[code] WinPFind35 logfile created on: 2008-02-22 19:20:08 WinPFind35U Version 1.0.0.1 Folder = C:\Documents and Settings\jonte mattsson\Desktop\WinPFind35u Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd 383,36 Mb Total Physical Memory | 123,41 Mb Available Physical Memory | 32,19% Memory free 919,85 Mb Paging File | 609,00 Mb Available in Paging File | 66,21% Paging File free Paging file location(s): C:\pagefile.sys 576 1152; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,88 Gb Total Space | 18,06 Gb Free Space | 32,33% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JONTE Current User Name: jonte mattsson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-09 22:29:40 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-09 22:29:40 | Attr = ] asghost.exe -> %ProgramFiles%\HPQ\IAM\Bin\asghost.exe -> Cognizance Corporation [Ver = 1.5.0.035 | Size = 43008 bytes | Modified Date = 2005-06-29 20:06:54 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2008-02-21 22:00:48 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 13:31:10 | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 5 | Size = 98304 bytes | Modified Date = 2005-12-22 00:06:58 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 2005-08-09 21:05:00 | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2008-02-21 19:41:02 | Attr = ] [Win32 Services - Non-Microsoft Only] (aodun_server) aodun_server [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\aodun.exe -> File not found (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 2005-08-09 22:29:40 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 13:31:10 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] (hpqwmi) HP WMI Interface [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\HPQ\Shared\hpqwmi.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1, 0, 5, 9 | Size = 94208 bytes | Modified Date = 2005-10-06 08:14:42 | Attr = ] (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 5 | Size = 98304 bytes | Modified Date = 2005-12-22 00:06:58 | Attr = ] (WmcCds) Windows Media Connect (WMC) [Win32_Own | Unknown | Stopped] -> -> File not found [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 2005-03-09 15:53:00 | Attr = ] (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273856 bytes | Modified Date = 2005-08-09 22:35:42 | Attr = ] (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ATSwpDrv.sys -> AuthenTec, Inc. [Ver = 6.29.2.0 | Size = 117010 bytes | Modified Date = 2005-07-12 17:40:00 | Attr = R ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 2007-05-30 13:10:42 | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 2007-05-30 13:10:42 | Attr = ] (b57w2k) Broadcom NetLink (TM) Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.103.0.0 built by: WinDDK | Size = 128256 bytes | Modified Date = 2005-01-27 18:09:08 | Attr = R ] (BCM43XX) Drivrutin för Broadcom 802.11 nätverksadapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.65.1 built by: WinDDK | Size = 371712 bytes | Modified Date = 2005-05-11 10:20:38 | Attr = ] (CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6aud.sys -> Conexant Systems Inc. [Ver = 6.14.10.0559 | Size = 38144 bytes | Modified Date = 2005-07-20 17:43:54 | Attr = R ] (CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\camc6hal.sys -> Conexant Systems Inc. [Ver = 6.14.10.0559 | Size = 346496 bytes | Modified Date = 2005-07-20 17:44:42 | Attr = R ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (ClntMgmt.sys) ClntMgmt.sys [Kernel | System | Running] -> %SystemRoot%\system32\drivers\clntmgmt.sys -> Hewlett-Packard [Ver = 2,1,2004,0219 | Size = 59044 bytes | Modified Date = 2004-02-20 10:35:28 | Attr = R ] (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 25628 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 2005-08-25 12:16:52 | Attr = ] (DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 2496 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 86524 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 14684 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 6364 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 2005-08-25 12:16:16 | Attr = ] (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 94332 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.07a | Size = 87036 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.03a | Size = 88752 bytes | Modified Date = 2005-08-30 03:30:00 | Attr = ] (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 2005-08-12 05:20:00 | Attr = ] (eabfiltr) eabfiltr [Kernel | System | Running] -> %SystemRoot%\system32\drivers\eabfiltr.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.01.04 | Size = 7936 bytes | Modified Date = 2005-05-05 10:04:08 | Attr = ] (eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EabUsb.