[code] OTScanIt logfile created on: 2008-7-20 22:20:40 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\computer\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy-M-d 511.53 Mb Total Physical Memory | 141.28 Mb Available Physical Memory | 27.62% Memory free 1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.15% Paging File free Paging file location(s): c:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 4.95 Gb Free Space | 12.68% Space Free | Partition Type: NTFS Drive D: | 58.59 Gb Total Space | 10.85 Gb Free Space | 18.51% Space Free | Partition Type: NTFS Drive E: | 16.83 Gb Total Space | 16.28 Gb Free Space | 96.70% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPUTER1 Current User Name: Rabien Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] brsvc01a.exe -> %SystemRoot%\system32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 2002-4-12 | Attr = ] brss01a.exe -> %SystemRoot%\system32\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 2001-12-13 00:01:00 | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 2008-7-4 20:03:14 | Attr = ] brmfrmps.exe -> %SystemRoot%\system32\Brmfrmps.exe -> Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Modified Date = 2003-3-19 17:43:00 | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 09:01:00 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ] brmfrsmg.exe -> %SystemRoot%\system32\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Modified Date = 2001-8-17 21:36:38 | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 2007-3-9 11:09:58 | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 2008-7-4 20:02:55 | Attr = ] pptd40nt.exe -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 2002-8-12 09:33:34 | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 2008-7-4 20:03:59 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-1-28 11:43:40 | Attr = RHS] smartui.exe -> %ProgramFiles%\Scansoft\PaperPort\SmartUI\SmartUI.exe -> Scansoft, Inc. [Ver = 1, 0, 0, 18 | Size = 1568768 bytes | Modified Date = 2003-2-3 11:29:12 | Attr = ] avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 2008-7-4 20:03:26 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-7-12 09:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 2004-10-7 18:39:28 | Attr = ] (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 2008-7-4 20:03:26 | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 2008-7-4 20:03:14 | Attr = ] (brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Brmfrmps.exe -> Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Modified Date = 2003-3-19 17:43:00 | Attr = ] (Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 2002-4-12 | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 09:01:00 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-8-4 15:56:48 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 2006-12-4 12:53:55 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-4-4 00:41:10 | Attr = ] (iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found (Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> Macromedia [Ver = 2.65.000 | Size = 69632 bytes | Modified Date = 2006-6-22 21:16:32 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 2005-4-5 11:17:22 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 2007-3-9 11:09:58 | Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 2008-7-4 20:03:59 | Attr = ] IndexSearch -> %ProgramFiles%\Scansoft\PaperPort\IndexSearch.exe [C:\Program Files\Scansoft\PaperPort\IndexSearch.exe] -> [Ver = | Size = 36864 bytes | Modified Date = 2002-8-12 10:07:26 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1622016 bytes | Modified Date = 2006-10-22 12:22:00 | Attr = ] PaperPort PTD -> %ProgramFiles%\Scansoft\PaperPort\pptd40nt.exe [C:\Program Files\Scansoft\PaperPort\pptd40nt.exe] -> ScanSoft, Inc. [Ver = 8.10 | Size = 45108 bytes | Modified Date = 2002-8-12 09:33:34 | Attr = ] SetDefPrt -> %ProgramFiles%\Brother\Brmfl03a\BrStDvPt.exe [C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe] -> [Ver = | Size = 45056 bytes | Modified Date = 2003-7-3 15:31:52 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-1-28 11:43:40 | Attr = RHS] < Run [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-1-28 11:43:40 | Attr = RHS] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 2005-9-23 22:05:26 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\SmartUI.lnk -> %ProgramFiles%\Scansoft\PaperPort\SmartUI\SmartUI.exe -> Scansoft, Inc. [Ver = 1, 0, 0, 18 | Size = 1568768 bytes | Modified Date = 2003-2-3 11:29:12 | Attr = ] < computer Startup Folder > -> C:\Documents and Settings\computer\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 2008-7-4 20:02:56 | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 2004-8-4 15:56:49 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINNT\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2004-8-4 15:56:57 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2004-8-4 