[code] OTScanIt logfile created on: 15/06/2008 20:31:13 OTScanIt by OldTimer - Version 1.0.15.15 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 238.80 Mb Total Physical Memory | 53.01 Mb Available Physical Memory | 22.20% Memory free 585.40 Mb Paging File | 294.63 Mb Available in Paging File | 50.33% Paging File free Paging file location(s): C:\pagefile.sys 360 720; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.25 Gb Total Space | 7.23 Gb Free Space | 19.40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KEMPCORN-6EVXN2 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 00:06:57 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 00:19:24 | Attr = ] cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 03/09/2003 23:00:18 | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 17:50:10 | Attr = ] spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 04/01/2008 20:56:52 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 00:16:59 | Attr = ] 00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 253952 bytes | Modified Date = 23/05/2003 15:15:54 | Attr = ] tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 4, 1, 0 | Size = 73728 bytes | Modified Date = 15/10/2003 17:03:38 | Attr = R ] tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 9, 0 | Size = 266240 bytes | Modified Date = 27/11/2003 17:53:14 | Attr = ] tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.01.01 | Size = 102400 bytes | Modified Date = 25/08/2003 11:37:04 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 00:19:31 | Attr = ] toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 05/09/2003 04:24:46 | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 40960 bytes | Modified Date = 27/11/2003 17:52:18 | Attr = ] raconfig2500.exe -> %ProgramFiles%\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -> Ralink Technology, Corp. [Ver = 2, 0, 3, 0 | Size = 659518 bytes | Modified Date = 30/04/2004 16:50:28 | Attr = ] otscanit.exe -> %UserProfile%\desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 12/06/2008 00:29:06 | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 16/05/2008 00:06:57 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 16/05/2008 00:19:24 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 16/05/2008 00:19:00 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 16/05/2008 00:16:59 | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 3, 0, 0, 12 | Size = 28672 bytes | Modified Date = 03/09/2003 23:00:18 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 14/04/2008 01:12:17 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/10/2007 19:07:32 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 7, 0, 8, 0 | Size = 430592 bytes | Modified Date = 07/04/2008 09:17:30 | Attr = ] (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20/09/2002 17:50:10 | Attr = ] (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 04/01/2008 20:56:52 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] -> [Ver = | Size = 24576 bytes | Modified Date = 23/06/2001 21:28:06 | Attr = ] 00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\System32\00THotkey.exe] -> TOSHIBA Corp. [Ver = 1, 0, 0, 21 | Size = 253952 bytes | Modified Date = 23/05/2003 15:15:54 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 23:16:38 | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe ["C:\Program Files\Apoint2K\Apoint.exe"] -> Alps Electric Co., Ltd. [Ver = 6.0.2.171 | Size = 159744 bytes | Modified Date = 17/07/2003 18:38:54 | Attr = R ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 16/05/2008 00:19:31 | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\System32\hkcmd.exe] -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 07/04/2003 01:07:38 | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\System32\igfxtray.exe] -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 07/04/2003 01:19:52 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28/03/2008 23:37:20 | Attr = ] TFncKy -> [TFncKy.exe] -> File not found TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 2, 4, 1, 0 | Size = 73728 bytes | Modified Date = 15/10/2003 17:03:38 | Attr = R ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 9, 0 | Size = 266240 bytes | Modified Date = 27/11/2003 17:53:14 | Attr = ] UnlockerAssistant -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe ["C:\Program Files\Unlocker\UnlockerAssistant.exe"] -> [Ver = | Size = 15872 bytes | Modified Date = 02/05/2008 05:15:46 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe ["C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 05/09/2003 04:24:46 | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26/03/2008 18:41:50 | Attr = ] Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 28/09/2007 02:17:36 | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26/03/2008 18:41:50 | Attr = ] Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.32 | Size = 443968 bytes | Modified Date = 28/09/2007 02:17:36 | Attr = ] < Run [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe ["C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 05/09/2003 04:24:46 | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\RaConfig2500.lnk -> %ProgramFiles%\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe -> Ralink Technology, Corp. [Ver = 2, 0, 3, 0 | Size = 659518 bytes | Modified Date = 30/04/2004 16:50:28 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {16702622-F7FA-4342-B2DD-144E7948A37C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 07/04/2003 01:06:48 | Attr = ] WRNotifier -> %SystemRoot%\system32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 04/01/2008 20:34:36 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 13/04/2008 19:40:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_RW/DVD_GCC-4241N_______________0T05____\5&1a26c68d&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 18/12/2003 15:46:55 | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://home.microsoft.com/search/search.asp -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: Main\\Default_Search_URL -> http://home.microsoft.com/search/search.asp -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2CCF8AC0-A4A5-43E2-B090-6DF6B1C55367} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJDsPHx.