[code] OTScanIt logfile created on: 6/23/2008 21:30:28 OTScanIt by OldTimer - Version 1.0.15.12 Folder = C:\Documents and Settings\virus clean\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 339.28 Mb Available Physical Memory | 66.33% Memory free 1.22 Gb Paging File | 1.10 Gb Available in Paging File | 90.07% Paging File free Paging file location(s): c:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 141.35 Gb Total Space | 124.84 Gb Free Space | 88.32% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MORDECAI Current User Name: virus clean Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] acs.exe -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 4/6/2005 11:56:22 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 6/23/2007 20:46:54 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 11:56:54 | Attr = ] quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 3, 0, 0, 0 | Size = 200704 bytes | Modified Date = 1/9/2002 21:53:14 | Attr = ] wlancfg5.exe -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 2/22/2006 11:59:32 | Attr = ] wpn111.exe -> %ProgramFiles%\NETGEAR\WPN111\WPN111.exe -> NETGEAR [Ver = 1, 1, 0, 8 | Size = 884838 bytes | Modified Date = 1/26/2005 15:15:16 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.12 | Size = 397312 bytes | Modified Date = 6/7/2008 11:09:00 | Attr = ] [Win32 Services - Non-Microsoft Only] (ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 4/6/2005 11:56:22 | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 6/3/2005 01:13:38 | Attr = ] (AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Documents and Settings\Morde\My Documents\Dnld\frontpage\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 3/20/2007 02:19:14 | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NavNT\defwatch.exe -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 00:56:50 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 8/20/2007 02:01:01 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 501312 bytes | Modified Date = 5/26/2007 12:45:46 | Attr = ] (Norton AntiVirus Server) Norton AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NavNT\rtvscan.exe -> File not found (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 6/23/2007 20:46:54 | Attr = ] [Driver Services - All] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/3/2004 23:07:38 | Attr = ] (ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/15/2006 01:22:26 | Attr = ] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 5/24/2007 22:41:17 | Attr = ] (AFD) AFD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 8/3/2004 23:14:16 | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37376 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (AR5211) NETGEAR WG311T V1H3 Wireless Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WG311T13.sys -> Atheros Communications, Inc. [Ver = 4.0.0.167 | Size = 456768 bytes | Modified Date = 9/20/2005 04:05:04 | Attr = R ] (Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 23:05:04 | Attr = ] (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/3/2004 22:59:44 | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 8/3/2004 23:29:28 | Attr = ] (Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/3/2004 22:58:32 | Attr = ] (audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 14:59:44 | Attr = ] (Beep) Beep [Kernel | System | Running] -> %SystemRoot%\System32\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Cdaudio) Cdaudio [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Cdfs) Cdfs [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/3/2004 23:14:12 | Attr = ] (Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 22:59:54 | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0038.4 (36) | Size = 754560 bytes | Modified Date = 10/17/2003 04:52:06 | Attr = ] (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/3/2004 22:59:56 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 23:07:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 23:07:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 23:07:40 | Attr = ] (DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DNINDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17149 bytes | Modified Date = 7/24/2003 12:10:34 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (Fastfat) Fastfat [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/3/2004 23:14:18 | Attr = ] (Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/3/2004 22:59:28 | Attr = ] (Fips) Fips [Kernel | System | Running] -> %SystemRoot%\System32\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/3/2004 22:59:28 | Attr = ] (FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 10:14:58 | Attr = ] (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (gagp30kx) Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\GAGP30KX.