[code] OTScanIt logfile created on: 4/26/2008 11:28:59 AM OTScanIt by OldTimer - Version 1.0.11.5 Folder = C:\Documents and Settings\CONDRA\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.17184) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 96.84% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 42.06 Gb Free Space | 28.22% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 232.88 Gb Total Space | 21.78 Gb Free Space | 9.35% Space Free | Partition Type: NTFS Drive G: | 186.31 Gb Total Space | 100.85 Gb Free Space | 54.13% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ATHLONFX Current User Name: CONDRA Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 7/19/2006 7:26:12 PM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 7/19/2006 7:26:06 PM | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 9/27/2006 8:33:22 PM | Attr = ] ntuneservice.exe -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.47 | Size = 131072 bytes | Modified Date = 7/3/2007 1:32:16 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 155716 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 11/18/2007 9:02:48 PM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 9/27/2006 8:33:32 PM | Attr = ] nvraidservice.exe -> %SystemRoot%\system32\nvraidservice.exe -> NVIDIA Corporation [Ver = 5.10.2600.0673 | Size = 136192 bytes | Modified Date = 6/1/2006 7:09:08 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 7/19/2006 7:26:04 PM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 9/27/2006 8:33:44 PM | Attr = ] ventrilo.exe -> %ProgramFiles%\Ventrilo\Ventrilo.exe -> [Ver = 3, 0, 0, 0 | Size = 1388544 bytes | Modified Date = 10/24/2007 3:10:20 PM | Attr = ] steam.exe -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 3/27/2008 9:42:48 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.5 | Size = 370688 bytes | Modified Date = 4/24/2008 4:30:38 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 7/19/2006 7:26:06 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 7/19/2006 7:26:12 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> -> File not found (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 9/27/2006 8:33:22 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [Win32_Own | Disabled | Stopped] -> %AllUsersProfile%\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -> SEIKO EPSON CORPORATION [Ver = 4.01 | Size = 113664 bytes | Modified Date = 12/15/2006 4:01:00 AM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/3/2008 11:19:21 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> -> File not found (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 4:36:33 PM | Attr = ] (MSCSPTISRV) MSCSPTISRV [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 45056 bytes | Modified Date = 12/14/2006 3:21:20 AM | Attr = ] (Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 0, 3, 0 | Size = 836904 bytes | Modified Date = 8/8/2007 10:25:08 AM | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.0.4.0 | Size = 382248 bytes | Modified Date = 8/3/2007 1:51:18 PM | Attr = ] (nTuneService) nTune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.47 | Size = 131072 bytes | Modified Date = 7/3/2007 1:32:16 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 155716 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] (PACSPTISVR) PACSPTISVR [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> [Ver = 4.7.00.12140 | Size = 57344 bytes | Modified Date = 12/14/2006 2:46:16 AM | Attr = ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 11/18/2007 9:02:48 PM | Attr = ] (PREVXAgent) PREVXAgent [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Prevx2\PXAgent.exe -> Prevx [Ver = 2.0.21.127 | Size = 162872 bytes | Modified Date = 1/23/2008 12:32:16 PM | Attr = ] (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 9/27/2006 8:33:38 PM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ] (SonicStage Back-End Service) SonicStage Back-End Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SsBeSvc.exe -> Sony Corporation [Ver = 4.3.01.14020 | Size = 112184 bytes | Modified Date = 2/5/2007 11:11:16 AM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.7.00.12140 | Size = 69632 bytes | Modified Date = 12/14/2006 3:02:08 AM | Attr = ] (SSScsiSV) SonicStage SCSI Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 4.3.01.14020 | Size = 75320 bytes | Modified Date = 2/5/2007 11:11:18 AM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 9/27/2006 8:33:32 PM | Attr = ] (TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.0.0.13 | Size = 307968 bytes | Modified Date = 4/25/2008 12:00:28 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Ad-Watch Connect Filter) Ad-Watch Connect Kernel Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NSDriver.sys -> File not found (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060701-2226) | Size = 36864 bytes | Modified Date = 7/1/2006 11:39:40 PM | Attr = ] (AmdLLD) AMD Low Level Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AmdLLD.sys -> AMD, Inc. [Ver = 1.0.1.0 | Size = 34304 bytes | Modified Date = 6/29/2007 3:47:34 PM | Attr = ] (CM1083264) C-Media CM108 Like Sound UDAX Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\CM108.sys -> C-Media Inc [Ver = 5.12.08.1801(75) | Size = 1294336 bytes | Modified Date = 12/21/2006 6:05:22 PM | Attr = ] (COMMONFX.DLL) COMMONFX.DLL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\COMMONFX.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 98600 bytes | Modified Date = 4/18/2007 8:59:40 AM | Attr = ] (CT20XUT.DLL) CT20XUT.