[code] OTScanIt logfile created on: 21/04/2008 6:36:44 PM OTScanIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Brendan\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1006.38 Mb Total Physical Memory | 524.60 Mb Available Physical Memory | 52.13% Memory free 2.35 Gb Paging File | 1.64 Gb Available in Paging File | 69.82% Paging File free Paging file location(s): C:\pagefile.sys 1500 3000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 112.29 Gb Total Space | 79.15 Gb Free Space | 70.48% Space Free | Partition Type: NTFS Drive D: | 112.76 Gb Total Space | 112.64 Gb Free Space | 99.90% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 363.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: RION Current User Name: Brendan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 02/08/2006 6:01:21 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 02/08/2006 6:01:21 PM | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 16/09/2005 8:27:12 PM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 16/09/2005 8:27:06 PM | Attr = ] sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 07/08/2006 5:03:02 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 17/01/2007 7:07:58 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 19/03/2008 5:08:58 PM | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 109344 bytes | Modified Date = 06/02/2007 5:45:26 PM | Attr = ] memcheck.exe -> %SystemDrive%\acer\Empowering Technology\ePerformance\MemCheck.exe -> Acer Inc. [Ver = 2.0.2008.0 | Size = 28672 bytes | Modified Date = 11/05/2006 7:22:48 PM | Attr = ] alertservice.exe -> %ProgramFiles%\Intel\IntelDH\CCU\AlertService.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 188416 bytes | Modified Date = 04/06/2006 8:51:32 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18/02/2008 11:16:30 AM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 7:03:42 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 3:17:08 PM | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 21/04/2008 1:20:59 AM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.0.1.1002 | Size = 90112 bytes | Modified Date = 06/07/2006 10:14:30 AM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.74.1 | Size = 73728 bytes | Modified Date = 17/02/2006 6:26:32 PM | Attr = ] navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 05/02/2006 2:03:16 AM | Attr = ] npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 05/02/2006 2:03:40 AM | Attr = ] pen_tablet.exe -> %SystemRoot%\system32\Pen_Tablet.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 1373480 bytes | Modified Date = 07/09/2007 12:16:18 PM | Attr = ] elservice.exe -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> Intel Corporation [Ver = 1.5.1.1029 | Size = 180224 bytes | Modified Date = 01/06/2006 8:31:20 PM | Attr = ] pen_tabletuser.exe -> %SystemRoot%\system32\WTablet\Pen_TabletUser.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 132392 bytes | Modified Date = 07/09/2007 12:16:50 PM | Attr = ] pen_tablet.exe -> %SystemRoot%\system32\Pen_Tablet.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 1373480 bytes | Modified Date = 07/09/2007 12:16:18 PM | Attr = ] issm.exe -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 77824 bytes | Modified Date = 04/06/2006 8:05:40 PM | Attr = ] mclserviceatl.exe -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 147456 bytes | Modified Date = 04/06/2006 8:19:22 PM | Attr = ] remote ui service.exe -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 397312 bytes | Modified Date = 04/06/2006 8:20:40 PM | Attr = ] mediaserver.exe -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [Ver = | Size = 25600 bytes | Modified Date = 26/05/2006 4:26:36 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.5 | Size = 132760 bytes | Modified Date = 14/06/2007 7:32:40 PM | Attr = ] sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.10.05 | Size = 544768 bytes | Modified Date = 05/06/2005 9:40:48 PM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.8.7 | Size = 16050176 bytes | Modified Date = 13/08/2006 7:00:04 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28/03/2008 11:37:20 PM | Attr = ] opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 08/05/2003 12:00:58 PM | Attr = ] intelhctagent.exe -> %CommonProgramFiles%\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe -> Intel Corporation [Ver = 2, 1, 2, 162 | Size = 375296 bytes | Modified Date = 29/03/2006 11:10:04 PM | Attr = ] lxcrmon.exe -> %ProgramFiles%\Lexmark 2400 Series\lxcrmon.exe -> [Ver = 0.1.25.0 | Size = 286720 bytes | Modified Date = 06/03/2006 1:48:46 PM | Attr = ] quickcam10.exe -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe -> [Ver = | Size = 774168 bytes | Modified Date = 08/02/2007 1:13:48 AM | Attr = ] communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> Logitech Inc. [Ver = 1.4.7.2031 | Size = 488984 bytes | Modified Date = 08/02/2007 1:12:48 AM | Attr = ] pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.106 | Size = 1103240 bytes | Modified Date = 01/02/2008 12:55:56 PM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 6.0.1.1002 | Size = 151552 bytes | Modified Date = 06/07/2006 10:15:00 AM | Attr = ] ezprint.exe -> %ProgramFiles%\Lexmark 2400 Series\ezprint.exe -> Lexmark International Inc. [Ver = 2.1.0.8 | Size = 98304 bytes | Modified Date = 07/02/2006 1:10:34 AM | Attr = ] eragent.exe -> %SystemDrive%\acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 01/06/2006 6:40:54 PM | Attr = ] edsloader.exe -> %SystemDrive%\acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2.2.0.46 | Size = 346112 bytes | Modified Date = 01/08/2006 1:02:46 AM | Attr = ] daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12/11/2006 6:48:46 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 16/09/2005 8:27:02 PM | Attr = ] sysmonitor.exe -> %SystemRoot%\system32\SysMonitor.exe -> [Ver = 1.0.1.0 | Size = 49152 bytes | Modified Date = 18/04/2006 11:54:50 PM | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 9:41:22 PM | Attr = ] skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07/12/2007 4:08:02 PM | Attr = R ] bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe -> [Ver = | Size = 43008 bytes | Modified Date = 07/09/2007 7:01:54 PM | Attr = ] aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 01/08/2006 4:35:36 PM | Attr = ] lvcomsx.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\LVComSX.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 252704 bytes | Modified Date = 06/02/2007 5:43:26 PM | Attr = ] acer.empowering.framework.launcher.exe -> %SystemDrive%\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe -> Acer Inc. [Ver = 2.3.2026.0 | Size = 45056 bytes | Modified Date = 03/08/2006 7:34:04 PM | Attr = ] zdwlan.exe -> %ProgramFiles%\Acer WLAN 11g USB Dongle\ZDWlan.exe -> X-Micro Technology Corp. [Ver = 2, 21, 0, 0 | Size = 745472 bytes | Modified Date = 16/11/2005 11:25:14 PM | Attr = ] ccu_engine.exe -> %ProgramFiles%\Intel\IntelDH\CCU\CCU_Engine.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 380928 bytes | Modified Date = 04/06/2006 8:51:58 PM | Attr = ] googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 21/04/2008 1:20:57 AM | Attr = ] nintendowfcreg.exe -> %ProgramFiles%\WiFiConnector\NintendoWFCReg.exe -> [Ver = 1, 0, 5, 2 | Size = 1073152 bytes | Modified Date = 16/11/2006 12:23:15 AM | Attr = ] lxcrcoms.exe -> %SystemRoot%\system32\lxcrcoms.exe -> [Ver = 99.99.99.99 | Size = 495616 bytes | Modified Date = 20/02/2006 3:23:08 PM | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 01/03/2007 6:11:28 PM | Attr = ] soffice.exe -> %ProgramFiles%\OpenOffice.org 2.3\program\soffice.exe -> OpenOffice.org [Ver = 2.03.9215 | Size = 2359296 bytes | Modified Date = 10/09/2007 10:47:20 PM | Attr = ] soffice.bin -> %ProgramFiles%\OpenOffice.org 2.3\program\soffice.bin -> OpenOffice.org [Ver = 2.03.9215 | Size = 2510848 bytes | Modified Date = 10/09/2007 10:48:26 PM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4670 | Size = 188416 bytes | Modified Date = 13/08/2006 6:37:00 PM | Attr = ] nscsrvce.exe -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 2:36:28 PM | Attr = ] skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.5.0.32 | Size = 2051016 bytes | Modified Date = 07/12/2007 4:08:02 PM | Attr = R ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 9:41:22 PM | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 9:41:22 PM | Attr = ] jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.5 | Size = 325272 bytes | Modified Date = 14/06/2007 7:32:39 PM | Attr = ] cocimanager.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 10.5.1.2029 | Size = 230936 bytes | Modified Date = 08/02/2007 1:12:20 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.10.1 | Size = 370176 bytes | Modified Date = 19/04/2008 10:27:54 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 19/03/2008 5:08:58 PM | Attr = ] (AcerMemUsageCheckService) Memory Check Service [Win32_Own | Auto | Running] -> %SystemDrive%\acer\Empowering Technology\ePerformance\MemCheck.exe -> Acer Inc. [Ver = 2.0.2008.0 | Size = 28672 bytes | Modified Date = 11/05/2006 7:22:48 PM | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 05/03/2007 5:46:05 PM | Attr = ] (AlertService) Intel(R) Alert Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\CCU\AlertService.