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 318224 bytes | Modified Date = 14/06/2008 16:20:40 | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.522 | Size = 370296 bytes | Modified Date = 07/01/2008 05:18:01 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 15/10/2007 19:08:30 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 15/10/2007 19:07:38 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 15/10/2007 19:08:30 | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 15/10/2007 19:08:30 | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 15/10/2007 19:08:30 | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}:Exec -> %ProgramFiles%\Paltalk Messenger\paltalk.exe [PalTalk] -> AVM Software Inc. [Ver = 9.91.2725.0 | Size = 10252288 bytes | Modified Date = 11/12/2007 21:34:48 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\] > -> HKEY_USERS\S-1-5-21-1690816315-673594844-729213206-500\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {016CD9F5-0912-47F0-A6E4-7410CE853754} -> (Intel(R) PRO/100 VE Network Connection) -> {02D3000A-F266-49FD-AD65-6A4A6AA09FD4} -> (Ralink RT2500 Wireless LAN Card) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 07/12/2007 16:08:02 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183047933109[WUWebControl Class] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183051717390[MUWebControl Class] -> {D821DC4A-0814-435E-9820-661C543A4679}[HKEY_LOCAL_MACHINE] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[CRLDownloadWrapper Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\.Owner -> {A90A5822-F108-45AD-8482-9BC8B12DD539} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll\\{A90A5822-F108-45AD-8482-9BC8B12DD539} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\.Owner -> {D821DC4A-0814-435E-9820-661C543A4679} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/crlocx.ocx\\{D821DC4A-0814-435E-9820-661C543A4679} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LMIProxyHelper.exe\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RACtrl.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TVUAx.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TVUAx.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TVUAx.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libcurl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libcurl.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libcurl.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libeay32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libeay32.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libeay32.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libexpatw.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libexpatw.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/libexpatw.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp71.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\\.Owner -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ractrlkeyhook.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ssleay32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ssleay32.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ssleay32.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {5F8469B4-B055-49DD-83F7-62B522420ECC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5F8469B4-B055-49DD-83F7-62B522420ECC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/zlib1.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/zlib1.dll\\.Owner -> {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/zlib1.dll\\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr = ] C:\WINDOWS\system32\mlJDsPHx -> %SystemRoot%\system32\mlJDsPHx.dll -> [Ver = | Size = 318224 bytes | Modified Date = 14/06/2008 16:20:40 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 01:11:56 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 01:12:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 01:12:08 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 624 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 01:12:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 8E 21 9E 1B 3C E7 9F 19 AA 9E 85 33 13 95 2D 55 36 36 31 61 35 34 63 62 00 00 00 00 01 00 00 00 14 01 00 00 24 01 00 00 B4 D1 1B 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 60 3B 45 67 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F5 6E 93 08 23 43 C3 71 37 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> A4 72 6E 6B 3F 92 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B2 75 4A FB 7D 6A 28 AE 01 B9 EF 1D E2 E3 76 7E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> BE 96 45 DF FB B0 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 7361 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 01:12:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 14/04/2008 01:12:28 | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 02/02/2008 17:25:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 13/04/2008 19:53:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kontiki\KService.exe -> %ProgramFiles%\Kontiki\KService.exe [C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PoivY.com\PoivY\PoivY.exe -> %ProgramFiles%\PoivY.com\PoivY\PoivY.exe [C:\Program Files\PoivY.com\PoivY\PoivY.exe:*:Enabled:PoivY] -> PoivY [Ver = 4, 2, 486, 0 | Size = 8090912 bytes | Modified Date = 07/12/2007 12:05:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07/12/2007 16:08:02 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\adv\SopAdver.exe -> %ProgramFiles%\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> www.sopcast.com [Ver = 3, 0, 0, 301 | Size = 567384 bytes | Modified Date = 07/03/2007 11:27:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 625664 bytes | Modified Date = 22/04/2008 08:40:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVAnts\Tvants.exe -> %ProgramFiles%\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> Zhejiang University [Ver = 1.0.0.59 | Size = 2179072 bytes | Modified Date = 23/12/2007 23:02:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe -> %ProgramFiles%\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> www.sopcast.com [Ver = 3.0.3.501 | Size = 1892352 bytes | Modified Date = 30/04/2008 09:32:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVUPlayer\TVUPlayer.exe -> %ProgramFiles%\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component] -> TVU networks [Ver = 2.3.6.1 | Size = 1721624 bytes | Modified Date = 03/04/2008 11:00:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 01:12:11 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 01:12:04 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 01:12:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14/04/2008 01:12:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 14/04/2008 01:12:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 01:12:04 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] !Submit -> %SystemDrive%\!Submit -> [Folder | Created Date = 15/06/2008 03:40:58 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 14/06/2008 16:35:05 | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1288192 bytes | Created Date = 07/05/2008 06:12:40 | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Created Date = 14/06/2008 20:51:15 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Created Date = 14/06/2008 20:51:01 | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 14/06/2008 20:50:59 | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Created Date = 14/06/2008 20:50:59 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Created Date = 14/06/2008 20:51:19 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Created Date = 14/06/2008 20:51:00 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Created Date = 14/06/2008 20:51:18 | Attr = ] ccdcmb.sys -> %SystemRoot%\System32\drivers\ccdcmb.sys -> Nokia [Ver = 6.86.4.5 | Size = 16896 bytes | Created Date = 17/04/2008 15:14:18 | Attr = ] ccdcmbo.sys -> %SystemRoot%\System32\drivers\ccdcmbo.sys -> Nokia [Ver = 6.86.4.5 | Size = 19328 bytes | Created Date = 17/04/2008 15:14:20 | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 08/05/2008 04:24:57 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 17/04/2008 15:32:06 | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 17/04/2008 15:32:25 | Attr = H ] pccsmcfd.sys -> %SystemRoot%\System32\drivers\pccsmcfd.sys -> Nokia [Ver = 6.85.3.0 | Size = 21632 bytes | Created Date = 17/04/2008 15:15:39 | Attr = ] SSFS0BB9.sys -> %SystemRoot%\System32\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Created Date = 14/06/2008 19:24:07 | Attr = ] sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Created Date = 14/06/2008 19:24:07 | Attr = ] ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Created Date = 14/06/2008 19:24:07 | Attr = ] sskbfd.sys -> %SystemRoot%\System32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Created Date = 14/06/2008 19:24:07 | Attr = ] usbser_lowerflt.sys -> %SystemRoot%\System32\drivers\usbser_lowerflt.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Created Date = 17/04/2008 15:14:21 | Attr = ] usbser_lowerfltj.sys -> %SystemRoot%\System32\drivers\usbser_lowerfltj.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Created Date = 17/04/2008 15:14:22 | Attr = ] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 14/06/2008 20:50:38 | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 30/03/2008 15:15:46 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Created Date = 14/06/2008 20:50:38 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Created Date = 14/06/2008 20:51:10 | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 08/05/2008 04:58:24 | Attr = ] mlJDsPHx.dll -> %SystemRoot%\System32\mlJDsPHx.dll -> [Ver = | Size = 318224 bytes | Created Date = 14/06/2008 16:20:39 | Attr = ] nmwcdcocls.dll -> %SystemRoot%\System32\nmwcdcocls.dll -> Nokia [Ver = 6.86.4.5 | Size = 95744 bytes | Created Date = 17/04/2008 15:14:18 | Attr = ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 974 bytes | Created Date = 08/05/2008 04:25:12 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 28/03/2008 23:37:26 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 28/03/2008 23:37:26 | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 08/05/2008 04:58:30 | Attr = ] ssiefr.EXE -> %SystemRoot%\System32\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Created Date = 14/06/2008 19:23:31 | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Created Date = 15/06/2008 02:47:20 | Attr = ] WRLogonNtf.dll -> %SystemRoot%\System32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Created Date = 14/06/2008 19:23:56 | Attr = ] wrlzma.dll -> %SystemRoot%\System32\wrlzma.dll -> [Ver = | Size = 26480 bytes | Created Date = 14/06/2008 19:23:31 | Attr = ] xHPsDJlm.ini -> %SystemRoot%\System32\xHPsDJlm.ini -> [Ver = | Size = 923 bytes | Created Date = 15/06/2008 13:56:49 | Attr = HS] xHPsDJlm.ini2 -> %SystemRoot%\System32\xHPsDJlm.ini2 -> [Ver = | Size = 923 bytes | Created Date = 15/06/2008 13:56:58 | Attr = HS] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 08/05/2008 04:58:26 | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 08/05/2008 12:10:01 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 10/06/2008 02:00:20 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 10/06/2008 02:00:20 | Attr = H ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 07/04/2008 01:41:30 | Attr = ] WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Created Date = 14/06/2008 19:23:30 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 08/05/2008 00:41:42 | Attr = ] GlaryInitialize.job -> %SystemRoot%\tasks\GlaryInitialize.job -> [Ver = | Size = 328 bytes | Created Date = 04/04/2008 01:58:39 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Created Date = 08/05/2008 00:41:35 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 26/05/2008 03:52:42 | Attr = ] TVU Networks -> %AllUsersProfile%\Application Data\TVU Networks -> [Folder | Created Date = 29/04/2008 16:14:14 | Attr = ] Webroot -> %AllUsersProfile%\Application Data\Webroot -> [Folder | Created Date = 14/06/2008 19:23:30 | Attr = ] AudioMoves -> %AppData%\AudioMoves -> [Folder | Created Date = 19/05/2008 21:52:26 | Attr = ] GeoSetter -> %AppData%\GeoSetter -> [Folder | Created Date = 12/04/2008 01:19:06 | Attr = ] GlarySoft -> %AppData%\GlarySoft -> [Folder | Created Date = 04/04/2008 02:02:40 | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Created Date = 17/04/2008 17:43:24 | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 30/04/2008 02:42:23 | Attr = ] Webroot -> %AppData%\Webroot -> [Folder | Created Date = 14/06/2008 19:23:30 | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 08/05/2008 00:34:27 | Attr = ] MediaMonkey -> %UserProfile%\Local Settings\Application Data\MediaMonkey -> [Folder | Created Date = 15/05/2008 16:45:31 | Attr = ] Paint.NET -> %UserProfile%\Local Settings\Application Data\Paint.NET -> [Folder | Created Date = 01/05/2008 20:44:33 | Attr = ] TVU Networks -> %UserProfile%\Local Settings\Application Data\TVU Networks -> [Folder | Created Date = 23/04/2008 19:57:16 | Attr = ] cc_20080614_1921.reg -> %UserProfile%\My Documents\cc_20080614_1921.reg -> [Ver = | Size = 6594 bytes | Created Date = 14/06/2008 19:21:14 | Attr = ] Chart1.nch -> %UserProfile%\My Documents\Chart1.nch -> [Ver = | Size = 6550 bytes | Created Date = 27/03/2008 21:37:55 | Attr = ] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 14/06/2008 20:20:39 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HJTInstall.exe:Zone.Identifier