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CT20XUT.DLL -> Creative Technology Ltd. [Ver = 6.00.01.1241-2.12.0700 | Size = 164608 bytes | Modified Date = 4/12/2007 8:10:26 AM | Attr = ] (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 511272 bytes | Modified Date = 4/10/2007 4:19:30 AM | Attr = ] (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 520488 bytes | Modified Date = 4/10/2007 4:20:38 AM | Attr = ] (CTAUDFX.DLL) CTAUDFX.DLL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\CTAUDFX.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 546048 bytes | Modified Date = 4/12/2007 8:10:16 AM | Attr = ] (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0461-1.56.0910 | Size = 347128 bytes | Modified Date = 4/10/2007 4:21:06 AM | Attr = ] (CTEAPSFX.DLL) CTEAPSFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEAPSFX.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 168192 bytes | Modified Date = 4/12/2007 8:10:18 AM | Attr = ] (CTEDSPFX.DLL) CTEDSPFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEDSPFX.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 280320 bytes | Modified Date = 4/12/2007 8:10:20 AM | Attr = ] (CTEDSPIO.DLL) CTEDSPIO.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEDSPIO.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 128768 bytes | Modified Date = 4/12/2007 8:10:22 AM | Attr = ] (CTEDSPSY.DLL) CTEDSPSY.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEDSPSY.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 323328 bytes | Modified Date = 4/12/2007 8:10:22 AM | Attr = ] (CTERFXFX.DLL) CTERFXFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTERFXFX.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 94976 bytes | Modified Date = 4/12/2007 8:10:20 AM | Attr = ] (CTEXFIFX.DLL) CTEXFIFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTEXFIFX.DLL -> Creative Technology Ltd. [Ver = 6.00.01.1241-2.12.0700 | Size = 1317632 bytes | Modified Date = 4/12/2007 8:10:24 AM | Attr = ] (CTHWIUT.DLL) CTHWIUT.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\CTHWIUT.DLL -> Creative Technology Ltd. [Ver = 6.00.01.1241-2.12.0700 | Size = 66816 bytes | Modified Date = 4/12/2007 8:10:26 AM | Attr = ] (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 14632 bytes | Modified Date = 4/10/2007 4:25:46 AM | Attr = ] (CTSBLFX.DLL) CTSBLFX.DLL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\CTSBLFX.DLL -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 560384 bytes | Modified Date = 4/12/2007 8:10:16 AM | Attr = ] (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 157480 bytes | Modified Date = 4/10/2007 6:00:24 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (DS1410D) DS1410D [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ds1410d.sys -> File not found (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 4/17/2008 11:54:54 AM | Attr = ] (ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> SlySoft, Inc. [Ver = 5, 2, 1, 2 | Size = 27392 bytes | Modified Date = 5/3/2005 11:34:02 AM | Attr = ] (ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 0 | Size = 8064 bytes | Modified Date = 4/21/2006 9:44:39 PM | Attr = ] (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 92968 bytes | Modified Date = 4/10/2007 4:28:36 AM | Attr = ] (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Entech.sys -> EnTech Taiwan [Ver = 1.0 | Size = 21664 bytes | Modified Date = 10/25/2004 8:02:00 PM | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 4/17/2008 11:54:54 AM | Attr = ] (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ha10kx2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 797992 bytes | Modified Date = 4/10/2007 4:29:10 AM | Attr = ] (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\haP16v2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 163112 bytes | Modified Date = 4/10/2007 4:31:18 AM | Attr = ] (hap17v2k) Creative P17V HAL Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\haP17v2k.sys -> Creative Technology Ltd [Ver = 6.00.01.1241-2.12.0700 | Size = 189736 bytes | Modified Date = 4/10/2007 4:32:06 AM | Attr = ] (Hardlock) Hardlock [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\hardlock.sys -> Aladdin Knowledge Systems Ltd. [Ver = 3.41 | Size = 693760 bytes | Modified Date = 11/22/2006 11:01:48 AM | Attr = ] (Haspnt) Haspnt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Haspnt.sys -> Aladdin Knowledge Systems [Ver = 4.65 | Size = 47616 bytes | Modified Date = 12/19/2007 12:35:31 AM | Attr = ] (LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.00.101.00 | Size = 34832 bytes | Modified Date = 4/11/2007 4:32:52 PM | Attr = ] (LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.00.101.00 | Size = 36112 bytes | Modified Date = 4/11/2007 4:32:58 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080424.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 4/17/2008 11:54:54 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080424.