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 46464 bytes | Modified Date = 8/4/2004 00:07:44 | Attr = ] (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10624 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 14:44:04 | Attr = ] (Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/3/2004 23:04:14 | Attr = ] (hidgame) Microsoft Hid to Joystick Port Enabler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hidgame.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8576 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (hidusb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (hotcore2) hotcore2 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\hotcore2.sys -> Paragon Software Group [Ver = 5.00.2195.1 | Size = 30808 bytes | Modified Date = 8/23/2006 12:10:10 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/17/2006 01:33:10 | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/3/2004 23:14:38 | Attr = ] (Imapi) CD-Burning Filter Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/3/2004 23:00:16 | Attr = ] (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/3/2004 23:00:08 | Attr = ] (IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/3/2004 23:04:46 | Attr = ] (IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/29/2004 23:28:37 | Attr = ] (IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/3/2004 23:14:30 | Attr = ] (IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/3/2004 23:00:48 | Attr = ] (isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/3/2004 22:58:34 | Attr = ] (kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 09:47:45 | Attr = ] (KSecDD) KSecDD [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/3/2004 22:59:48 | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.04 | Size = 8096 bytes | Modified Date = 3/29/2000 17:11:20 | Attr = ] (mnmdd) mnmdd [Kernel | System | Running] -> %SystemRoot%\System32\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Modem) Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (MountMgr) MountMgr [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/3/2004 22:58:32 | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.3276 (xpsp_sp2_gdr.071218-1250) | Size = 179584 bytes | Modified Date = 12/18/2007 10:51:35 | Attr = ] (MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\system32\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 10:41:45 | Attr = ] (Msfs) Msfs [File_System | System | Running] -> %SystemRoot%\System32\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/3/2004 23:00:42 | Attr = ] (MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mskssrv.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspclock.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspqm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (Mup) Mup [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/3/2004 23:15:22 | Attr = ] (NDIS) NDIS System Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/3/2004 23:14:30 | Attr = ] (NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/3/2004 23:14:32 | Attr = ] (NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\system32\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/3/2004 23:03:22 | Attr = ] (NetBT) NetBios over Tcpip [Kernel | System | Running] -> %SystemRoot%\system32\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/3/2004 23:14:38 | Attr = ] (NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nic1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61824 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (Npfs) Npfs [File_System | System | Running] -> %SystemRoot%\System32\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/3/2004 23:00:44 | Attr = ] (Ntfs) Ntfs [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.3081 (xpsp_sp2_gdr.070209-0028) | Size = 574464 bytes | Modified Date = 2/9/2007 12:10:35 | Attr = ] (Null) Null [Kernel | System | Running] -> %SystemRoot%\System32\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (ohci1394) VIA OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ohci1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61056 bytes | Modified Date = 8/3/2004 23:10:10 | Attr = ] (Parport) Parallel port driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (PartMgr) PartMgr [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (ParVdm) ParVdm [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/3/2004 23:07:48 | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pciide.