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 188416 bytes | Modified Date = 04/06/2006 8:51:32 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18/02/2008 11:16:30 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 02/08/2006 6:01:21 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 02/08/2006 9:27:00 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.171 | Size = 100032 bytes | Modified Date = 25/07/2006 7:03:42 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 3:17:08 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 192112 bytes | Modified Date = 16/09/2005 8:27:06 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.1.17 | Size = 169584 bytes | Modified Date = 16/09/2005 8:27:12 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] (ELService) Intel(R) Quick Resume technology [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> Intel Corporation [Ver = 1.5.1.1029 | Size = 180224 bytes | Modified Date = 01/06/2006 8:31:20 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 21/04/2008 1:20:59 AM | Attr = ] (IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 6.0.1.1002 | Size = 90112 bytes | Modified Date = 06/07/2006 10:14:30 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 5:06:04 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (ISSM) Intel(R) Software Services Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 77824 bytes | Modified Date = 04/06/2006 8:05:40 PM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.74.1 | Size = 73728 bytes | Modified Date = 17/02/2006 6:26:32 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.171 | Size = 2119360 bytes | Modified Date = 25/07/2006 7:03:42 PM | Attr = ] (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 109344 bytes | Modified Date = 06/02/2007 5:45:26 PM | Attr = ] (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 105248 bytes | Modified Date = 06/02/2007 5:47:12 PM | Attr = ] (lxcr_device) lxcr_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\lxcrcoms.exe -> [Ver = 99.99.99.99 | Size = 495616 bytes | Modified Date = 20/02/2006 3:23:08 PM | Attr = ] (M1 Server) Intel(R) Viiv(TM) Media Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> [Ver = | Size = 25600 bytes | Modified Date = 26/05/2006 4:26:36 AM | Attr = ] (MCLServiceATL) Intel(R) Application Tracker [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 147456 bytes | Modified Date = 04/06/2006 8:19:22 PM | Attr = ] (navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 139936 bytes | Modified Date = 05/02/2006 2:03:16 AM | Attr = ] (NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 12.2.0.13 | Size = 46752 bytes | Modified Date = 05/02/2006 2:03:40 AM | Attr = ] (NSCService) Norton Protection Center Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 15/12/2006 2:36:28 PM | Attr = ] (Remote UI Service) Intel(R) Remoting Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> Intel Corporation [Ver = 1.5.188.49 | Size = 397312 bytes | Modified Date = 04/06/2006 8:20:40 PM | Attr = ] (SAVScan) Symantec AVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVScan.exe -> Symantec Corporation [Ver = 9.7.0.10 | Size = 198368 bytes | Modified Date = 26/08/2005 10:22:48 AM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 01/02/2008 12:55:54 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 01/02/2008 12:55:56 PM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 07/08/2006 5:03:02 PM | Attr = ] (SPBBCSvc) SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.1.0.4 | Size = 1160848 bytes | Modified Date = 11/05/2006 4:50:18 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 17/01/2007 7:07:58 PM | Attr = ] (TabletServicePen) TabletServicePen [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Pen_Tablet.exe -> Wacom Technology, Corp. [Ver = 5.0.5-7 | Size = 1373480 bytes | Modified Date = 07/09/2007 12:16:18 PM | Attr = ] [Driver Services - Non-Microsoft Only] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6631 | Size = 1681920 bytes | Modified Date = 02/08/2006 6:07:51 PM | Attr = ] (CamDrL) Logitech QuickCam Pro 3000(CamDrl) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Camdrl.sys -> Logitech Inc. [Ver = 10.5.1.2023 | Size = 1075360 bytes | Modified Date = 03/02/2007 10:25:56 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.4.21.0 built by: WinDDK | Size = 230400 bytes | Modified Date = 18/07/2006 7:42:16 PM | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 04/04/2007 4:00:00 AM | Attr = ] (ELacpi) ELacpi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ELacpi.sys -> Intel Corporation [Ver = 1.5.1.1029 | Size = 9728 bytes | Modified Date = 05/05/2006 4:45:48 PM | Attr = ] (ELhid) EL hid Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elhid.sys -> Intel Corporation [Ver = 1.5.1.1029 | Size = 10112 bytes | Modified Date = 05/05/2006 4:45:24 PM | Attr = ] (ELkbd) EL KB Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elkbd.sys -> Intel Corporation [Ver = 1.5.1.1029 | Size = 6912 bytes | Modified Date = 05/05/2006 4:45:28 PM | Attr = ] (ELmon) EL Monitor Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elmon.sys -> Intel Corporation [Ver = 1.5.1.1029 | Size = 7040 bytes | Modified Date = 05/05/2006 4:45:46 PM | Attr = ] (ELmou) EL Mouse Service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Elmou.sys -> Intel Corporation [Ver = 1.5.1.1029 | Size = 6400 bytes | Modified Date = 05/05/2006 4:45:26 PM | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 04/04/2007 4:00:00 AM | Attr = ] (genmcmnUSB) USB Scroll Mouse Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gflmouhid.sys -> [Ver = 6.09.01 | Size = 6656 bytes | Modified Date = 19/04/2004 4:01:00 PM | Attr = ] (GoProto) GoProto Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\goprot51.sys -> Gteko Ltd. [Ver = 2, 1, 0, 21 | Size = 29184 bytes | Modified Date = 04/01/2007 5:20:12 PM | Attr = ] (hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 17480 bytes | Modified Date = 24/03/2007 9:13:44 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 07/01/2005 8:07:18 PM | Attr = ] (HECI) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HECI.sys -> Intel Corporation [Ver = 2.0.15.1110 built by: WinDDK | Size = 43264 bytes | Modified Date = 18/06/2006 6:18:56 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4670 | Size = 1109568 bytes | Modified Date = 13/08/2006 8:00:00 PM | Attr = ] (iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 6.0.1.1002 | Size = 246784 bytes | Modified Date = 06/07/2006 9:59:42 AM | Attr = ] (IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 01/02/2008 12:55:52 PM | Attr = ] (IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 10/12/2007 2:53:28 PM | Attr = ] (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 10/12/2007 2:53:28 PM | Attr = ] (int15.sys) int15.sys [Kernel | On_Demand | Running] -> %SystemDrive%\acer\Empowering Technology\eRecovery\int15.sys -> [Ver = | Size = 69632 bytes | Modified Date = 13/01/2005 6:46:16 PM | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5286 built by: WinDDK | Size = 4368896 bytes | Modified Date = 14/08/2006 7:41:16 PM | Attr = ] (LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Lvckap.sys -> [Ver = | Size = 1691808 bytes | Modified Date = 06/02/2007 5:42:40 PM | Attr = ] (LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVMVdrv.sys -> Logitech Inc. [Ver = 10.5.1.2027 | Size = 1964064 bytes | Modified Date = 06/02/2007 5:44:36 PM | Attr = ] (LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LVPr2Mon.sys -> [Ver = | Size = 25632 bytes | Modified Date = 06/02/2007 5:45:04 PM | Attr = ] (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 10.5.1.2023 | Size = 41504 bytes | Modified Date = 03/02/2007 10:32:36 AM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070415.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 04/04/2007 4:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070415.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 04/04/2007 4:00:00 AM | Attr = ] (NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 6 | Size = 6144 bytes | Modified Date = 15/09/2006 6:46:02 PM | Attr = ] (psdfilter) psdfilter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psdfilter.sys -> HiTRUST [Ver = 2, 2, 0, 10 | Size = 12288 bytes | Modified Date = 08/04/2006 12:17:34 AM | Attr = ] (psdvdisk) psdvdisk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psdvdisk.sys -> HiTRUST [Ver = 2, 2, 0, 4 | Size = 60416 bytes | Modified Date = 08/03/2006 9:10:52 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 19/10/2007 8:56:10 PM | Attr = ] (RT25USBAP) Nintendo Wi-Fi USB Connector Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RT25USBAP.SYS -> Ralink Technology Inc. [Ver = 2.00.3.1 built by: WinDDK | Size = 162816 bytes | Modified Date = 10/04/2006 1:02:18 AM | Attr = ] (SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 334984 bytes | Modified Date = 26/08/2005 10:22:48 AM | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.0.10 | Size = 53896 bytes | Modified Date = 26/08/2005 10:22:50 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 6:25:53 AM | Attr = ] (smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smserial.sys -> Motorola Inc. [Ver = SM56 Rel. 6.10 Build 05 | Size = 925192 bytes | Modified Date = 05/06/2005 9:43:04 PM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.1.0.4 | Size = 389776 bytes | Modified Date = 11/05/2006 4:50:18 PM | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 639224 bytes | Modified Date = 05/03/2007 5:35:32 PM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 12992 bytes | Modified Date = 07/08/2006 5:01:56 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.0.20 | Size = 108168 bytes | Modified Date = 16/09/2005 8:20:06 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 110784 bytes | Modified Date = 07/08/2006 5:02:02 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 31936 bytes | Modified Date = 07/08/2006 5:02:18 PM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20080421.