[code] OTScanIt logfile created on: 2008-07-16 23:06:28 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\PalaniswaN\Desktop\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.74% Memory free 3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.47% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 96.16 Gb Free Space | 86.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 973.17 Mb Total Space | 922.58 Mb Free Space | 94.80% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: G1GPALANISWD630 Current User Name: Palaniswan NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 1187840 bytes | Modified Date = 2008-03-05 03:34:38 | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 2006-07-20 08:26:12 | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 2006-07-20 08:26:06 | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 2006-04-12 06:13:38 | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 2006-09-28 09:33:22 | Attr = ] eventserver.exe -> %CommonProgramFiles%\Rockwell\EventServer.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 122947 bytes | Modified Date = 2004-08-25 06:01:58 | Attr = ] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 823296 bytes | Modified Date = 2008-03-05 03:55:56 | Attr = ] netcfgsvr.exe -> %ProgramFiles%\AT&TGl~1\netcfgsvr.exe -> AT&T [Ver = 7.3.0.3002 | Size = 550168 bytes | Modified Date = 2008-05-01 09:25:44 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.7431 | Size = 155716 bytes | Modified Date = 2008-02-22 18:46:00 | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 483328 bytes | Modified Date = 2008-03-05 03:30:12 | Attr = ] rnadiagnosticssrv.exe -> %CommonProgramFiles%\Rockwell\RNADiagnosticsSrv.exe -> Rockwell Automation [Ver = 2.0.10.122 | Size = 28672 bytes | Modified Date = 2005-06-24 06:56:12 | Attr = ] hmidiagnosticslstadapt.exe -> %ProgramFiles%\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe -> Rockwell Software, Inc. [Ver = 3.20.00 | Size = 61518 bytes | Modified Date = 2004-11-03 12:59:26 | Attr = ] rsvchost.exe -> %CommonProgramFiles%\Rockwell\RsvcHost.exe -> Rockwell Software, Inc. [Ver = 1, 8, 0, 8 | Size = 102473 bytes | Modified Date = 2004-11-02 04:26:02 | Attr = ] savroam.exe -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 2006-09-28 09:33:38 | Attr = ] stacsv.exe -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5401.0 nd573 cp1 | Size = 90112 bytes | Modified Date = 2007-02-20 03:27:16 | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 2006-09-28 09:33:32 | Attr = ] winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 439248 bytes | Modified Date = 2006-05-13 04:04:08 | Attr = ] wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 364544 bytes | Modified Date = 2008-03-05 03:44:12 | Attr = ] calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 2006-03-30 09:15:44 | Attr = ] eventclientmultiplexer.exe -> %CommonProgramFiles%\Rockwell\EventClientMultiplexer.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 176206 bytes | Modified Date = 2004-08-25 06:02:24 | Attr = ] rnadirserver.exe -> %CommonProgramFiles%\Rockwell\RnaDirServer.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 319556 bytes | Modified Date = 2004-08-25 06:07:48 | Attr = ] tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 2004-09-14 00:33:20 | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5401.0 nd573 cp1 | Size = 303104 bytes | Modified Date = 2007-02-20 03:26:32 | Attr = ] apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 2004-08-19 22:40:08 | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 999424 bytes | Modified Date = 2008-03-05 03:46:16 | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 1101824 bytes | Modified Date = 2008-03-05 03:41:50 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 2006-07-20 08:26:04 | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 2006-09-28 09:33:44 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 2008-06-10 04:27:04 | Attr = ] dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 688128 bytes | Modified Date = 2008-03-05 03:37:38 | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 6.14.10.4831 | Size = 252696 bytes | Modified Date = 2007-05-17 05:50:12 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-07-12 09:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 2, 0, 1 | Size = 96341 bytes | Modified Date = 2006-03-30 09:15:44 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 2006-07-20 08:26:06 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 2006-07-20 08:26:12 | Attr = ] (Cwbrxd) iSeries Access for Windows Remote Command [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\cwbrxd.exe -> IBM Corporation [Ver = 10.000 | Size = 57392 bytes | Modified Date = 2005-06-11 18:30:00 | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 2006-09-28 09:33:22 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 2008-04-14 18:42:18 | Attr = ] (dnWhoDisp) dnWhoDisp [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rockwell Software\RSLINX\dnwhodisp.exe -> [Ver = 1, 0, 4, 0 | Size = 73728 bytes | Modified Date = 2002-04-29 20:51:00 | Attr = ] (EventClientMultiplexer) Rockwell Event Multiplexer [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Rockwell\EventClientMultiplexer.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 176206 bytes | Modified Date = 2004-08-25 06:02:24 | Attr = ] (EventServer) Rockwell Event Server [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Rockwell\EventServer.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 122947 bytes | Modified Date = 2004-08-25 06:01:58 | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 823296 bytes | Modified Date = 2008-03-05 03:55:56 | Attr = ] (Harmony) Harmony [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rockwell Software\RSCOMMON\RSOBSERV.EXE -> Rockwell Software Inc. [Ver = 2.00.10.122 | Size = 192512 bytes | Modified Date = 2005-06-24 09:10:04 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.90 | Size = 2528960 bytes | Modified Date = 2006-08-26 01:00:38 | Attr = ] (netcfgsvr) Network Configuration Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AT&TGl~1\netcfgsvr.exe -> AT&T [Ver = 7.3.0.3002 | Size = 550168 bytes | Modified Date = 2008-05-01 09:25:44 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.7431 | Size = 155716 bytes | Modified Date = 2008-02-22 18:46:00 | Attr = ] (OpcEnum) OpcEnum [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\OpcEnum.exe -> OPC Foundation [Ver = 1.10.1.30 | Size = 98304 bytes | Modified Date = 2004-12-02 21:28:32 | Attr = ] (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 483328 bytes | Modified Date = 2008-03-05 03:30:12 | Attr = ] (RNADiagnosticsService) FactoryTalk Diagnostics Local Reader [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Rockwell\RNADiagnosticsSrv.exe -> Rockwell Automation [Ver = 2.0.10.122 | Size = 28672 bytes | Modified Date = 2005-06-24 06:56:12 | Attr = ] (RNADiagReceiver) FactoryTalk Diagnostics CE Receiver [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Rockwell\RNADiagReceiver.exe -> [Ver = 1, 8, 0, 15 | Size = 98304 bytes | Modified Date = 2004-08-25 06:08:42 | Attr = ] (RNADirectory) Rockwell Directory Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Rockwell\RnaDirServer.