM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 29/06/2007 5:14:38 PM | Attr = S] C:\Documents and Settings\User\Application Data\ -> C:\Documents and Settings\User\Application Data -> [Folder | Modified Date = 24/02/2008 6:49:14 PM | Attr = RH ] Adobe -> C:\Documents and Settings\User\Application Data\Adobe -> [Folder | Modified Date = 29/06/2007 11:10:10 PM | Attr = ] AdobeUM -> C:\Documents and Settings\User\Application Data\AdobeUM -> [Folder | Modified Date = 17/02/2008 4:45:56 PM | Attr = ] Ahead -> C:\Documents and Settings\User\Application Data\Ahead -> [Folder | Modified Date = 8/09/2007 7:10:10 PM | Attr = ] Apple Computer -> C:\Documents and Settings\User\Application Data\Apple Computer -> [Folder | Modified Date = 16/07/2007 1:14:35 PM | Attr = ] ArcSoft -> C:\Documents and Settings\User\Application Data\ArcSoft -> [Folder | Modified Date = 3/10/2007 11:50:27 AM | Attr = ] AVG7 -> C:\Documents and Settings\User\Application Data\AVG7 -> [Folder | Modified Date = 24/02/2008 6:49:29 PM | Attr = ] Canon -> C:\Documents and Settings\User\Application Data\Canon -> [Folder | Modified Date = 30/06/2007 5:07:01 PM | Attr = ] Datalayer -> C:\Documents and Settings\User\Application Data\Datalayer -> [Folder | Modified Date = 7/11/2007 9:18:03 PM | Attr = ] Google -> C:\Documents and Settings\User\Application Data\Google -> [Folder | Modified Date = 12/08/2007 8:39:11 PM | Attr = ] Identities -> C:\Documents and Settings\User\Application Data\Identities -> [Folder | Modified Date = 15/03/2005 1:10:17 AM | Attr = ] LimeWire -> C:\Documents and Settings\User\Application Data\LimeWire -> [Folder | Modified Date = 23/02/2008 6:37:38 PM | Attr = ] Macromedia -> C:\Documents and Settings\User\Application Data\Macromedia -> [Folder | Modified Date = 30/06/2007 10:29:26 PM | Attr = ] Media Player Classic -> C:\Documents and Settings\User\Application Data\Media Player Classic -> [Folder | Modified Date = 8/09/2007 4:24:10 PM | Attr = ] Microsoft -> C:\Documents and Settings\User\Application Data\Microsoft -> [Folder | Modified Date = 13/02/2008 11:13:23 AM | Attr = S] Nokia -> C:\Documents and Settings\User\Application Data\Nokia -> [Folder | Modified Date = 14/11/2007 9:28:37 AM | Attr = ] Nokia Multimedia Player -> C:\Documents and Settings\User\Application Data\Nokia Multimedia Player -> [Folder | Modified Date = 24/12/2007 1:01:26 PM | Attr = ] PC Suite -> C:\Documents and Settings\User\Application Data\PC Suite -> [Folder | Modified Date = 7/11/2007 9:03:09 PM | Attr = ] PC Tools -> C:\Documents and Settings\User\Application Data\PC Tools -> [Folder | Modified Date = 11/08/2007 5:44:57 PM | Attr = ] ScanSoft -> C:\Documents and Settings\User\Application Data\ScanSoft -> [Folder | Modified Date = 30/06/2007 4:45:51 PM | Attr = ] Sun -> C:\Documents and Settings\User\Application Data\Sun -> [Folder | Modified Date = 30/06/2007 9:30:20 PM | Attr = ] uTorrent -> C:\Documents and Settings\User\Application Data\uTorrent -> [Folder | Modified Date = 24/02/2008 9:43:35 PM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 28/12/2007 3:13:15 PM | Attr = S] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 22/02/2008 10:04:03 PM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 4/08/2004 11:00:00 PM | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/02/2008 5:07:06 PM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]