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 4/17/2008 11:54:54 AM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 7435104 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] (nvatabus) nvatabus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvatabus.sys -> NVIDIA Corporation [Ver = 5.10.2600.0667 built by: WinDDK | Size = 100736 bytes | Modified Date = 9/27/2006 5:05:22 PM | Attr = R ] (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.01.06015 | Size = 52736 bytes | Modified Date = 9/27/2006 5:05:21 PM | Attr = R ] (nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.01.06015 | Size = 18944 bytes | Modified Date = 9/27/2006 5:05:21 PM | Attr = R ] (NVR0Dev) NVR0Dev [Kernel | On_Demand | Running] -> %SystemRoot%\nvoclock.sys -> NVidia Corp. [Ver = 5.05.47 | Size = 6912 bytes | Modified Date = 7/3/2007 1:33:04 PM | Attr = ] (nvraid) NVIDIA nForce(tm) RAID Class Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0667 built by: WinDDK | Size = 82944 bytes | Modified Date = 9/27/2006 12:05:22 PM | Attr = ] (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 6.00.01.1241-2.12.0700 | Size = 126760 bytes | Modified Date = 4/10/2007 5:59:04 AM | Attr = ] (PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\pfmodnt.sys -> Creative Technology Ltd. [Ver = 3.0.0.12 | Size = 16168 bytes | Modified Date = 4/10/2007 4:32:34 AM | Attr = ] (pgfilter) pgfilter [Kernel | On_Demand | Stopped] -> %ProgramFiles%\PeerGuardian2\pgfilter.sys -> [Ver = | Size = 5632 bytes | Modified Date = 9/18/2005 6:02:52 PM | Attr = ] (PrevxDriver) PREVX Kernel Mode Agent [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 302600 bytes | Modified Date = 12/26/2007 7:08:38 PM | Attr = ] (PREVXEmulator) PREVX Emulator driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 107912 bytes | Modified Date = 12/26/2007 7:09:38 PM | Attr = ] (PREVXTdi) PREVX TDI filter [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 28040 bytes | Modified Date = 12/26/2007 7:09:26 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 7:51:00 PM | Attr = ] (PXRDDriver) PREVX Rootkitscan driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 23048 bytes | Modified Date = 12/26/2007 7:07:52 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 2:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 6:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 1:39:26 PM | Attr = ] (SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 337592 bytes | Modified Date = 9/6/2006 2:41:20 PM | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 54968 bytes | Modified Date = 9/6/2006 2:41:20 PM | Attr = ] (SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 33052 bytes | Modified Date = 8/6/2007 8:15:07 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 2:56:16 PM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.7 | Size = 389776 bytes | Modified Date = 4/11/2006 5:13:34 PM | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 685816 bytes | Modified Date = 11/1/2007 2:45:56 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Modified Date = 9/18/2006 5:55:28 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 8/7/2006 4:02:22 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 8/7/2006 4:02:26 PM | Attr = ] (USBPNPA) USB PnP Sound Device Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CM108.sys -> C-Media Inc [Ver = 5.12.08.1801(75) | Size = 1294336 bytes | Modified Date = 12/21/2006 6:05:22 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 7/19/2006 7:26:04 PM | Attr = ] CM108Sound -> [RunDll32 CM108.cpl,CMICtrlWnd] -> File not found Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech Inc. [Ver = 4.00.101 | Size = 56080 bytes | Modified Date = 4/11/2007 4:32:22 PM | Attr = ] KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 8523776 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 81920 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] NVRaidService -> %SystemRoot%\system32\nvraidservice.exe [C:\WINDOWS\system32\nvraidservice.exe] -> NVIDIA Corporation [Ver = 5.10.2600.0673 | Size = 136192 bytes | Modified Date = 6/1/2006 7:09:08 AM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1626112 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 9/27/2006 8:33:44 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe ["C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear] -> NVIDIA [Ver = 5.05.47 | Size = 81920 bytes | Modified Date = 7/3/2007 1:32:10 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < CONDRA Startup Folder > -> C:\Documents and Settings\CONDRA\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 9/27/2006 8:33:54 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EditLevel -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\WINDOWS\SYSTEM32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\SYSTEM32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> free_aol.com [http] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {05671051-A99F-42EA-9246-825E46BAF3A9} -> () -> {084CA5F2-3145-4630-B907-93D92A01F65B} -> (1394 Net Adapter) -> {3420DADD-8FEA-4BD0-8948-8F7FC5C0DF82} -> (NVIDIA nForce Networking Controller) -> {E7622DFE-0603-46C5-8228-2EDD956E24A5} -> (NVIDIA nForce Networking Controller) -> {FAB04611-463D-422E-8CD5-61948D17C5FB} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39427.8272222222[Update Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\.Owner -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\.Owner -> {9F1C11AA-197B-4942-BA54-47A8489BB47F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 712 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> C4 2A 02 45 9D A7 32 20 CE FA 78 A5 5A 4F 14 24 31 37 62 33 61 34 38 31 00 FD 07 00 42 39 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 8D 6D C4 5B C3 55 B3 39 6A 0C F2 17 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F3 52 84 49 5E 7B FC C9 64 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> AD A5 ED 3E F5 E3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> E9 D5 4B F3 20 BA D3 9F 59 83 12 D3 63 4A 4A 97 