[code] OTScanIt logfile created on: 5/24/2008 11:44:56 AM OTScanIt by OldTimer - Version 1.0.14.3 Folder = C:\Documents and Settings\admin\Desktop\Ashwin\Fixing comp\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.44 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 78.35% Memory free 3.29 Gb Paging File | 3.09 Gb Available in Paging File | 93.90% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 51.47 Gb Free Space | 69.06% Space Free | Partition Type: NTFS Drive D: | 74.52 Gb Total Space | 68.47 Gb Free Space | 91.89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPANY-40A2AE2 Current User Name: admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/7/2008 4:37:54 PM | Attr = ] nmsaccessu.exe -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 3/9/2008 11:20:26 AM | Attr = ] ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 5/7/2008 4:37:57 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\Ashwin\Fixing comp\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.3 | Size = 374272 bytes | Modified Date = 5/23/2008 11:55:32 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 3:40:04 AM | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/7/2008 4:37:54 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (NMSAccessU) NMSAccessU [Win32_Own | Auto | Running] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 3/9/2008 11:20:26 AM | Attr = ] (PCToolsFirewallPlus) PC Tools Firewall Plus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> PC Tools [Ver = 3, 0, 1, 9 | Size = 92056 bytes | Modified Date = 2/25/2008 4:49:02 PM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 12/10/2007 2:59:04 PM | Attr = ] (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 1/31/2005 9:45:20 AM | Attr = ] [Driver Services - Non-Microsoft Only] (ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ADIHdAud.sys -> File not found (AEAudioService) AEAudio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\AEAudio.sys -> File not found (Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 9/17/2007 5:34:10 AM | Attr = ] (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/7/2008 4:38:05 PM | Attr = ] (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/7/2008 4:38:03 PM | Attr = ] (BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 10/15/2004 1:50:20 PM | Attr = ] (BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.2.2 built by: WinDDK | Size = 51712 bytes | Modified Date = 9/29/2004 4:24:38 AM | Attr = ] (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 1/10/2004 5:28:18 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:18 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ] (FET5X86V) VIA Rhine-Family Fast-Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.73.0.458 | Size = 43520 bytes | Modified Date = 1/2/2008 3:12:24 AM | Attr = ] (FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.73.0.458 | Size = 43520 bytes | Modified Date = 1/2/2008 3:12:24 AM | Attr = ] (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 8/17/2001 8:13:08 AM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 145920 bytes | Modified Date = 10/27/2004 4:21:30 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 10/27/2004 4:21:36 PM | Attr = ] (IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Modified Date = 2/1/2008 11:55:52 AM | Attr = ] (IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 1:53:28 PM | Attr = ] (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 1:53:28 PM | Attr = ] (nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcd.sys -> Nokia [Ver = 6.83.6.0 | Size = 137216 bytes | Modified Date = 2/22/2007 11:15:56 AM | Attr = ] (nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdc.sys -> Nokia [Ver = 6.83.6.0 | Size = 8320 bytes | Modified Date = 2/22/2007 11:15:14 AM | Attr = ] (nmwcdcj) Nokia USB Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcj.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 2/22/2007 11:15:14 AM | Attr = ] (nmwcdcm) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdcm.sys -> Nokia [Ver = 6.83.6.0 | Size = 12288 bytes | Modified Date = 2/22/2007 11:15:14 AM | Attr = ] (NPF) Netgroup Packet Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Modified Date = 8/3/2005 1:10:12 AM | Attr = ] (NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Modified Date = 1/2/2005 5:43:08 PM | Attr = ] (pctfw2) pctfw2 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 159128 bytes | Modified Date = 2/25/2008 4:49:06 PM | Attr = ] (pctmp) PC Tools Firewall Memory Protection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctmp.sys -> PCTools