15:56:50 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 2006-12-20 05:52:18 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2004-8-4 15:56:57 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Autorun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-8-4 13:59:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTDK_CDRW4800B___________________________S7S4____\5&22da6f84&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2005-5-29 10:18:56 | Attr = ] AUTOEXEC.SOL [C:\PROGRA~1\SRNMIC~1\SOLOLITE /HARDDISK /REPAIR /AUTO | ] -> %SystemDrive%\AUTOEXEC.SOL [ NTFS ] -> [Ver = | Size = 55 bytes | Modified Date = 2005-4-26 22:13:15 | Attr = ] < HOSTS File > (0 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.hwachong.edu.sg -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.hwachong.edu.sg -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[intranet] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\: Main\\Start Page -> http://www.hwachong.edu.sg -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[intranet] -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> Range1 [] -> * = Trusted sites | -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. -> .[msn] -> My Computer -> download.microsoft.com .[http] -> Trusted sites -> update_microsoft.com [http] -> Trusted sites -> update_microsoft.com [https] -> Trusted sites -> windowsupdate_microsoft.com [http] -> Trusted sites -> update.microsoft.com .[http] -> Trusted sites -> update.microsoft.com .[https] -> Trusted sites -> windowsupdate.com .[http] -> Trusted sites -> windowsupdate.microsoft.com .[http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 8 domain(s) found. -> .[msn] -> My Computer -> download.microsoft.com .[http] -> Trusted sites -> update_microsoft.com [http] -> Trusted sites -> update_microsoft.com [https] -> Trusted sites -> windowsupdate_microsoft.com [http] -> Trusted sites -> update.microsoft.com .[http] -> Trusted sites -> update.microsoft.com .[https] -> Trusted sites -> windowsupdate.com .[http] -> Trusted sites -> windowsupdate.microsoft.com .[http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 04:16:42 | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 2008-7-5 20:45:45 | Attr = ] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-8-1 00:25:34 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-1-28 11:43:28 | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 2008-7-4 20:03:49 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-8-1 00:25:34 | Attr = ] {A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 2008-7-4 20:03:49 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-8-1 00:25:34 | Attr = ] WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 2008-7-4 20:03:49 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD [Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 2007-8-1 00:25:34 | Attr = ] WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 2008-7-4 20:03:49 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 2005-6-3 04:09:54 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-1-28 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1911-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\] > -> HKEY_USERS\S-1-5-21-343818398-2025429265-725345543-1000\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1911-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 2001-1-30 13:56:24 | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {2E943A48-D960-4CC6-B0C1-F05012F7790B} -> (Sony Ericsson Device 816 USB Ethernet Emulation (NDIS 5)) -> {32E6E4AE-E7FF-4B70-99DE-6950A643CAD9} -> () -> {5476AB47-AF10-4196-BFA0-E3485F86E3D7} -> () -> {54BE9283-607B-4EB4-BF8F-5F75FF09F76D} -> (ADMtek ADM8511 USB To Fast Ethernet Converter) -> {74919E48-2F72-48B4-86E2-AC406362D308} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> {9C098E26-D9C9-45C7-828E-DCCCFCE42E49} -> () -> {BEE785E5-BA79-44AA-AF08-2AAC1552A035} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> {D1F7538F-732E-4A3B-8598-F39849C27776} -> () -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 2008-7-4 20:03:23 | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}[HKEY_LOCAL_MACHINE] -> http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1150125527703[MSSecurityAdvisor Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169124419562[MUWebControl Class] -> {9122D757-5A4F-4768-82C5-B4171D8556A7}[HKEY_LOCAL_MACHINE] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab[Reg Error: Key does not exist or could not be opened.] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/AdmilliServX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/asinst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PhtPkMSN.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PhtPkMSN.dll\\.Owner -> {9122D757-5A4F-4768-82C5-B4171D8556A7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/PhtPkMSN.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/v3.