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D6 14 3E 42 3A 18 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11557 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [Ver = | Size = 587568 bytes | Modified Date = 2/27/2008 10:59:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe -> C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) ] -> [Ver = | Size = 3330048 bytes | Modified Date = 11/27/2007 7:38:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe -> C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe [C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) ] -> Splash Damage, Ltd. [Ver = 1.4.12184.33045 | Size = 5162224 bytes | Modified Date = 12/13/2007 9:18:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundTimestampRequest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundMaskRequest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundRouterRequest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundDestinationUnreachable -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundSourceQuench -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundParameterProblem -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundTimeExceeded -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowRedirect -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowOutboundPacketTooBig -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 3/30/2008 11:38:49 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/22/2008 11:31:48 AM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/26/2008 10:54:04 AM | Attr = ] CM108.sys -> %SystemRoot%\System32\drivers\CM108.sys -> C-Media Inc [Ver = 5.12.08.1801(75) | Size = 1294336 bytes | Created Date = 4/9/2008 11:15:01 AM | Attr = ] pxcom.sys -> %SystemRoot%\System32\drivers\pxcom.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 14856 bytes | Created Date = 4/21/2008 5:49:26 PM | Attr = ] PxEmu.sys -> %SystemRoot%\System32\drivers\PxEmu.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 107912 bytes | Created Date = 4/21/2008 5:49:26 PM | Attr = ] pxfsf.sys -> %SystemRoot%\System32\drivers\pxfsf.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 302600 bytes | Created Date = 4/21/2008 5:49:26 PM | Attr = ] PxRD.sys -> %SystemRoot%\System32\drivers\PxRD.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 23048 bytes | Created Date = 4/21/2008 5:49:26 PM | Attr = ] pxtdi.sys -> %SystemRoot%\System32\drivers\pxtdi.sys -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 28040 bytes | Created Date = 4/21/2008 5:49:26 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Created Date = 4/22/2008 7:30:18 PM | Attr = ] a3d108pu.dll -> %SystemRoot%\System32\a3d108pu.dll -> Sensaura Ltd [Ver = 4.12.01.2008a | Size = 712704 bytes | Created Date = 4/9/2008 11:15:01 AM | Attr = ] ac3acm.acm -> %SystemRoot%\System32\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 4/23/2008 7:53:13 PM | Attr = ] c108prop.dll -> %SystemRoot%\System32\c108prop.dll -> C-Media Electronics Inc. [Ver = 1.0.2.9 | Size = 32768 bytes | Created Date = 4/9/2008 11:15:01 AM | Attr = ] CM108rm.dll -> %SystemRoot%\System32\CM108rm.dll -> [Ver = | Size = 45056 bytes | Created Date = 4/9/2008 11:15:01 AM | Attr = ] CM108rm.exe -> %SystemRoot%\System32\CM108rm.exe -> C-Media [Ver = 1, 0, 0, 38 | Size = 249856 bytes | Created Date = 4/9/2008 11:15:01 AM | Attr = ] delete me -> %SystemRoot%\System32\delete me -> [Folder | Created Date = 4/20/2008 10:56:48 AM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> divx.dll -> %SystemRoot%\System32\divx.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 682496 bytes | Created Date = 4/23/2008 7:53:02 PM | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Created Date = 4/23/2008 7:53:03 PM | Attr = ] ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 7680 bytes | Created Date = 4/23/2008 7:53:02 PM | Attr = ] ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 4/23/2008 7:53:02 PM | Attr = ] Futuremark -> %SystemRoot%\System32\Futuremark -> [Folder | Created Date = 4/14/2008 7:09:10 PM | Attr = ] Iacenc.dll -> %SystemRoot%\System32\Iacenc.dll -> Intel Corporation [Ver = 2.05.53 | Size = 144384 bytes | Created Date = 4/23/2008 7:53:04 PM | Attr = ] Ivfsrc.ax -> %SystemRoot%\System32\Ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 4/23/2008 7:53:04 PM | Attr = ] nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [Ver = | Size = 159975 bytes | Created Date = 3/30/2008 11:39:56 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 164598 bytes | Created Date = 3/30/2008 11:39:31 AM | Attr = ] nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 17937 bytes | Created Date = 3/30/2008 11:39:31 AM | Attr = ] nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 3 , 7 , 0 | Size = 442368 bytes | Created Date = 3/30/2008 11:39:31 AM | Attr = ] pxinst.dll -> %SystemRoot%\System32\pxinst.dll -> Prevx Limited, http://www.prevx1.com/ [Ver = 3.1.0.8912 built by: WinDDK | Size = 11264 bytes | Created Date = 4/21/2008 5:49:26 PM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 4/23/2008 7:53:03 PM | Attr = ] RBDELDRV.BAT -> %SystemRoot%\System32\RBDELDRV.BAT -> [Ver = | Size = 194 bytes | Created Date = 4/21/2008 4:02:46 PM | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.1.2.1 | Size = 48816 bytes | Created Date = 4/22/2008 7:30:18 PM | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.0.0.13 | Size = 307968 bytes | Created Date = 4/25/2008 12:00:28 PM | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.10 | Size = 28416 bytes | Created