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 13/02/2008 12:18:19 PM | Attr = ] (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 04/01/2007 5:21:45 PM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 28352 bytes | Modified Date = 07/08/2006 5:02:14 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 07/08/2006 5:02:22 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 07/08/2006 5:02:26 PM | Attr = ] (TSHWMDTCP) TSHWMDTCP [File_System | On_Demand | Stopped] -> %ProgramFiles%\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -> [Ver = | Size = 4096 bytes | Modified Date = 05/06/2006 2:14:16 PM | Attr = ] (UBHelper) UBHelper [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\UBHelper.sys -> [Ver = | Size = 13952 bytes | Modified Date = 16/12/2004 10:14:44 PM | Attr = ] (USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbio.sys -> Thesycon GmbH, Germany [Ver = 1.42.572 | Size = 19805 bytes | Modified Date = 07/05/2001 6:56:02 AM | Attr = R ] (wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacommousefilter.sys -> Wacom Technology [Ver = 1.2.0002.0 | Size = 11312 bytes | Modified Date = 16/02/2007 12:12:36 PM | Attr = ] (wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacomvhid.sys -> Wacom Technology [Ver = 2.8.0000.0 | Size = 12848 bytes | Modified Date = 16/02/2007 11:30:12 AM | Attr = ] (WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WacomVKHid.sys -> Wacom Technology [Ver = 1.1.0000.0 | Size = 11440 bytes | Modified Date = 15/02/2007 5:11:28 PM | Attr = ] (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ZD1211BU.sys -> ZyDAS Technology Corporation [Ver = 6, 3, 0, 0 | Size = 402432 bytes | Modified Date = 28/10/2005 2:38:18 PM | Attr = ] (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ZD1211U.sys -> ZyDAS Technology Corporation [Ver = 4.11.0.0 | Size = 280064 bytes | Modified Date = 04/10/2005 6:38:24 PM | Attr = ] (ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ZDPSp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.02 | Size = 17664 bytes | Modified Date = 25/10/2004 4:40:58 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acer Empowering Technology Monitor -> %SystemRoot%\system32\SysMonitor.exe [C:\WINDOWS\system32\SysMonitor.exe] -> [Ver = 1.0.1.0 | Size = 49152 bytes | Modified Date = 18/04/2006 11:54:50 PM | Attr = ] Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 02/05/2005 11:43:28 PM | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"] -> [Ver = | Size = 90112 bytes | Modified Date = 10/05/2006 3:12:06 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["c:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 16/09/2005 8:27:02 PM | Attr = ] CCUTRAYICON -> %ProgramFiles%\Intel\IntelDH\CCU\CCU_TrayIcon.exe [C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe] -> Intel Corporation [Ver = 1.5.188.49 | Size = 303104 bytes | Modified Date = 04/06/2006 8:52:56 PM | Attr = ] DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12/11/2006 6:48:46 AM | Attr = ] eDataSecurity Loader -> %SystemDrive%\acer\Empowering Technology\eDataSecurity\eDSloader.exe [C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0] -> HiTRUST [Ver = 2.2.0.46 | Size = 346112 bytes | Modified Date = 01/08/2006 1:02:46 AM | Attr = ] eRecoveryService -> %SystemDrive%\acer\Empowering Technology\eRecovery\eRAgent.exe [C:\Acer\Empowering Technology\eRecovery\eRAgent.exe] -> Acer Inc. [Ver = 1.0.0.16 | Size = 413696 bytes | Modified Date = 01/06/2006 6:40:54 PM | Attr = ] EzPrint -> %ProgramFiles%\Lexmark 2400 Series\ezprint.exe ["C:\Program Files\Lexmark 2400 Series\ezprint.exe"] -> Lexmark International Inc. [Ver = 2.1.0.8 | Size = 98304 bytes | Modified Date = 07/02/2006 1:10:34 AM | Attr = ] FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe ["C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s] -> [Ver = 0.1.35.8 | Size = 290816 bytes | Modified Date = 02/02/2006 4:11:28 AM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4670 | Size = 114688 bytes | Modified Date = 13/08/2006 6:41:00 PM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] -> Intel Corporation [Ver = 6.0.1.1002 | Size = 151552 bytes | Modified Date = 06/07/2006 10:15:00 AM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4670 | Size = 98304 bytes | Modified Date = 13/08/2006 6:39:00 PM | Attr = ] ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.0.106 | Size = 1103240 bytes | Modified Date = 01/02/2008 12:55:56 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> File not found LaunchApp -> %SystemRoot%\Alaunch.exe [Alaunch] -> Acer Inc. [Ver = 2.2.0.3 | Size = 524288 bytes | Modified Date = 15/03/2006 5:56:22 PM | Attr = ] LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> Logitech Inc. [Ver = 1.4.7.2031 | Size = 488984 bytes | Modified Date = 08/02/2007 1:12:48 AM | Attr = ] LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe ["C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide] -> [Ver = | Size = 774168 bytes | Modified Date = 08/02/2007 1:13:48 AM | Attr = ] LXCRCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\lxcrtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16] -> [Ver = | Size = 65536 bytes | Modified Date = 24/02/2006 7:54:40 AM | Attr = ] lxcrmon.exe -> %ProgramFiles%\Lexmark 2400 Series\lxcrmon.exe ["C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"] -> [Ver = 0.1.25.0 | Size = 286720 bytes | Modified Date = 06/03/2006 1:48:46 PM | Attr = ] MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [Ver = | Size = 59392 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] NMSSupport -> %CommonProgramFiles%\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe ["C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup] -> Intel Corporation [Ver = 2, 1, 2, 162 | Size = 375296 bytes | Modified Date = 29/03/2006 11:10:04 PM | Attr = ] ntiMUI -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe] -> [Ver = | Size = 45056 bytes | Modified Date = 15/05/2006 2:15:06 PM | Attr = ] OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\opwareSE2.exe ["C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"] -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 08/05/2003 12:00:58 PM | Attr = ] Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4670 | Size = 94208 bytes | Modified Date = 13/08/2006 6:38:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28/03/2008 11:37:20 PM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.8.7 | Size = 16050176 bytes | Modified Date = 13/08/2006 7:00:04 PM | Attr = ] SkyTel -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 15/05/2006 11:04:26 PM | Attr = ] SMSERIAL -> %SystemRoot%\sm56hlpr.exe [sm56hlpr.exe] -> Motorola Inc. [Ver = 6.10.05 | Size = 544768 bytes | Modified Date = 05/06/2005 9:40:48 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.20.5 | Size = 132760 bytes | Modified Date = 14/06/2007 7:32:40 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> File not found BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> [Ver = | Size = 43008 bytes | Modified Date = 07/09/2007 7:01:54 PM | Attr = ] kxva -> %SystemRoot%\system32\kxvo.exe [C:\WINDOWS\system32\kxvo.exe] -> [Ver = | Size = 158813 bytes | Modified Date = 20/04/2008 10:53:02 PM | Attr = RHS] Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07/12/2007 4:08:02 PM | Attr = R ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,244 | Size = 4670968 bytes | Modified Date = 01/03/2007 6:11:26 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> File not found BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> [Ver = | Size = 43008 bytes | Modified Date = 07/09/2007 7:01:54 PM | Attr = ] kxva -> %SystemRoot%\system32\kxvo.exe [C:\WINDOWS\system32\kxvo.exe] -> [Ver = | Size = 158813 bytes | Modified Date = 20/04/2008 10:53:02 PM | Attr = RHS] Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07/12/2007 4:08:02 PM | Attr = R ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,244 | Size = 4670968 bytes | Modified Date = 01/03/2007 6:11:26 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Acer Empowering Technology.lnk -> %SystemDrive%\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe -> Acer Inc. [Ver = 2.3.2026.0 | Size = 45056 bytes | Modified Date = 03/08/2006 7:34:04 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk -> %ProgramFiles%\Acer WLAN 11g USB Dongle\ZDWlan.exe -> X-Micro Technology Corp. [Ver = 2, 21, 0, 0 | Size = 745472 bytes | Modified Date = 16/11/2005 11:25:14 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 7:44:06 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 21/04/2008 1:20:57 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk -> %ProgramFiles%\WiFiConnector\NintendoWFCReg.exe -> [Ver = 1, 0, 5, 2 | Size = 1073152 bytes | Modified Date = 16/11/2006 12:23:15 AM | Attr = ] < Brendan Startup Folder > -> C:\Documents and Settings\Brendan\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 8:16:50 PM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk -> %ProgramFiles%\OpenOffice.org 2.3\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 17/08/2007 11:57:56 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < IUSR_NMPR Startup Folder > -> C:\Documents and Settings\IUSR_NMPR\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 86016 bytes | Modified Date = 02/08/2006 6:02:23 PM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4670 | Size = 155648 bytes | Modified Date = 13/08/2006 6:37:00 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://en.ca.acer.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://en.ca.acer.