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/v3.dll\\.Owner -> v3cab -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/v3.dll\\v3cab -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\22d6f312-b0f6-11d0-94ab-0080c74c7e95 -> 22d6f312-b0f6-11d0-94ab-0080c74c7e95 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuctl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfbmp13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfbmp13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfbmp13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfcmp13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfcmp13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfcmp13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfgif13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfgif13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfgif13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfpng13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfpng13n.dll\\.Owner -> {9122D757-5A4F-4768-82C5-B4171D8556A7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/lfpng13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltdis13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltdis13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltdis13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltfil13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltfil13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltfil13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltimg13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltimg13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltimg13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltkrn13n.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltkrn13n.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/ltkrn13n.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/mssecadv.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/mssecadv.dll\\.Owner -> {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/mssecadv.dll\\{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvbvm60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvbvm60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcp60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcr71.dll\\{9122D757-5A4F-4768-82C5-B4171D8556A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{4112DF42-0DCB-11d1-8177-00AA00576BAD} -> {4112DF42-0DCB-11d1-8177-00AA00576BAD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/TSC.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/TSC.ini\\.Owner -> Unknown Owner -> [Files/Folders - Created Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 2008-6-25 01:16:07 | Attr = H ] Brother -> %SystemDrive%\Brother -> [Folder | Created Date = 2008-5-13 23:35:44 | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 2008-6-24 00:54:00 | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Created Date = 2008-6-24 00:54:00 | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25598687 bytes | Created Date = 2008-6-24 00:54:00 | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 50290 bytes | Created Date = 2008-6-24 07:58:40 | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 162021 bytes | Created Date = 2008-6-24 07:58:40 | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Created Date = 2008-6-24 00:54:09 | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Created Date = 2008-6-24 00:54:10 | Attr = ] BrFilt.sys -> %SystemRoot%\System32\drivers\BrFilt.sys -> Brother Industries Ltd. [Ver = 1.0.0.0 (Lab06_N.010129-0357) | Size = 2944 bytes | Created Date = 2008-5-14 05:31:42 | Attr = ] BrSerWdm.sys -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.19 built by: WinDDK | Size = 61952 bytes | Created Date = 2008-5-13 23:36:01 | Attr = ] BrUsbMdm.sys -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 (Lab06_N.010129-0357) | Size = 11008 bytes | Created Date = 2008-5-14 05:31:42 | Attr = ] BrUsbScn.sys -> %SystemRoot%\System32\drivers\BrUsbScn.sys -> Brother Industries Ltd. [Ver = 1,0,0,6 (Lab06_N.010129-0357) | Size = 10368 bytes | Created Date = 2008-5-14 05:31:26 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 2008-7-11 21:37:01 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 2008-7-11 21:37:00 | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Created Date = 2008-6-24 00:54:10 | Attr = ] BrBidiIf.dll -> %SystemRoot%\System32\BrBidiIf.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 19456 bytes | Created Date = 2008-5-13 23:35:57 | Attr = ] brcoinst.dll -> %SystemRoot%\System32\brcoinst.dll -> Brother Industries Ltd. [Ver = 1.0.0.8 (Lab06_N.010129-0357) | Size = 9728 bytes | Created Date = 2008-5-14 05:31:42 | Attr = ] BrEvIF.dll -> %SystemRoot%\System32\BrEvIF.