KillBox.exe -> %UserProfile%\My Documents\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0175 | Size = 143360 bytes | Created Date = 15/06/2008 03:39:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\KillBox.exe:Zone.Identifier PrimaGuideRH.pdf -> %UserProfile%\My Documents\PrimaGuideRH.pdf -> [Ver = | Size = 1649429 bytes | Created Date = 08/05/2008 17:22:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\PrimaGuideRH.pdf:Zone.Identifier PURCHASE RECEIPT vista.doc -> %UserProfile%\My Documents\PURCHASE RECEIPT vista.doc -> [Ver = | Size = 31232 bytes | Created Date = 12/05/2008 21:12:24 | Attr = ] setupeng.exe -> %UserProfile%\My Documents\setupeng.exe -> [Ver = 4.8.1201.0 | Size = 23047784 bytes | Created Date = 14/06/2008 20:19:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\setupeng.exe:Zone.Identifier Webroot_Spy_Sweeper_5.5.7.124___4_Working_Serials.rar -> %UserProfile%\My Documents\Webroot_Spy_Sweeper_5.5.7.124___4_Working_Serials.rar -> [Ver = | Size = 14662905 bytes | Created Date = 14/06/2008 16:41:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Webroot_Spy_Sweeper_5.5.7.124___4_Working_Serials.rar:Zone.Identifier Workspace1.bak -> %UserProfile%\My Documents\Workspace1.bak -> [Ver = | Size = 11844 bytes | Created Date = 02/04/2008 19:51:57 | Attr = ] Workspace1.wks -> %UserProfile%\My Documents\Workspace1.wks -> [Ver = | Size = 11836 bytes | Created Date = 02/04/2008 19:51:57 | Attr = ] avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Created Date = 14/06/2008 20:51:22 | Attr = ] MediaMonkey.lnk -> %AllUsersProfile%\Desktop\MediaMonkey.lnk -> [Ver = | Size = 660 bytes | Created Date = 15/05/2008 16:45:40 | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 08/05/2008 00:37:54 | Attr = ] Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk -> [Ver = | Size = 1641 bytes | Created Date = 14/06/2008 19:23:58 | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 719 bytes | Created Date = 30/04/2008 02:39:54 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 15/06/2008 20:29:29 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568240 bytes | Created Date = 15/06/2008 20:20:41 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Shortcut to VundoFix.lnk -> %UserProfile%\Desktop\Shortcut to VundoFix.lnk -> [Ver = | Size = 994 bytes | Created Date = 15/06/2008 03:31:03 | Attr = ] The Noble Quran.lnk -> %UserProfile%\Desktop\The Noble Quran.lnk -> [Ver = | Size = 802 bytes | Created Date = 12/05/2008 20:37:37 | Attr = ] unlocker1.8.7.exe -> %UserProfile%\Desktop\unlocker1.8.7.exe -> [Ver = | Size = 243204 bytes | Created Date = 15/06/2008 19:38:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\unlocker1.8.7.exe:Zone.Identifier VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0005 | Size = 214528 bytes | Created Date = 15/06/2008 04:40:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [Ver = | Size = 630 bytes | Created Date = 03/06/2008 14:36:43 | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Created Date = 17/04/2008 15:17:37 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Created Date = 17/04/2008 15:17:37 | Attr = ] Alwil Software -> %ProgramFiles%\Alwil Software -> [Folder | Created Date = 14/06/2008 20:50:33 | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 08/05/2008 00:33:56 | Attr = ] GeoSetter -> %ProgramFiles%\GeoSetter -> [Folder | Created Date = 12/04/2008 01:19:05 | Attr = ] Glary Utilities -> %ProgramFiles%\Glary Utilities -> [Folder | Created Date = 04/04/2008 01:58:30 | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 29/04/2008 20:04:53 | Attr = ] Paint.NET -> %ProgramFiles%\Paint.NET -> [Folder | Created Date = 01/05/2008 20:44:33 | Attr = ] PC Connectivity Solution -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Created Date = 17/04/2008 15:15:28 | Attr = ] Pro Imaging Powertoys -> %ProgramFiles%\Pro Imaging Powertoys -> [Folder | Created Date = 12/04/2008 01:06:14 | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 08/05/2008 00:37:26 | Attr = ] The Noble Qur'an V3.0 -> %ProgramFiles%\The Noble Qur'an V3.0 -> [Folder | Created Date = 12/05/2008 20:37:36 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 14/06/2008 20:20:55 | Attr = ] TVAnts -> %ProgramFiles%\TVAnts -> [Folder | Created Date = 08/05/2008 19:36:46 | Attr = ] TVUPlayer -> %ProgramFiles%\TVUPlayer -> [Folder | Created Date = 29/04/2008 16:11:35 | Attr = ] Unlocker -> %ProgramFiles%\Unlocker -> [Folder | Created Date = 15/06/2008 19:39:18 | Attr = ] Webroot -> %ProgramFiles%\Webroot -> [Folder | Created Date = 14/06/2008 19:23:29 | Attr = ] [Files/Folders - Modified Within 90 days] !Submit -> %SystemDrive%\!Submit -> [Folder | Modified Date = 15/06/2008 03:57:43 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 14/06/2008 19:11:49 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 14/06/2008 19:22:37 | Attr = ] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 08/05/2008 04:51:29 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 15/06/2008 19:39:18 | Attr = R ] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 0 bytes | Modified Date = 05/05/2008 20:14:45 | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 25/05/2008 17:34:52 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 26/05/2008 23:19:04 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 28/05/2008 15:35:20 | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 172 bytes | Modified Date = 28/05/2008 15:35:24 | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 28/05/2008 17:13:10 | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/06/2008 17:01:34 | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/06/2008 17:02:00 | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 09/06/2008 00:04:00 | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 10/06/2008 14:16:40 | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 13/06/2008 01:17:20 | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 14/06/2008 03:39:28 | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 232 bytes | Modified Date = 01/05/2008 13:26:46 | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 03/05/2008 18:30:02 | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 232 bytes | Modified Date = 03/05/2008 18:30:46 | Attr = H ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 232 bytes | Modified Date = 03/05/2008 18:32:38 | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/05/2008 16:34:10 | Attr = H ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/05/2008 19:50:14 | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/05/2008 