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.04 | Size = 5760 bytes | Modified Date = 2005-05-05 10:04:04 | Attr = ] (ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyCDFL.sys -> SlySoft, Inc. [Ver = 5, 2, 1, 3 | Size = 34760 bytes | Modified Date = 2006-12-26 13:54:35 | Attr = ] (ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 1 | Size = 15440 bytes | Modified Date = 2006-12-26 13:54:34 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HSFHWATI) HSFHWATI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWATI.sys -> Conexant Systems, Inc. [Ver = 7.20.00.75 built by: WinDDK | Size = 200576 bytes | Modified Date = 2005-04-18 02:00:06 | Attr = R ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.20.00.75 built by: WinDDK | Size = 1038336 bytes | Modified Date = 2005-04-18 02:00:06 | Attr = R ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 2005-04-18 02:00:06 | Attr = R ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2007-03-08 00:51:00 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (s116bus) Sony Ericsson Device 116 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116bus.sys -> MCCI Corporation [Ver = V4.40 | Size = 83336 bytes | Modified Date = 2007-04-03 13:57:42 | Attr = R ] (s116mdfl) Sony Ericsson Device 116 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mdfl.sys -> MCCI Corporation [Ver = V4.40 | Size = 15112 bytes | Modified Date = 2007-04-03 13:57:48 | Attr = R ] (s116mdm) Sony Ericsson Device 116 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mdm.sys -> MCCI Corporation [Ver = V4.40 | Size = 108680 bytes | Modified Date = 2007-04-03 13:57:48 | Attr = R ] (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116mgmt.sys -> MCCI Corporation [Ver = V4.40 | Size = 100488 bytes | Modified Date = 2007-04-03 13:57:50 | Attr = R ] (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116nd5.sys -> MCCI Corporation [Ver = V4.40 | Size = 23176 bytes | Modified Date = 2007-04-03 13:57:52 | Attr = R ] (s116obex) Sony Ericsson Device 116 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116obex.sys -> MCCI Corporation [Ver = V4.40 | Size = 98696 bytes | Modified Date = 2007-04-03 13:57:52 | Attr = R ] (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s116unic.sys -> MCCI Corporation [Ver = V4.40 | Size = 99080 bytes | Modified Date = 2007-04-03 13:57:54 | Attr = R ] (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27bus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Modified Date = 2006-04-28 17:24:42 | Attr = ] (SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Modified Date = 2006-04-28 17:25:40 | Attr = ] (SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Modified Date = 2006-04-28 17:25:44 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 685816 bytes | Modified Date = 2007-09-25 19:09:59 | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.0.13 17Jun05 | Size = 190400 bytes | Modified Date = 2005-06-20 12:33:18 | Attr = ] (tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.2 | Size = 162432 bytes | Modified Date = 2005-09-20 10:30:56 | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.20.00.75 built by: WinDDK | Size = 703488 bytes | Modified Date = 2005-04-18 02:00:06 | Attr = R ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2008-02-21 22:00:48 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < jonte mattsson Startup Folder > -> C:\Documents and Settings\jonte mattsson\Start Menu\Programs\Startup -> < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 360rpt.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found 360Safe.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found 360tray.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found adam.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found AgentSvr.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found AppSvc32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found ArSwp.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found AST.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found autoruns.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found avconsol.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found avgrssvc.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found AvMonitor.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found avp.com -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found avp.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found CCenter.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found ccSvcHst.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found EGHOST.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found FileDsty.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found FTCleanerShell.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found FYFireWall.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found HijackThis.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found IceSword.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found iparmo.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Iparmor.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found isPwdSvc.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found kabaload.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KaScrScn.SCR -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KASMain.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KASTask.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KAV32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KAVDX.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KAVPF.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KAVPFW.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KAVSetup.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KAVStart.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KISLnchr.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KMailMon.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KMFilter.