Research Pty Ltd. [Ver = 1.0.0.4 | Size = 40856 bytes | Modified Date = 2/21/2008 8:56:30 AM | Attr = ] (pctssipc) PC Tools Security Suite IPC Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctssipc.sys -> PC Tools Research Pty Ltd. [Ver = 1.0.0.5 built by: WinDDK | Size = 18328 bytes | Modified Date = 2/21/2008 8:56:32 AM | Attr = ] (PRODIGY) PRODIGY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\prodigy.sys -> B-phreaks [Ver = 1, 0, 0, 208 | Size = 32377 bytes | Modified Date = 8/29/2006 10:56:19 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ] (scrcap) scrcap [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\scrcap.sys -> File not found (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (SenFiltService) SenFilt Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\Senfilt.sys -> File not found (SFilter) PCTools Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pctfw.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 93440 bytes | Modified Date = 2/25/2008 4:38:36 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 2:56:16 PM | Attr = ] (viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0230-16.94.44.13 | Size = 226560 bytes | Modified Date = 1/22/2008 6:18:39 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 00PCTFW -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> PC Tools [Ver = 3, 0, 1, 9 | Size = 2594712 bytes | Modified Date = 2/25/2008 4:49:30 PM | Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/7/2008 4:37:55 PM | Attr = ] KernelFaultCheck -> [%systemroot%\system32\dumprep 0 -k] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < admin Startup Folder > -> C:\Documents and Settings\admin\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/7/2008 4:38:06 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GSA-H10A________________JL02____\3235383630464536364635312020202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> 5&19694ff7&0&0.1.0 [IDE\CdRomCOMPAQ_CD-ROM_LTN403____________________DQ19____\5&19694ff7&0&0.1.0] -> File not found < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 1/22/2008 4:57:34 PM | Attr = ] < HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[msn] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 5/10/2008 11:07:48 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ] WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.387 | Size = 2050816 bytes | Modified Date = 5/11/2008 12:29:01 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6AC6F8F3-35B1-4A44-9BB7-1B63413D2171} -> (VIA Rhine II Fast Ethernet Adapter) -> {D91F4567-8E9A-4474-A21B-A03A7F0EED93} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 5/7/2008 4:38:00 PM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[HxProtocol Class] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201821736265[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ReflexiveWebGameLoader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ReflexiveWebGameLoader.dll\\.Owner -> {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 992 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 87 E3 B0 E0 E4 CD 43 93 D2 EF 03 73 F8 30 60 CD 61 36 32 32 35 36 65 30 00 FD 07 00 66 5C 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 5A 55 79 91 EA 88 22 B0 6A 56 36 A6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 9C D6 13 2E 74 7B 88 48 2F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> AB 65 1C 9E 04 6E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 87 DD 2E B7 B7 EE A9 7A 28 BB DB FE 82 E4 A5 9A [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com [http://www.passport.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> FE 6C 07 BF 42 5D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 55742 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 10:26:25 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 4/30/2008 7:58:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 796440 bytes | Modified Date = 5/7/2008 4:37:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 5/7/2008 4:50:58 PM | Attr = H ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 5/21/2008 4:40:16 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1542836224 bytes | Created Date = 5/24/2008 11:42:26 AM | Attr = HS] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 0 bytes | Created Date = 4/25/2008 2:29:20 PM | Attr = ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/14/2008 10:12:27 PM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/15/2008 4:31:42 PM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/14/2008 10:12:27 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/15/2008 