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3328 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/3/2004 23:07:48 | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PPJoyBus) Parallel Port Joystick Bus device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PPJoyBus.sys -> Deon van der Westhuysen [Ver = 0.83.0.000 | Size = 13952 bytes | Modified Date = 10/24/2004 08:11:00 | Attr = ] (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/3/2004 23:14:28 | Attr = ] (PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/3/2004 23:04:20 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 7/26/2007 03:53:30 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/3/2004 23:14:24 | Attr = ] (RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/3/2004 23:05:08 | Attr = ] (Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\system32\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 5/5/2006 10:47:57 | Attr = ] (RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rdpdr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 196864 bytes | Modified Date = 8/3/2004 23:01:16 | Attr = ] (RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 6/10/2005 05:09:46 | Attr = ] (redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/3/2004 23:59:38 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 11:25:53 | Attr = ] (serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/3/2004 22:59:08 | Attr = ] (Serial) Serial port driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/3/2004 23:15:54 | Attr = ] (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.32 | Size = 48640 bytes | Modified Date = 3/3/2005 18:53:57 | Attr = ] (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.2 | Size = 6656 bytes | Modified Date = 2/23/2005 16:59:54 | Attr = ] (Sfloppy) Sfloppy [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/3/2004 22:59:56 | Attr = ] (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 12/3/2004 11:20:41 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.00 built by: WinDDK | Size = 32256 bytes | Modified Date = 7/10/2002 16:39:34 | Attr = R ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 6/14/2006 09:47:46 | Attr = ] (sptd) sptd [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\sptd.sys -> Duplex Secure Ltd. [Ver = 1.50.0.0 built by: WinDDK | Size = 685816 bytes | Modified Date = 8/30/2007 08:32:36 | Attr = ] (sr) System Restore Filter Driver [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/3/2004 23:06:26 | Attr = ] (Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 11:34:41 | Attr = ] (swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 6/23/2007 20:30:44 | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/4/2004 01:05:44 | Attr = ] (Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.3244 (xpsp_sp2_gdr.071030-1259) | Size = 360064 bytes | Modified Date = 10/30/2007 18:20:55 | Attr = ] (TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 01:01:08 | Attr = ] (TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 01:01:08 | Attr = ] (TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 01:01:08 | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (Udfs) Udfs [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/3/2004 23:00:32 | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 8/3/2004 22:58:34 | Attr = ] (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59264 bytes | Modified Date = 8/3/2004 23:07:56 | Attr = ] (usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/3/2004 23:08:48 | Attr = ] (usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 8/3/2004 23:08:38 | Attr = ] (usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/3/2004 23:08:44 | Attr = ] (usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbohci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 8/3/2004 23:08:38 | Attr = ] (usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 23:01:26 | Attr = ] (usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 22:58:46 | Attr = ] (USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbstor.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 23:08:48 | Attr = ] (VgaSave) VgaSave [Kernel | System | Running] -> %SystemRoot%\system32\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/3/2004 23:07:08 | Attr = ] (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (VolSnap) VolSnap [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/3/2004 23:00:18 | Attr = ] (Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/3/2004 23:04:58 | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 10:00:45 | Attr = ] (WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WPN111.sys -> NETGEAR, Inc. [Ver = 1.5.0.2102 | Size = 362944 bytes | Modified Date = 9/26/2005 16:02:50 | Attr = ] (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12032 bytes | Modified Date = 8/23/2001 13:00:00 | Attr = ] (WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 18:55:50 | Attr = ] (WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 19:00:34 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 23:16:38 | Attr = ] Cmaudio -> [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.2.0.34 | Size = 257088 bytes | Modified Date = 5/26/2007 12:45:54 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 11:56:54 | Attr = ] REGSHAVE -> %ProgramFiles%\REGSHAVE\Regshave.exe [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 22:32:10 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:35 | Attr = ] UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 15:59:38 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ares -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 961536 bytes | Modified Date = 7/16/2007 22:54:38 | Attr = ] < Run [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ares -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 961536 bytes | Modified Date = 7/16/2007 22:54:38 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 3, 0, 0, 0 | Size = 200704 bytes | Modified Date = 1/9/2002 21:53:14 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 2/22/2006 11:59:32 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WPN111\WPN111.exe -> NETGEAR [Ver = 1, 1, 0, 8 | Size = 884838 bytes | Modified Date = 1/26/2005 15:15:16 | Attr = ] < C-M-P Startup Folder > -> C:\Documents and Settings\C-M-P\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Mike Startup Folder > -> C:\Documents and Settings\Mike\Start Menu\Programs\Startup -> < Morde Startup Folder > -> C:\Documents and Settings\Morde\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Morde\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 19:16:50 | Attr = ] < Mum Startup Folder > -> C:\Documents and Settings\Mum\Start Menu\Programs\Startup -> < virus clean Startup Folder > -> C:\Documents and Settings\virus clean\Start Menu\Programs\Startup -> < Zippy Startup Folder > -> C:\Documents and Settings\Zippy\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 9/24/2001 08:59:00 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 22:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomDVD-ROM_16X_____________________________5.FV____\5&f8519ef&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> Hosts file not found -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\] > -> -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 21:33:52 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 6/7/2008 09:01:01 | Attr = ] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> File not found {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 8/20/2007 02:01:00 | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 11/20/2007 20:51:20 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 01:11:33 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 21:33:52 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 21:33:52 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 21:33:52 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 21:33:52 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\] > -> HKEY_USERS\S-1-5-21-823518204-492894223-839522115-1011\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 01:11:34 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 21:33:52 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1C8F8494-BBFB-4EF4-8C81-9D88C68A6D84} -> (NETGEAR 108 Mbps Wireless PCI Adapter WG311T) -> {31AC29DF-2E42-4EAD-BB00-8E8F6237EF56} -> () -> {34EBA892-D4E4-424C-B98B-D298362B719F} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> {44D9842D-4633-4677-9479-3B8B907821B6} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}[HKEY_LOCAL_MACHINE] -> http://www.musicnotes.com/download/mnviewer.cab[Musicnotes Viewer] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1EF9F042-C2EB-4293-8213-474CAEEF531D}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB[TmHcmsX Control] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {924C1588-90C3-4910-B6CA-D57A1C0418FE}[HKEY_LOCAL_MACHINE] -> http://us.bookmarks.yahoo.com/YbConvFav.CAB[YbUploadFavsCtl Class] -> {A8F2B9BD-A6A0-486A-9744-18920D898429}[HKEY_LOCAL_MACHINE] -> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab[ScorchPlugin Class] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444552200000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444552200000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444552200000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\\.Owner -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NPSibelius.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NPSibelius.dll\\.Owner -> {A8F2B9BD-A6A0-486A-9744-18920D898429} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NPSibelius.dll\\{A8F2B9BD-A6A0-486A-9744-18920D898429} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav.dll\\.Owner -> {924C1588-90C3-4910-B6CA-D57A1C0418FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav.dll\\{924C1588-90C3-4910-B6CA-D57A1C0418FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\TommyWalshsDIYGuide -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\TommyWalshsDIYGuide -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\TommyWalshsDIYGuide -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> [Files/Folders - Created Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 5/31/2008 20:12:53 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 6/9/2008 11:02:54 | Attr = HS] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 122 bytes | Created Date = 5/31/2008 16:08:00 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 6/9/2008 10:27:33 