Date = 4/25/2008 12:00:28 PM | Attr = ] vp6vfw.dll -> %SystemRoot%\System32\vp6vfw.dll -> On2.com [Ver = 6,4,2,0 | Size = 438272 bytes | Created Date = 4/23/2008 7:53:04 PM | Attr = ] vp7vfw.dll -> %SystemRoot%\System32\vp7vfw.dll -> On2.com [Ver = 7,0,10,0 | Size = 630784 bytes | Created Date = 4/23/2008 7:53:04 PM | Attr = ] x264vfw.dll -> %SystemRoot%\System32\x264vfw.dll -> [Ver = | Size = 2102272 bytes | Created Date = 4/23/2008 7:53:04 PM | Attr = ] xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 755027 bytes | Created Date = 4/23/2008 7:53:03 PM | Attr = ] xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [Ver = | Size = 159839 bytes | Created Date = 4/23/2008 7:53:03 PM | Attr = ] yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 4/23/2008 7:53:04 PM | Attr = ] CM108.cpl -> %SystemRoot%\System\CM108.cpl -> C-Media Corporation [Ver = 1.0.48.33 | Size = 5783552 bytes | Created Date = 4/9/2008 11:15:01 AM | Attr = ] Cm108.ini -> %SystemRoot%\System\Cm108.ini -> [Ver = | Size = 645 bytes | Created Date = 4/9/2008 11:15:26 AM | Attr = ] fltr108.dll -> %SystemRoot%\System\fltr108.dll -> C-Media Electronics Inc. [Ver = 1, 0, 0, 0 | Size = 315392 bytes | Created Date = 4/9/2008 11:15:02 AM | Attr = ] Cmi108Uninstall.exe -> %SystemRoot%\Cmi108Uninstall.exe -> C-Media Corporation [Ver = 1, 0, 1, 11 | Size = 262144 bytes | Created Date = 4/9/2008 11:15:04 AM | Attr = ] ie8 -> %SystemRoot%\ie8 -> [Folder | Created Date = 4/17/2008 8:44:00 AM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 4/22/2008 11:36:19 AM | Attr = ] nvidia icons -> %SystemRoot%\nvidia icons -> [Folder | Created Date = 3/30/2008 11:40:06 AM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Created Date = 3/30/2008 11:39:31 AM | Attr = ] vpc32.INI -> %SystemRoot%\vpc32.INI -> [Ver = | Size = 0 bytes | Created Date = 4/22/2008 8:54:55 PM | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 488 bytes | Created Date = 4/25/2008 12:00:31 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 4/23/2008 10:17:18 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 4/20/2008 8:32:43 PM | Attr = ] nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [Folder | Created Date = 3/30/2008 11:42:46 AM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Created Date = 4/22/2008 7:29:33 PM | Attr = ] TrackMania -> %AllUsersProfile%\Application Data\TrackMania -> [Folder | Created Date = 4/17/2008 12:28:32 PM | Attr = ] TuneUp Software -> %AllUsersProfile%\Application Data\TuneUp Software -> [Folder | Created Date = 4/25/2008 12:00:18 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 4/23/2008 11:31:47 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 4/18/2008 4:02:20 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 4/22/2008 11:36:18 AM | Attr = ] Prevx -> %AppData%\Prevx -> [Folder | Created Date = 4/21/2008 5:49:30 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 4/25/2008 11:58:15 AM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Created Date = 4/22/2008 11:36:53 AM | Attr = ] TuneUp Software -> %AppData%\TuneUp Software -> [Folder | Created Date = 4/25/2008 12:00:28 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 4/23/2008 11:31:47 PM | Attr = ] Lucasarts -> %UserProfile%\Local Settings\Application Data\Lucasarts -> [Folder | Created Date = 3/27/2008 1:58:59 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 4/22/2008 11:36:18 AM | Attr = ] Symantec -> %UserProfile%\Local Settings\Application Data\Symantec -> [Folder | Created Date = 4/22/2008 7:30:48 PM | Attr = ] DRIVER FOR TV AND CLEANER -> %AllUsersProfile%\Documents\DRIVER FOR TV AND CLEANER -> [Folder | Created Date = 3/30/2008 10:57:29 AM | Attr = ] My Shapes -> %UserProfile%\My Documents\My Shapes -> [Folder | Created Date = 4/14/2008 11:45:00 PM | Attr = S] TrackMania -> %UserProfile%\My Documents\TrackMania -> [Folder | Created Date = 4/17/2008 12:26:07 PM | Attr = ] error -> %UserProfile%\Desktop\error -> [Folder | Created Date = 4/25/2008 5:56:42 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/26/2008 11:26:29 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Created Date = 4/26/2008 10:55:52 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0003 | Size = 147456 bytes | Created Date = 4/26/2008 10:53:49 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 4/22/2008 7:29:33 PM | Attr = ] [Files/Folders - Modified Within 60 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 223 bytes | Modified Date = 4/21/2008 7:49:53 PM | Attr = RHS] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 3/30/2008 11:38:49 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/25/2008 12:00:13 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/22/2008 11:31:48 AM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/22/2008 11:55:20 AM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/21/2008 3:54:00 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/26/2008 10:54:04 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/25/2008 7:26:47 PM | Attr = ] nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 7435104 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 4/20/2008 5:32:49 PM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 4/22/2008 12:02:45 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 4/25/2008 7:27:17 PM | Attr = ] BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 4/25/2008 7:27:17 PM | Attr = ] BMXState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 4/25/2008 7:27:17 PM | Attr = ] BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 4/25/2008 7:27:17 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/28/2008 8:12:29 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/26/2008 12:42:16 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 4/25/2008 6:01:24 PM | Attr = ] Data -> %SystemRoot%\System32\Data -> [Folder | Modified Date = 4/17/2008 9:57:54 AM | Attr = ] delete me -> %SystemRoot%\System32\delete me -> [Folder | Modified Date = 4/20/2008 10:56:56 AM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 4/16/2008 12:35:40 PM | Attr = ] divx.dll -> %SystemRoot%\System32\divx.