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 319556 bytes | Modified Date = 2004-08-25 06:07:48 | Attr = ] (RNADirMultiplexor) Rockwell Directory Multiplexer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Rockwell\RNADirMultiplexor.exe -> Rockwell Software, Inc. [Ver = 1.08.00.06 | Size = 274505 bytes | Modified Date = 2004-08-25 06:08:08 | Attr = ] (Rockwell HMI Diagnostics) Rockwell HMI Diagnostics [Win32_Own | Auto | Running] -> %ProgramFiles%\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe -> Rockwell Software, Inc. [Ver = 3.20.00 | Size = 61518 bytes | Modified Date = 2004-11-03 12:59:26 | Attr = ] (Rockwell Tag Server) Rockwell Tag Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rockwell Software\RSView Enterprise\TagSrv.exe -> Rockwell Software, Inc. [Ver = 3.20.00 | Size = 81982 bytes | Modified Date = 2004-11-04 00:34:20 | Attr = ] (RSLinx) RSLinx Classic [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rockwell Software\RSLINX\RSLINX.EXE -> Rockwell Software, Inc. [Ver = 2.50.20.0 | Size = 1896720 bytes | Modified Date = 2005-07-30 04:45:46 | Attr = ] (RsvcHost) Rockwell Application Services [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Rockwell\RsvcHost.exe -> Rockwell Software, Inc. [Ver = 1, 8, 0, 8 | Size = 102473 bytes | Modified Date = 2004-11-02 04:26:02 | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 1187840 bytes | Modified Date = 2008-03-05 03:34:38 | Attr = ] (SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 2006-09-28 09:33:38 | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 2006-08-08 05:03:02 | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 2006-04-12 06:13:38 | Attr = ] (STacSV) SigmaTel Audio Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.5401.0 nd573 cp1 | Size = 90112 bytes | Modified Date = 2007-02-20 03:27:16 | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 2006-09-28 09:33:32 | Attr = ] (WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 439248 bytes | Modified Date = 2006-05-13 04:04:08 | Attr = ] (WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 364544 bytes | Modified Date = 2008-03-05 03:44:12 | Attr = ] [Driver Services - Non-Microsoft Only] (ABKTCX) Rockwell Software 1784-KTC(X) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\abktcx.sys -> Rockwell Software Inc. [Ver = 1.0 | Size = 71448 bytes | Modified Date = 2004-06-03 17:08:02 | Attr = ] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.7.5.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Cisco Systems, Inc. [Ver = 3.7.5.0 | Size = 21361 bytes | Modified Date = 2008-06-11 00:53:41 | Attr = ] (agnfilt) AGN Filter Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\agnfilt.sys -> AT&T [Ver = 7.3.0.3041 | Size = 221568 bytes | Modified Date = 2008-04-05 02:18:22 | Attr = ] (agnwifi) AT&T Wi-Fi Support Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\agnwifi.sys -> AT&T [Ver = 6.1.0.3000 | Size = 19328 bytes | Modified Date = 2004-04-30 06:19:18 | Attr = ] (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.5.1.271 | Size = 108791 bytes | Modified Date = 2004-11-16 23:03:52 | Attr = ] (avpnnic) AGN Virtual Network Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\avpnnic.sys -> AT&T [Ver = 7.01.00.3001 | Size = 11392 bytes | Modified Date = 2007-07-21 05:18:20 | Attr = ] (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 10.26.0.0 built by: WinDDK | Size = 160256 bytes | Modified Date = 2007-02-17 04:46:00 | Attr = R ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 2008-04-14 13:14:50 | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 2008-04-14 13:14:48 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2003-07-17 00:21:14 | Attr = ] (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94a | Size = 87136 bytes | Modified Date = 2004-08-04 16:21:00 | Attr = ] (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.46a | Size = 40544 bytes | Modified Date = 2004-08-13 15:56:00 | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 2008-01-18 10:15:57 | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 2008-06-12 22:21:36 | Attr = ] (GTIPCI21) GTIPCI21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\gtipci21.sys -> Texas Instruments [Ver = 1.0.1.13 | Size = 80384 bytes | Modified Date = 2004-05-04 05:26:16 | Attr = ] (guardian2) guardian2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\oz776.sys -> O2Micro [Ver = 1.1.3.9 (+EMV1.3.7.3) | Size = 56576 bytes | Modified Date = 2007-02-24 04:47:34 | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 2008-04-14 11:06:06 | Attr = ] (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 209152 bytes | Modified Date = 2006-11-03 07:47:00 | Attr = ] (HSFHWICH) HSFHWICH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 208384 bytes | Modified Date = 2005-05-04 04:08:50 | Attr = ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 989696 bytes | Modified Date = 2006-11-03 07:47:36 | Attr = ] (ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4831 | Size = 5707744 bytes | Modified Date = 2007-05-17 07:14:58 | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 2006-06-20 02:26:58 | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080715.004\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 2008-05-08 08:13:13 | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080715.004\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 2008-05-08 08:13:14 | Attr = ] (NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw4x32.sys -> Intel Corporation [Ver = 11.5.1.15 | Size = 2530176 bytes | Modified Date = 2008-03-13 16:25:36 | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.7431 | Size = 6658592 bytes | Modified Date = 2008-02-22 18:46:00 | Attr = ] (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 2001-08-22 21:42:58 | Attr = ] (PcmkWdm) %PcmkWdm.DeviceDesc% [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PcmkWdm.sys -> Rockwell Software, Inc. [Ver = 1.0 | Size = 57744 bytes | Modified Date = 2000-06-22 00:50:56 | Attr = R ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2003-07-17 00:36:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.16a | Size = 20576 bytes | Modified Date = 2004-08-02 15:03:00 | Attr = ] (RsiKtControl) RsiKtControl [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\RSIKT.SYS -> Rockwell Software, Inc. [Ver = 2.0.3.0 | Size = 30166 bytes | Modified Date = 2004-01-13 01:07:08 | Attr = R ] (RSSERIAL) RSLinx Classic Serial Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\rsserial.sys -> Rockwell Software Inc. [Ver = 1.0 | Size = 155440 bytes | Modified Date = 2004-01-13 01:07:08 | Attr = R ] (RS_SS_NT) RSLinx Classic S-S SD/SD2 Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\RS_SS_NT.SYS -> Rockwell Software, Inc. [Ver = 2.10.77 | Size = 142592 bytes | Modified Date = 2004-01-13 01:07:08 | Attr = R ] (s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 12288 bytes | Modified Date = 2008-03-05 05:06:22 | Attr = ] (SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 337592 bytes | Modified Date = 2006-09-07 03:41:20 | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.2.3 | Size = 54968 bytes | Modified Date = 2006-09-07 03:41:20 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 18:25:53 | Attr = ] (Sentinel) Sentinel [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\SENTINEL.SYS -> Rainbow Technologies, Inc. [Ver = SSD-5.39 | Size = 73728 bytes | Modified Date = 2001-06-22 10:39:02 | Attr = ] (SMCIRDA) SMC IrCC Miniport Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\smcirda.sys -> SMC [Ver = 5.1.2462.0 | Size = 35913 bytes | Modified Date = 2001-08-18 02:10:28 | Attr = ] (Sntnlusb) Rainbow USB SuperPro [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SNTNLUSB.SYS -> Rainbow Technologies Inc. [Ver = SSD-5.39b03 (Beta) | Size = 20032 bytes | Modified Date = 2001-06-22 10:39:02 | Attr = R ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.7 | Size = 389776 bytes | Modified Date = 2006-04-12 06:13:34 | Attr = ] (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 2004-07-15 00:29:04 | Attr = ] (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 2004-07-15 00:28:50 | Attr = ] (STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.4255 | Size = 273168 bytes | Modified Date = 2005-03-11 05:56:06 | Attr = ] (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5401.0 nd573 cp1 | Size = 1228296 bytes | Modified Date = 2007-02-20 03:27:34 | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Modified Date = 2006-09-19 06:55:28 | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 24768 bytes | Modified Date = 2006-08-08 05:02:22 | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.4.402 | Size = 195776 bytes | Modified Date = 2006-08-08 05:02:26 | Attr = ] (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] (V0080Dev) Creative Camera VF0080 Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\V0080Dev.sys -> Creative Technology Ltd. [Ver = 1.00.02 | Size = 255230 bytes | Modified Date = 2005-05-06 15:11:18 | Attr = ] (w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9003-9 Driver | Size = 3298432 bytes | Modified Date = 2005-09-12 22:49:44 | Attr = ] (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-13 Driver | Size = 1428096 bytes | Modified Date = 2005-12-05 13:55:30 | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.59.00 built by: WinDDK | Size = 730112 bytes | Modified Date = 2006-11-03 07:46:56 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Apoint -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 2004-09-14 00:33:20 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 2006-07-20 08:26:04 | Attr = ] dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 6.14.10.4831 | Size = 162584 bytes | Modified Date = 2007-05-17 05:50:52 | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 6.14.10.4831 | Size = 138008 bytes | Modified Date = 2007-05-17 05:50:44 | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 1101824 bytes | Modified Date = 2008-03-05 03:41:50 | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 11. 5. 1. 2 | Size = 999424 bytes | Modified Date = 2008-03-05 03:46:16 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.7431 | Size = 13508608 bytes | Modified Date = 2008-02-22 18:46:00 | Attr = ] NVHotkey -> %SystemRoot%\system32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> NVIDIA Corporation [Ver = 6.14.11.7431 | Size = 86016 bytes | Modified Date = 2008-02-22 18:46:00 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.7431 | Size = 86016 bytes | Modified Date = 2008-02-22 18:46:00 | Attr = ] Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 6.14.10.4831 | Size = 138008 bytes | Modified Date = 2007-05-17 05:50:22 | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.5401.0 nd573 cp1 | Size = 303104 bytes | Modified Date = 2007-02-20 03:26:32 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 2008-06-10 04:27:04 | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 2006-09-28 09:33:44 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> NetSP - restore settings on power failure -> %ProgramFiles%\AT&TGl~1\NetSP.exe ["C:\Program Files\AT&TGl~1\NetSP.exe" -show] -> AT&T [Ver = 7.3.0.3002 | Size = 66840 bytes | Modified Date = 2008-05-01 09:25:58 | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < PalaniswaN Startup Folder > -> C:\Documents and Settings\PalaniswaN\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 2008-04-14 18:42:20 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 2008-04-14 18:42:40 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 2008-04-14 18:42:26 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 2008-04-14 18:42:06 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 2008-04-14 18:42:42 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4831 | Size = 204800 bytes | Modified Date = 2007-05-17 05:49:52 | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 2006-09-28 09:33:54 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 2008-04-14 13:10:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDRWDVD_TSL462D________________DE07____\5&c10f4f&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> USBSTOR\CdRom&Ven_SanDisk&Prod_U3_Cruzer_Micro&Rev_2.15\0000060329040501&1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2005-05-05 05:26:12 | Attr = ] autorun.inf [[AutoRun] | open=LaunchU3.exe | icon=LaunchU3.exe,0 | | [Definitions] | Launchpad=LaunchPad.exe | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | ] -> E:\autorun.inf [ CDFS ] -> [Ver = | Size = 145 bytes | Modified Date = 2005-06-27 21:16:56 | Attr = R ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 2007-12-19 05:49:22 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4245 domain(s) found. -> .[msn] -> My Computer -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 2007-12-19 05:49:22 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-23 12:08:42 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 2007-12-13 06:09:42 | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 2004-08-13 14:05:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 2007-12-19 05:49:22 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 2007-12-13 06:09:42 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4E66DA81-C2A6-4973-ABE0-72E65BBEAEC7} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {8DA1E6B6-5EEA-48B9-A5B4-3195CF19408B} -> () -> {D0DF467F-558A-43DE-B140-038314E00406} -> (1394 Net Adapter) -> {E2F997AA-9F8D-47CA-977C-EEC99BBDD99C} -> (1394 Net Adapter) -> {EDF02E54-875B-4829-831F-84ED4D294B89} -> (1394 Net Adapter) -> {F45493AC-41A0-4A9A-8CF3-53862177EAC0} -> (Broadcom NetXtreme 57xx Gigabit Controller) -> {F9105846-AC2F-40BD-B0D4-7B7E8B3980D8} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab[CKAVWebScan Object] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190219409312[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190233303250[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\TargetGroupEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\TargetGroup -> Singapore -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUServer -> http://mwusus02:8530 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUStatusServer -> http://mwusus02:8530 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoRebootWithLoggedOnUsers -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 16 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdates -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequencyEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequency -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootRelaunchTimeoutEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootRelaunchTimeout -> 60 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\UseWUServer -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 2008-04-14 18:42:02 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 2008-04-14 18:41:58 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 2008-04-14 18:42:02 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 2008-04-14 18:42:06 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 2008-04-14 18:42:10 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1312 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 2008-04-14 18:42:06 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 2008-04-14 18:42:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 1D 8C FC 39 80 36 A1 9A BA 05 BA C9 C0 51 6A 9B 65 66 38 38 62 35 34 35 00 00 00 00 96 52 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 7D 18 A7 67 63 C2 88 3E 21 9C 5F EF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 29 DF 2B 4A BD AB 9B 86 A4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 44 6D 26 99 0C 0D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2003-07-17 00:24:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> C6 06 BC B0 D8 79 A0 17 B4 38 15 22 48 10 18 C4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B8 CD 15 09 20 CB C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C5 8E 27 