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KPFW32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KPFW32X.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KPfwSvc.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KRegEx.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KRepair.com -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KsLoader.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KWatch.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KWatch9x.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KWatchX.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KVCenter.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KvDetect.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KvfwMcl.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KVMonXP.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KVMonXP_1.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found kvol.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found kvolself.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KvReport.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KVScan.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KVSrvXP.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KVStub.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found kvupload.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found kvwsc.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KvXP.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found KvXP_1.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found loaddll.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found MagicSet.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found mcconsol.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found mmqczj.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found mmsk.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Navapsvc.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Navapw32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found nod32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found nod32krn.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found nod32kui.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found NPFMntor.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found PFW.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found PFWLiveUpdate.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found QHSET.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found QQDoctor.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found QQKav.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Ras.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Rav.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found RavMon.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found RavMonD.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found RavStub.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found RavTask.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found RegClean.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found rfwcfg.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found rfwmain.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found rfwsrv.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found RsAgent.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Rsaupd.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found rstrui.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found runiep.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found safelive.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found scan32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found shcfg32.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found SmartUp.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found SREng.EXE -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found symlcsvc.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found SysSafe.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found TrojanDetector.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found Trojanwall.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found TrojDie.kxp -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UIHost.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UmxAgent.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UmxAttachment.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UmxCfg.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UmxFwHlp.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UmxPol.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found upiea.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found UpLive.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found USBCleaner.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found webscanx.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found WoptiClean.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found vsstat.exe -> %CommonProgramFiles%\Microsoft Shared\jkihbgh.exe [Debugger] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 13:29:58 | Attr = ] {A93A4625-6216-499C-B360-BBD0A7C0D479} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\MSINFO\QQGS1.dll [] -> File not found {D544C22D-1F70-4B1E-873D-D8DABEB26695} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\MSINFO\atmQQ2.