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 682496 bytes | Modified Date = 3/31/2008 5:25:46 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/20/2008 4:05:52 PM | Attr = RHS] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Modified Date = 3/21/2008 4:28:54 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/23/2008 11:33:58 PM | Attr = ] DVCState-{00000002-00000000-0000000A-00001102-00000004-20021102}.dat -> %SystemRoot%\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 4/17/2008 9:58:00 AM | Attr = ] DVCState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-20021102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 4/25/2008 7:27:17 PM | Attr = ] DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-20021102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 4/17/2008 9:58:00 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 4/17/2008 8:46:18 AM | Attr = ] ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 7680 bytes | Modified Date = 3/28/2008 1:41:32 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1626576 bytes | Modified Date = 4/9/2008 3:12:52 AM | Attr = ] Futuremark -> %SystemRoot%\System32\Futuremark -> [Folder | Modified Date = 4/14/2008 7:09:10 PM | Attr = ] ieuinit.inf -> %SystemRoot%\System32\ieuinit.inf -> [Ver = | Size = 56413 bytes | Modified Date = 3/3/2008 7:37:58 PM | Attr = ] keystone.exe -> %SystemRoot%\System32\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 4/25/2008 6:02:32 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 4/24/2008 7:27:42 AM | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 74720 bytes | Modified Date = 4/23/2008 1:30:28 PM | Attr = H ] nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 5773568 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvapi.dll -> %SystemRoot%\System32\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 385024 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [Ver = | Size = 159975 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 164598 bytes | Modified Date = 3/30/2008 12:58:16 PM | Attr = ] nvcod.dll -> %SystemRoot%\System32\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 35328 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvcodins.dll -> %SystemRoot%\System32\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 35328 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvcolor.exe -> %SystemRoot%\System32\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 147456 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvcpl.cpl -> %SystemRoot%\System32\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.5.600.06 | Size = 420384 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvcpl.dll -> %SystemRoot%\System32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 8523776 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvcplui.exe -> %SystemRoot%\System32\nvcplui.exe -> NVIDIA Corporation [Ver = 1.5.600.06 | Size = 760352 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvcuda.dll -> %SystemRoot%\System32\nvcuda.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 1089536 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 17937 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvdisps.dll -> %SystemRoot%\System32\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 6549504 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvexpbar.dll -> %SystemRoot%\System32\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.5.600.06 | Size = 313888 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvgames.dll -> %SystemRoot%\System32\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 3420160 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nview.dll -> %SystemRoot%\System32\nview.dll -> [Ver = | Size = 1482752 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvmccs.dll -> %SystemRoot%\System32\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 229376 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvmccsrs.dll -> %SystemRoot%\System32\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 45056 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvmccss.dll -> %SystemRoot%\System32\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 188416 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvmctray.dll -> %SystemRoot%\System32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 81920 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvmobls.dll -> %SystemRoot%\System32\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 1228800 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvoglnt.dll -> %SystemRoot%\System32\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 6901760 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\System32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 155716 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 3 , 7 , 0 | Size = 442368 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 3 , 7 , 0 | Size = 442368 