4:31:42 PM | Attr = H ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 5/18/2008 9:45:44 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 5/7/2008 4:38:01 PM | Attr = ] 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 23985333 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 28920 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Created Date = 5/7/2008 4:38:01 PM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 5/7/2008 4:38:05 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 5/7/2008 4:38:03 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 40992 bytes | Created Date = 5/24/2008 10:07:36 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 1532 bytes | Created Date = 5/24/2008 10:07:36 AM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 1312 bytes | Created Date = 5/24/2008 10:07:36 AM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 1196 bytes | Created Date = 5/24/2008 10:07:36 AM | Attr = HS] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 5/24/2008 10:19:23 AM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 5/24/2008 10:19:23 AM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 5/24/2008 10:19:23 AM | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 5/24/2008 10:19:23 AM | Attr = ] npf.sys -> %SystemRoot%\System32\drivers\npf.sys -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 32512 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ] pctfw.sys -> %SystemRoot%\System32\drivers\pctfw.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 93440 bytes | Created Date = 5/24/2008 9:59:04 AM | Attr = ] pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 9 | Size = 159128 bytes | Created Date = 5/24/2008 9:59:09 AM | Attr = ] pctmp.sys -> %SystemRoot%\System32\drivers\pctmp.sys -> PCTools Research Pty Ltd. [Ver = 1.0.0.4 | Size = 40856 bytes | Created Date = 5/24/2008 9:59:00 AM | Attr = ] pctssipc.sys -> %SystemRoot%\System32\drivers\pctssipc.sys -> PC Tools Research Pty Ltd. [Ver = 1.0.0.5 built by: WinDDK | Size = 18328 bytes | Created Date = 5/24/2008 9:59:00 AM | Attr = ] actskn43.ocx -> %SystemRoot%\System32\actskn43.ocx -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 5/7/2008 4:38:06 PM | Attr = ] c1awk.ocx -> %SystemRoot%\System32\c1awk.ocx -> ComponenetOne [Ver = 8, 0, 20051, 34 | Size = 196608 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] c1sizer.ocx -> %SystemRoot%\System32\c1sizer.ocx -> ComponenetOne [Ver = 8, 0, 20051, 34 | Size = 315392 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] FlicPlusSDK_Win32_API.dll -> %SystemRoot%\System32\FlicPlusSDK_Win32_API.dll -> [Ver = | Size = 163840 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] IGTabs40.ocx -> %SystemRoot%\System32\IGTabs40.ocx -> Infragistics, Inc. [Ver = 4.01.0006 | Size = 299008 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] iMagicErrorLibrary.dll -> %SystemRoot%\System32\iMagicErrorLibrary.dll -> iMagic [Ver = 1.00.0012 | Size = 393216 bytes | Created Date = 5/11/2008 8:52:13 AM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 5/18/2008 1:28:01 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Packet.dll -> %SystemRoot%\System32\Packet.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 81920 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ] Talbarcd.ocx -> %SystemRoot%\System32\Talbarcd.ocx -> TAL Technologies, Inc. [Ver = 2, 0, 0, 1 | Size = 139264 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] TALBC.DLL -> %SystemRoot%\System32\TALBC.DLL -> [Ver = | Size = 161280 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] Tr_sttool.dat -> %SystemRoot%\System32\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Created Date = 5/2/2008 6:43:25 PM | Attr = ] vsflex8.ocx -> %SystemRoot%\System32\vsflex8.ocx -> ComponentOne [Ver = 8, 0, 20051, 216 | Size = 589824 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] vsprint8.ocx -> %SystemRoot%\System32\vsprint8.ocx -> ComponentOne [Ver = 8, 0, 20051, 116 | Size = 417792 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] vsrpt8.ocx -> %SystemRoot%\System32\vsrpt8.ocx -> [Ver = 8, 0, 20051, 136 | Size = 479232 bytes | Created Date = 5/11/2008 8:52:12 AM | Attr = ] WanPacket.dll -> %SystemRoot%\System32\WanPacket.