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 4C 22 2B 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 79 53 2C 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 2008-04-14 18:42:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11501 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 2008-04-14 18:41:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 2008-04-14 13:23:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 2008-04-14 18:42:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> %ProgramFiles%\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.5512 | Size = 1032192 bytes | Modified Date = 2008-04-14 18:42:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-19 00:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-03 06:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe -> %ProgramFiles%\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe [C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v16.03.00 (CPR 9)] -> Rockwell Automation, Inc. [Ver = V16.03.00 | Size = 2260992 bytes | Modified Date = 2007-08-10 05:58:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 2008-04-14 13:23:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 2008-04-14 18:42:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 2008-04-14 18:42:30 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> %ProgramFiles%\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.5512 | Size = 1032192 bytes | Modified Date = 2008-04-14 18:42:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\usmt\migwiz.exe -> %SystemRoot%\system32\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 245248 bytes | Modified Date = 2008-04-14 18:42:26 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-19 00:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-03 06:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.5512 (xpsp.080413-0845) | Size = 83456 bytes | Modified Date = 2008-04-14 18:42:20 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AT&TGl~1\NetClient.exe -> %ProgramFiles%\AT&TGl~1\NetClient.exe [C:\Program Files\AT&TGl~1\NetClient.exe:*:Disabled:Network access client] -> AT&T [Ver = 7.3.0.3002 | Size = 328984 bytes | Modified Date = 2008-05-01 09:25:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 625664 bytes | Modified Date = 2008-04-22 15:40:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 2008-04-14 18:42:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 2008-04-14 18:42:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 2008-04-14 18:42:06 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 2008-04-14 18:42:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 2008-04-14 18:42:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 2008-04-14 18:42:40 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 2008-04-14 18:42:06 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Created Date = 2008-07-14 02:48:55 | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 2008-07-14 02:48:49 | Attr = ] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 2008-07-14 02:48:53 | Attr = ] Games -> %SystemDrive%\Games -> [Folder | Created Date = 2008-06-17 22:15:39 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008-07-14 19:56:52 | Attr = HS] CamF2111.bin -> %SystemRoot%\System32\drivers\CamF2111.bin -> [Ver = | Size = 3708 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] CamH2111.bin -> %SystemRoot%\System32\drivers\CamH2111.bin -> [Ver = | Size = 3708 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2008-06-24 19:48:44 | Attr = H ] Msft_Kernel_zumbus_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_zumbus_01007.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2008-06-24 19:48:45 | Attr = H ] V0080Dev.sys -> %SystemRoot%\System32\drivers\V0080Dev.sys -> Creative Technology Ltd. [Ver = 1.00.02 | Size = 255230 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] V0080Evx.sys -> %SystemRoot%\System32\drivers\V0080Evx.sys -> Creative Technology Ltd. [Ver = 1.00.04.0520 | Size = 1125376 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] CtCamMgr.dll -> %SystemRoot%\System32\CtCamMgr.dll -> Creative Technology Ltd. [Ver = 1.06.02.00 | Size = 36864 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] CtCamPin.crl -> %SystemRoot%\System32\CtCamPin.crl -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 24576 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] CtRegApp.dll -> %SystemRoot%\System32\CtRegApp.dll -> Creative Technology Ltd. [Ver = 1.05.01.00 | Size = 36864 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 2008-07-14 21:36:26 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 2008-07-14 21:36:26 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 2008-07-14 21:36:26 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 2008-07-14 21:36:26 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2008-07-15 00:52:48 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> msmq -> %SystemRoot%\System32\msmq -> [Folder | Created Date = 2008-06-17 22:17:19 | Attr = ] V0080Aor.dll -> %SystemRoot%\System32\V0080Aor.dll -> Creative Technology Ltd. [Ver = 1.00.01.0308 | Size = 7168 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Ext.ax -> %SystemRoot%\System32\V0080Ext.ax -> Creative Technology Ltd. [Ver = 1.00.06.0520 | Size = 81920 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Ext.crl -> %SystemRoot%\System32\V0080Ext.crl -> Creative Technology Ltd. [Ver = 1.00.03.0520 | Size = 28672 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Hwx.dll -> %SystemRoot%\System32\V0080Hwx.dll -> Creative Technology Ltd. [Ver = 1.01.01.0518 | Size = 53248 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Pin.dll -> %SystemRoot%\System32\V0080Pin.dll -> Creative Technology Ltd. [Ver = 1.01.01.0308 | Size = 23040 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Srv.exe -> %SystemRoot%\System32\V0080Srv.exe -> Creative Technology Ltd. [Ver = 1.00.02.0518 | Size = 20480 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Sti.dll -> %SystemRoot%\System32\V0080Sti.dll -> Creative Technology Ltd. [Ver = 1.00.01 | Size = 106496 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] V0080Vfw.dll -> %SystemRoot%\System32\V0080Vfw.dll -> Creative Technology Ltd. [Ver = 1.00.03.6784 | Size = 126976 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] SenF2111.csr -> %SystemRoot%\System\SenF2111.csr -> [Ver = | Size = 14217 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] SenH2111.csr -> %SystemRoot%\System\SenH2111.csr -> [Ver = | Size = 16855 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] CtDrvIns.exe -> %SystemRoot%\CtDrvIns.exe -> Creative Technology Ltd. [Ver = 2.15.01.00 | Size = 86016 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2008-06-27 08:55:46 | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2008-07-14 18:02:34 | Attr = ] V0080Cfg.exe -> %SystemRoot%\V0080Cfg.exe -> Creative Technology Ltd. [Ver = 1.00.04.0107 | Size = 20480 bytes | Created Date = 2008-06-29 20:51:50 | Attr = ] VF0080.uns -> %SystemRoot%\VF0080.uns -> [Ver = | Size = 5535 bytes | Created Date = 2008-06-29 20:51:49 | Attr = ] vpc32.INI -> %SystemRoot%\vpc32.INI -> [Ver = | Size = 0 bytes | Created Date = 2008-07-16 20:30:03 | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 264 bytes | Created Date = 2008-06-18 18:09:39 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 2008-06-17 22:14:57 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2008-07-15 00:52:49 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2008-07-14 18:03:14 | Attr = ] nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [Folder | Created Date = 2008-06-24 18:03:22 | Attr = ] OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks -> [Folder | Created Date = 2008-06-17 22:14:57 | Attr = ] PC Suite -> %AllUsersProfile%\Application Data\PC Suite -> [Folder | Created Date = 2008-06-17 22:14:57 | Attr = ] QuickTime -> %AllUsersProfile%\Application Data\QuickTime -> [Folder | Created Date = 2008-06-17 22:15:13 | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Created Date = 2008-06-17 22:14:57 | Attr = ] SolidDocuments -> %AllUsersProfile%\Application Data\SolidDocuments -> [Folder | Created Date = 2008-06-29 11:32:03 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 2008-06-17 22:14:57 | Attr = ] Winamp Toolbar -> %AllUsersProfile%\Application Data\Winamp Toolbar -> [Folder | Created Date = 2008-06-17 22:15:13 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 2008-06-18 17:58:16 | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Created Date = 2008-06-19 18:40:24 | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Created Date = 2008-06-19 18:51:23 | Attr = ] ZoomBrowser -> %AllUsersProfile%\Application Data\ZoomBrowser -> [Folder | Created Date = 2008-06-27 08:49:43 | Attr = ] Datalayer -> %AppData%\Datalayer -> [Folder | Created Date = 2008-06-17 22:19:29 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 2008-06-18 09:57:18 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-07-14 18:03:16 | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 2008-06-17 22:19:30 | Attr = ] MSN6 -> %AppData%\MSN6 -> [Folder | Created Date = 2008-06-17 22:19:30 | Attr = ] Nokia -> %AppData%\Nokia -> [Folder | Created Date = 2008-06-17 22:19:30 | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Created Date = 2008-06-17 22:19:31 | Attr = ] PC Suite -> %AppData%\PC Suite -> [Folder | Created Date = 2008-06-17 22:19:31 | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 2008-07-12 08:54:07 | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 2008-06-19 18:51:23 | Attr = ] ZoomBrowser EX -> %AppData%\ZoomBrowser EX -> [Folder | Created Date = 2008-06-17 22:19:32 | Attr = ] FASTWiz.html -> %UserProfile%\Local Settings\Application Data\FASTWiz.html -> [Ver = | Size = 592 bytes | Created Date = 2008-06-17 22:23:26 | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 133 bytes | Created Date = 2008-06-18 10:16:38 | Attr = ] microsoft -> %AllUsersProfile%\Documents\microsoft -> [Folder | Created Date = 2008-06-24 20:41:19 | Attr = ] Rockwell -> %AllUsersProfile%\Documents\Rockwell -> [Folder | Created Date = 2008-06-17 22:15:14 | Attr = ] RSView Enterprise -> %AllUsersProfile%\Documents\RSView Enterprise -> [Folder | Created Date = 2008-06-17 22:15:22 | Attr = ] ArcSoft -> %UserProfile%\My Documents\ArcSoft -> [Folder | Created Date = 2008-06-17 22:19:53 | Attr = ] AXA -> %UserProfile%\My Documents\AXA -> [Folder | Created Date = 2008-06-17 22:19:53 | Attr = ] Bluetooth Exchange Folder -> %UserProfile%\My Documents\Bluetooth Exchange Folder -> [Folder | Created Date = 2008-06-17 22:21:04 | Attr = ] CIMBClicks_Trx_History.xls -> %UserProfile%\My Documents\CIMBClicks_Trx_History.xls -> [Ver = | Size = 15360 bytes | Created Date = 2008-06-29 10:54:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CIMBClicks_Trx_History.xls:Zone.Identifier Convert -> %UserProfile%\My Documents\Convert -> [Folder | Created Date = 2008-06-17 22:19:53 | Attr = ] FORMS -> %UserProfile%\My Documents\FORMS -> [Folder | Created Date = 2008-06-17 22:20:06 | Attr = ] FSFORMS -> %UserProfile%\My Documents\FSFORMS -> [Folder | Created Date = 2008-06-17 22:20:06 | Attr = ] FST -> %UserProfile%\My Documents\FST -> [Folder | Created Date = 2008-06-17 22:20:16 | Attr = ] Home Page.mht -> %UserProfile%\My Documents\Home Page.mht -> [Ver = | Size = 113384 bytes | Created Date = 2008-07-03 14:36:31 | Attr = ] hood_files -> %UserProfile%\My Documents\hood_files -> [Folder | Created Date = 2008-06-17 22:21:04 | Attr = ] Image Transfer -> %UserProfile%\My Documents\Image Transfer -> [Folder | Created Date = 2008-06-17 22:21:05 | Attr = ] IRB -> %UserProfile%\My Documents\IRB -> [Folder | Created Date = 2008-06-17 22:20:25 | Attr = ] LP -> %UserProfile%\My Documents\LP -> [Folder | Created Date = 2008-06-17 22:20:26 | Attr = ] MUTUAL -> %UserProfile%\My Documents\MUTUAL -> [Folder | Created Date = 2008-06-17 22:20:34 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Created Date = 2008-06-17 22:21:05 | Attr = ] My Digital Editions -> %UserProfile%\My Documents\My Digital Editions -> [Folder | Created Date = 2008-06-17 22:21:05 | Attr = ] My eBooks -> %UserProfile%\My Documents\My eBooks -> [Folder | Created Date = 2008-06-17 22:21:05 | Attr = ] My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [Folder | Created Date = 2008-06-17 22:21:05 | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 2008-06-17 22:21:12 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 585 bytes | Created Date = 2008-06-18 18:09:36 | Attr = ] Nemal -> %UserProfile%\My Documents\Nemal -> [Folder | Created Date = 2008-06-17 22:20:35 | Attr = ] PACIFIC -> %UserProfile%\My Documents\PACIFIC -> [Folder | Created Date = 2008-06-17 22:20:35 | Attr = ] Pictures -> %UserProfile%\My Documents\Pictures -> [Folder | Created Date = 2008-06-17 22:20:36 | Attr = ] PRIMO -> %UserProfile%\My Documents\PRIMO -> [Folder | Created Date = 2008-06-17 22:20:42 | Attr = ] RegRun2 -> %UserProfile%\My Documents\RegRun2 -> [Folder | Created Date = 2008-06-17 22:20:44 | Attr = ] SAMY -> %UserProfile%\My Documents\SAMY -> [Folder | Created Date = 2008-06-17 22:20:44 | Attr = ] SF -> %UserProfile%\My Documents\SF -> [Folder | Created Date = 2008-06-17 22:20:45 | Attr = ] SHEETER -> %UserProfile%\My Documents\SHEETER -> [Folder | Created Date = 2008-06-17 22:20:55 | Attr = ] Sidharth -> %UserProfile%\My Documents\Sidharth -> [Folder | Created Date = 2008-06-17 22:20:56 | Attr = ] Solid Converter -> %UserProfile%\My Documents\Solid Converter -> [Folder | Created Date = 2008-06-17 22:21:12 | Attr = ] spider.sav -> %UserProfile%\My Documents\spider.sav -> [Ver = | Size = 372 bytes | Created Date = 2008-06-26 21:33:39 | Attr = ] SS TOUCH -> %UserProfile%\My Documents\SS TOUCH -> [Folder | Created Date = 2008-06-17 22:21:14 | Attr = ] Sun Microgrind -> %UserProfile%\My Documents\Sun Microgrind -> [Folder | Created Date = 2008-06-17 22:21:14 | Attr = ] Terminal -> %UserProfile%\My Documents\Terminal -> [Folder | Created Date = 2008-06-17 22:20:59 | Attr = ] TICKET -> %UserProfile%\My Documents\TICKET -> [Folder | Created Date = 2008-06-17 22:20:59 | Attr = ] TIMESHEET 2004 -> %UserProfile%\My Documents\TIMESHEET 2004 -> [Folder | Created Date = 2008-06-17 22:21:19 | Attr = ] TIMESHEET 2005 -> %UserProfile%\My Documents\TIMESHEET 2005 -> [Folder | Created Date = 2008-06-17 22:21:19 | Attr = ] TIMESHEET 2006 -> %UserProfile%\My Documents\TIMESHEET 2006 -> [Folder | Created Date = 2008-06-17 22:21:20 | Attr = ] TIMESHEET 2007 -> %UserProfile%\My Documents\TIMESHEET 2007 -> [Folder | Created Date = 2008-06-17 22:21:20 | Attr = ] TIMESHEET 2008 -> %UserProfile%\My Documents\TIMESHEET 2008 -> [Folder | Created Date = 2008-06-17 22:21:22 | Attr = ] T_Screen -> %UserProfile%\My Documents\T_Screen -> [Folder | Created Date = 2008-06-17 22:20:58 | Attr = ] usa.xls -> %UserProfile%\My Documents\usa.xls -> [Ver = | Size = 13824 bytes | Created Date = 2008-06-24 23:58:53 | Attr = ] WebCam Center -> %UserProfile%\My Documents\WebCam Center -> [Folder | Created Date = 2008-06-17 22:21:23 | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 2008-06-18 10:33:34 | Attr = ] EOS Utility.lnk -> %AllUsersProfile%\Desktop\EOS Utility.lnk -> [Ver = | Size = 732 bytes | Created Date = 2008-06-27 08:50:29 | Attr = ] Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Created Date = 2008-06-19 18:40:26 | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Created Date = 2008-06-19 18:39:13 | Attr = ] ZoomBrowser EX.lnk -> %AllUsersProfile%\Desktop\ZoomBrowser