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003] > -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 2005-08-09 22:30:44 | Attr = ] OneCard -> %ProgramFiles%\HPQ\IAM\Bin\AsWlnPkg.dll -> Cognizance Corporation [Ver = 1.5.0.037 | Size = 40960 bytes | Modified Date = 2005-07-25 19:41:50 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003] > -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://google.daemonsearch.com/se/ý -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\] > -> -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\: Main\\Start Page -> http://google.daemonsearch.com/se/ý -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Länkhjälp till Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.07a | Size = 110652 bytes | Modified Date = 2005-08-31 05:20:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 2007-09-14 18:24:27 | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {DF21F1DB-80C6-11D3-9483-B03D0EC10000} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HPQ\IAM\Bin\ItIeAddIN.dll [HP Credential Manager for ProtectTools] -> Infineon Technologies AG [Ver = 1.01.069 | Size = 50688 bytes | Modified Date = 2005-03-03 03:35:00 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 2005-06-03 04:09:54 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 2007-09-14 18:24:27 | Attr = ] {2670000A-7350-4f3c-8081-5663EE0C6C49}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Skicka till OneNote] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 2005-06-03 04:09:54 | Attr = ] CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-1004336348-1085031214-1801674531-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 2005-06-03 04:09:54 | Attr = ] CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {AABE2066-97F4-4619-86ED-217BAF923ED2} -> (1394 Net Adapter) -> {ED5FFBB1-43D6-4D9D-BF1D-1005E3A4942D} -> (Broadcom NetLink (TM) Gigabit Ethernet) -> {FA389D75-AB54-48F2-94DC-4AD682FD7E63} -> (Broadcom 802.11b/g WLAN) -> {FB304516-A9C5-41AC-8821-B687BFDD49D4} -> (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {25365FF3-2746-4230-9DA7-163CCA318309}[HKEY_LOCAL_MACHINE] -> http://inst.c-wss.com/n042p/EN/install/gtdownlr.cab[Automatic Driver Installation Control] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 18:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 15:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 796 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] AsWlnPkg -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 6123 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 2007-01-19 12:55:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 2007-01-04 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 2007-01-19 12:55:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 2007-01-04 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 2006-10-27 15:16:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe -> C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe [C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\Steam.exe -> C:\Program Files\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\steamapps\sthlm_08@hotmail.com\counter-strike\hl.exe -> C:\Program Files\Steam\steamapps\sthlm_08@hotmail.com\counter-strike\hl.exe [C:\Program Files\Steam\steamapps\sthlm_08@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\steamapps\fv_killen@hotmail.com\counter-strike\hl.exe -> C:\Program Files\Steam\steamapps\fv_killen@hotmail.com\counter-strike\hl.exe [C:\Program Files\Steam\steamapps\fv_killen@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-09 14:01:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DC++\DCPlusPlus.exe -> C:\Program Files\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 2008-02-22 10:34:39 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11156:TCP -> 11156:TCP:*:Enabled:BitComet 11156 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11156:UDP -> 11156:UDP:*:Enabled:BitComet 11156 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 05:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk -> %SystemDrive%\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe -> File not found < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> DAEMON Tools hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 171464 bytes | Modified Date = 2007-09-18 15:16:16 | Attr = ] iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> File not found [Files/Folders - Created Within 90 days] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 2007-05-30 13:10:42 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 2007-12-18 15:16:55 | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 14848 bytes | Modified Date = 2008-01-07 23:30:55 | Attr = ] SDRemoveDB.db -> %SystemRoot%\System32\SDRemoveDB.db -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-22 00:08:18 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 2008-01-10 17:03:16 | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 2007-12-23 14:25:46 | Attr = H ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-02-22 10:29:03 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-02-22 10:29:02 | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2008-02-21 21:54:51 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2008-02-21 21:57:01 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 2007-11-26 