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[msn] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[msn] -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\] > -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\: Main\\Search Bar -> -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\: Main\\Search Page -> http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\: Main\\Start Page -> http://global.acer.com -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 16/04/2001 5:39:02 PM | Attr = ] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 25/01/2006 10:51:16 AM | Attr = R ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.5 | Size = 509592 bytes | Modified Date = 14/06/2007 7:32:35 PM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 05/02/2006 2:03:32 AM | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 21/04/2008 1:21:00 AM | Attr = ] {CE7C3CF0-4B15-11D1-ABED-709549C10000} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieso0.dll [IEHlprObj Class] -> [Ver = | Size = 77824 bytes | Modified Date = 13/06/2007 6:23:07 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 25/01/2006 10:51:16 AM | Attr = R ] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 09/03/2006 2:44:00 AM | Attr = ] {C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 05/02/2006 2:03:32 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 09/03/2006 2:44:00 AM | Attr = ] WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 25/01/2006 10:51:16 AM | Attr = R ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 05/02/2006 2:03:32 AM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 2, 0, 28 | Size = 106496 bytes | Modified Date = 09/03/2006 2:44:00 AM | Attr = ] WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [Ver = | Size = 184320 bytes | Modified Date = 25/01/2006 10:51:16 AM | Attr = R ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 140960 bytes | Modified Date = 05/02/2006 2:03:32 AM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09/11/2006 4:21:53 PM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.5 | Size = 509592 bytes | Modified Date = 14/06/2007 7:32:35 PM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 01/08/2006 4:35:36 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09/11/2006 4:21:53 PM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 01/08/2006 4:35:36 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_10\bin\NPJPI150_10.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09/11/2006 4:21:53 PM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 01/08/2006 4:35:36 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\] > -> HKEY_USERS\S-1-5-21-452378960-2139398939-2434100432-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 01/08/2001 6:05:42 PM | Attr = ] < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {02A8E302-958D-4685-8F38-093B12C6648B} -> () -> {08723420-CFA0-4F77-B0AE-2AF699E64DB7} -> (1394 Net Adapter) -> {098D95BE-9811-48E9-AE20-A9A324CD3817} -> () -> {760EDEFC-ECA6-4523-B722-D0E1D4E5CFA6} -> (Nintendo Wi-Fi USB Connector) -> {BF032C9B-02C3-418D-B5B2-3BF076FC3C5D} -> (Intel(R) 82566DC Gigabit Network Connection) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 3:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 07/12/2007 4:08:02 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Acrobat 5.0\Reader] -> Adobe Systems Incorporated [Ver = 5.0.5.2001092400 | Size = 3891268 bytes | Modified Date = 24/09/2001 6:15:58 PM | Attr = ] ahc.exe -> %ProgramFiles%\Adobe\Adobe Help Center\ahc.exe [C:\Program Files\Adobe\Adobe Help Center\] -> Adobe Systems Incorporated [Ver = 1.0.0.793 | Size = 4460544 bytes | Modified Date = 15/03/2005 9:46:48 PM | Attr = R ] aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 01/08/2006 4:35:36 PM | Attr = ] ccApp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe [c:\Program Files\Common Files\Symantec Shared\;] -> Symantec Corporation [Ver = 104.0.1.17 | Size = 52848 bytes | Modified Date = 16/09/2005 8:27:02 PM | Attr = ] CdBak32.exe -> %ProgramFiles%\NewTech Infosystems\NTI Backup NOW! 4.5\CDBak32.exe [C:\Program Files\NewTech Infosystems\NTI Backup NOW! 4.5] -> NewTech InfoSystems, Inc. [Ver = 4, 5, 6, 0 | Size = 1331200 bytes | Modified Date = 12/05/2006 3:50:34 PM | Attr = ] Cdmkr32.exe -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe [c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\] -> NewTech Infosystems, Inc. [Ver = 7, 5, 0, 19 | Size = 1626112 bytes | Modified Date = 13/06/2006 5:59:30 PM | Attr = ] cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32] -> File not found collage.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found CSTBox.exe -> %ProgramFiles%\Canon\CanoScan Toolbox Ver4.9\CSTBox.exe [C:\Program Files\Canon\CanoScan Toolbox Ver4.9] -> CANON INC. [Ver = 4.9.3.1 | Size = 1249280 bytes | Modified Date = 09/08/2005 10:14:30 PM | Attr = ] faxctr.exe -> %ProgramFiles%\Lexmark Fax Solutions\FaxCtr.exe [C:\Program Files\Lexmark Fax Solutions] -> [Ver = 0.1.35.8 | Size = 667648 bytes | Modified Date = 02/02/2006 4:24:32 AM | Attr = ] FCC32.EXE -> [C:\Program Files\FirstClass] -> File not found firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox] -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 17/04/2008 9:16:09 AM | Attr = ] FirstClass® -> [C:\Program Files\FirstClass] -> File not found HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 21/04/2008 3:57:54 PM | Attr = ] HYDRAVISION -> [C:\Program Files\ATI Technologies\ATI HYDRAVISION] -> File not found hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe [Reg Error: Value Path does not exist or could not be read.] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] ImageReady.exe -> %ProgramFiles%\Adobe\Adobe Photoshop CS2\ImageReady.exe [C:\Program Files\Adobe\Adobe Photoshop CS2\] -> Adobe Systems Incorporated [Ver = Version 9.0x196 | Size = 19980288 bytes | Modified Date = 22/03/2005 4:41:12 AM | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found javaws.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_02\bin] -> Sun Microsystems, Inc. [Ver = 6.0.20.5 | Size = 139264 bytes | Modified Date = 14/06/2007 5:53:24 PM | Attr = ] LUALL.EXE -> %ProgramFiles%\Symantec\LiveUpdate\LUALL.EXE [C:\Program Files\Symantec\LiveUpdate] -> Symantec Corporation [Ver = 3.0.0.171 | Size = 1271488 bytes | Modified Date = 25/07/2006 7:03:42 PM | Attr = ] ModelFileHandler.exe -> %CommonProgramFiles%\LogiShrd\LQCVFX\ModelFileHandler.exe [C:\Program Files\Common Files\Logishrd\LQCVFX\] -> Logitech Inc. [Ver = 10.5.1.2029 | Size = 113688 bytes | Modified Date = 08/02/2007 1:13:48 AM | Attr = ] mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player"] -> File not found msimn.exe -> [%ProgramFiles%\Outlook Express] -> File not found NAVW32.EXE -> %ProgramFiles%\Norton AntiVirus\NAVW32.EXE [Reg Error: Value Path does not exist or could not be read.] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 173728 bytes | Modified Date = 05/02/2006 2:03:38 AM | Attr = ] NAVWNT.EXE -> %ProgramFiles%\Norton AntiVirus\NAVWNT.EXE [Reg Error: Value Path does not exist or could not be read.] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 36512 bytes | Modified Date = 05/02/2006 2:03:40 AM | Attr = ] NMain.exe -> %CommonProgramFiles%\Symantec Shared\NMain.exe [c:\Program Files\Common Files\Symantec Shared] -> Symantec Corporation [Ver = 104.0.1.17 | Size = 824944 bytes | Modified Date = 16/09/2005 8:27:16 PM | Attr = ] NMPlay70.exe -> %ProgramFiles%\NewTech Infosystems\NTI CD & DVD-Maker 7\NMPlay70.exe [c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\] -> [Ver = 2, 0, 0, 0 | Size = 294912 bytes | Modified Date = 21/09/2005 3:30:16 PM | Attr = ] PhEditor.exe -> %ProgramFiles%\Lexmark 2400 Series\pheditor.exe [C:\Program Files\Lexmark 2400 Series] -> Lexmark International, Inc. [Ver = 2.7.0.2 | Size = 421888 bytes | Modified Date = 16/01/2006 12:21:10 PM | Attr = ] PhotoEditor.exe -> %ProgramFiles%\Lexmark 2400 Series\pheditor.exe [C:\Program Files\Lexmark 2400 Series\PhEditor.exe] -> Lexmark International, Inc. [Ver = 2.7.0.2 | Size = 421888 bytes | Modified Date = 16/01/2006 12:21:10 PM | Attr = ] Photoshop.exe -> %ProgramFiles%\Adobe\Adobe Photoshop CS2\Photoshop.exe [C:\Program Files\Adobe\Adobe Photoshop CS2\] -> Adobe Systems, Incorporated [Ver = 9.0 (9.0x196) | Size = 19533824 bytes | Modified Date = 22/03/2005 5:29:36 AM | Attr = ] PhotoStudio.exe -> %ProgramFiles%\ArcSoft\PhotoStudio 5.5\PhotoStudio.exe [C:\Program Files\ArcSoft\PhotoStudio 5.5] -> ArcSoft, Inc. [Ver = 5.5.0.62 | Size = 876544 bytes | Modified Date = 11/01/2005 5:08:58 PM | Attr = ] Picture Slide DVD -> Reg Error: Value does not exist or could not be read. [C:\Program Files\Acer Zone\Picture Slide DVD] -> File not found PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\] -> Apple Inc. [Ver = 7.4.5 | Size = 548864 bytes | Modified Date = 28/03/2008 11:37:12 PM | Attr = ] pinball.exe -> %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE [C:\Program Files\Windows NT\Pinball] -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] Plug and Record -> Reg Error: Value does not exist or could not be read. [C:\Program Files\Acer Zone\Plug and Record] -> File not found PowerDVD -> %ProgramFiles%\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD] -> CyberLink Corp. [Ver = 6.00.2321 | Size = 516096 bytes | Modified Date = 21/11/2005 9:21:12 PM | Attr = ] PowerDVD.exe -> %ProgramFiles%\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD] -> CyberLink Corp. [Ver = 6.00.2321 | Size = 516096 bytes | Modified Date = 21/11/2005 9:21:12 PM | Attr = ] qconsole.exe -> %ProgramFiles%\Norton AntiVirus\QCONSOLE.EXE [c:\Program Files\Norton AntiVirus\; c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\] -> Symantec Corporation [Ver = 12.2.0.13 | Size = 231072 bytes | Modified Date = 05/02/2006 2:03:44 AM | Attr = ] Quickcam10.exe -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe [C:\Program Files\Logitech\QuickCam10\] -> [Ver = | Size = 774168 bytes | Modified Date = 08/02/2007 1:13:48 AM | Attr = ] QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\] -> Apple Inc. [Ver = 7.4.5 | Size = 7673136 bytes | Modified Date = 28/03/2008 11:37:46 PM | Attr = ] setup.