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 12800 bytes | Created Date = 2008-5-13 23:35:57 | Attr = ] brfxcom.dll -> %SystemRoot%\System32\brfxcom.dll -> Brother Industries,LTD [Ver = 1, 0, 0, 0 | Size = 151552 bytes | Created Date = 2008-5-13 23:35:42 | Attr = ] brfxdial.dll -> %SystemRoot%\System32\brfxdial.dll -> Brother Industries,LTD [Ver = 2, 0, 0, 0 | Size = 32768 bytes | Created Date = 2008-5-13 23:35:42 | Attr = ] brinsstr.dll -> %SystemRoot%\System32\brinsstr.dll -> Brother Industries,Ltd. [Ver = 2.04 | Size = 45056 bytes | Created Date = 2008-5-13 23:35:56 | Attr = ] BrmfBidi.dll -> %SystemRoot%\System32\BrmfBidi.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 15360 bytes | Created Date = 2008-5-13 23:35:59 | Attr = ] BrmfLpt.dll -> %SystemRoot%\System32\BrmfLpt.dll -> Brother Industries, Ltd. [Ver = 1.45.15.352 | Size = 30208 bytes | Created Date = 2008-5-13 23:35:59 | Attr = ] Brmfrmps.exe -> %SystemRoot%\System32\Brmfrmps.exe -> Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Created Date = 2008-5-13 23:35:56 | Attr = ] BrmfRsmg.exe -> %SystemRoot%\System32\BrmfRsmg.exe -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 32256 bytes | Created Date = 2008-5-13 23:36:00 | Attr = ] BrmfUSB.dll -> %SystemRoot%\System32\BrmfUSB.dll -> Brother Industries, Ltd. [Ver = 1.45.15.352 | Size = 42496 bytes | Created Date = 2008-5-13 23:36:00 | Attr = ] brmsi06f.BIN -> %SystemRoot%\System32\brmsi06f.BIN -> [Ver = | Size = 256 bytes | Created Date = 2008-5-13 23:36:00 | Attr = ] BrRSi03a.dll -> %SystemRoot%\System32\BrRSi03a.dll -> Brother Industries, Ltd. [Ver = 2, 0, 0, 1 | Size = 28160 bytes | Created Date = 2008-5-13 23:36:01 | Attr = ] BrScnRsm.dll -> %SystemRoot%\System32\BrScnRsm.dll -> Brother Industries,Ltd. [Ver = 1.0.0.14 | Size = 5120 bytes | Created Date = 2008-5-13 23:36:01 | Attr = ] BrSerIf.dll -> %SystemRoot%\System32\BrSerIf.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9728 bytes | Created Date = 2008-5-13 23:36:01 | Attr = ] brspl2kb.dll -> %SystemRoot%\System32\brspl2kb.dll -> Brother Industries, Ltd [Ver = 1.06 | Size = 77824 bytes | Created Date = 2008-5-13 23:36:01 | Attr = ] brsplwmk.dll -> %SystemRoot%\System32\brsplwmk.dll -> brother Industries Ltd [Ver = 1.04 | Size = 81920 bytes | Created Date = 2008-5-13 23:36:01 | Attr = ] brss01a.exe -> %SystemRoot%\System32\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 2008-5-13 23:36:02 | Attr = ] brss01a.ini -> %SystemRoot%\System32\brss01a.ini -> [Ver = | Size = 30 bytes | Created Date = 2008-5-14 05:31:59 | Attr = ] brsvc01a.bsi -> %SystemRoot%\System32\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Created Date = 2008-5-14 05:31:59 | Attr = ] brsvc01a.exe -> %SystemRoot%\System32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Created Date = 2008-5-13 23:36:02 | Attr = ] BrWebIns.dll -> %SystemRoot%\System32\BrWebIns.dll -> brother [Ver = 1, 0, 8, 0 | Size = 81920 bytes | Created Date = 2008-5-13 23:35:46 | Attr = ] Brwebup.exe -> %SystemRoot%\System32\Brwebup.exe -> brother [Ver = 1, 0, 7, 0 | Size = 65536 bytes | Created Date = 2008-5-13 23:35:46 | Attr = ] BrWia03a.dll -> %SystemRoot%\System32\BrWia03a.dll -> Brother Industries, Ltd. [Ver = 3.0.1.6 built by: WinDDK | Size = 88064 bytes | Created Date = 2008-5-13 23:36:02 | Attr = ] bsplmf01.dll -> %SystemRoot%\System32\bsplmf01.dll -> Brother Industries, Ltd [Ver = 3.06 | Size = 258048 bytes | Created Date = 2008-5-13 23:36:02 | Attr = ] bsplmf01.exe -> %SystemRoot%\System32\bsplmf01.exe -> Brother Industries,ltd [Ver = 3.49 | Size = 102400 bytes | Created Date = 2008-5-13 23:36:02 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 2008-7-19 18:06:55 | Attr = ] 13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> cygwin1.dll -> %SystemRoot%\System32\cygwin1.dll -> Red Hat [Ver = 1.5.18 | Size = 1295582 bytes | Created Date = 2008-6-14 08:10:26 | Attr = ] cygz.dll -> %SystemRoot%\System32\cygz.dll -> [Ver = | Size = 61440 bytes | Created Date = 2008-6-14 08:10:26 | Attr = ] ffdshow.ax -> %SystemRoot%\System32\ffdshow.ax -> [Ver = 1, 0, 0, 1 | Size = 1761280 bytes | Created Date = 2008-6-14 08:10:28 | Attr = ] ffdshow.reg -> %SystemRoot%\System32\ffdshow.reg -> [Ver = | Size = 34820 bytes | Created Date = 2008-6-14 08:10:28 | Attr = ] iviaudio.ax -> %SystemRoot%\System32\iviaudio.ax -> InterVideo Inc. [Ver = 2.8.18.0 | Size = 466944 bytes | Created Date = 2008-6-14 08:13:47 | Attr = ] libavcodec.dll -> %SystemRoot%\System32\libavcodec.dll -> [Ver = | Size = 2255360 bytes | Created Date = 2008-6-14 08:10:27 | Attr = ] libmpeg2_ff.dll -> %SystemRoot%\System32\libmpeg2_ff.dll -> [Ver = | Size = 112640 bytes | Created Date = 2008-6-14 08:10:27 | Attr = ] libmplayer.dll -> %SystemRoot%\System32\libmplayer.dll -> [Ver = | Size = 395776 bytes | Created Date = 2008-6-14 08:10:27 | Attr = ] mf322def.dat -> %SystemRoot%\System32\mf322def.dat -> [Ver = | Size = 50 bytes | Created Date = 2008-5-13 23:36:36 | Attr = ] pc_fax32.hlp -> %SystemRoot%\System32\pc_fax32.hlp -> [Ver = | Size = 16773 bytes | Created Date = 2008-5-13 23:35:44 | Attr = ] Pdrvinst.dll -> %SystemRoot%\System32\Pdrvinst.dll -> brother [Ver = 1, 1, 6, 0 | Size = 176128 bytes | Created Date = 2008-5-13 23:35:46 | Attr = ] RSMGRSTR.dll -> %SystemRoot%\System32\RSMGRSTR.dll -> Brother Industries, Ltd. [Ver = 1.45.15.340 | Size = 9216 bytes | Created Date = 2008-5-13 23:36:02 | Attr = ] SendDial.exe -> %SystemRoot%\System32\SendDial.exe -> Brother Industries,LTD [Ver = 1, 0, 5, 0 | Size = 679936 bytes | Created Date = 2008-5-13 23:35:42 | Attr = ] TomsMoComp_ff.dll -> %SystemRoot%\System32\TomsMoComp_ff.dll -> [Ver = | Size = 262144 bytes | Created Date = 2008-6-14 08:10:27 | Attr = ] BRMFBIDI.INI -> %SystemRoot%\BRMFBIDI.INI -> [Ver = | Size = 1846 bytes | Created Date = 2008-5-14 05:31:29 | Attr = ] brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 51 bytes | Created Date = 2008-6-30 00:46:07 | Attr = ] Brpcfx.ini -> %SystemRoot%\Brpcfx.ini -> [Ver = | Size = 265 bytes | Created Date = 2008-5-13 23:36:36 | Attr = ] brunin03.dll -> %SystemRoot%\brunin03.dll -> Brother Industries,Ltd. [Ver = 3.02 | Size = 147456 bytes | Created Date = 2008-5-13 23:35:41 | Attr = ] CVRPAGE.BMP -> %SystemRoot%\CVRPAGE.BMP -> [Ver = | Size = 6224 bytes | Created Date = 2008-5-13 23:35:44 | Attr = ] encoder.exe -> %SystemRoot%\encoder.exe -> [Ver = | Size = 3602944 bytes | Created Date = 2008-6-14 08:10:26 | Attr = ] igsmj2002.no -> %SystemRoot%\igsmj2002.no -> [Ver = | Size = 162 bytes | Created Date = 2008-6-13 22:08:25 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 2008-7-20 21:27:26 | Attr = ] 11 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> maxlink.ini -> %SystemRoot%\maxlink.ini -> [Ver = | Size = 767 bytes | Created Date = 2008-5-13 23:31:42 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2008-6-25 01:15:14 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2008-6-25 01:15:14 | Attr = H ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2008-7-19 17:59:56 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 2008-6-24 00:53:51 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2008-7-11 21:37:00 | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1743 bytes | Created Date = 2008-5-11 09:04:02 | Attr = ] ScanSoft -> %AllUsersProfile%\Application Data\ScanSoft -> [Folder | Created Date = 2008-6-30 00:46:12 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 2008-5-27 23:22:10 | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 VOWSoft -> %AllUsersProfile%\Application Data\VOWSoft -> [Folder | Created Date = 2008-6-14 08:24:39 | Attr = ] Auslogics -> %AppData%\Auslogics -> [Folder | Created Date = 2008-7-20 21:20:22 | Attr = ] AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Created Date = 2008-6-24 00:54:00 | Attr = ] Brother -> %AppData%\Brother -> [Folder | Created Date = 2008-5-16 23:20:59 | Attr = R ] Hamachi -> %AppData%\Hamachi -> [Folder | Created Date = 2008-6-13 22:04:01 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-7-11 21:37:07 | Attr = ] My PaperPort Documents -> %UserProfile%\My Documents\My PaperPort Documents -> [Folder | Created Date = 2008-6-30 00:45:36 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 2008-6-19 00:47:01 | Attr = ] AusLogics Disk Defrag.lnk -> %UserProfile%\Desktop\AusLogics Disk Defrag.lnk -> [Ver = | Size = 801 bytes | Created Date = 2008-7-20 21:20:11 | Attr = ] chem term3.doc -> %UserProfile%\Desktop\chem term3.doc -> [Ver = | Size = 38912 bytes | Created Date = 2008-7-16 20:54:05 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\chem term3.doc:Zone.Identifier econs essay 1.doc -> %UserProfile%\Desktop\econs essay 1.doc -> [Ver = | Size = 0 bytes | Created Date = 2008-5-23 23:42:00 | Attr = ] econs essay 2.doc -> %UserProfile%\Desktop\econs essay 2.doc -> [Ver = | Size = 36864 bytes | Created Date = 2008-5-23 23:42:12 | Attr = ] GCE A Levels.pdf -> %UserProfile%\Desktop\GCE A Levels.pdf -> [Ver = | Size = 63649 bytes | Created Date = 2008-5-18 23:57:08 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2008-7-11 22:06:18 | Attr = ] livelysetup.exe -> %UserProfile%\Desktop\livelysetup.exe -> Google Inc. [Ver = 1.2.121.5 | Size = 479848 bytes | Created Date = 2008-7-11 21:07:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\livelysetup.exe:Zone.Identifier Mahjong.lnk -> %UserProfile%\Desktop\Mahjong.lnk -> [Ver = | Size = 659 bytes | Created Date = 2008-6-21 22:43:52 | Attr = ] Maths BT2 2007 - sol.pdf -> %UserProfile%\Desktop\Maths BT2 2007 - sol.pdf -> [Ver = | Size = 104254 bytes | Created Date = 2008-5-23 23:42:56 | Attr = ] Maths BT2 2007.pdf -> %UserProfile%\Desktop\Maths BT2 2007.pdf -> [Ver = | Size = 63203 bytes | Created Date = 2008-5-23 23:42:45 | Attr = ] Maths Prelim 1.pdf -> %UserProfile%\Desktop\Maths Prelim 1.pdf -> [Ver = | Size = 72252 bytes | Created Date = 2008-5-23 23:43:09 | Attr = ] Maths Prelim 2.pdf -> %UserProfile%\Desktop\Maths Prelim 2.pdf -> [Ver = | Size = 76295 bytes | Created Date = 2008-5-23 23:43:09 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-7-20 22:19:08 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 2008-7-20 21:07:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Radioactivity Effects & Applications.pdf -> %UserProfile%\Desktop\Radioactivity Effects & Applications.pdf -> [Ver = | Size = 309105 bytes | Created Date = 2008-7-20 21:06:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Radioactivity Effects & Applications.pdf:Zone.Identifier topics.doc -> %UserProfile%\Desktop\topics.doc -> [Ver = | Size = 70144 bytes | Created Date = 2008-7-16 20:54:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\topics.doc:Zone.Identifier SmartUI.