10:43:01 | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 2008-01-10 17:17:34 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2008-02-21 21:55:05 | Attr = ] Cw -> %UserProfile%\Desktop\Cw -> [Folder | Created Date = 2008-01-28 16:03:54 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 4608 bytes | Modified Date = 2007-12-07 17:19:53 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2008-02-22 18:56:31 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 2008-02-22 18:56:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier [Files/Folders - Modified Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 402051072 bytes | Modified Date = 2008-02-22 10:21:01 | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-02-22 01:01:08 | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-02-22 10:29:03 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-02-22 00:13:18 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 2007-12-18 15:16:55 | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 14848 bytes | Modified Date = 2008-01-07 23:30:55 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-02-08 00:23:11 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 2007-12-08 16:42:43 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2007-12-24 21:17:24 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-02-21 22:01:42 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 54010 bytes | Modified Date = 2008-02-22 10:22:45 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 383822 bytes | Modified Date = 2008-02-22 10:22:45 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 443556 bytes | Modified Date = 2008-02-22 10:22:45 | Attr = ] SDRemoveDB.db -> %SystemRoot%\System32\SDRemoveDB.db -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-22 00:08:18 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-02-20 15:17:42 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-02-22 10:21:05 | Attr = S] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 2007-12-08 16:44:43 | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-12-24 21:16:17 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-02-21 22:00:06 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-01-13 22:51:04 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 2007-12-23 14:25:46 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-02-22 18:59:43 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-02-22 10:29:03 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-02-22 10:29:02 | Attr = H ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2007-12-19 18:08:23 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-02-22 00:07:59 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-02-22 10:22:45 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-02-22 10:21:34 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-12-08 16:39:20 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-02-22 10:21:07 | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2008-02-19 15:00:42 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5480 bytes | Modified Date = 2007-11-21 15:00:42 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007-10-08 18:57:13 | Attr = ] ose00000.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 2006-10-28 00:14:30 | Attr = R ] ose00001.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\ose00001.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 2006-10-28 00:14:30 | Attr = R ] 278 C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp -> NeroBar.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\NeroBar.exe -> Nero AG [Ver = 2, 0, 9, 2 | Size = 1717544 bytes | Modified Date = 2007-10-04 11:56:55 | Attr = ] SetupX.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\SetupX.exe -> Nero AG [Ver = 1, 8, 5, 1 | Size = 2483496 bytes | Modified Date = 2007-11-07 15:35:31 | Attr = ] Toolbar.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Toolbar.exe -> [Ver = | Size = 483328 bytes | Modified Date = 2006-12-15 15:50:29 | Attr = ] NL2WriteThrough.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\NL2WriteThrough.exe -> NERO AG [Ver = 1.0.0.1 | Size = 218408 bytes | Modified Date = 2007-11-07 15:35:20 | Attr = ] WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> Microsoft Corporation [Ver = 6.1.0006.0 built by: main(hemchans) | Size = 2003176 bytes | Modified Date = 2007-02-09 13:59:27 | Attr = ] wmfdist.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\wmfdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 4085904 bytes | Modified Date = 2002-12-11 20:11:50 | Attr = ] wmfdist95.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\wmfdist95.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 5649648 bytes | Modified Date = 2004-08-11 00:51:20 | Attr = ] dxsetup.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\DirectX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 2006-08-14 16:08:04 | Attr = ] NeroDelTmp.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Setup\NeroDelTmp.exe -> Nero AG [Ver = 1, 8, 5, 1 | Size = 1500456 bytes | Modified Date = 2007-11-07 15:35:20 | Attr = ] UninstallNero.exe -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Setup\UninstallNero.exe -> Nero AG [Ver = 1, 8, 5, 1 | Size = 1598760 bytes | Modified Date = 2007-11-07 15:35:20 | Attr = ] drm_dialogs.