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 61440 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ] wpcap.dll -> %SystemRoot%\System32\wpcap.dll -> CACE Technologies [Ver = 3, 1, 0, 27 | Size = 233472 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ] XButton.ocx -> %SystemRoot%\System32\XButton.ocx -> Acrotech Solutions [Ver = 1.00 | Size = 57344 bytes | Created Date = 5/2/2008 1:44:10 PM | Attr = ] xvid.ax -> %SystemRoot%\System32\xvid.ax -> [Ver = | Size = 77824 bytes | Created Date = 5/1/2008 4:00:00 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 5/9/2008 1:11:32 PM | Attr = S] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fastaero_config -> %SystemRoot%\fastaero_config -> [Ver = | Size = 225 bytes | Created Date = 5/4/2008 10:15:00 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/22/2008 6:56:23 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/22/2008 6:56:23 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 5/7/2008 4:37:53 PM | Attr = ] Azureus -> %AllUsersProfile%\Application Data\Azureus -> [Folder | Created Date = 5/2/2008 9:04:35 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 5/6/2008 9:40:07 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 5/18/2008 1:28:04 PM | Attr = ] AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Created Date = 5/7/2008 4:38:01 PM | Attr = ] DivX -> %AppData%\DivX -> [Folder | Created Date = 5/1/2008 3:46:27 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Created Date = 5/3/2008 4:43:14 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 5/24/2008 10:19:16 AM | Attr = ] Yahoo! Messenger -> %AppData%\Yahoo! Messenger -> [Folder | Created Date = 5/20/2008 1:36:14 AM | Attr = ] Axialis -> %UserProfile%\Local Settings\Application Data\Axialis -> [Folder | Created Date = 5/19/2008 4:28:19 PM | Attr = ] BSR Videos -> %UserProfile%\My Documents\BSR Videos -> [Folder | Created Date = 5/2/2008 6:43:43 PM | Attr = ] clip0001.avi -> %UserProfile%\My Documents\clip0001.avi -> [Ver = | Size = 1754400 bytes | Created Date = 5/7/2008 9:09:53 PM | Attr = ] front.pdf -> %UserProfile%\My Documents\front.pdf -> [Ver = | Size = 222206 bytes | Created Date = 4/25/2008 9:23:31 AM | Attr = ] Stardock -> %UserProfile%\My Documents\Stardock -> [Folder | Created Date = 5/13/2008 8:04:34 PM | Attr = ] Bank_Information.doc -> %UserProfile%\Desktop\Bank_Information.doc -> [Ver = | Size = 24064 bytes | Created Date = 5/21/2008 1:00:59 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Bank_Information.doc:Zone.Identifier french board.doc -> %UserProfile%\Desktop\french board.doc -> [Ver = | Size = 24064 bytes | Created Date = 5/21/2008 11:53:32 PM | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Created Date = 5/15/2008 9:59:06 PM | Attr = ] Voulu.pdf -> %UserProfile%\Desktop\Voulu.pdf -> [Ver = | Size = 93455 bytes | Created Date = 5/22/2008 7:06:08 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 5/1/2008 1:36:15 PM | Attr = ] L&H -> %CommonProgramFiles%\L&H -> [Folder | Created Date = 5/20/2008 6:06:32 PM | Attr = ] PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 5/24/2008 9:59:00 AM | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 5/7/2008 4:37:53 PM | Attr = ] Bulent's Screen Recorder 4 -> %ProgramFiles%\Bulent's Screen Recorder 4 -> [Folder | Created Date = 5/2/2008 6:43:24 PM | Attr = ] Google -> %ProgramFiles%\Google -> [Folder | Created Date = 5/8/2008 5:10:18 PM | Attr = ] HyCam2 -> %ProgramFiles%\HyCam2 -> [Folder | Created Date = 5/2/2008 6:46:33 PM | Attr = ] iMagic Inventory -> %ProgramFiles%\iMagic Inventory -> [Folder | Created Date = 5/11/2008 8:52:11 AM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 5/1/2008 4:09:35 PM | Attr = ] SonicWallES -> %ProgramFiles%\SonicWallES -> [Folder | Created Date = 4/25/2008 7:20:18 PM | Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 5/24/2008 10:19:16 AM | Attr = ] [Files/Folders - Modified Within 30 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 5/23/2008 9:52:17 PM | Attr = H ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 5/24/2008 10:08:25 AM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/24/2008 10:08:00 AM | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 5/23/2008 7:34:57 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1542836224 bytes | Modified Date = 5/24/2008 11:42:26 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/24/2008 10:47:27 AM | Attr = R ] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 0 bytes | Modified Date = 4/25/2008 2:29:20 PM | Attr = ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/14/2008 10:12:27 PM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/15/2008 4:31:42 PM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/14/2008 10:12:27 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/15/2008 4:31:42 PM | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/24/2008 11:38:35 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 