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvvitvs.dll -> %SystemRoot%\System32\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 3710976 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvwddi.dll -> %SystemRoot%\System32\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 81920 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nvwss.dll -> %SystemRoot%\System32\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6944 | Size = 2498560 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] nwiz.exe -> %SystemRoot%\System32\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 3/4/2008 11:02:00 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72152 bytes | Modified Date = 3/9/2008 7:26:11 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 444528 bytes | Modified Date = 3/9/2008 7:26:11 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 526710 bytes | Modified Date = 3/9/2008 7:26:11 PM | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 4/20/2008 5:32:32 PM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 3/21/2008 4:30:08 PM | Attr = ] QuickTime.qtp -> %SystemRoot%\System32\QuickTime.qtp -> [Ver = | Size = 9110 bytes | Modified Date = 3/23/2008 11:08:12 AM | Attr = ] RBDELDRV.BAT -> %SystemRoot%\System32\RBDELDRV.BAT -> [Ver = | Size = 194 bytes | Modified Date = 4/21/2008 4:02:46 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/24/2008 9:49:23 PM | Attr = ] RNBOSENT -> %SystemRoot%\System32\RNBOSENT -> [Folder | Modified Date = 4/21/2008 4:02:46 PM | Attr = ] settings.sfm -> %SystemRoot%\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 4/17/2008 8:45:41 AM | Attr = ] settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 4/17/2008 8:45:41 AM | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.0.0.13 | Size = 307968 bytes | Modified Date = 4/25/2008 12:00:28 PM | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.10 | Size = 28416 bytes | Modified Date = 2/27/2008 1:15:14 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 4/17/2008 9:58:07 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 4/20/2008 11:14:27 AM | Attr = ] x264vfw.dll -> %SystemRoot%\System32\x264vfw.dll -> [Ver = | Size = 2102272 bytes | Modified Date = 4/1/2008 6:28:48 PM | Attr = ] Cm108.ini -> %SystemRoot%\System\Cm108.ini -> [Ver = | Size = 645 bytes | Modified Date = 4/14/2008 9:50:14 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/17/2008 8:42:38 AM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/27/2008 11:24:04 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/25/2008 11:45:41 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/20/2008 11:10:09 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 3/17/2008 10:18:13 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/25/2008 1:56:27 PM | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/17/2008 8:39:23 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/17/2008 8:46:17 AM | Attr = ] ie8 -> %SystemRoot%\ie8 -> [Folder | Modified Date = 4/17/2008 8:44:09 AM | Attr = H ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/23/2008 10:17:04 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/25/2008 12:00:29 PM | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 4/17/2008 8:46:17 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/25/2008 6:02:17 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 4/26/2008 12:33:47 AM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 4/22/2008 11:36:19 AM | Attr = ] nvidia icons -> %SystemRoot%\nvidia icons -> [Folder | Modified Date = 3/30/2008 11:40:06 AM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 3/30/2008 11:42:16 AM | Attr = ] patchw32.dll -> %SystemRoot%\patchw32.dll -> [Ver = | Size = 215144 bytes | Modified Date = 2/28/2008 8:19:06 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/26/2008 10:54:06 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/23/2008 11:08:11 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/19/2008 11:21:11 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/22/2008 3:18:33 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 4/9/2008 11:15:26 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 2846 bytes | Modified Date = 4/22/2008 11:20:56 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/25/2008 7:08:17 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/25/2008 12:00:31 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/26/2008 12:51:13 AM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 63 bytes | Modified Date = 4/9/2008 3:04:32 AM | Attr = ] vpc32.INI -> %SystemRoot%\vpc32.INI -> [Ver = | Size = 0 bytes | Modified Date = 4/22/2008 8:54:55 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 582 bytes | Modified Date = 4/21/2008 7:49:53 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/17/2008 9:25:22 PM | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 488 bytes | Modified Date = 4/26/2008 11:00:00 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/25/2008 11:45:43 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 10/26/2007 9:38:32 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/23/2008 11:08:19 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5484 bytes | Modified Date = 4/23/2008 11:08:19 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/7/2007 12:30:49 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 11/7/2007 12:30:49 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 4/26/2008 12:51:13 AM | Attr = ] Perflib_Perfdata_7b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2008 