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\drm_dialogs.dll -> Sony DADC Austria AG [Ver = 1, 2, 0, 1 | Size = 65536 bytes | Modified Date = 2007-10-26 16:55:01 | Attr = ] drm_dyndata_7340013.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\drm_dyndata_7340013.dll -> Sony DADC Austria AG [Ver = 1, 0, 0, 3 | Size = 208896 bytes | Modified Date = 2007-10-26 16:54:59 | Attr = ] 278 C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp -> GameExplorerUtilities.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\325286.tmp\GameExplorerUtilities.dll -> [Ver = | Size = 102400 bytes | Modified Date = 2007-10-26 18:55:57 | Attr = ] GameExplorerUtilities.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\488414.tmp\GameExplorerUtilities.dll -> [Ver = | Size = 102400 bytes | Modified Date = 2007-10-26 16:54:30 | Attr = ] setuphook.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\GGS19.tmp\setuphook.dll -> [Ver = | Size = 24576 bytes | Modified Date = 2007-09-14 17:15:30 | Attr = ] _Setup.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\isp177.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 380928 bytes | Modified Date = 2007-09-14 15:28:39 | Attr = ] _Setup.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\isp1E8.tmp\_Setup.dll -> Macrovision Corporation [Ver = 10.50.125 | Size = 380928 bytes | Modified Date = 2007-09-14 15:35:01 | Attr = ] AdvrCntr3.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\nero.tmp\8.1.1.4_8.10.293_14182\AdvrCntr3.dll -> Nero AG [Ver = 1,3,1, 207 | Size = 3945768 bytes | Modified Date = 2007-10-26 08:04:48 | Attr = ] InstGuru.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\InstGuru.dll -> Nero AG [Ver = 1, 0, 0, 0 | Size = 120112 bytes | Modified Date = 2007-11-07 15:35:17 | Attr = ] DSETUP.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\DirectX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 2006-08-14 16:08:04 | Attr = ] dsetup32.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Data\Redist\DirectX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248984 bytes | Modified Date = 2006-08-14 16:08:04 | Attr = ] NPS.dll -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\NERO14182\Setup\NPS.dll -> Nero AG [Ver = 1, 8, 5, 1 | Size = 4580648 bytes | Modified Date = 2007-11-07 15:35:20 | Attr = ] Perflib_Perfdata_7a0.dat -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\Perflib_Perfdata_7a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-02-22 10:37:58 | Attr = ] 278 C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp -> compreg.dat -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\GGS19.tmp\Fake Profile\compreg.dat -> [Ver = | Size = 147247 bytes | Modified Date = 2007-09-14 17:16:02 | Attr = ] xpti.dat -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\GGS19.tmp\Fake Profile\xpti.dat -> [Ver = | Size = 92986 bytes | Modified Date = 2007-09-14 17:16:00 | Attr = ] {AC76BA86-7AD7-1053-7B44-A81000000003}.ini -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\{AC76BA86-7AD7-1053-7B44-A81000000003}.ini -> [Ver = | Size = 517 bytes | Modified Date = 2007-09-28 18:40:27 | Attr = ] 278 C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\*.tmp -> TAOSEQ.INI -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\AUDIO0005\TAOSEQ.INI -> [Ver = | Size = 5940 bytes | Modified Date = 2007-09-14 15:24:01 | Attr = ] compatibility.ini -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\GGS19.tmp\Fake Profile\compatibility.ini -> [Ver = | Size = 138 bytes | Modified Date = 2007-09-14 17:16:00 | Attr = ] SAUDIO1.INI -> C:\Documents and Settings\jonte mattsson\Local Settings\Temp\ven_1002&dev_4370&subsys_308b103c\SAUDIO1.INI -> [Ver = | Size = 433 bytes | Modified Date = 2007-09-14 15:24:01 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2008-02-21 21:54:51 | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 2007-12-19 18:16:09 | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 2008-01-10 19:27:07 | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 2008-02-17 22:38:40 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2008-02-21 21:57:01 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-01-10 17:13:26 | Attr = S] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 2007-12-17 16:08:07 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 2008-02-22 16:37:44 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 65024 bytes | Modified Date = 2008-02-21 23:46:37 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 6416734 bytes | Modified Date = 2008-02-22 01:29:25 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2007-12-28 12:57:51 | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 2008-02-22 10:39:31 | Attr = ] Mina delade mappar.lnk -> %UserProfile%\My Documents\Mina delade mappar.lnk -> [Ver = | Size = 595 bytes | Modified Date = 2008-02-22 18:53:23 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-01-27 12:05:36 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 2008-02-08 00:16:53 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2008-02-21 21:55:05 | Attr = ] Cw -> %UserProfile%\Desktop\Cw -> [Folder | Modified Date = 2008-02-20 22:29:25 | Attr = ] Jontes -> %UserProfile%\Desktop\Jontes -> [Folder | Modified Date = 2008-02-08 00:41:50 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 4608 bytes | Modified Date = 2007-12-07 17:19:53 