5/18/2008 9:45:44 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 5/24/2008 10:12:10 AM | Attr = ] 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Modified Date = 5/7/2008 4:38:01 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 23985333 bytes | Modified Date = 5/24/2008 10:12:09 AM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 28920 bytes | Modified Date = 5/23/2008 4:18:40 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Modified Date = 5/21/2008 5:06:39 PM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/7/2008 4:38:05 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/7/2008 4:38:03 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/21/2008 4:43:28 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 23 bytes | Modified Date = 5/23/2008 7:34:20 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 40992 bytes | Modified Date = 5/24/2008 10:08:38 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 1532 bytes | Modified Date = 5/24/2008 10:08:36 AM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 1312 bytes | Modified Date = 5/24/2008 10:08:36 AM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 1196 bytes | Modified Date = 5/24/2008 10:08:36 AM | Attr = HS] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1789 bytes | Modified Date = 5/3/2008 4:37:36 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/7/2008 4:38:06 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/2/2008 1:31:18 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/24/2008 11:37:40 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/17/2008 4:31:38 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 5/17/2008 4:27:49 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/17/2008 4:28:01 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/24/2008 10:19:36 AM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 5/3/2008 4:25:31 PM | Attr = H ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 5/18/2008 1:28:01 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 4/30/2008 4:40:41 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59444 bytes | Modified Date = 5/7/2008 10:56:22 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 395372 bytes | Modified Date = 5/7/2008 10:56:22 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 461986 bytes | Modified Date = 5/7/2008 10:56:22 PM | Attr = ] Tr_sttool.dat -> %SystemRoot%\System32\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/2/2008 6:44:53 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 5/17/2008 4:31:19 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/24/2008 11:44:59 AM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/24/2008 9:52:41 AM | Attr = H ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 5/20/2008 6:06:54 PM | Attr = R S] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/24/2008 11:42:32 AM | Attr = S] Brpfx04a.ini -> %SystemRoot%\Brpfx04a.ini -> [Ver = | Size = 1067 bytes | Modified Date = 5/2/2008 12:27:17 PM | Attr = ] brwmark.ini -> %SystemRoot%\brwmark.ini -> [Ver = | Size = 426 bytes | Modified Date = 5/24/2008 11:36:47 AM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/11/2008 10:46:11 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/18/2008 1:28:04 PM | Attr = S] fastaero_config -> %SystemRoot%\fastaero_config -> [Ver = | Size = 225 bytes | Modified Date = 5/4/2008 10:15:52 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/3/2008 4:43:14 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/24/2008 9:59:13 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/24/2008 10:07:37 AM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/24/2008 10:00:13 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/24/2008 12:49:44 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/24/2008 11:45:01 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/22/2008 6:56:23 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/22/2008 6:56:23 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/17/2008 4:31:19 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 5/14/2008 11:48:48 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 5/7/2008 3:42:31 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 5/24/2008 10:08:25 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 5/24/2008 11:36:53 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/14/2008 8:29:35 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 5/24/2008 11:45:17 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 665 bytes | Modified Date = 5/24/2008 10:08:25 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/7/2008 