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 5/30/2008 15:24:03 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/20/2008 01:01:08 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/20/2008 01:01:08 | Attr = H ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 408 bytes | Created Date = 6/19/2008 19:35:15 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 6/5/2008 20:01:10 | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 6/5/2008 19:54:51 | Attr = HS] Google -> %AppData%\Google -> [Folder | Created Date = 6/5/2008 20:06:41 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 6/5/2008 20:01:10 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 6/5/2008 19:54:51 | Attr = S] Propellerhead Software -> %AppData%\Propellerhead Software -> [Folder | Created Date = 6/23/2008 13:13:54 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 6/10/2008 20:37:47 | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 6/5/2008 20:06:43 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 6/12/2008 07:39:23 | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Created Date = 6/16/2008 03:49:15 | Attr = ] Ares -> %UserProfile%\Local Settings\Application Data\Ares -> [Folder | Created Date = 6/19/2008 19:35:34 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5120 bytes | Created Date = 6/5/2008 21:39:58 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 81048 bytes | Created Date = 6/6/2008 10:44:54 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 6/5/2008 20:06:41 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4318884 bytes | Created Date = 6/9/2008 10:18:57 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 6/5/2008 19:54:51 | Attr = ] Midnight chords.doc -> %AllUsersProfile%\Documents\Midnight chords.doc -> [Ver = | Size = 26112 bytes | Created Date = 5/27/2008 13:46:55 | Attr = ] My Shared Folder -> %AllUsersProfile%\Documents\My Shared Folder -> [Folder | Created Date = 5/26/2008 11:29:35 | Attr = R ] ~$dnight chords.doc -> %AllUsersProfile%\Documents\~$dnight chords.doc -> [Ver = | Size = 162 bytes | Created Date = 5/27/2008 13:46:57 | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 82 bytes | Created Date = 6/23/2008 10:40:06 | Attr = HS] DrWeb.csv -> %UserProfile%\My Documents\DrWeb.csv -> [Ver = | Size = 1897 bytes | Created Date = 6/20/2008 03:32:13 | Attr = ] Hi mordecai.doc -> %UserProfile%\My Documents\Hi mordecai.doc -> [Ver = | Size = 58368 bytes | Created Date = 6/9/2008 10:23:34 | Attr = ] lidl.jpg -> %UserProfile%\My Documents\lidl.jpg -> [Ver = | Size = 171933 bytes | Created Date = 6/16/2008 01:48:43 | Attr = ] map.gif -> %UserProfile%\My Documents\map.gif -> [Ver = | Size = 69297 bytes | Created Date = 6/16/2008 03:54:52 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 6/9/2008 18:34:23 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 6/15/2008 21:16:28 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 6/5/2008 19:58:07 | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Created Date = 6/5/2008 20:00:30 | Attr = ] My Web Sites -> %UserProfile%\My Documents\My Web Sites -> [Folder | Created Date = 6/6/2008 10:43:19 | Attr = S] Photoshop_CS2_Keygen -> %UserProfile%\My Documents\Photoshop_CS2_Keygen -> [Folder | Created Date = 6/23/2008 18:41:51 | Attr = ] Photoshop_CS2_Keygen.rar -> %UserProfile%\My Documents\Photoshop_CS2_Keygen.rar -> [Ver = | Size = 186260 bytes | Created Date = 6/23/2008 18:41:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Photoshop_CS2_Keygen.rar:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 11776 bytes | Created Date = 6/16/2008 03:55:01 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Updater -> %UserProfile%\My Documents\Updater -> [Folder | Created Date = 6/14/2008 07:04:17 | Attr = ] Ares.lnk -> %UserProfile%\Desktop\Ares.lnk -> [Ver = | Size = 626 bytes | Created Date = 6/23/2008 18:26:41 | Attr = ] avenger.exe -> %UserProfile%\Desktop\avenger.exe -> [Ver = | Size = 731136 bytes | Created Date = 6/19/2008 19:24:17 | Attr = ] avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 724952 bytes | Created Date = 6/9/2008 10:17:50 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 10563384 bytes | Created Date = 6/19/2008 14:55:39 | Attr = ] downloadRemovalTool.htm -> %UserProfile%\Desktop\downloadRemovalTool.htm -> [Ver = | Size = 16941 bytes | Created Date = 6/19/2008 11:18:36 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\downloadRemovalTool.htm:Zone.Identifier Internet.lnk -> %UserProfile%\Desktop\Internet.lnk -> [Ver = | Size = 104 bytes | Created Date = 6/16/2008 20:52:12 | Attr = ] MidiFile.mid -> %UserProfile%\Desktop\MidiFile.mid -> [Ver = | Size = 34246 bytes | Created Date = 6/11/2008 21:19:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MidiFile.mid:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/19/2008 19:28:44 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Created Date = 6/9/2008 10:18:36 