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\SmartUI.lnk -> [Ver = | Size = 727 bytes | Created Date = 2008-5-13 23:31:26 | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 2008-7-11 21:36:44 | Attr = ] scansoft shared -> %CommonProgramFiles%\scansoft shared -> [Folder | Created Date = 2008-5-13 23:31:08 | Attr = ] ABC 3GP Converter -> %ProgramFiles%\ABC 3GP Converter -> [Folder | Created Date = 2008-6-14 08:24:37 | Attr = ] Auslogics -> %ProgramFiles%\Auslogics -> [Folder | Created Date = 2008-7-20 21:20:09 | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 2008-6-24 00:53:51 | Attr = ] Brother -> %ProgramFiles%\Brother -> [Folder | Created Date = 2008-5-13 23:35:42 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 2008-7-11 21:36:59 | Attr = ] Microsoft Office Word 2003.lnk -> %ProgramFiles%\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2505 bytes | Created Date = 2008-6-27 23:08:26 | Attr = ] Scansoft -> %ProgramFiles%\Scansoft -> [Folder | Created Date = 2008-5-13 23:31:07 | Attr = ] [Files/Folders - Modified Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 2008-6-25 18:11:25 | Attr = H ] Brother -> %SystemDrive%\Brother -> [Folder | Modified Date = 2008-5-13 23:35:44 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536449024 bytes | Modified Date = 2008-7-20 21:17:13 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-7-20 21:39:26 | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2008-6-13 22:03:25 | Attr = ] WINNT -> %SystemRoot% -> [Folder | Modified Date = 2008-7-20 21:37:40 | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 2008-7-20 19:36:14 | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 2008-6-24 00:54:00 | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25598687 bytes | Modified Date = 2008-7-20 19:36:09 | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 50290 bytes | Modified Date = 2008-7-19 15:53:33 | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 162021 bytes | Modified Date = 2008-7-16 19:26:44 | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 2008-7-4 20:02:54 | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 2008-7-4 20:02:54 | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 2008-7-4 20:03:53 | Attr = ] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 2008-6-13 22:03:41 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 2008-7-7 17:35:30 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 2008-7-7 17:35:36 | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 2008-7-4 20:02:56 | Attr = ] brss01a.ini -> %SystemRoot%\System32\brss01a.ini -> [Ver = | Size = 30 bytes | Modified Date = 2008-5-14 05:31:59 | Attr = ] brsvc01a.bsi -> %SystemRoot%\System32\brsvc01a.bsi -> [Ver = | Size = 184 bytes | Modified Date = 2008-5-14 05:31:59 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008-7-20 21:15:24 | Attr = ] 13 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-7-20 21:27:24 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-7-20 21:49:54 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 386408 bytes | Modified Date = 2008-5-14 05:34:37 | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 2008-5-14 22:27:56 | Attr = ] mf322def.dat -> %SystemRoot%\System32\mf322def.dat -> [Ver = | Size = 50 bytes | Modified Date = 2008-5-14 05:11:57 | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 2008-7-20 21:18:32 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 88556 bytes | Modified Date = 2008-7-20 21:18:41 | Attr = ] oldcatroot2 -> %SystemRoot%\System32\oldcatroot2 -> [Folder | Modified Date = 2008-6-14 09:56:37 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 61502 bytes | Modified Date = 2008-5-27 23:23:35 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 400732 bytes | Modified Date = 2008-5-27 23:23:36 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 469984 bytes | Modified Date = 2008-5-27 23:23:35 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-4-27 22:07:46 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13680 bytes | Modified Date = 2008-7-20 21:20:14 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-7-20 21:32:31 | Attr = H ] 11 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2008-7-20 22:01:04 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-7-20 