19:50:32 | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 232 bytes | Modified Date = 06/05/2008 19:50:50 | Attr = H ] sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 232 bytes | Modified Date = 08/05/2008 13:15:18 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 25/05/2008 17:34:52 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 26/05/2008 23:19:04 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 28/05/2008 15:35:20 | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 172 bytes | Modified Date = 28/05/2008 15:35:24 | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 28/05/2008 17:13:09 | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/06/2008 17:01:34 | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/06/2008 17:02:00 | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 09/06/2008 00:04:00 | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 10/06/2008 14:16:40 | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 13/06/2008 01:17:20 | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 14/06/2008 03:39:28 | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 01/05/2008 13:26:46 | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 03/05/2008 18:30:01 | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 03/05/2008 18:30:46 | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 03/05/2008 18:32:38 | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/05/2008 16:34:10 | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/05/2008 19:50:13 | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/05/2008 19:50:32 | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 06/05/2008 19:50:50 | Attr = H ] sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 08/05/2008 13:15:18 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 15/06/2008 19:49:41 | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 14/04/2008 01:11:52 | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 07/05/2008 06:12:40 | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 16/05/2008 00:13:26 | Attr = ] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Modified Date = 14/04/2008 01:11:48 | Attr = ] amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 13/04/2008 19:36:39 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 16/05/2008 00:16:06 | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 16/05/2008 00:18:33 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 16/05/2008 00:15:29 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 16/05/2008 00:20:32 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 16/05/2008 00:14:11 | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] dmboot.sys -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 13/04/2008 19:44:48 | Attr = ] dmio.sys -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 13/04/2008 19:44:46 | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 13/04/2008 17:36:05 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 17/04/2008 15:32:06 | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 17/04/2008 15:32:25 | Attr = H ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Modified Date = 14/04/2008 01:12:05 | Attr = ] sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 13/04/2008 19:36:39 | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 17/04/2008 15:34:14 | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Modified Date = 14/04/2008 01:12:08 | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 30/03/2008 15:16:20 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> amstream.dll -> %SystemRoot%\System32\amstream.dll -> [Ver = | Size = 70656 bytes | Modified Date = 14/04/2008 01:11:49 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Modified Date = 16/05/2008 00:24:43 | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Modified Date = 14/04/2008 01:11:49 | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 14/04/2008 01:11:49 | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Modified Date = 14/04/2008 01:11:49 | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Modified Date = 14/04/2008 01:11:49 | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 285696 bytes | Modified Date = 14/04/2008 01:09:01 | Attr = ] atmlib.dll -> %SystemRoot%\System32\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 226 | Size = 30208 bytes | Modified Date = 14/04/2008 01:11:50 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Modified Date = 16/05/2008 00:12:36 | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 08/05/2008 04:58:24 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 08/05/2008 05:12:28 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 15/06/2008 19:58:01 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 08/05/2008 04:54:06 | Attr = ] compatui.dll -> %SystemRoot%\System32\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 252928 bytes | Modified Date = 14/04/2008 01:11:51 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 14/06/2008 21:03:47 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 14/06/2008 20:51:15 | Attr = ] dcache.bin -> %SystemRoot%\System32\dcache.bin -> [Ver = | Size = 1804 bytes | Modified Date = 14/04/2008 01:25:26 | Attr = ] defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 25088 bytes | Modified Date = 14/04/2008 01:12:16 | Attr = ] devenum.dll -> %SystemRoot%\System32\devenum.dll -> [Ver = | Size = 59904 bytes | Modified Date = 14/04/2008 01:11:51 | Attr = ] dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 82944 bytes | Modified Date = 14/04/2008 01:12:16 | Attr = ] dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 105472 bytes | Modified Date = 14/04/2008 01:12:16 | Attr = ] dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 39424 bytes | Modified Date = 14/04/2008 01:11:51 | Attr = ] dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 124416 bytes | Modified Date = 14/04/2008 01:11:51 | Attr = ] dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 111104 bytes | Modified Date = 14/04/2008 01:11:51 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 11/06/2008 13:54:59 | Attr = RHS] dmadmin.exe -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 14/04/2008 01:12:17 | Attr = ] dmdlgs.dll -> %SystemRoot%\System32\dmdlgs.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 285184 bytes | Modified Date = 14/04/2008 01:11:52 | Attr = ] dmdskmgr.dll -> %SystemRoot%\System32\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 200704 bytes | Modified Date = 14/04/2008 01:11:52 | Attr = ] dmremote.exe -> %SystemRoot%\System32\dmremote.exe -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 15872 bytes | Modified Date = 14/04/2008 01:12:17 | Attr = ] dmserver.dll -> %SystemRoot%\System32\dmserver.