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Paradox Keygen.exe -> %UserProfile%\Desktop\Paradox Keygen.exe -> [Folder | Created Date = 6/23/2008 18:34:14 | Attr = ] PhotoShop.CS3.zip -> %UserProfile%\Desktop\PhotoShop.CS3.zip -> [Folder | Created Date = 6/23/2008 18:27:29 | Attr = ] Rick0ow.Photoshop CS3.KeyGen.rar -> %UserProfile%\Desktop\Rick0ow.Photoshop CS3.KeyGen.rar -> [Folder | Created Date = 6/23/2008 18:31:57 | Attr = ] UnHookExec.inf -> %UserProfile%\Desktop\UnHookExec.inf -> [Ver = | Size = 608 bytes | Created Date = 6/19/2008 11:09:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\UnHookExec.inf:Zone.Identifier desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 6/5/2008 19:54:51 | Attr = HS] [Files/Folders - Modified Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 6/23/2008 21:14:09 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/5/2008 19:54:50 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 6/23/2008 21:18:35 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/19/2008 19:25:52 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/6/2008 13:24:43 | Attr = HS] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/5/2008 18:59:35 | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/22/2008 11:22:03 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/5/2008 18:59:35 | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/22/2008 11:22:03 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/23/2008 21:14:07 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/30/2008 15:56:30 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 6/23/2008 10:36:35 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/23/2008 17:31:46 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/23/2008 10:39:46 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/23/2008 21:13:31 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 6/23/2008 10:39:46 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 274168 bytes | Modified Date = 6/14/2008 09:58:09 | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 6/23/2008 14:53:53 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/19/2008 11:09:25 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/3/2008 17:28:15 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/23/2008 17:31:47 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/23/2008 21:18:37 | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 122 bytes | Modified Date = 5/31/2008 16:08:01 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 6/9/2008 10:27:33 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/23/2008 11:10:33 | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/14/2008 07:18:12 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/23/2008 10:39:46 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 6/23/2008 10:37:49 | Attr = H ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/23/2008 10:36:36 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/23/2008 17:32:20 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/16/2008 04:05:32 | Attr = HS] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 6/6/2008 13:48:20 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/23/2008 18:42:07 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 6/19/2008 19:21:07 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/20/2008 01:01:08 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/20/2008 01:01:08 | Attr = H ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 6/19/2008 20:02:17 | Attr = H ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/23/2008 10:39:59 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/19/2008 19:38:58 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/23/2008 16:56:52 | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 408 bytes | Modified Date = 6/23/2008 17:08:00 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/23/2008 21:18:39 | Attr = H ] {865808D4-6F2F-4043-98D8-F983539F22F9}_MORDECAI_Mike.job -> %SystemRoot%\tasks\{865808D4-6F2F-4043-98D8-F983539F22F9}_MORDECAI_Mike.job -> [Ver = | Size = 392 bytes | Modified Date = 6/22/2008 22:12:09 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/19/2008 19:26:09 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 6/23/2008 17:32:18 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 6/23/2008 17:32:18 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 5/29/2007 21:25:04 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 5/31/2005 22:33:13 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 5/30/2005 16:16:55 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/16/2008 03:49:13 | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 6/5/2008 20:06:41 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 6/5/2008 20:01:11 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 6/16/2008 03:38:56 | Attr = S] Propellerhead Software -> %AppData%\Propellerhead Software -> [Folder | Modified Date = 6/23/2008 13:14:07 