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2008-02-22 18:59:32 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 2008-02-22 18:56:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2007-12-08 16:40:25 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2008-02-21 22:08:51 | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 2008-02-21 21:54:51 | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 2007-09-28 18:43:29 | Attr = ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 2007-09-16 15:14:45 | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 2007-09-29 11:41:53 | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 2007-09-14 17:54:53 | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 2008-02-21 21:54:51 | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 2007-10-08 18:49:59 | Attr = S] Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help -> [Folder | Modified Date = 2007-12-19 18:16:09 | Attr = ] Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [Folder | Modified Date = 2008-01-10 19:27:07 | Attr = ] Sony Ericsson -> C:\Documents and Settings\All Users\Application Data\Sony Ericsson -> [Folder | Modified Date = 2007-10-12 14:52:45 | Attr = ] Teleca -> C:\Documents and Settings\All Users\Application Data\Teleca -> [Folder | Modified Date = 2007-10-12 14:52:50 | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 2007-10-03 00:07:25 | Attr = ] @Alternate Data Stream - 107 bytes -> %AllUsersProfile%\Application Data\TEMP:0A8E2C33 C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 2007-09-14 15:40:08 | Attr = RH ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 2007-09-14 15:02:12 | Attr = S] C:\Documents and Settings\jonte mattsson\Application Data\ -> C:\Documents and Settings\jonte mattsson\Application Data -> [Folder | Modified Date = 2008-01-10 19:27:15 | Attr = H ] Adobe -> C:\Documents and Settings\jonte mattsson\Application Data\Adobe -> [Folder | Modified Date = 2007-09-28 18:49:06 | Attr = ] Apple Computer -> C:\Documents and Settings\jonte mattsson\Application Data\Apple Computer -> [Folder | Modified Date = 2007-09-29 11:43:53 | Attr = ] dvdcss -> C:\Documents and Settings\jonte mattsson\Application Data\dvdcss -> [Folder | Modified Date = 2008-02-17 22:38:40 | Attr = ] Grisoft -> C:\Documents and Settings\jonte mattsson\Application Data\Grisoft -> [Folder | Modified Date = 2008-02-21 21:57:01 | Attr = ] Identities -> C:\Documents and Settings\jonte mattsson\Application Data\Identities -> [Folder | Modified Date = 2007-09-14 15:16:11 | Attr = ] iid -> C:\Documents and Settings\jonte mattsson\Application Data\iid -> [Folder | Modified Date = 2007-09-18 13:06:04 | Attr = ] InterVideo -> C:\Documents and Settings\jonte mattsson\Application Data\InterVideo -> [Folder | Modified Date = 2007-10-23 21:41:53 | Attr = ] Leadertech -> C:\Documents and Settings\jonte mattsson\Application Data\Leadertech -> [Folder | Modified Date = 2007-09-28 16:39:04 | Attr = ] LimeWire -> C:\Documents and Settings\jonte mattsson\Application Data\LimeWire -> [Folder | Modified Date = 2007-11-24 15:43:44 | Attr = ] Macromedia -> C:\Documents and Settings\jonte mattsson\Application Data\Macromedia -> [Folder | Modified Date = 2007-09-14 23:07:22 | Attr = ] Microsoft -> C:\Documents and Settings\jonte mattsson\Application Data\Microsoft -> [Folder | Modified Date = 2008-01-10 17:13:26 | Attr = S] Mozilla -> C:\Documents and Settings\jonte mattsson\Application Data\Mozilla -> [Folder | Modified Date = 2007-09-14 17:20:20 | Attr = ] OpenOffice.org2 -> C:\Documents and Settings\jonte mattsson\Application Data\OpenOffice.org2 -> [Folder | Modified Date = 2007-12-17 16:08:07 | Attr = ] SecuROM -> C:\Documents and Settings\jonte mattsson\Application Data\SecuROM -> [Folder | Modified Date = 2007-10-26 16:55:00 | Attr = RH ] Sonic -> C:\Documents and Settings\jonte mattsson\Application Data\Sonic -> [Folder | Modified Date = 2007-09-28 16:39:15 | Attr = ] Sony Ericsson -> C:\Documents and Settings\jonte mattsson\Application Data\Sony Ericsson -> [Folder | Modified Date = 2007-10-12 14:53:15 | Attr = ] Sun -> C:\Documents and Settings\jonte mattsson\Application Data\Sun -> [Folder | Modified Date = 2007-09-14 18:24:11 | Attr = ] Teleca -> C:\Documents and Settings\jonte mattsson\Application Data\Teleca -> [Folder | Modified Date = 2007-10-12 15:03:25 | Attr = ] uTorrent -> C:\Documents and Settings\jonte mattsson\Application Data\uTorrent -> [Folder | Modified Date = 2008-02-22 16:37:44 | Attr = ] WinRAR -> C:\Documents and Settings\jonte mattsson\Application Data\WinRAR -> [Folder | Modified Date = 2007-09-28 16:27:12 | Attr = ] vlc -> C:\Documents and Settings\jonte mattsson\Application Data\vlc -> [Folder | Modified Date = 2007-09-14 17:04:53 | Attr = ] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 2007-09-14 15:12:46 | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 2007-09-14 15:12:47 | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 2007-09-14 15:07:58 | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 2007-09-14 15:08:01 | Attr = S] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 2007-09-14 15:12:49 | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 2004-08-08 06:00:00 | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-02-22 10:21:07 | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]