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 14/04/2008 01:11:52 | Attr = ] dmutil.dll -> %SystemRoot%\System32\dmutil.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 52224 bytes | Modified Date = 14/04/2008 01:11:52 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 14/06/2008 20:51:19 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 17/04/2008 15:18:34 | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 14/04/2008 01:11:52 | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 08/05/2008 04:58:24 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 08/05/2008 04:58:33 | Attr = ] encdec.dll -> %SystemRoot%\System32\encdec.dll -> [Ver = | Size = 186880 bytes | Modified Date = 14/04/2008 01:11:53 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 257456 bytes | Modified Date = 08/05/2008 12:08:26 | Attr = ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Modified Date = 14/04/2008 01:11:54 | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Modified Date = 14/04/2008 01:11:54 | Attr = ] iac25_32.ax -> %SystemRoot%\System32\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] iccvid.dll -> %SystemRoot%\System32\iccvid.dll -> Radius Inc. [Ver = 1.10.0.11 | Size = 80384 bytes | Modified Date = 14/04/2008 01:11:54 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 08/05/2008 04:59:01 | Attr = ] ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] ir50_32.dll -> %SystemRoot%\System32\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] ivfsrc.ax -> %SystemRoot%\System32\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] jgdw400.dll -> %SystemRoot%\System32\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] jgpl400.dll -> %SystemRoot%\System32\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Modified Date = 14/04/2008 01:11:55 | Attr = ] l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 14/04/2008 01:09:57 | Attr = ] mciqtz32.dll -> %SystemRoot%\System32\mciqtz32.dll -> [Ver = | Size = 35328 bytes | Modified Date = 14/04/2008 01:11:56 | Attr = ] mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Modified Date = 14/04/2008 01:11:56 | Attr = ] mlJDsPHx.dll -> %SystemRoot%\System32\mlJDsPHx.dll -> [Ver = | Size = 318224 bytes | Modified Date = 14/06/2008 16:20:40 | Attr = ] mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax -> [Ver = | Size = 118272 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [Ver = | Size = 148992 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] msdmo.dll -> %SystemRoot%\System32\msdmo.dll -> [Ver = | Size = 14336 bytes | Modified Date = 14/04/2008 01:11:59 | Attr = ] msdvbnp.ax -> %SystemRoot%\System32\msdvbnp.ax -> [Ver = | Size = 56832 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] msdxm.ocx -> %SystemRoot%\System32\msdxm.ocx -> [Ver = | Size = 844314 bytes | Modified Date = 14/04/2008 01:10:08 | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 14/04/2008 01:10:08 | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Modified Date = 14/04/2008 01:12:01 | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 08/05/2008 04:54:12 | Attr = ] nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Modified Date = 14/04/2008 01:12:02 | Attr = ] odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp -> [Ver = | Size = 4310 bytes | Modified Date = 13/04/2008 18:26:09 | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 08/05/2008 04:53:40 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 73524 bytes | Modified Date = 08/05/2008 12:13:48 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 446904 bytes | Modified Date = 08/05/2008 12:13:49 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 528268 bytes | Modified Date = 08/05/2008 12:13:48 | Attr = ] Pqw -> %SystemRoot%\System32\Pqw -> [Folder | Modified Date = 17/04/2008 12:31:14 | Attr = ] proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 81920 bytes | Modified Date = 14/04/2008 01:10:35 | Attr = ] psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [Ver = | Size = 363520 bytes | Modified Date = 14/04/2008 01:12:03 | Attr = ] psisrndr.ax -> %SystemRoot%\System32\psisrndr.ax -> [Ver = | Size = 33280 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] qcap.dll -> %SystemRoot%\System32\qcap.dll -> [Ver = | Size = 192512 bytes | Modified Date = 14/04/2008 01:12:03 | Attr = ] qdv.dll -> %SystemRoot%\System32\qdv.dll -> [Ver = | Size = 279040 bytes | Modified Date = 14/04/2008 01:12:03 | Attr = ] qdvd.dll -> %SystemRoot%\System32\qdvd.dll -> [Ver = | Size = 386048 bytes | Modified Date = 14/04/2008 01:12:03 | Attr = ] qedit.dll -> %SystemRoot%\System32\qedit.dll -> [Ver = | Size = 562176 bytes | Modified Date = 14/04/2008 01:12:03 | Attr = ] qedwipes.dll -> %SystemRoot%\System32\qedwipes.dll -> [Ver = | Size = 733696 bytes | Modified Date = 13/04/2008 18:21:32 | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 07/05/2008 06:12:40 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Modified Date = 28/03/2008 23:37:26 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Modified Date = 28/03/2008 23:37:26 | Attr = ] regwizc.dll -> %SystemRoot%\System32\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 397824 bytes | Modified Date = 14/04/2008 01:12:04 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 08/05/2008 04:49:04 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 08/05/2008 04:54:12 | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Modified Date = 14/04/2008 01:12:04 | Attr = ] sbe.dll -> %SystemRoot%\System32\sbe.dll -> [Ver = | Size = 270848 bytes | Modified Date = 14/04/2008 01:12:04 | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 08/05/2008 04:58:30 | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 08/05/2008 12:08:21 | Attr = ] slbiop.dll -> %SystemRoot%\System32\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2600.2095 (xpsp_sp2_rc1.040310-2010) | Size = 98304 bytes | Modified Date = 14/04/2008 01:12:06 | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Modified Date = 14/04/2008 01:12:06 | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Modified Date = 14/04/2008 01:12:06 | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Modified Date = 14/04/2008 01:12:06 | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 14/04/2008 01:12:35 | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 14/04/2008 01:12:35 | Attr = ] sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 14/04/2008 01:10:50 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 