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 6/10/2008 20:37:47 | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 6/5/2008 20:09:11 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 6/14/2008 07:18:15 | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 6/16/2008 03:49:16 | Attr = ] Ares -> %UserProfile%\Local Settings\Application Data\Ares -> [Folder | Modified Date = 6/19/2008 19:35:34 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5120 bytes | Modified Date = 6/15/2008 23:25:01 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 81048 bytes | Modified Date = 6/14/2008 08:54:41 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 6/5/2008 20:06:41 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4318884 bytes | Modified Date = 6/19/2008 10:49:49 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/23/2008 10:40:08 | Attr = ] Midnight chords.doc -> %AllUsersProfile%\Documents\Midnight chords.doc -> [Ver = | Size = 26112 bytes | Modified Date = 5/27/2008 13:46:57 | Attr = ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 6/23/2008 11:14:39 | Attr = R ] My Shared Folder -> %AllUsersProfile%\Documents\My Shared Folder -> [Folder | Modified Date = 6/18/2008 07:16:58 | Attr = R ] ~$dnight chords.doc -> %AllUsersProfile%\Documents\~$dnight chords.doc -> [Ver = | Size = 162 bytes | Modified Date = 5/27/2008 13:46:57 | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 82 bytes | Modified Date = 6/23/2008 10:40:06 | Attr = HS] DrWeb.csv -> %UserProfile%\My Documents\DrWeb.csv -> [Ver = | Size = 1897 bytes | Modified Date = 6/20/2008 03:32:13 | Attr = ] Hi mordecai.doc -> %UserProfile%\My Documents\Hi mordecai.doc -> [Ver = | Size = 58368 bytes | Modified Date = 6/9/2008 10:26:29 | Attr = ] lidl.jpg -> %UserProfile%\My Documents\lidl.jpg -> [Ver = | Size = 171933 bytes | Modified Date = 6/16/2008 01:49:00 | Attr = ] map.gif -> %UserProfile%\My Documents\map.gif -> [Ver = | Size = 69297 bytes | Modified Date = 6/16/2008 03:54:52 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/23/2008 10:40:06 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 6/23/2008 10:51:24 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 6/19/2008 21:24:43 | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Modified Date = 6/23/2008 21:14:56 | Attr = ] My Web Sites -> %UserProfile%\My Documents\My Web Sites -> [Folder | Modified Date = 6/19/2008 21:24:44 | Attr = S] Photoshop_CS2_Keygen -> %UserProfile%\My Documents\Photoshop_CS2_Keygen -> [Folder | Modified Date = 6/23/2008 18:41:51 | Attr = ] Photoshop_CS2_Keygen.rar -> %UserProfile%\My Documents\Photoshop_CS2_Keygen.rar -> [Ver = | Size = 186260 bytes | Modified Date = 6/23/2008 18:41:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Photoshop_CS2_Keygen.rar:Zone.Identifier Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 11776 bytes | Modified Date = 6/16/2008 03:55:03 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Updater -> %UserProfile%\My Documents\Updater -> [Folder | Modified Date = 6/14/2008 07:04:17 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 6/9/2008 07:04:57 | Attr = ] Ares.lnk -> %UserProfile%\Desktop\Ares.lnk -> [Ver = | Size = 626 bytes | Modified Date = 6/23/2008 18:26:41 | Attr = ] avenger.exe -> %UserProfile%\Desktop\avenger.exe -> [Ver = | Size = 731136 bytes | Modified Date = 5/30/2008 23:09:46 | Attr = ] avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 724952 bytes | Modified Date = 6/9/2008 10:17:52 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 10563384 bytes | Modified Date = 6/19/2008 14:32:04 | Attr = ] downloadRemovalTool.htm -> %UserProfile%\Desktop\downloadRemovalTool.htm -> [Ver = | Size = 16941 bytes | Modified Date = 6/19/2008 11:18:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\downloadRemovalTool.htm:Zone.Identifier Internet.lnk -> %UserProfile%\Desktop\Internet.lnk -> [Ver = | Size = 104 bytes | Modified Date = 6/16/2008 20:52:12 | Attr = ] MidiFile.mid -> %UserProfile%\Desktop\MidiFile.mid -> [Ver = | Size = 34246 bytes | Modified Date = 6/11/2008 21:19:51 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MidiFile.mid:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/20/2008 07:37:34 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Modified Date = 6/9/2008 10:18:38 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Paradox Keygen.exe -> %UserProfile%\Desktop\Paradox Keygen.exe -> [Folder | Modified Date = 6/23/2008 18:56:34 | Attr = ] PhotoShop.CS3.zip -> %UserProfile%\Desktop\PhotoShop.CS3.zip -> [Folder | Modified Date = 6/23/2008 18:27:29 | Attr = ] Rick0ow.Photoshop CS3.KeyGen.rar -> %UserProfile%\Desktop\Rick0ow.Photoshop CS3.KeyGen.rar -> [Folder | Modified Date = 6/23/2008 18:32:53 | Attr = ] UnHookExec.inf -> %UserProfile%\Desktop\UnHookExec.inf -> [Ver = | Size = 608 bytes | Modified Date = 6/19/2008 11:09:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\UnHookExec.inf:Zone.Identifier < End of report > [/code]