11:45:55 PM | Attr = ] Perflib_Perfdata_7c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2008 7:10:00 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Modified Date = 2/28/2008 12:10:57 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 4/23/2008 11:33:04 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 4/20/2008 11:12:29 PM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 4/23/2008 9:55:08 PM | Attr = ] nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [Folder | Modified Date = 3/30/2008 11:42:46 AM | Attr = ] Prevx -> %AllUsersProfile%\Application Data\Prevx -> [Folder | Modified Date = 4/21/2008 8:41:19 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 4/22/2008 7:29:39 PM | Attr = ] TrackMania -> %AllUsersProfile%\Application Data\TrackMania -> [Folder | Modified Date = 4/23/2008 11:01:33 PM | Attr = ] TuneUp Software -> %AllUsersProfile%\Application Data\TuneUp Software -> [Folder | Modified Date = 4/25/2008 12:00:18 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 4/22/2008 12:02:51 PM | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 4/25/2008 11:50:44 AM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 4/23/2008 11:31:47 PM | Attr = ] GrabIt -> %AppData%\GrabIt -> [Folder | Modified Date = 4/19/2008 10:23:13 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 4/18/2008 4:02:20 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 4/23/2008 9:55:08 PM | Attr = S] mIRC -> %AppData%\mIRC -> [Folder | Modified Date = 4/23/2008 2:01:01 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 4/22/2008 11:36:18 AM | Attr = ] Prevx -> %AppData%\Prevx -> [Folder | Modified Date = 4/21/2008 6:20:36 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 4/25/2008 11:58:15 AM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Modified Date = 4/22/2008 11:36:53 AM | Attr = ] TuneUp Software -> %AppData%\TuneUp Software -> [Folder | Modified Date = 4/25/2008 12:00:28 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 3/17/2008 9:19:05 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 4/8/2008 10:15:06 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 141312 bytes | Modified Date = 4/24/2008 6:54:15 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 129 bytes | Modified Date = 3/17/2008 10:20:05 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 105168 bytes | Modified Date = 3/17/2008 9:06:13 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 4/23/2008 11:31:48 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3168946 bytes | Modified Date = 4/16/2008 10:43:27 PM | Attr = H ] Lucasarts -> %UserProfile%\Local Settings\Application Data\Lucasarts -> [Folder | Modified Date = 3/27/2008 1:58:59 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 4/16/2008 10:42:39 AM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 4/22/2008 11:36:18 AM | Attr = ] QuickPar -> %UserProfile%\Local Settings\Application Data\QuickPar -> [Folder | Modified Date = 4/23/2008 7:42:28 PM | Attr = ] Symantec -> %UserProfile%\Local Settings\Application Data\Symantec -> [Folder | Modified Date = 4/22/2008 7:30:48 PM | Attr = ] DRIVER FOR TV AND CLEANER -> %AllUsersProfile%\Documents\DRIVER FOR TV AND CLEANER -> [Folder | Modified Date = 3/30/2008 1:20:08 PM | Attr = ] 3.docx -> %UserProfile%\My Documents\3.docx -> [Ver = | Size = 10839 bytes | Modified Date = 3/1/2008 9:26:21 AM | Attr = ] Adobe -> %UserProfile%\My Documents\Adobe -> [Folder | Modified Date = 3/17/2008 9:05:23 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 77 bytes | Modified Date = 4/17/2008 8:47:21 AM | Attr = HS] DVDFab -> %UserProfile%\My Documents\DVDFab -> [Folder | Modified Date = 2/28/2008 10:35:06 AM | Attr = ] mikes biz card.pub -> %UserProfile%\My Documents\mikes biz card.pub -> [Ver = | Size = 63488 bytes | Modified Date = 4/12/2008 4:54:16 PM | Attr = ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Modified Date = 4/22/2008 5:32:44 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 4/17/2008 8:47:22 AM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 4/17/2008 8:47:21 AM | Attr = R ] My Shapes -> %UserProfile%\My Documents\My Shapes -> [Folder | Modified Date = 4/14/2008 11:45:02 PM | Attr = S] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Modified Date = 4/26/2008 12:40:57 AM | Attr = ] TrackMania -> %UserProfile%\My Documents\TrackMania -> [Folder | Modified Date = 4/24/2008 3:04:27 PM | Attr = ] Wagner Construction -> %UserProfile%\My Documents\Wagner Construction -> [Folder | Modified Date = 3/17/2008 3:44:01 PM | Attr = ] error -> %UserProfile%\Desktop\error -> [Folder | Modified Date = 4/25/2008 5:56:48 PM | Attr = ] everything -> %UserProfile%\Desktop\everything -> [Folder | Modified Date = 4/25/2008 5:02:15 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/26/2008 11:26:29 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Modified Date = 4/26/2008 10:55:53 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0003 | Size = 147456 bytes | Modified Date = 4/26/2008 10:53:50 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 3/17/2008 9:33:02 PM | Attr = ] Canon -> %CommonProgramFiles%\Canon -> [Folder | Modified Date = 3/17/2008 10:08:54 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 4/15/2008 10:30:02 PM | Attr = ] Nikon -> %CommonProgramFiles%\Nikon -> [Folder | Modified Date = 3/17/2008 10:19:56 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 4/22/2008 7:30:43 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/25/2008 11:59:47 AM | Attr = ] < End of report > [/code]