4:37:41 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/23/2008 9:40:02 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/24/2008 11:42:50 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/23/2008 5:45:06 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 28094 bytes | Modified Date = 5/8/2008 9:33:04 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 26932 bytes | Modified Date = 5/19/2008 8:49:21 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 1/23/2008 10:15:09 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 1/23/2008 10:15:09 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0 -> [Folder | Modified Date = 3/5/2008 8:58:50 PM | Attr = ] vbexpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0\vbexpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 3/5/2008 8:58:39 PM | Attr = H ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 5/11/2008 12:30:25 PM | Attr = ] Azureus -> %AllUsersProfile%\Application Data\Azureus -> [Folder | Modified Date = 5/2/2008 9:04:35 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 5/6/2008 9:40:07 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 5/24/2008 10:07:59 AM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 4/25/2008 3:30:47 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 5/20/2008 6:06:13 PM | Attr = S] NCH Software -> %AllUsersProfile%\Application Data\NCH Software -> [Folder | Modified Date = 5/2/2008 5:26:40 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 5/24/2008 11:43:13 AM | Attr = ] @Alternate Data Stream - 108 bytes -> %AllUsersProfile%\Application Data\TEMP:C31F31E6 @Alternate Data Stream - 170 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Modified Date = 5/8/2008 5:10:24 PM | Attr = ] DivX -> %AppData%\DivX -> [Folder | Modified Date = 5/1/2008 3:52:16 PM | Attr = ] FileZilla -> %AppData%\FileZilla -> [Folder | Modified Date = 5/22/2008 8:44:14 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 5/3/2008 4:43:14 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 5/17/2008 3:51:43 PM | Attr = ] NMM-MetaData.db -> %AppData%\NMM-MetaData.db -> [Ver = | Size = 685775 bytes | Modified Date = 5/4/2008 3:43:48 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 5/24/2008 10:19:16 AM | Attr = ] utorrent -> %AppData%\utorrent -> [Folder | Modified Date = 5/24/2008 10:18:51 AM | Attr = ] Yahoo! Messenger -> %AppData%\Yahoo! Messenger -> [Folder | Modified Date = 5/20/2008 1:36:14 AM | Attr = ] Axialis -> %UserProfile%\Local Settings\Application Data\Axialis -> [Folder | Modified Date = 5/21/2008 8:54:01 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 19456 bytes | Modified Date = 5/11/2008 9:48:08 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3712656 bytes | Modified Date = 5/24/2008 11:41:54 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/20/2008 8:39:25 PM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 5/2/2008 7:39:31 PM | Attr = ] BSR Videos -> %UserProfile%\My Documents\BSR Videos -> [Folder | Modified Date = 5/2/2008 6:44:53 PM | Attr = ] clip0001.avi -> %UserProfile%\My Documents\clip0001.avi -> [Ver = | Size = 1754400 bytes | Modified Date = 5/7/2008 9:10:02 PM | Attr = ] front.pdf -> %UserProfile%\My Documents\front.pdf -> [Ver = | Size = 222206 bytes | Modified Date = 4/25/2008 9:23:31 AM | Attr = ] Stardock -> %UserProfile%\My Documents\Stardock -> [Folder | Modified Date = 5/13/2008 8:04:34 PM | Attr = ] Ashwin -> %UserProfile%\Desktop\Ashwin -> [Folder | Modified Date = 5/24/2008 11:10:33 AM | Attr = ] Bank_Information.doc -> %UserProfile%\Desktop\Bank_Information.doc -> [Ver = | Size = 24064 bytes | Modified Date = 5/21/2008 12:59:37 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Bank_Information.doc:Zone.Identifier french board.doc -> %UserProfile%\Desktop\french board.doc -> [Ver = | Size = 24064 bytes | Modified Date = 5/22/2008 12:02:40 AM | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 5/15/2008 10:18:45 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 41984 bytes | Modified Date = 5/11/2008 9:49:55 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable Voulu.pdf -> %UserProfile%\Desktop\Voulu.pdf -> [Ver = | Size = 93455 bytes | Modified Date = 5/22/2008 7:15:43 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 5/1/2008 1:36:15 PM | Attr = ] L&H -> %CommonProgramFiles%\L&H -> [Folder | Modified Date = 5/20/2008 6:06:33 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 5/7/2008 4:37:41 PM | Attr = ] PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 5/24/2008 9:59:04 AM | Attr = ] < End of report > [/code]