EX.lnk -> [Ver = | Size = 971 bytes | Created Date = 2008-06-27 08:49:43 | Attr = ] Zune.lnk -> %AllUsersProfile%\Desktop\Zune.lnk -> [Ver = | Size = 628 bytes | Created Date = 2008-06-24 19:48:08 | Attr = ] as400(1).lnk -> %UserProfile%\Desktop\as400(1).lnk -> [Ver = | Size = 1957 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] as400.lnk -> %UserProfile%\Desktop\as400.lnk -> [Ver = | Size = 1937 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-07-14 20:50:58 | Attr = ] Decc Password.lnk -> %UserProfile%\Desktop\Decc Password.lnk -> [Ver = | Size = 1613 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Expert System.lnk -> %UserProfile%\Desktop\Expert System.lnk -> [Ver = | Size = 1634 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] NetMeeting.lnk -> %UserProfile%\Desktop\NetMeeting.lnk -> [Ver = | Size = 616 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Office Excel 2003.lnk -> %UserProfile%\Desktop\Office Excel 2003.lnk -> [Ver = | Size = 2495 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Office Outlook 2003.lnk -> %UserProfile%\Desktop\Office Outlook 2003.lnk -> [Ver = | Size = 2521 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Office Word 2003.lnk -> %UserProfile%\Desktop\Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-07-16 23:04:37 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 2008-07-16 21:36:43 | Attr = ] PB MUTUAL.lnk -> %UserProfile%\Desktop\PB MUTUAL.lnk -> [Ver = | Size = 1700 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Raagasiyam.lnk -> %UserProfile%\Desktop\Raagasiyam.lnk -> [Ver = | Size = 1969 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Shortcut to CARD.xls.lnk -> %UserProfile%\Desktop\Shortcut to CARD.xls.lnk -> [Ver = | Size = 1021 bytes | Created Date = 2008-07-14 02:58:42 | Attr = ] Shortcut to Terminal.lnk -> %UserProfile%\Desktop\Shortcut to Terminal.lnk -> [Ver = | Size = 764 bytes | Created Date = 2008-07-14 02:58:43 | Attr = ] TIMESHEET 2008.lnk -> %UserProfile%\Desktop\TIMESHEET 2008.lnk -> [Ver = | Size = 800 bytes | Created Date = 2008-07-14 02:58:43 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Created Date = 2008-06-17 22:19:35 | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 782 bytes | Created Date = 2008-07-14 02:58:43 | Attr = ] Adaptec Shared -> %CommonProgramFiles%\Adaptec Shared -> [Folder | Created Date = 2008-06-17 22:16:18 | Attr = ] Canon -> %CommonProgramFiles%\Canon -> [Folder | Created Date = 2008-06-27 08:46:39 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Created Date = 2008-06-17 22:16:18 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 2008-06-18 17:58:34 | Attr = HS] ArcSoft -> %ProgramFiles%\ArcSoft -> [Folder | Created Date = 2008-06-17 22:15:45 | Attr = ] AT&T Global Network Client -> %ProgramFiles%\AT&T Global Network Client -> [Folder | Created Date = 2008-06-17 22:16:15 | Attr = ] Canon -> %ProgramFiles%\Canon -> [Folder | Created Date = 2008-06-17 22:16:15 | Attr = ] Creative -> %ProgramFiles%\Creative -> [Folder | Created Date = 2008-06-17 22:16:20 | Attr = ] Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [Folder | Created Date = 2008-07-12 08:54:49 | Attr = ] HP -> %ProgramFiles%\HP -> [Folder | Created Date = 2008-06-17 22:16:21 | Attr = ] Indramat -> %ProgramFiles%\Indramat -> [Folder | Created Date = 2008-06-17 22:16:27 | Attr = ] Logitech -> %ProgramFiles%\Logitech -> [Folder | Created Date = 2008-06-17 22:16:35 | Attr = ] MSN Messenger -> %ProgramFiles%\MSN Messenger -> [Folder | Created Date = 2008-06-17 22:16:38 | Attr = ] NetWaiting -> %ProgramFiles%\NetWaiting -> [Folder | Created Date = 2008-06-17 22:16:38 | Attr = ] Nokia -> %ProgramFiles%\Nokia -> [Folder | Created Date = 2008-06-17 22:16:39 | Attr = ] Panasonic -> %ProgramFiles%\Panasonic -> [Folder | Created Date = 2008-06-17 22:16:39 | Attr = ] PIXELA -> %ProgramFiles%\PIXELA -> [Folder | Created Date = 2008-06-17 22:16:39 | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 2008-06-17 22:16:44 | Attr = ] Roxio -> %ProgramFiles%\Roxio -> [Folder | Created Date = 2008-06-17 22:16:51 | Attr = ] Winamp -> %ProgramFiles%\Winamp -> [Folder | Created Date = 2008-06-17 22:14:50 | Attr = ] Winamp Remote -> %ProgramFiles%\Winamp Remote -> [Folder | Created Date = 2008-06-17 22:17:06 | Attr = ] Windows Live -> %ProgramFiles%\Windows Live -> [Folder | Created Date = 2008-06-18 17:58:28 | Attr = ] Windows Live Favorites -> %ProgramFiles%\Windows Live Favorites -> [Folder | Created Date = 2008-06-18 18:09:05 | Attr = ] Windows Live Toolbar -> %ProgramFiles%\Windows Live Toolbar -> [Folder | Created Date = 2008-06-18 18:09:08 | Attr = ] Yahoo! -> %ProgramFiles%\Yahoo! -> [Folder | Created Date = 2008-06-19 18:39:07 | Attr = ] Zune -> %ProgramFiles%\Zune -> [Folder | Created Date = 2008-06-24 19:48:03 | Attr = ] [Files/Folders - Modified Within 30 days] aistart -> %SystemDrive%\aistart -> [Folder | Modified Date = 2008-07-01 15:48:34 | Attr = ] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Modified Date = 2008-07-10 09:02:39 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 2008-07-14 02:48:55 | Attr = RHS] CLC -> %SystemDrive%\CLC -> [Folder | Modified Date = 2008-06-17 22:18:54 | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 2008-07-14 02:48:55 | Attr = ] DirectSOFT32 -> %SystemDrive%\DirectSOFT32 -> [Folder | Modified Date = 2008-06-17 22:14:53 | Attr = ] Games -> %SystemDrive%\Games -> [Folder | Modified Date = 2008-06-17 22:15:39 | Attr = ] LM90 -> %SystemDrive%\LM90 -> [Folder | Modified Date = 2008-06-17 22:21:26 | Attr = ] My Documents -> %SystemDrive%\My Documents -> [Folder | Modified Date = 2008-06-29 20:51:49 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-07-16 19:51:46 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2008-07-14 19:56:52 | Attr = HS] STATION.A2K -> %SystemDrive%\STATION.A2K -> [Ver = | Size = 291 bytes | Modified Date = 2008-06-17 22:30:38 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-07-16 19:49:46 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-07-16 21:33:47 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-07-14 17:57:17 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-07-14 17:57:17 | Attr = ] MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2008-06-24 19:48:44 | Attr = H ] Msft_Kernel_zumbus_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_zumbus_01007.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2008-06-24 19:48:45 | Attr = H ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 2008-06-24 19:49:59 | Attr = ] en-US -> %SystemRoot%\System32\drivers\UMDF\en-US -> [Folder | Modified Date = 2008-06-24 19:48:05 | Attr = ] es-ES -> %SystemRoot%\System32\drivers\UMDF\es-ES -> [Folder | Modified Date = 2008-06-24 19:49:11 | Attr = ] fr-FR -> %SystemRoot%\System32\drivers\UMDF\fr-FR -> [Folder | Modified Date = 2008-06-24 19:49:12 | Attr = ] Msft_User_ZuneDriver_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_ZuneDriver_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2008-06-24 19:49:59 | Attr = H ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-07-16 21:33:55 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-07-14 17:55:12 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-07-04 16:45:04 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-07-16 19:51:46 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 251088 bytes | Modified Date = 2008-06-18 10:35:12 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2008-07-15 00:52:48 | Attr = ] msmq -> %SystemRoot%\System32\msmq -> [Folder | Modified Date = 2008-06-17 22:17:19 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 173859 bytes | Modified Date = 2008-07-16 19:50:10 | Attr = ] nvModes.001 -> %SystemRoot%\System32\nvModes.001 -> [Ver = | Size = 57562 