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found SGST.exe -> %SystemRoot%\twain_32\CNQSG\SGST.exe [C:\WINDOWS\twain_32\CNQSG] -> CANON INC. [Ver = 1.1.1.1 | Size = 1441792 bytes | Modified Date = 22/08/2005 6:41:00 PM | Attr = ] soffice.exe -> %ProgramFiles%\OpenOffice.org 2.3\program\soffice.exe [C:\Program Files\OpenOffice.org 2.3\] -> OpenOffice.org [Ver = 2.03.9215 | Size = 2359296 bytes | Modified Date = 10/09/2007 10:47:20 PM | Attr = ] table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found wab.exe -> [%ProgramFiles%\Outlook Express] -> File not found wabmig.exe -> [%ProgramFiles%\Outlook Express] -> File not found WebcamSnapshot.exe -> %ProgramFiles%\Logitech\QuickCam10\QuickCam10.exe [C:\Program Files\Logitech\QuickCam10\] -> [Ver = | Size = 774168 bytes | Modified Date = 08/02/2007 1:13:48 AM | Attr = ] winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR] -> [Ver = | Size = 915968 bytes | Modified Date = 03/12/2006 3:52:48 PM | Attr = ] WORDPAD.EXE -> [Reg Error: Value Path does not exist or could not be read.] -> File not found WRITE.EXE -> [Reg Error: Value Path does not exist or could not be read.] -> File not found < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 928 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 148149 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Acer Zone\Picture Slide DVD\Component\CLSLDVD.exe -> C:\Program Files\Acer Zone\Picture Slide DVD\Component\CLSLDVD.exe [C:\Program Files\Acer Zone\Picture Slide DVD\Component\CLSLDVD.exe:*:Enabled:Cyberlink Picture Slide DVD workprocess] -> Cyberlink [Ver = 1.0.0.1304 | Size = 192512 bytes | Modified Date = 30/03/2006 6:13:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Acer Zone\Plug and Record\Component\ARAWP.exe -> C:\Program Files\Acer Zone\Plug and Record\Component\ARAWP.exe [C:\Program Files\Acer Zone\Plug and Record\Component\ARAWP.exe:*:Enabled:Cyberlink Plug and Record ARA workprocess] -> Cyberlink [Ver = 1.00.1305 | Size = 118784 bytes | Modified Date = 05/01/2006 9:45:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Acer Zone\Plug and Record\Component\DVAX2Process.exe -> C:\Program Files\Acer Zone\Plug and Record\Component\DVAX2Process.exe [C:\Program Files\Acer Zone\Plug and Record\Component\DVAX2Process.exe:*:Enabled:Cyberlink Plug and Record AVAX workprocess] -> [Ver = 1.00.1324 | Size = 61440 bytes | Modified Date = 24/01/2006 9:53:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe [C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM] -> [Ver = | Size = 61440 bytes | Modified Date = 05/06/2006 2:14:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -> C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel(R) Viiv(TM) Media Server] -> [Ver = | Size = 25600 bytes | Modified Date = 26/05/2006 4:26:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -> C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel(R) Remoting Service] -> Intel Corporation [Ver = 1.5.188.49 | Size = 397312 bytes | Modified Date = 04/06/2006 8:20:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe -> C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer] -> SQUARE ENIX CO., LTD. [Ver = 1.18.07 | Size = 1691648 bytes | Modified Date = 10/03/2008 10:38:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [Ver = | Size = 43008 bytes | Modified Date = 07/09/2007 7:01:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,244 | Size = 4670968 bytes | Modified Date = 01/03/2007 6:11:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 01/03/2007 6:11:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 12:24:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WiFiConnector\NintendoWFCReg.exe -> C:\Program Files\WiFiConnector\NintendoWFCReg.exe [C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector] -> [Ver = 1, 0, 5, 2 | Size = 1073152 bytes | Modified Date = 16/11/2006 12:23:15 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 6:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07/12/2007 4:08:02 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 3:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 12:39:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 12:39:50 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> [Files/Folders - Created Within 90 days] autorun.inf -> %SystemDrive%\autorun.inf -> [Ver = | Size = 485 bytes | Created Date = 21/04/2008 3:44:31 AM | Attr = RHS] ig.bat -> %SystemDrive%\ig.bat -> [Ver = | Size = 158168 bytes | Created Date = 18/04/2008 6:50:34 AM | Attr = RHS] oalvm.com -> %SystemDrive%\oalvm.com -> [Ver = | Size = 158813 bytes | Created Date = 20/04/2008 10:53:29 PM | Attr = RHS] w2ngo.com -> %SystemDrive%\w2ngo.com -> [Ver = | Size = 157006 bytes | Created Date = 18/04/2008 6:49:52 AM | Attr = RHS] xaul0q8u.bat -> %SystemDrive%\xaul0q8u.bat -> [Ver = | Size = 157398 bytes | Created Date = 18/04/2008 10:41:20 PM | Attr = RHS] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 21/04/2008 1:31:27 AM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 21/04/2008 1:31:27 AM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 21/04/2008 1:31:27 AM | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 21/04/2008 1:31:27 AM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 20/04/2008 11:11:36 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> en-us -> %SystemRoot%\System32\en-us -> [Folder | Created Date = 19/04/2008 12:00:10 AM | Attr = ] fool0.dll -> %SystemRoot%\System32\fool0.dll -> [Ver = | Size = 91648 bytes | Created Date = 18/04/2008 6:49:24 AM | Attr = RHS] fool1.dll -> %SystemRoot%\System32\fool1.dll -> [Ver = | Size = 91648 bytes | Created Date = 18/04/2008 6:50:08 AM | Attr = RHS] IM31IMG.DIL -> %SystemRoot%\System32\IM31IMG.DIL -> Data Techniques, Inc. [Ver = 7.20 | Size = 49152 bytes | Created Date = 28/02/2008 7:26:33 AM | Attr = ] IM31XPNG.DEL -> %SystemRoot%\System32\IM31XPNG.DEL -> Data Techniques, Inc. [Ver = 7.20 | Size = 98304 bytes | Created Date = 28/02/2008 7:26:33 AM | Attr = ] IM31XTIF.DEL -> %SystemRoot%\System32\IM31XTIF.DEL -> Data Techniques, Inc. [Ver = 7.20 | Size = 69632 bytes | Created Date = 28/02/2008 7:26:33 AM | Attr = ] IMGMAN32.DLL -> %SystemRoot%\System32\IMGMAN32.DLL -> Data Techniques, Inc. [Ver = 7.20 | Size = 339968 bytes | Created Date = 28/02/2008 7:26:33 AM | Attr = ] IMHOST32.DLL -> %SystemRoot%\System32\IMHOST32.DLL -> Data Techniques, Inc. [Ver = 7.20 | Size = 98345 bytes | Created Date = 28/02/2008 7:26:33 AM | Attr = ] kxvo.exe -> %SystemRoot%\System32\kxvo.exe -> [Ver = | Size = 158813 bytes | Created Date = 18/04/2008 6:49:24 AM | Attr = RHS] LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf -> [Ver = | Size = 26461 bytes | Created Date = 28/02/2008 7:24:26 AM | Attr = ] lxcr.loc -> %SystemRoot%\System32\lxcr.loc -> [Ver = | Size = 1688 bytes | Created Date = 28/02/2008 7:24:26 AM | Attr = ] lxcrcaps.dll -> %SystemRoot%\System32\lxcrcaps.dll -> [Ver = 0.1.25.0 | Size = 65536 bytes | Created Date = 28/02/2008 7:27:13 AM | Attr = ] LXCRcfg.dll -> %SystemRoot%\System32\LXCRcfg.dll -> Lexmark International [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Created Date = 28/02/2008 7:24:26 AM | Attr = ] lxcrcnv4.dll -> %SystemRoot%\System32\lxcrcnv4.dll -> [Ver = | Size = 61440 bytes | Created Date = 28/02/2008 7:27:12 AM | Attr = ] lxcrcoin.dll -> %SystemRoot%\System32\lxcrcoin.dll -> [Ver = | Size = 303104 bytes | Created Date = 28/02/2008 7:27:40 AM | Attr = ] lxcrcomc.dll -> %SystemRoot%\System32\lxcrcomc.dll -> [Ver = 99.99.99.99 | Size = 610304 bytes | Created Date = 28/02/2008 7:24:26 AM | Attr = ] lxcrcomm.dll -> %SystemRoot%\System32\lxcrcomm.dll -> [Ver = 99.99.99.99 | Size = 421888 bytes | Created Date = 28/02/2008 7:24:26 AM | Attr = ] lxcrcoms.exe -> %SystemRoot%\System32\lxcrcoms.exe -> [Ver = 99.99.99.99 | Size = 495616 bytes | Created Date = 28/02/2008 7:24:27 AM | Attr = ] lxcrcu.dll -> %SystemRoot%\System32\lxcrcu.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 73728 bytes | Created Date = 28/02/2008 7:24:27 AM | Attr = ] lxcrcub.dll -> %SystemRoot%\System32\lxcrcub.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 86016 bytes | Created Date = 28/02/2008 7:24:27 AM | Attr = ] lxcrcur.dll -> %SystemRoot%\System32\lxcrcur.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 36864 bytes | Created Date = 28/02/2008 7:24:27 AM | Attr = ] lxcrdrs.dll -> %SystemRoot%\System32\lxcrdrs.dll -> [Ver = 0.1.25.0 | Size = 692224 bytes | Created Date = 28/02/2008 7:27:13 AM | Attr = ] lxcrhelp.chm -> %SystemRoot%\System32\lxcrhelp.chm -> [Ver = | Size = 535647 bytes | Created Date = 28/02/2008 7:24:28 AM | Attr = ] lxcriesc.dll -> %SystemRoot%\System32\lxcriesc.dll -> [Ver = 99.99.99.99 | Size = 393216 bytes | Created Date = 28/02/2008 7:27:42 AM | Attr = ] lxcrih.exe -> %SystemRoot%\System32\lxcrih.exe -> [Ver = 99.99.99.99 | Size = 380928 bytes | Created Date = 28/02/2008 7:24:28 AM | Attr = ] lxcrinpa.dll -> %SystemRoot%\System32\lxcrinpa.dll -> [Ver = 99.99.99.99 | Size = 409600 bytes | Created Date = 28/02/2008 7:27:42 AM | Attr = ] lxcrins.dll -> %SystemRoot%\System32\lxcrins.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 155648 bytes | Created Date = 28/02/2008 7:24:28 AM | Attr = ] lxcrinsb.dll -> %SystemRoot%\System32\lxcrinsb.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 200704 bytes | Created Date = 28/02/2008 7:24:28 AM | Attr = ] lxcrinsr.dll -> %SystemRoot%\System32\lxcrinsr.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 106496 bytes | Created Date = 28/02/2008 7:24:28 AM | Attr = ] LXCRinst.dll -> %SystemRoot%\System32\LXCRinst.dll -> [Ver = | Size = 233472 bytes | Created Date = 28/02/2008 7:24:31 AM | Attr = ] lxcrjswr.dll -> %SystemRoot%\System32\lxcrjswr.