21:17:23 | Attr = S] BRMFBIDI.INI -> %SystemRoot%\BRMFBIDI.INI -> [Ver = | Size = 1846 bytes | Modified Date = 2008-7-20 21:18:26 | Attr = ] brmx2001.ini -> %SystemRoot%\brmx2001.ini -> [Ver = | Size = 51 bytes | Modified Date = 2008-6-30 00:46:07 | Attr = ] Brpcfx.ini -> %SystemRoot%\Brpcfx.ini -> [Ver = | Size = 265 bytes | Modified Date = 2008-5-14 05:11:57 | Attr = ] BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI -> [Ver = | Size = 105 bytes | Modified Date = 2008-5-14 05:31:59 | Attr = ] brqikmon.ini -> %SystemRoot%\brqikmon.ini -> [Ver = | Size = 306 bytes | Modified Date = 2008-7-16 19:58:51 | Attr = ] brwmark.ini -> %SystemRoot%\brwmark.ini -> [Ver = | Size = 500 bytes | Modified Date = 2008-7-8 00:56:20 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-7-11 21:30:37 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-7-19 20:31:51 | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-5-14 05:11:42 | Attr = R S] igsmj2002.no -> %SystemRoot%\igsmj2002.no -> [Ver = | Size = 162 bytes | Modified Date = 2008-7-16 00:19:15 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-7-20 21:36:56 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-7-20 21:51:04 | Attr = HS] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 2008-7-20 21:27:26 | Attr = ] maxlink.ini -> %SystemRoot%\maxlink.ini -> [Ver = | Size = 767 bytes | Modified Date = 2008-6-30 00:46:06 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-6-14 21:29:18 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-7-20 22:19:09 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-6-25 01:15:14 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-7-20 21:40:50 | Attr = H ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2008-7-20 19:38:30 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2008-7-19 20:52:52 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-5-13 23:31:25 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-7-20 21:47:00 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-5-27 21:26:42 | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 2008-7-20 22:21:21 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-7-20 21:17:39 | Attr = H ] Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 366 bytes | Modified Date = 2008-7-20 19:43:14 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2008-7-19 17:59:51 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 2008-7-20 21:36:52 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2008-7-20 21:36:52 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 2006-7-30 18:34:26 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 2005-4-26 21:15:24 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 8416 bytes | Modified Date = 2006-7-30 18:46:32 | Attr = ] C:\Documents and Settings\computer\Local Settings\Temp\ -> C:\Documents and Settings\computer\Local Settings\Temp -> [Folder | Modified Date = 2008-7-20 22:19:11 | Attr = ] A~NSISu_.exe -> C:\Documents and Settings\computer\Local Settings\Temp\A~NSISu_.exe -> [Ver = | Size = 57924 bytes | Modified Date = 2005-5-7 17:14:57 | Attr = ] B~NSISu_.exe -> C:\Documents and Settings\computer\Local Settings\Temp\B~NSISu_.exe -> DivX Networks, Inc. [Ver = 1.0.0.85 | Size = 70570 bytes | Modified Date = 2006-1-22 16:38:12 | Attr = ] uninstall.6d5a.exe -> C:\Documents and Settings\computer\Local Settings\Temp\uninstall.6d5a.exe -> LogMeIn Inc. [Ver = 1, 0, 2, 5 | Size = 149800 bytes | Modified Date = 2008-6-13 22:03:40 | Attr = ] 7 C:\Documents and Settings\computer\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\computer\Local Settings\Temp\*.tmp -> C:\Documents and Settings\computer\Local Settings\Temp\~nsu.tmp\ -> C:\Documents and Settings\computer\Local Settings\Temp\~nsu.tmp\ -> [Folder | Modified Date = 2008-7-20 21:37:06 | Attr = ] Au_.exe -> C:\Documents and Settings\computer\Local Settings\Temp\~nsu.tmp\Au_.exe -> [Ver = | Size = 63841 bytes | Modified Date = 2006-5-5 23:34:34 | Attr = ] C:\Documents and Settings\computer\Local Settings\Temp\{56F3E1FF-54FE-4384-A153-6CCABA097814}\ -> C:\Documents and Settings\computer\Local Settings\Temp\{56F3E1FF-54FE-4384-A153-6CCABA097814} -> [Folder | Modified Date = 2008-7-20 21:51:16 | Attr = ] CTEngine.INI -> C:\Documents and Settings\computer\Local Settings\Temp\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CTEngine.INI -> [Ver = | Size = 10 bytes | Modified Date = 2008-7-20 21:50:04 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2008-7-16 19:56:49 | Attr = ] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 2008-6-24 00:53:51 | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2008-6-24 00:54:17 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2008-7-11 21:37:00 | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1743 bytes | Modified Date = 2008-5-11 09:04:02 | Attr = ] ScanSoft -> %AllUsersProfile%\Application Data\ScanSoft -> [Folder | Modified