bytes | Modified Date = 2008-07-16 20:30:08 | Attr = ] nvModes.dat -> %SystemRoot%\System32\nvModes.dat -> [Ver = | Size = 57562 bytes | Modified Date = 2008-06-17 21:33:21 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72554 bytes | Modified Date = 2008-07-16 19:54:00 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 445096 bytes | Modified Date = 2008-07-16 19:54:00 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 526534 bytes | Modified Date = 2008-07-16 19:54:00 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-07-16 19:49:46 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-06-17 22:23:05 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 4706 bytes | Modified Date = 2008-07-16 19:49:26 | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 2008-06-17 22:17:19 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008-06-24 19:49:08 | Attr = R S] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-07-16 19:49:14 | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2008-07-13 09:14:55 | Attr = HS] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-07-15 00:52:49 | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-06-17 22:17:13 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2008-07-03 14:37:40 | Attr = ] hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [Ver = | Size = 181 bytes | Modified Date = 2008-06-17 22:30:25 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2008-06-24 19:48:44 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-07-15 00:52:48 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-07-14 21:36:28 | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2008-06-17 22:23:00 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2008-06-24 20:07:59 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2008-07-02 17:59:48 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-07-16 23:04:53 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2008-06-27 08:56:53 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 2008-07-14 02:53:42 | Attr = ] SchCache -> %SystemRoot%\SchCache -> [Folder | Modified Date = 2008-06-17 22:23:03 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2008-07-03 14:37:13 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2008-06-17 22:23:05 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-06-29 20:52:58 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-07-14 17:57:39 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-07-16 19:54:00 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-07-12 11:38:46 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008-07-16 22:06:02 | Attr = ] vpc32.INI -> %SystemRoot%\vpc32.INI -> [Ver = | Size = 0 bytes | Modified Date = 2008-07-16 20:30:03 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 643 bytes | Modified Date = 2008-07-10 09:02:39 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008-06-18 10:33:21 | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 264 bytes | Modified Date = 2008-07-16 22:56:02 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-07-16 19:49:24 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2005-05-10 04:56:29 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5511 bytes | Modified Date = 2008-06-18 18:07:46 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2008-06-18 18:07:46 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 2005-05-31 21:04:17 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 2005-05-10 06:22:26 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2005-05-31 21:16:37 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 2005-05-10 23:13:13 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 11860 bytes | Modified Date = 2005-05-10 23:13:16 | Attr = ] C:\Documents and Settings\PalaniswaN\Local Settings\temp\ -> C:\Documents and Settings\PalaniswaN\Local Settings\temp -> [Folder | Modified Date = 2008-07-16 23:04:41 | Attr = ] ExchangePerflog_8484fa31a44f78fe671f8cd9.dat -> C:\Documents and Settings\PalaniswaN\Local Settings\temp\ExchangePerflog_8484fa31a44f78fe671f8cd9.dat -> [Ver = | Size = 28 bytes | Modified Date = 2008-07-16 21:40:28 | Attr = ] 3 C:\Documents and Settings\PalaniswaN\Local Settings\temp\*.tmp files -> C:\Documents and Settings\PalaniswaN\Local Settings\temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2008-06-18 10:33:19 | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 2008-06-17 22:14:57 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2008-07-15 00:52:49 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2008-07-14 18:03:14 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-07-10 13:10:52 | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 2008-06-18 10:18:39 | Attr = ] nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [Folder | Modified Date = 2008-06-24 18:03:22 | Attr = ] OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks -> [Folder | Modified Date = 2008-06-17 22:18:55 | Attr = ] PC Suite -> %AllUsersProfile%\Application Data\PC Suite -> [Folder | Modified Date = 2008-06-17 22:14:57 | Attr = ] QuickTime -> %AllUsersProfile%\Application Data\QuickTime -> [Folder | Modified Date = 2008-06-17 22:19:10 | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 2008-06-17 22:14:57 | Attr = ] SolidDocuments -> %AllUsersProfile%\Application Data\SolidDocuments -> [Folder | Modified Date = 2008-06-29 11:32:03 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-06-17 22:14:57 | Attr = ] Winamp Toolbar -> %AllUsersProfile%\Application Data\Winamp Toolbar -> [Folder | Modified Date = 2008-06-17 22:15:13 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 2008-06-18 17:58:16 | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Modified Date = 2008-06-19 18:40:24 | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Modified Date = 2008-06-19 18:51:23 | Attr = ] ZoomBrowser -> %AllUsersProfile%\Application Data\ZoomBrowser -> [Folder | Modified Date = 2008-06-27 08:49:43 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008-06-18 10:18:57 | Attr = ] Datalayer -> %AppData%\Datalayer -> [Folder | Modified Date = 2008-06-17 22:19:29 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 2008-06-18 09:57:18 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-07-14 18:03:16 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-07-03 14:21:36 | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 2008-06-17 22:19:30 | Attr = ] MSN6 -> %AppData%\MSN6 -> [Folder | Modified Date = 2008-06-17 22:19:30 | Attr = ] Nokia -> %AppData%\Nokia -> [Folder | Modified Date = 2008-06-17 22:19:31 | Attr = ] Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player -> [Folder | Modified Date = 2008-06-17 22:19:31 | Attr = ] PC Suite -> %AppData%\PC Suite -> [Folder | Modified Date = 2008-06-17 22:19:31 | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 2008-07-14 02:45:57 | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 2008-06-25 20:14:59 | Attr = ] ZoomBrowser EX -> %AppData%\ZoomBrowser EX -> [Folder | Modified Date = 2008-06-17 22:19:32 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 2008-06-18 10:19:03 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 2008-07-15 20:55:11 | Attr = ] FASTWiz.html -> %UserProfile%\Local Settings\Application Data\FASTWiz.html -> [Ver = | Size = 592 bytes | Modified Date = 2008-06-17 22:27:25 | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 133 bytes | Modified Date = 2008-06-18 10:16:38 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-06-29 13:17:10 | Attr = ] MCS Info -> %AllUsersProfile%\Documents\MCS Info -> [Folder | Modified Date = 2008-06-17 22:19:25 | Attr = ] microsoft -> %AllUsersProfile%\Documents\microsoft -> [Folder | Modified Date = 2008-06-24 20:41:19 | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 2008-06-24 21:07:50 | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 2008-06-17 22:19:26 | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 2008-06-17 22:19:26 | Attr = R ] Rockwell -> %AllUsersProfile%\Documents\Rockwell -> [Folder | Modified Date = 2008-06-17 22:15:14 | Attr = ] RSView Enterprise -> %AllUsersProfile%\Documents\RSView Enterprise -> [Folder | Modified Date = 2008-06-17 22:15:24 | Attr = ] ArcSoft -> %UserProfile%\My Documents\ArcSoft -> [Folder | Modified Date = 2008-06-17 22:19:53 | Attr = ] AXA -> %UserProfile%\My Documents\AXA -> [Folder | Modified Date = 2008-06-17 22:19:53 | Attr = ] Bluetooth Exchange Folder -> %UserProfile%\My Documents\Bluetooth Exchange Folder -> [Folder | Modified Date = 2008-06-17 22:21:04 | Attr = ] CIMBClicks_Trx_History.xls -> %UserProfile%\My Documents\CIMBClicks_Trx_History.xls -> [Ver = | Size = 15360 bytes | Modified Date = 2008-06-29 11:30:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CIMBClicks_Trx_History.xls:Zone.Identifier Convert -> %UserProfile%\My Documents\Convert -> [Folder | Modified Date = 2008-06-17 22:19:53 | Attr = ] data -> %UserProfile%\My Documents\data -> [Folder | Modified Date = 2008-07-03 14:47:23 | Attr = ] FORMS -> %UserProfile%\My Documents\FORMS -> [Folder | Modified Date = 2008-06-17 22:20:06 | Attr = ] FSFORMS -> %UserProfile%\My Documents\FSFORMS -> [Folder | Modified Date = 2008-06-17 22:20:08 | Attr = ] FST -> %UserProfile%\My Documents\FST -> [Folder | Modified Date = 2008-07-03 14:46:37 | Attr = ] Home Page.mht -> %UserProfile%\My Documents\Home Page.mht -> [Ver = | Size = 113384 bytes | Modified Date = 2008-07-03 14:36:32 | Attr = ] hood_files -> %UserProfile%\My Documents\hood_files -> [Folder | Modified Date = 2008-06-17 22:21:05 | Attr = ] Image Transfer -> %UserProfile%\My Documents\Image Transfer -> [Folder | Modified Date = 2008-06-17 22:21:05 | Attr = ] IRB -> %UserProfile%\My Documents\IRB -> [Folder | Modified Date = 2008-06-17 22:20:26 | Attr = ] LP -> %UserProfile%\My Documents\LP -> [Folder | Modified Date = 2008-06-29 11:36:13 | Attr = ] MUTUAL -> %UserProfile%\My Documents\MUTUAL -> [Folder | Modified Date = 2008-07-14 19:57:00 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 2008-06-17 22:21:05 | Attr = ] My Digital Editions -> %UserProfile%\My Documents\My Digital Editions -> [Folder | Modified Date = 2008-06-17 22:21:05 | Attr = ] My eBooks -> %UserProfile%\My Documents\My eBooks -> [Folder | Modified Date = 2008-06-17 22:21:05 | Attr = ] My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [Folder | Modified Date = 2008-06-17 22:21:05 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008-06-24 19:49:26 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-07-04 19:27:30 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 2008-06-17 22:21:12 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 585 bytes | Modified Date = 2008-06-19 18:24:42 | Attr = ] Nemal -> %UserProfile%\My Documents\Nemal -> [Folder | Modified Date = 2008-06-18 10:09:42 | Attr = ] PACIFIC -> %UserProfile%\My Documents\PACIFIC -> [Folder | Modified Date = 2008-06-17 22:20:36 | Attr = ] Pictures -> %UserProfile%\My Documents\Pictures -> [Folder | Modified Date = 2008-06-17 22:20:41 | Attr = ] PRIMO -> %UserProfile%\My Documents\PRIMO -> [Folder | Modified Date = 2008-06-17 22:20:44 | Attr = ] RegRun2 -> %UserProfile%\My Documents\RegRun2 -> [Folder | Modified Date = 2008-06-17 22:20:44 | Attr = ] SAMY -> %UserProfile%\My Documents\SAMY -> [Folder | Modified Date = 2008-06-17 22:20:45 | Attr = ] SF -> %UserProfile%\My Documents\SF -> [Folder | Modified Date = 2008-06-17 22:20:55 | Attr = ] SHEETER -> %UserProfile%\My Documents\SHEETER -> [Folder | Modified Date = 2008-06-17 22:20:56 | Attr = ] Sidharth -> %UserProfile%\My Documents\Sidharth -> [Folder | Modified Date = 2008-07-10 15:44:55 | Attr = ] Solid Converter -> %UserProfile%\My Documents\Solid Converter -> [Folder | Modified Date = 2008-06-17 22:21:12 | Attr = ] spider.sav -> %UserProfile%\My Documents\spider.sav -> [Ver = | Size = 372 bytes | Modified Date = 2008-06-26 21:33:39 | Attr = ] SS TOUCH -> %UserProfile%\My Documents\SS TOUCH -> [Folder | Modified Date = 2008-06-17 22:21:14 | Attr = ] Sun Microgrind -> %UserProfile%\My Documents\Sun Microgrind -> [Folder | Modified Date = 2008-06-17 22:21:14 | Attr = ] Terminal -> %UserProfile%\My Documents\Terminal -> [Folder | Modified Date = 2008-06-17 22:20:59 | Attr = ] TICKET -> %UserProfile%\My Documents\TICKET -> [Folder | Modified Date = 2008-07-05 16:08:10 | Attr = ] TIMESHEET 2004 -> %UserProfile%\My Documents\TIMESHEET 2004 -> [Folder | Modified Date = 2008-06-17 22:21:19 | Attr = ] TIMESHEET 2005 -> %UserProfile%\My Documents\TIMESHEET 2005 -> [Folder | Modified Date = 2008-06-17 22:21:20 | Attr = ] TIMESHEET 2006 -> %UserProfile%\My Documents\TIMESHEET 2006 -> [Folder | Modified Date = 2008-06-17 22:21:20 | Attr = ] TIMESHEET 2007 -> %UserProfile%\My Documents\TIMESHEET 2007 -> [Folder | Modified Date = 2008-06-17 22:21:21 | Attr = ] TIMESHEET 2008 -> %UserProfile%\My Documents\TIMESHEET 2008 -> [Folder | Modified Date = 2008-07-14 23:58:07 | Attr = ] T_Screen -> %UserProfile%\My Documents\T_Screen -> [Folder | Modified Date = 2008-06-17 22:20:59 | Attr = ] usa.xls -> %UserProfile%\My Documents\usa.xls -> [Ver = | Size = 13824 bytes | Modified Date = 2008-06-24 23:58:53 | Attr = ] WebCam Center -> %UserProfile%\My Documents\WebCam Center -> [Folder | Modified Date = 2008-06-17 22:21:24 | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 2008-06-18 10:33:34 | Attr = ] AT&T Global Network Client.lnk -> %AllUsersProfile%\Desktop\AT&T Global Network Client.lnk -> [Ver = | Size = 2227 bytes | Modified Date = 2008-07-16 21:38:31 | Attr = ] EOS Utility.lnk -> %AllUsersProfile%\Desktop\EOS Utility.lnk -> [Ver = | Size = 732 bytes | Modified Date = 2008-06-27 08:50:29 | Attr = ] MCS Realtime Simulator.lnk -> %AllUsersProfile%\Desktop\MCS Realtime Simulator.lnk -> [Ver = | Size = 2391 bytes | Modified Date = 2008-06-20 01:04:54 | Attr = ] Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Modified Date = 2008-06-19 18:40:26 | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Modified Date = 2008-06-19 18:39:13 | Attr = ] ZoomBrowser EX.lnk -> %AllUsersProfile%\Desktop\ZoomBrowser EX.lnk -> [Ver = | Size = 971 bytes | Modified Date = 2008-06-27 08:49:43 | Attr = ] Zune.lnk -> %AllUsersProfile%\Desktop\Zune.lnk -> [Ver = | Size = 628 bytes | Modified Date = 2008-06-24 19:48:08 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-07-14 20:50:04 | Attr = ] Office Excel 2003.lnk -> %UserProfile%\Desktop\Office Excel 2003.lnk -> [Ver = | Size = 2495 bytes | Modified Date = 2008-07-16 21:37:51 | Attr = ] Office Outlook 2003.lnk -> %UserProfile%\Desktop\Office Outlook 2003.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 2008-07-16 21:40:09 | Attr = ] Office Word 2003.lnk -> %UserProfile%\Desktop\Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 2008-07-16 21:36:24 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-07-16 23:04:37 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 2008-07-16 21:32:18 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 2008-07-15 20:53:35 | Attr = ] Adaptec Shared -> %CommonProgramFiles%\Adaptec Shared -> [Folder | Modified Date = 2008-06-17 22:16:18 | Attr = ] Canon -> %CommonProgramFiles%\Canon -> [Folder | Modified Date = 2008-06-27 08:46:39 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2008-06-18 18:08:07 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Modified Date = 2008-06-17 22:16:19 | Attr = ] Rockwell -> %CommonProgramFiles%\Rockwell -> [Folder | Modified Date = 2008-06-17 22:22:06 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 2008-06-18 18:06:42 | Attr = HS] < End of report > [/code]