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 139264 bytes | Created Date = 28/02/2008 7:24:29 AM | Attr = ] lxcrlmpm.dll -> %SystemRoot%\System32\lxcrlmpm.dll -> [Ver = 99.99.99.99 | Size = 536576 bytes | Created Date = 28/02/2008 7:24:29 AM | Attr = ] lxcrpmui.dll -> %SystemRoot%\System32\lxcrpmui.dll -> Lexmark International, Inc. [Ver = 99.99.99.99 | Size = 667648 bytes | Created Date = 28/02/2008 7:24:29 AM | Attr = ] lxcrpplc.dll -> %SystemRoot%\System32\lxcrpplc.dll -> [Ver = 99.99.99.99 | Size = 114688 bytes | Created Date = 28/02/2008 7:24:29 AM | Attr = ] lxcrprox.dll -> %SystemRoot%\System32\lxcrprox.dll -> [Ver = 99.99.99.99 | Size = 163840 bytes | Created Date = 28/02/2008 7:24:30 AM | Attr = ] lxcrserv.dll -> %SystemRoot%\System32\lxcrserv.dll -> [Ver = 99.99.99.99 | Size = 1183744 bytes | Created Date = 28/02/2008 7:24:30 AM | Attr = ] lxcrusb1.dll -> %SystemRoot%\System32\lxcrusb1.dll -> [Ver = 99.99.99.99 | Size = 995328 bytes | Created Date = 28/02/2008 7:24:30 AM | Attr = ] lxcrutil.dll -> %SystemRoot%\System32\lxcrutil.dll -> Lexmark International, Inc. [Ver = 2.153.141.0 | Size = 446464 bytes | Created Date = 28/02/2008 7:24:31 AM | Attr = ] lxcrvs.dll -> %SystemRoot%\System32\lxcrvs.dll -> [Ver = | Size = 40960 bytes | Created Date = 28/02/2008 7:27:45 AM | Attr = ] LXPMONRC.DLL -> %SystemRoot%\System32\LXPMONRC.DLL -> Lexmark International, Inc. [Ver = 0.1.35.8 | Size = 12288 bytes | Created Date = 28/02/2008 7:26:33 AM | Attr = ] LXPMONUI.DLL -> %SystemRoot%\System32\LXPMONUI.DLL -> [Ver = 0.1.35.8 | Size = 32768 bytes | Created Date = 28/02/2008 7:26:53 AM | Attr = ] LXPRMON.DLL -> %SystemRoot%\System32\LXPRMON.DLL -> [Ver = 0.1.35.8 | Size = 40960 bytes | Created Date = 28/02/2008 7:26:53 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 28/03/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 28/03/2008 11:37:26 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 19/04/2008 12:00:14 AM | Attr = ] CSTBox.INI -> %SystemRoot%\CSTBox.INI -> [Ver = | Size = 36363 bytes | Created Date = 03/02/2008 8:56:34 PM | Attr = ] IFinst27.exe -> %SystemRoot%\IFinst27.exe -> [Ver = | Size = 65536 bytes | Created Date = 06/03/2008 7:15:45 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Created Date = 08/04/2008 12:28:14 PM | Attr = ] FaxCtr -> %AllUsersProfile%\Application Data\FaxCtr -> [Folder | Created Date = 28/02/2008 7:26:17 AM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Created Date = 21/04/2008 1:20:59 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 21/04/2008 12:00:04 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 20/04/2008 11:56:25 PM | Attr = ] FaxCtr -> %AppData%\FaxCtr -> [Folder | Created Date = 07/03/2008 12:12:58 AM | Attr = ] Help -> %AppData%\Help -> [Folder | Created Date = 31/03/2008 3:39:23 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 21/04/2008 1:31:18 AM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 08/04/2008 12:28:32 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 31/03/2008 3:39:23 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1579130 bytes | Created Date = 07/03/2008 12:09:42 AM | Attr = H ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 18/04/2008 11:59:30 PM | Attr = ] MCE Logs -> %AllUsersProfile%\Documents\MCE Logs -> [Folder | Created Date = 27/02/2008 12:15:13 AM | Attr = HS] data.grf -> %UserProfile%\My Documents\data.grf -> [Ver = | Size = 316273038 bytes | Created Date = 30/03/2008 1:28:18 PM | Attr = ] data2 -> %UserProfile%\My Documents\data2 -> [Ver = | Size = 316273038 bytes | Created Date = 30/03/2008 1:32:44 PM | Attr = ] Good Building.jpg -> %UserProfile%\My Documents\Good Building.jpg -> [Ver = | Size = 567638 bytes | Created Date = 01/03/2008 9:03:23 AM | Attr = ] Picture 4690014.jpg -> %UserProfile%\My Documents\Picture 4690014.jpg -> [Ver = | Size = 678617 bytes | Created Date = 01/03/2008 9:25:45 AM | Attr = ] Rough Building GOOD.jpg -> %UserProfile%\My Documents\Rough Building GOOD.jpg -> [Ver = | Size = 8045734 bytes | Created Date = 01/03/2008 9:09:30 AM | Attr = ] Rough Building.jpg -> %UserProfile%\My Documents\Rough Building.jpg -> [Ver = | Size = 402243 bytes | Created Date = 01/03/2008 9:03:37 AM | Attr = ] Still Life 1.jpg -> %UserProfile%\My Documents\Still Life 1.jpg -> [Ver = | Size = 621283 bytes | Created Date = 01/03/2008 9:03:57 AM | Attr = ] Still Life 2.jpg -> %UserProfile%\My Documents\Still Life 2.jpg -> [Ver = | Size = 268694 bytes | Created Date = 01/03/2008 9:04:17 AM | Attr = ] texture -> %UserProfile%\My Documents\texture -> [Folder | Created Date = 30/03/2008 12:31:43 PM | Attr = ] xdata.grf -> %UserProfile%\My Documents\xdata.grf -> [Ver = | Size = 316273038 bytes | Created Date = 30/03/2008 1:58:58 PM | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1794 bytes | Created Date = 21/04/2008 12:00:08 AM | Attr = ] Lexmark Imaging Studio - 2400 Series.LNK -> %AllUsersProfile%\Desktop\Lexmark Imaging Studio - 2400 Series.LNK -> [Ver = | Size = 756 bytes | Created Date = 28/02/2008 7:38:43 AM | Attr = ] Brendan's Portfolio -> %UserProfile%\Desktop\Brendan's Portfolio -> [Folder | Created Date = 08/04/2008 5:54:02 PM | Attr = ] Charlie's Stuff -> %UserProfile%\Desktop\Charlie's Stuff -> [Folder | Created Date = 04/02/2008 9:16:51 PM | Attr = ] FFXI Manga -> %UserProfile%\Desktop\FFXI Manga -> [Folder | Created Date = 05/03/2008 9:32:45 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1738 bytes | Created Date = 21/04/2008 3:57:55 PM | Attr = ] Izumi Masuda - Distant Worlds (FINAL FANTASY XI Single) [Square Enix] -> %UserProfile%\Desktop\Izumi Masuda - Distant Worlds (FINAL FANTASY XI Single) [Square Enix] -> [Folder | Created Date = 06/03/2008 4:06:20 AM | Attr = ] letterofintent -> %UserProfile%\Desktop\letterofintent -> [Ver = | Size = 15880 bytes | Created Date = 10/04/2008 12:04:02 PM | Attr = ] letterofintent_print -> %UserProfile%\Desktop\letterofintent_print -> [Ver = | Size = 74240 bytes | Created Date = 10/04/2008 12:04:26 PM | Attr = ] My Playlists -> %UserProfile%\Desktop\My Playlists -> [Folder | Created Date = 03/03/2008 7:40:18 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 21/04/2008 6:33:49 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541296 bytes | Created Date = 21/04/2008 6:33:28 PM | Attr = ] Shortcut to RaijeRO.lnk -> %UserProfile%\Desktop\Shortcut to RaijeRO.lnk -> [Ver = | Size = 667 bytes | Created Date = 18/04/2008 10:41:29 PM | Attr = ] Shortcut to Skype.lnk -> %UserProfile%\Desktop\Shortcut to Skype.lnk -> [Ver = | Size = 660 bytes | Created Date = 11/02/2008 8:49:16 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 937 bytes | Created Date = 20/04/2008 11:56:28 PM | Attr = ] Super Smash Brothers Brawl -> %UserProfile%\Desktop\Super Smash Brothers Brawl -> [Folder | Created Date = 03/02/2008 8:07:43 AM | Attr = ] Unreleased FFXI -> %UserProfile%\Desktop\Unreleased FFXI -> [Folder | Created Date = 06/03/2008 7:19:16 PM | Attr = ] Acer Empowering Technology.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Acer Empowering Technology.lnk -> [Ver = | Size = 1585 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] Acer WLAN 11g USB Dongle.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk -> [Ver = | Size = 800 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1761 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> [Ver = | Size = 924 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] Run Nintendo Wi-Fi USB Connector Registration Tool.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk -> [Ver = | Size = 803 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 992 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] OpenOffice.org 2.3.lnk -> %UserProfile%\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk -> [Ver = | Size = 880 bytes | Created Date = 21/04/2008 5:32:15 PM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 08/04/2008 12:28:15 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 20/04/2008 11:58:51 PM | Attr = ] [Files/Folders - Modified Within 90 days] autorun.inf -> %SystemDrive%\autorun.inf -> [Ver = | Size = 485 bytes | Modified Date = 21/04/2008 6:36:49 PM | Attr = RHS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 21/04/2008 5:32:19 PM | Attr = RHS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1055342592 bytes | Modified Date = 21/04/2008 5:33:25 PM | Attr = HS] ig.bat -> %SystemDrive%\ig.bat -> [Ver = | Size = 158168 bytes | Modified Date = 18/04/2008 6:50:08 AM | Attr = RHS] oalvm.com -> %SystemDrive%\oalvm.com -> [Ver = | Size = 158813 bytes | Modified Date = 20/04/2008 10:53:02 PM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 21/04/2008 3:57:54 PM | Attr = R ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 27/02/2008 12:31:58 AM | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 208 bytes | Modified Date = 27/02/2008 1:57:19 AM | Attr = H ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 28/02/2008 7:33:54 AM | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 15/04/2008 6:50:47 AM | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 26/02/2008 3:28:24 AM | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 27/02/2008 12:31:58 AM | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 172 bytes | Modified Date = 27/02/2008 1:57:19 AM | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 28/02/2008 7:33:54 AM | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 15/04/2008 6:50:47 AM | Attr = H ] w2ngo.com -> %SystemDrive%\w2ngo.com -> [Ver = | Size = 157006 bytes | Modified Date = 13/04/2008 1:10:38 PM | Attr = RHS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 21/04/2008 5:40:12 PM | Attr = ] xaul0q8u.bat -> %SystemDrive%\xaul0q8u.bat -> [Ver = | Size = 157398 bytes | Modified Date = 18/04/2008 10:40:53 PM | Attr = RHS] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 01/02/2008 12:55:52 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 20/04/2008 11:11:36 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 21/04/2008 5:40:34 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 21/04/2008 5:44:10 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 20/04/2008 11:28:15 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 21/04/2008 3:53:13 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 08/04/2008 12:28:26 PM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Modified Date = 19/04/2008 12:00:16 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 173080 bytes | Modified Date = 19/04/2008 12:06:07 AM | Attr = ] fool0.dll -> %SystemRoot%\System32\fool0.dll -> [Ver = | Size = 91648 bytes | Modified Date = 21/04/2008 5:35:43 PM | Attr = RHS] fool1.dll -> %SystemRoot%\System32\fool1.dll -> [Ver = | Size = 91648 bytes | Modified Date = 20/04/2008 10:53:03 PM | Attr = RHS] kxvo.exe -> %SystemRoot%\System32\kxvo.exe -> [Ver = | Size = 158813 bytes | Modified Date = 20/04/2008 10:53:02 PM | Attr = RHS] LexFiles.ulf -> %SystemRoot%\System32\LexFiles.ulf -> [Ver = | Size = 26461 bytes | Modified Date = 28/02/2008 7:38:00 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72184 bytes | Modified Date = 21/04/2008 1:32:30 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 443296 bytes | Modified Date = 21/04/2008 1:32:30 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 524780 bytes | Modified Date = 21/04/2008 1:32:30 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Modified