Date = 2008-6-30 00:46:12 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-5-28 09:59:01 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2008-5-27 23:36:19 | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 VOWSoft -> %AllUsersProfile%\Application Data\VOWSoft -> [Folder | Modified Date = 2008-6-14 08:24:39 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008-7-16 19:56:49 | Attr = ] Auslogics -> %AppData%\Auslogics -> [Folder | Modified Date = 2008-7-20 21:20:22 | Attr = ] AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Modified Date = 2008-6-25 01:14:14 | Attr = ] Brother -> %AppData%\Brother -> [Folder | Modified Date = 2008-5-16 23:20:59 | Attr = R ] Hamachi -> %AppData%\Hamachi -> [Folder | Modified Date = 2008-6-13 22:24:17 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-7-11 21:37:07 | Attr = ] MegauploadToolbar -> %AppData%\MegauploadToolbar -> [Folder | Modified Date = 2008-7-19 22:18:27 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 82432 bytes | Modified Date = 2008-6-8 19:24:09 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 113424 bytes | Modified Date = 2008-6-27 23:16:05 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1934482 bytes | Modified Date = 2008-6-9 00:06:35 | Attr = H ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Modified Date = 2008-7-20 21:31:17 | Attr = ] My PaperPort Documents -> %UserProfile%\My Documents\My PaperPort Documents -> [Folder | Modified Date = 2008-6-30 00:45:37 | Attr = ] spider.sav -> %UserProfile%\My Documents\spider.sav -> [Ver = | Size = 572 bytes | Modified Date = 2008-6-22 21:55:30 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 2008-6-19 00:48:54 | Attr = ] AusLogics Disk Defrag.lnk -> %UserProfile%\Desktop\AusLogics Disk Defrag.lnk -> [Ver = | Size = 801 bytes | Modified Date = 2008-7-20 21:20:11 | Attr = ] chem term3.doc -> %UserProfile%\Desktop\chem term3.doc -> [Ver = | Size = 38912 bytes | Modified Date = 2008-7-16 20:54:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\chem term3.doc:Zone.Identifier econs essay 1.doc -> %UserProfile%\Desktop\econs essay 1.doc -> [Ver = | Size = 0 bytes | Modified Date = 2008-5-23 23:42:00 | Attr = ] econs essay 2.doc -> %UserProfile%\Desktop\econs essay 2.doc -> [Ver = | Size = 36864 bytes | Modified Date = 2008-5-23 23:42:02 | Attr = ] GCE A Levels.pdf -> %UserProfile%\Desktop\GCE A Levels.pdf -> [Ver = | Size = 63649 bytes | Modified Date = 2008-5-18 23:57:09 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008-7-11 22:07:38 | Attr = ] livelysetup.exe -> %UserProfile%\Desktop\livelysetup.exe -> Google Inc. [Ver = 1.2.121.5 | Size = 479848 bytes | Modified Date = 2008-7-11 21:07:11 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\livelysetup.exe:Zone.Identifier Mahjong.lnk -> %UserProfile%\Desktop\Mahjong.lnk -> [Ver = | Size = 659 bytes | Modified Date = 2008-6-21 22:43:52 | Attr = ] Maths BT2 2007 - sol.pdf -> %UserProfile%\Desktop\Maths BT2 2007 - sol.pdf -> [Ver = | Size = 104254 bytes | Modified Date = 2008-5-23 23:42:56 | Attr = ] Maths BT2 2007.pdf -> %UserProfile%\Desktop\Maths BT2 2007.pdf -> [Ver = | Size = 63203 bytes | Modified Date = 2008-5-23 23:42:45 | Attr = ] Maths Prelim 1.pdf -> %UserProfile%\Desktop\Maths Prelim 1.pdf -> [Ver = | Size = 72252 bytes | Modified Date = 2008-5-23 23:43:34 | Attr = ] Maths Prelim 2.pdf -> %UserProfile%\Desktop\Maths Prelim 2.pdf -> [Ver = | Size = 76295 bytes | Modified Date = 2008-5-23 23:43:09 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-7-20 22:20:34 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 2008-7-20 21:08:01 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Programs -> %UserProfile%\Desktop\Programs -> [Folder | Modified Date = 2008-7-20 21:10:20 | Attr = ] Radioactivity Effects & Applications.pdf -> %UserProfile%\Desktop\Radioactivity Effects & Applications.pdf -> [Ver = | Size = 309105 bytes | Modified Date = 2008-7-20 21:06:19 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Radioactivity Effects & Applications.pdf:Zone.Identifier Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 207872 bytes | Modified Date = 2008-6-14 22:22:31 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable topics.doc -> %UserProfile%\Desktop\topics.doc -> [Ver = | Size = 70144 bytes | Modified Date = 2008-7-16 20:54:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\topics.doc:Zone.Identifier SmartUI.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\SmartUI.lnk -> [Ver = | Size = 727 bytes | Modified Date = 2008-5-13 23:31:26 | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 2008-7-11 21:36:44 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 2008-5-13 23:35:45 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 2008-7-20 21:34:50 | Attr = ] scansoft shared -> %CommonProgramFiles%\scansoft shared -> [Folder | Modified Date = 2008-5-13 23:31:24 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]