08/05/2008 04:58:32 | Attr = ] vbicodec.ax -> %SystemRoot%\System32\vbicodec.ax -> [Ver = | Size = 53248 bytes | Modified Date = 14/04/2008 01:12:42 | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 15/06/2008 02:47:20 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 08/05/2008 12:08:20 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 15/06/2008 19:57:37 | Attr = ] wstpager.ax -> %SystemRoot%\System32\wstpager.ax -> [Ver = | Size = 164352 bytes | Modified Date = 14/04/2008 01:12:43 | Attr = ] wstrenderer.ax -> %SystemRoot%\System32\wstrenderer.ax -> [Ver = | Size = 239616 bytes | Modified Date = 14/04/2008 01:12:43 | Attr = ] xHPsDJlm.ini -> %SystemRoot%\System32\xHPsDJlm.ini -> [Ver = | Size = 923 bytes | Modified Date = 15/06/2008 20:33:19 | Attr = HS] xHPsDJlm.ini2 -> %SystemRoot%\System32\xHPsDJlm.ini2 -> [Ver = | Size = 923 bytes | Modified Date = 15/06/2008 20:32:23 | Attr = HS] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 29/04/2008 20:00:57 | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 10/05/2008 14:04:32 | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 11/05/2008 13:31:05 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 11/06/2008 13:54:34 | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 08/05/2008 04:48:41 | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 08/05/2008 12:08:21 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 18/05/2008 00:56:10 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 15/06/2008 19:55:53 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 11/06/2008 14:46:01 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 08/06/2008 14:22:58 | Attr = S] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 08/05/2008 04:41:41 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 08/05/2008 12:08:19 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 08/05/2008 04:58:59 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 09/04/2008 01:48:52 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 08/05/2008 04:59:00 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/06/2008 13:55:16 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 15/06/2008 03:15:18 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 11/05/2008 13:31:05 | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 08/05/2008 04:58:27 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 29/04/2008 22:49:04 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 08/05/2008 04:54:10 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 08/05/2008 04:54:12 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 08/05/2008 04:59:00 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 852 bytes | Modified Date = 15/05/2008 16:35:10 | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 08/05/2008 04:58:23 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 15/06/2008 20:29:51 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 10/06/2008 02:00:20 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/06/2008 02:00:20 | Attr = H ] security -> %SystemRoot%\security -> [Folder | Modified Date = 08/05/2008 05:17:32 | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 08/05/2008 04:59:20 | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 14/04/2008 01:12:35 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 08/05/2008 04:54:09 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 08/05/2008 04:53:39 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 15/06/2008 19:13:16 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 15/06/2008 03:35:16 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 15/06/2008 20:16:14 | Attr = ] twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,1 | Size = 50688 bytes | Modified Date = 14/04/2008 01:12:07 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 746 bytes | Modified Date = 14/06/2008 16:41:54 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 18/05/2008 00:55:18 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 09/06/2008 21:24:09 | Attr = ] GlaryInitialize.job -> %SystemRoot%\tasks\GlaryInitialize.job -> [Ver = | Size = 328 bytes | Modified Date = 15/06/2008 19:56:40 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 15/06/2008 19:56:17 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 19/12/2003 11:06:12 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6584 bytes | Modified Date = 15/06/2008 03:43:45 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6584 bytes | Modified Date = 15/06/2008 03:43:45 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 29/08/2007 22:47:40 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 29/08/2007 22:47:40 | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 15/06/2008 20:16:14 | Attr = ] Perflib_Perfdata_4f0.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_4f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 15/06/2008 02:50:00 | Attr = ] Perflib_Perfdata_618.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_618.dat -> [Ver = | Size = 16384 bytes | Modified Date = 15/06/2008 19:56:17 | Attr = ] Perflib_Perfdata_638.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_638.dat -> [Ver = | Size = 16384 bytes | Modified Date = 15/06/2008 04:01:35 | Attr = ] Perflib_Perfdata_63c.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_63c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 15/06/2008 19:42:57 | Attr = ] Perflib_Perfdata_658.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_658.dat -> [Ver = | Size = 16384 bytes | Modified Date = 15/06/2008 19:13:53 | Attr = ] 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Modified Date = 08/05/2008 00:41:35 | Attr = ] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 08/05/2008 00:37:21 | Attr = ] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Modified Date = 17/04/2008 15:51:46 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 26/05/2008 03:55:37 | Attr = ] TVU Networks -> %AllUsersProfile%\Application Data\TVU Networks -> [Folder | Modified Date = 29/04/2008 16:14:14 | Attr = ] Webroot -> %AllUsersProfile%\Application Data\Webroot -> [Folder | Modified Date = 14/06/2008 19:23:30 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 23/03/2008 20:10:16 | Attr = ] AudioMoves -> %AppData%\AudioMoves -> [Folder | Modified Date = 19/05/2008 22:00:59 | Attr = ] GeoSetter -> %AppData%\GeoSetter -> [Folder | Modified Date = 12/04/2008 01:28:52 | Attr = ] GlarySoft -> %AppData%\GlarySoft -> [Folder | Modified Date = 04/04/2008 02:02:40 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Modified Date = 18/05/2008 01:02:09 