Date = 28/03/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Modified Date = 28/03/2008 11:37:26 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 18/04/2008 11:59:48 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 21/04/2008 5:35:34 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 19/04/2008 12:00:14 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 20/04/2008 10:52:59 PM | Attr = H ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 19/04/2008 2:01:41 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21/04/2008 5:33:37 PM | Attr = S] CSTBox.INI -> %SystemRoot%\CSTBox.INI -> [Ver = | Size = 36363 bytes | Modified Date = 03/02/2008 8:56:34 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 19/04/2008 12:00:17 AM | Attr = R S] IFinst27.exe -> %SystemRoot%\IFinst27.exe -> [Ver = | Size = 65536 bytes | Modified Date = 07/03/2008 12:34:07 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 18/04/2008 11:59:23 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 20/04/2008 11:28:21 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 21/04/2008 12:00:17 AM | Attr = HS] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 19/04/2008 1:59:17 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 21/04/2008 6:34:19 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 21/04/2008 5:32:15 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 21/04/2008 5:34:38 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 07/03/2008 12:10:30 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 21/04/2008 5:32:19 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 21/04/2008 5:35:43 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 21/04/2008 5:37:47 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 28/02/2008 7:27:18 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 539 bytes | Modified Date = 21/04/2008 5:32:19 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 19/04/2008 12:01:07 AM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 258 bytes | Modified Date = 21/04/2008 6:08:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 21/04/2008 5:34:07 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5480 bytes | Modified Date = 21/04/2008 1:25:07 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 21/04/2008 1:25:07 AM | Attr = ] Perflib_Perfdata_1630.dat -> C:\Documents and Settings\Brendan\Local Settings\Temp\Perflib_Perfdata_1630.dat -> [Ver = | Size = 16384 bytes | Modified Date = 21/04/2008 5:40:27 PM | Attr = ] Perflib_Perfdata_16f8.dat -> C:\Documents and Settings\Brendan\Local Settings\Temp\Perflib_Perfdata_16f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 21/04/2008 5:40:28 PM | Attr = ] Perflib_Perfdata_c00.dat -> C:\Documents and Settings\Brendan\Local Settings\Temp\Perflib_Perfdata_c00.dat -> [Ver = | Size = 16384 bytes | Modified Date = 21/04/2008 5:35:39 PM | Attr = ] 1 C:\Documents and Settings\Brendan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Brendan\Local Settings\Temp\*.tmp -> DetectPCI.exe -> C:\WINDOWS\temp\LVENCODER\DetectPCI.exe -> Acer Inc. [Ver = 1.0.0.1 | Size = 147456 bytes | Modified Date = 27/11/2003 5:24:44 PM | Attr = ] setup.exe -> C:\WINDOWS\temp\LVENCODER\setup.exe -> [Ver = | Size = 987122 bytes | Modified Date = 22/08/2006 5:40:46 PM | Attr = ] Perflib_Perfdata_26b0.dat -> C:\WINDOWS\temp\Perflib_Perfdata_26b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 19/04/2008 12:01:54 AM | Attr = ] 16 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> index.dat -> C:\WINDOWS\temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = ] index.dat -> C:\WINDOWS\temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = ] index.dat -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = ] desktop.ini -> C:\WINDOWS\temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = HS] DetectPCI.ini -> C:\WINDOWS\temp\LVENCODER\DetectPCI.ini -> [Ver = | Size = 192 bytes | Modified Date = 04/01/2007 5:19:02 PM | Attr = ] OEMCust.ini -> C:\WINDOWS\temp\LVENCODER\OEMCust.ini -> [Ver = | Size = 154 bytes | Modified Date = 31/10/2005 10:17:26 PM | Attr = ] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = HS] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\0JKZ05OP\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = HS] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\23I5SP45\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = HS] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\85S7QVAP\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = HS] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\GVI1YZ0N\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 04/01/2007 5:11:31 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Modified Date = 08/04/2008 12:28:14 PM | Attr = ] FaxCtr -> %AllUsersProfile%\Application Data\FaxCtr -> [Folder | Modified Date = 28/02/2008 7:26:17 AM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 21/04/2008 2:38:32 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 21/04/2008 12:00:12 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 20/04/2008 11:58:48 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 21/04/2008 5:36:29 PM | Attr = ] @Alternate Data Stream - 523 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 yahoo! -> %AllUsersProfile%\Application Data\yahoo! -> [Folder | Modified Date = 21/04/2008 1:19:20 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 30/03/2008 12:22:19 PM | Attr = ] FaxCtr -> %AppData%\FaxCtr -> [Folder | Modified Date = 08/04/2008 5:42:34 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 31/03/2008 3:39:23 PM | Attr = ] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 21/04/2008 5:39:55 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 21/04/2008 1:31:18 AM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 21/04/2008 6:36:23 PM | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Modified Date = 21/04/2008 5:38:53 PM | Attr = ] WTablet -> %AppData%\WTablet -> [Folder | Modified Date = 21/04/2008 5:34:26 PM | Attr = ] yahoo! -> %AppData%\yahoo! -> [Folder | Modified Date = 21/04/2008 1:19:20 AM | Attr = RH ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 08/04/2008 12:28:32 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 21/04/2008 5:38:40 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 11264 bytes | Modified Date = 18/04/2008 5:06:09 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 37768 bytes | Modified Date = 21/04/2008 5:36:05 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 31/03/2008 3:39:23 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1579130 bytes | Modified Date = 21/04/2008 5:32:21 PM | Attr = H ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 18/04/2008 11:59:30 PM | Attr = ] MCE Logs -> %AllUsersProfile%\Documents\MCE Logs -> [Folder | Modified Date = 27/02/2008 12:15:13 AM | Attr = HS] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 22/03/2008 10:16:14 AM | Attr = R ] Recorded TV -> %AllUsersProfile%\Documents\Recorded TV -> [Folder | Modified Date = 22/03/2008 10:16:31 AM | Attr = ] BitTorrent Downloads -> %UserProfile%\My Documents\BitTorrent Downloads -> [Folder | Modified Date = 13/04/2008 4:47:41 AM | Attr = ] data.grf -> %UserProfile%\My Documents\data.grf -> [Ver = | Size = 316273038 bytes | Modified Date = 30/03/2008 1:31:31 PM | Attr = ] data2 -> %UserProfile%\My Documents\data2 -> [Ver = | Size = 316273038 bytes | Modified Date = 30/03/2008 1:35:47 PM | Attr = ] filelib -> %UserProfile%\My Documents\filelib -> [Folder | Modified Date = 03/03/2008 5:18:11 AM | Attr = ] Good Building.jpg -> %UserProfile%\My Documents\Good Building.jpg -> [Ver = | Size = 567638 bytes | Modified Date = 01/03/2008 9:23:52 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 21/04/2008 1:19:21 AM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 21/04/2008 1:19:21 AM | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 586 bytes | Modified Date = 21/04/2008 3:52:49 PM | Attr = ] Picture 4690014.jpg -> %UserProfile%\My Documents\Picture 4690014.jpg -> [Ver = | Size = 678617 bytes | Modified Date = 01/03/2008 9:34:47 AM | Attr = ] Rough Building GOOD.jpg -> %UserProfile%\My Documents\Rough Building GOOD.jpg -> [Ver = | Size = 8045734 bytes | Modified Date = 01/03/2008 9:31:04 AM | Attr = ] Rough Building.jpg -> %UserProfile%\My Documents\Rough Building.jpg -> [Ver = | Size = 402243 bytes | Modified Date = 01/03/2008 9:07:02 AM | Attr = ] Still Life 1.jpg -> %UserProfile%\My Documents\Still Life 1.jpg -> [Ver = | Size = 621283 bytes | Modified Date = 01/03/2008 9:23:49 AM | Attr = ] Still Life 2.jpg -> %UserProfile%\My Documents\Still Life 2.jpg -> [Ver = | Size = 268694 bytes | Modified Date = 01/03/2008 9:06:20 AM | Attr = ] texture -> %UserProfile%\My Documents\texture -> [Folder | Modified Date = 30/03/2008 12:41:43 PM | Attr = ] xdata.grf -> %UserProfile%\My Documents\xdata.grf -> [Ver = | Size = 316273038 bytes | Modified Date = 30/03/2008 2:02:07 PM | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1794 bytes | Modified Date = 21/04/2008 12:00:08 AM | Attr = ] Lexmark Imaging Studio - 2400 Series.LNK -> %AllUsersProfile%\Desktop\Lexmark Imaging Studio - 2400 Series.LNK -> [Ver = | Size = 756 bytes | Modified Date = 28/02/2008 7:38:43 AM | Attr = ] Artwork -> %UserProfile%\Desktop\Artwork -> [Folder | Modified Date = 08/04/2008 5:47:14 PM | Attr = ] Brendan's Portfolio -> %UserProfile%\Desktop\Brendan's Portfolio -> [Folder | Modified Date = 08/04/2008 6:00:14 PM | Attr = ] Charlie's Stuff -> %UserProfile%\Desktop\Charlie's Stuff -> [Folder | Modified Date = 08/04/2008 5:48:03 PM | Attr = ] FFXI -> %UserProfile%\Desktop\FFXI -> [Folder | Modified Date = 08/04/2008 5:49:22 PM | Attr = ] FFXI Manga -> %UserProfile%\Desktop\FFXI Manga -> [Folder | Modified Date = 08/04/2008 5:49:07 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1738 bytes | Modified Date = 21/04/2008 3:57:55 PM | Attr = ] letterofintent -> %UserProfile%\Desktop\letterofintent -> [Ver = | Size = 15880 bytes | Modified Date = 10/04/2008 12:04:02 PM | Attr = ] letterofintent_print -> %UserProfile%\Desktop\letterofintent_print -> [Ver = | Size = 74240 bytes | Modified Date = 10/04/2008 12:04:28 PM | Attr = ] My Playlists -> %UserProfile%\Desktop\My Playlists -> [Folder | Modified Date = 03/03/2008 7:40:26 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 21/04/2008 6:33:49 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541296 bytes | Modified Date = 21/04/2008 6:33:10 PM | Attr = ] Shortcut to RaijeRO.lnk -> %UserProfile%\Desktop\Shortcut to RaijeRO.lnk -> [Ver = | Size = 667 bytes | Modified Date = 18/04/2008 10:41:29 PM | Attr = ] Shortcut to Skype.lnk -> %UserProfile%\Desktop\Shortcut to Skype.lnk -> [Ver = | Size = 660 bytes | Modified Date = 11/02/2008 8:49:16 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 937 bytes | Modified Date = 20/04/2008 11:56:28 PM | Attr = ] Super Smash Brothers Brawl -> %UserProfile%\Desktop\Super Smash Brothers Brawl -> [Folder | Modified Date = 04/02/2008 5:39:45 AM | Attr = ] Unreleased FFXI -> %UserProfile%\Desktop\Unreleased FFXI -> [Folder | Modified Date = 06/03/2008 7:19:27 PM | Attr = ] Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> [Ver = | Size = 924 bytes | Modified Date = 21/04/2008 1:21:00 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 08/04/2008 12:28:15 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 21/04/2008 3:17:25 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 20/04/2008 11:58:51 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = RH ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = S] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 21/04/2008 1:20:59 AM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 05/03/2007 5:45:16 PM | Attr = ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 05/03/2007 5:46:09 PM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 23/12/2007 3:10:26 PM | Attr = ] AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads -> [Folder | Modified Date = 04/01/2007 10:05:51 PM | Attr = ] AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [Folder | Modified Date = 04/01/2007 10:06:46 PM | Attr = ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 08/04/2008 12:28:14 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 05/05/2007 7:39:54 PM | Attr = ] FaxCtr -> C:\Documents and Settings\All Users\Application Data\FaxCtr -> [Folder | Modified Date = 28/02/2008 7:26:17 AM | Attr = ] FirstClass -> C:\Documents and Settings\All Users\Application Data\FirstClass -> [Folder | Modified Date = 03/06/2007 4:23:05 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 13/07/2007 2:04:02 PM | Attr = ] Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater -> [Folder | Modified Date = 21/04/2008 2:38:32 AM | Attr = ] GTek -> C:\Documents and Settings\All Users\Application Data\GTek -> [Folder | Modified Date = 04/01/2007 8:46:31 PM | Attr = H ] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [Folder | Modified Date = 21/04/2008 12:00:12 AM | Attr = ] Logishrd -> C:\Documents and Settings\All Users\Application Data\Logishrd -> [Folder | Modified Date = 16/03/2007 12:41:01 AM | Attr = ] Logitech -> C:\Documents and Settings\All Users\Application Data\Logitech -> [Folder | Modified Date = 16/03/2007 12:40:59 AM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 19/12/2007 12:59:53 AM | Attr = S] Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [Folder | Modified Date = 22/12/2007 4:20:36 PM | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 20/04/2008 11:58:48 PM | Attr = ] SSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir -> [Folder | Modified Date = 23/01/2007 1:02:12 AM | Attr = ] SSScanWizard -> C:\Documents and Settings\All Users\Application Data\SSScanWizard -> [Folder | Modified Date = 23/01/2007 1:03:56 AM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 04/01/2007 5:25:49 PM | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 21/04/2008 5:36:29 PM | Attr = ] @Alternate Data Stream - 523 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 04/01/2007 10:06:36 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 22/03/2007 7:31:50 PM | Attr = ] WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller -> [Folder | Modified Date = 19/12/2007 12:55:41 AM | Attr = ] yahoo! -> C:\Documents and Settings\All Users\Application Data\yahoo! -> [Folder | Modified Date = 21/04/2008 1:19:20 AM | Attr = ] C:\Documents and Settings\Brendan\Application Data\ -> C:\Documents and Settings\Brendan\Application Data -> [Folder | Modified Date = 21/04/2008 1:31:18 AM | Attr = RH ] acccore -> C:\Documents and Settings\Brendan\Application Data\acccore -> [Folder | Modified Date = 04/01/2007 10:06:57 PM | Attr = ] Adobe -> C:\Documents and Settings\Brendan\Application Data\Adobe -> [Folder | Modified Date = 30/03/2008 12:22:19 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Brendan\Application Data\AdobeUM -> [Folder | Modified Date = 10/08/2007 8:59:27 PM | Attr = ] Aim -> C:\Documents and Settings\Brendan\Application Data\Aim -> [Folder | Modified Date = 23/12/2007 3:15:39 PM | Attr = ] Apple Computer -> C:\Documents and Settings\Brendan\Application Data\Apple Computer -> [Folder | Modified Date = 05/05/2007 7:52:34 PM | Attr = ] ArcSoft -> C:\Documents and Settings\Brendan\Application Data\ArcSoft -> [Folder | Modified Date = 23/01/2007 1:38:29 AM | Attr = ] ATI -> C:\Documents and Settings\Brendan\Application Data\ATI -> [Folder | Modified Date = 12/01/2007 2:26:04 PM | Attr = ] BitTorrent -> C:\Documents and Settings\Brendan\Application Data\BitTorrent -> [Folder | Modified Date = 28/11/2007 3:03:34 PM | Attr = ] Canon -> C:\Documents and Settings\Brendan\Application Data\Canon -> [Folder | Modified Date = 23/01/2007 1:04:05 AM | Attr = ] DivX -> C:\Documents and Settings\Brendan\Application Data\DivX -> [Folder | Modified Date = 28/11/2007 1:17:14 AM | Attr = ] FaxCtr -> C:\Documents and Settings\Brendan\Application Data\FaxCtr -> [Folder | Modified Date = 08/04/2008 5:42:34 PM | Attr = ] GTek -> C:\Documents and Settings\Brendan\Application Data\GTek -> [Folder | Modified Date = 04/01/2007 5:20:16 PM | Attr = H ] Hamachi -> C:\Documents and Settings\Brendan\Application Data\Hamachi -> [Folder | Modified Date = 24/03/2007 10:03:59 PM | Attr = ] Help -> C:\Documents and Settings\Brendan\Application Data\Help -> [Folder | Modified Date = 31/03/2008 3:39:23 PM | Attr = ] Identities -> C:\Documents and Settings\Brendan\Application Data\Identities -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = ] InterTrust -> C:\Documents and Settings\Brendan\Application Data\InterTrust -> [Folder | Modified Date = 23/01/2007 12:25:16 AM | Attr = ] Macromedia -> C:\Documents and Settings\Brendan\Application Data\Macromedia -> [Folder | Modified Date = 04/01/2007 5:18:35 PM | Attr = ] Microsoft -> C:\Documents and Settings\Brendan\Application Data\Microsoft -> [Folder | Modified Date = 24/12/2007 12:26:53 AM | Attr = S] Mozilla -> C:\Documents and Settings\Brendan\Application Data\Mozilla -> [Folder | Modified Date = 04/01/2007 10:05:51 PM | Attr = ] OpenOffice.org2 -> C:\Documents and Settings\Brendan\Application Data\OpenOffice.org2 -> [Folder | Modified Date = 21/04/2008 5:39:55 PM | Attr = ] Opera -> C:\Documents and Settings\Brendan\Application Data\Opera -> [Folder | Modified Date = 26/12/2007 8:12:41 AM | Attr = ] PC Tools -> C:\Documents and Settings\Brendan\Application Data\PC Tools -> [Folder | Modified Date = 21/04/2008 1:31:18 AM | Attr = ] Real -> C:\Documents and Settings\Brendan\Application Data\Real -> [Folder | Modified Date = 21/01/2008 5:03:51 AM | Attr = ] ScanSoft -> C:\Documents and Settings\Brendan\Application Data\ScanSoft -> [Folder | Modified Date = 23/01/2007 12:43:36 AM | Attr = ] Skype -> C:\Documents and Settings\Brendan\Application Data\Skype -> [Folder | Modified Date = 21/04/2008 6:36:23 PM | Attr = ] skypePM -> C:\Documents and Settings\Brendan\Application Data\skypePM -> [Folder | Modified Date = 21/04/2008 5:38:53 PM | Attr = ] Sun -> C:\Documents and Settings\Brendan\Application Data\Sun -> [Folder | Modified Date = 30/06/2007 10:58:04 PM | Attr = ] Symantec -> C:\Documents and Settings\Brendan\Application Data\Symantec -> [Folder | Modified Date = 04/01/2007 5:26:28 PM | Attr = ] Viewpoint -> C:\Documents and Settings\Brendan\Application Data\Viewpoint -> [Folder | Modified Date = 10/07/2007 3:39:33 PM | Attr = ] WTablet -> C:\Documents and Settings\Brendan\Application Data\WTablet -> [Folder | Modified Date = 21/04/2008 5:34:26 PM | Attr = ] yahoo! -> C:\Documents and Settings\Brendan\Application Data\yahoo! -> [Folder | Modified Date = 21/04/2008 1:19:20 AM | Attr = RH ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = S] C:\Documents and Settings\IUSR_NMPR\Application Data\ -> C:\Documents and Settings\IUSR_NMPR\Application Data -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = RH ] Identities -> C:\Documents and Settings\IUSR_NMPR\Application Data\Identities -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = ] Microsoft -> C:\Documents and Settings\IUSR_NMPR\Application Data\Microsoft -> [Folder | Modified Date = 16/10/2006 5:47:00 AM | Attr = S] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 04/01/2007 5:20:33 PM | Attr = ] GTek -> C:\Documents and Settings\LocalService\Application Data\GTek -> [Folder | Modified Date = 04/01/2007 5:20:33 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 16/10/2006 5:47:20 AM | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 16/10/2006 5:47:21 AM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 16/10/2006 5:47:21 AM | Attr = S] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 19/12/2007 1:00:17 AM | Attr = S] Check Updates for Windows Live Toolbar.job -> C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 258 bytes | Modified Date = 21/04/2008 6:08:00 PM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 10/08/2004 4:00:00 PM | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 21/04/2008 5:34:07 PM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [/code] < End of report >