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 04/04/2008 02:02:52 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 12/04/2008 01:07:19 | Attr = S] Nokia -> %AppData%\Nokia -> [Folder | Modified Date = 17/04/2008 15:53:44 | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Modified Date = 17/04/2008 17:43:24 | Attr = ] Professional -> %AppData%\Professional -> [Folder | Modified Date = 03/04/2008 04:06:45 | Attr = ] TVU Networks -> %AppData%\TVU Networks -> [Folder | Modified Date = 29/04/2008 16:14:45 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 13/06/2008 21:07:33 | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 30/04/2008 02:42:37 | Attr = ] Webroot -> %AppData%\Webroot -> [Folder | Modified Date = 14/06/2008 19:23:30 | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 08/05/2008 00:34:27 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 140288 bytes | Modified Date = 14/06/2008 22:47:15 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 59448 bytes | Modified Date = 30/04/2008 16:50:25 | Attr = ] MediaMonkey -> %UserProfile%\Local Settings\Application Data\MediaMonkey -> [Folder | Modified Date = 14/06/2008 03:44:41 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 20/05/2008 23:38:40 | Attr = ] Paint.NET -> %UserProfile%\Local Settings\Application Data\Paint.NET -> [Folder | Modified Date = 18/05/2008 00:58:45 | Attr = ] TVU Networks -> %UserProfile%\Local Settings\Application Data\TVU Networks -> [Folder | Modified Date = 23/04/2008 19:57:16 | Attr = ] Microsoft -> %AllUsersProfile%\Documents\Microsoft -> [Folder | Modified Date = 29/04/2008 20:04:20 | Attr = ] Cash Flow -> %UserProfile%\My Documents\Cash Flow -> [Folder | Modified Date = 12/06/2008 19:47:16 | Attr = ] cc_20080304_1719.reg -> %UserProfile%\My Documents\cc_20080304_1719.reg -> [Ver = | Size = 9786 bytes | Modified Date = 11/06/2008 14:47:55 | Attr = ] cc_20080614_1921.reg -> %UserProfile%\My Documents\cc_20080614_1921.reg -> [Ver = | Size = 6594 bytes | Modified Date = 14/06/2008 19:21:17 | Attr = ] Chart1.nch -> %UserProfile%\My Documents\Chart1.nch -> [Ver = | Size = 6550 bytes | Modified Date = 27/03/2008 21:37:56 | Attr = ] Ebooks -> %UserProfile%\My Documents\Ebooks -> [Folder | Modified Date = 26/05/2008 23:25:36 | Attr = ] Everything and more -> %UserProfile%\My Documents\Everything and more -> [Folder | Modified Date = 25/04/2008 10:03:58 | Attr = ] griffith -> %UserProfile%\My Documents\griffith -> [Folder | Modified Date = 26/05/2008 11:36:33 | Attr = ] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 14/06/2008 20:20:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HJTInstall.exe:Zone.Identifier KillBox.exe -> %UserProfile%\My Documents\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0175 | Size = 143360 bytes | Modified Date = 15/06/2008 03:39:27 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\KillBox.exe:Zone.Identifier My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 12/06/2008 23:08:39 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 14/06/2008 03:32:57 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 19/05/2008 21:51:34 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 588 bytes | Modified Date = 15/05/2008 16:29:29 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 21/04/2008 17:49:21 | Attr = R ] PrimaGuideRH.pdf -> %UserProfile%\My Documents\PrimaGuideRH.pdf -> [Ver = | Size = 1649429 bytes | Modified Date = 08/05/2008 17:22:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\PrimaGuideRH.pdf:Zone.Identifier PURCHASE RECEIPT vista.doc -> %UserProfile%\My Documents\PURCHASE RECEIPT vista.doc -> [Ver = | Size = 31232 bytes | Modified Date = 12/05/2008 21:12:24 | Attr = ] setupeng.exe -> %UserProfile%\My Documents\setupeng.exe -> [Ver = 4.8.1201.0 | Size = 23047784 bytes | Modified Date = 14/06/2008 20:19:12 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\setupeng.exe:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 13824 bytes | Modified Date = 11/06/2008 21:22:28 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable University -> %UserProfile%\My Documents\University -> [Folder | Modified Date = 03/04/2008 19:13:59 | Attr = ] Webroot_Spy_Sweeper_5.5.7.124___4_Working_Serials.rar -> %UserProfile%\My Documents\Webroot_Spy_Sweeper_5.5.7.124___4_Working_Serials.rar -> [Ver = | Size = 14662905 bytes | Modified Date = 14/06/2008 16:41:38 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Webroot_Spy_Sweeper_5.5.7.124___4_Working_Serials.rar:Zone.Identifier Workspace1.bak -> %UserProfile%\My Documents\Workspace1.bak -> [Ver = | Size = 11844 bytes | Modified Date = 02/04/2008 19:51:58 | Attr = ] Workspace1.wks -> %UserProfile%\My Documents\Workspace1.wks -> [Ver = | Size = 11836 bytes | Modified Date = 03/04/2008 04:08:04 | Attr = ] avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1709 bytes | Modified Date = 14/06/2008 20:51:22 | Attr = ] MediaMonkey.lnk -> %AllUsersProfile%\Desktop\MediaMonkey.lnk -> [Ver = | Size = 660 bytes | Modified Date = 15/05/2008 16:45:40 | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 08/05/2008 00:37:54 | Attr = ] Spy Sweeper.lnk -> %AllUsersProfile%\Desktop\Spy Sweeper.lnk -> [Ver = | Size = 1641 bytes | Modified Date = 14/06/2008 19:23:58 | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 719 bytes | Modified Date = 30/04/2008 02:39:54 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 15/06/2008 20:29:29 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568240 bytes | Modified Date = 15/06/2008 20:20:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Shortcut to VundoFix.lnk -> %UserProfile%\Desktop\Shortcut to VundoFix.lnk -> [Ver = | Size = 994 bytes | Modified Date = 15/06/2008 03:31:03 | Attr = ] The Noble Quran.lnk -> %UserProfile%\Desktop\The Noble Quran.lnk -> [Ver = | Size = 802 bytes | Modified Date = 12/05/2008 20:37:37 | Attr = ] unlocker1.8.7.exe -> %UserProfile%\Desktop\unlocker1.8.7.exe -> [Ver = | Size = 243204 bytes | Modified Date = 15/06/2008 19:39:06 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\unlocker1.8.7.exe:Zone.Identifier VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0005 | Size = 214528 bytes | Modified Date = 15/06/2008 04:40:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 29/04/2008 20:04:11 | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Modified Date = 17/04/2008 15:17:38 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Modified Date = 17/04/2008 15:17:38 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 08/05/2008 04:53:57 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]