[code] WinPFind35 logfile created on: 24/02/2008 11:54:25 AM WinPFind35U Version 1.0.0.1 Folder = C:\Users\lostonearth\Desktop\WinPFind35u Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16609) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 67.91% Memory free 4.00 Gb Paging File | 3.32 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 113.20 Gb Total Space | 97.60 Gb Free Space | 86.23% Space Free | Partition Type: NTFS Drive D: | 112.85 Gb Total Space | 112.75 Gb Free Space | 99.91% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LOSTONEARTH-PC Current User Name: lostonearth Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 610304 bytes | Modified Date = 29/09/2007 3:01:04 AM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 20/11/2006 8:44:32 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 610304 bytes | Modified Date = 29/09/2007 3:01:04 AM | Attr = ] appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.00.7 | Size = 46736 bytes | Modified Date = 20/11/2006 8:43:42 PM | Attr = ] rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 5:37:00 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107112 bytes | Modified Date = 20/11/2006 8:44:28 PM | Attr = ] sysmonitor.exe -> %SystemRoot%\System32\SysMonitor.exe -> [Ver = 1.0.1.0 | Size = 319488 bytes | Modified Date = 23/11/2006 3:24:54 PM | Attr = ] edsloader.exe -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2, 5, 3023, 136 | Size = 453120 bytes | Modified Date = 17/11/2006 8:26:58 AM | Attr = ] memcheck.exe -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> [Ver = 1.0.0.0 | Size = 24576 bytes | Modified Date = 12/11/2006 9:35:08 PM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 12/09/2007 6:27:24 PM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19/10/2006 1:52:24 PM | Attr = ] richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.0.1321 | Size = 143360 bytes | Modified Date = 21/01/2005 3:37:16 AM | Attr = ] erecoveryservice.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> Acer Inc. [Ver = 2.5.3.6 | Size = 45056 bytes | Modified Date = 08/12/2006 3:45:32 PM | Attr = ] acer.empowering.framework.supervisor.exe -> %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe -> Acer Inc. [Ver = 2.5.3002.0 | Size = 319488 bytes | Modified Date = 23/11/2006 3:24:46 PM | Attr = ] eragent.exe -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRAgent.exe -> Acer Inc. [Ver = 2.5.4.0 | Size = 393216 bytes | Modified Date = 12/11/2006 12:35:58 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 24/02/2008 3:24:05 AM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 21/02/2008 7:41:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AcerMemUsageCheckService) ePerformance Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\ePerformance\MemCheck.exe -> [Ver = 1.0.0.0 | Size = 24576 bytes | Modified Date = 12/11/2006 9:35:08 PM | Attr = ] (Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 610304 bytes | Modified Date = 29/09/2007 3:01:04 AM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 12/09/2007 6:27:24 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 20/11/2006 8:44:32 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 20/11/2006 8:44:32 PM | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 20/11/2006 8:44:32 PM | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.1.0.9 | Size = 49296 bytes | Modified Date = 20/11/2006 8:42:52 PM | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (eRecoveryService) eRecovery Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -> Acer Inc. [Ver = 2.5.3.6 | Size = 45056 bytes | Modified Date = 08/12/2006 3:45:32 PM | Attr = ] (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.1.0.38 | Size = 80552 bytes | Modified Date = 20/11/2006 8:42:12 PM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19/10/2006 1:52:24 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 12/09/2007 6:27:24 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.0.1321 | Size = 143360 bytes | Modified Date = 21/01/2005 3:37:16 AM | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 24/02/2008 3:24:05 AM | Attr = ] (SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.00.7 | Size = 46736 bytes | Modified Date = 20/11/2006 8:43:42 PM | Attr = ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 29/01/2008 5:38:31 PM | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107624 bytes | Modified Date = 20/11/2006 8:44:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acer Assist Launcher -> %ProgramFiles%\Acer Assist\launcher.exe -> [Ver = | Size = 1261568 bytes | Modified Date = 04/12/2006 1:05:16 PM | Attr = ] Acer Empowering Technology Monitor -> %SystemRoot%\System32\SysMonitor.exe -> [Ver = 1.0.1.0 | Size = 319488 bytes | Modified Date = 23/11/2006 3:24:54 PM | Attr = ] Acer Product Registration -> %ProgramFiles%\Acer Registration\ACE1.exe -> Leader Technologies [Ver = 1.03 | Size = 3166208 bytes | Modified Date = 13/12/2006 10:55:32 AM | Attr = ] Acer Tour -> -> File not found ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.1.1.4 | Size = 107112 bytes | Modified Date = 20/11/2006 8:44:28 PM | Attr = ] eDataSecurity Loader -> %SystemDrive%\Acer\Empowering Technology\eDataSecurity\eDSloader.exe -> HiTRUST [Ver = 2, 5, 3023, 136 | Size = 453120 bytes | Modified Date = 17/11/2006 8:26:58 AM | Attr = ] eRecoveryService -> -> File not found osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.1.0.38 | Size = 22696 bytes | Modified Date = 20/11/2006 8:42:16 PM | Attr = ] RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 5:37:00 AM | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.83 | Size = 583048 bytes | Modified Date = 29/01/2008 5:38:31 PM | Attr = ] Windows Defender -> MSASCui.exe -> File not found < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> Sidebar.exe -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> Sidebar.exe -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000] > -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000] > -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://en.ca.acer.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://en.ca.acer.yahoo.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://en.ca.acer.yahoo.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 27, 1 | Size = 441408 bytes | Modified Date = 27/09/2006 2:42:50 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\] > -> -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\: Main\\Search Page -> http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\: Main\\Start Page -> http://en.ca.acer.yahoo.com -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\: SearchURL\\ -> http://ca.rd.yahoo.com/customize/ycomp/defaults/su/*http://ca.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 27, 1 | Size = 441408 bytes | Modified Date = 27/09/2006 2:42:50 PM | Attr = ] HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\] > -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\] > -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 27, 1 | Size = 441408 bytes | Modified Date = 27/09/2006 2:42:50 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 1:56:50 AM | Attr = ] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.3.6 | Size = 96984 bytes | Modified Date = 20/11/2006 8:45:08 PM | Attr = R ] {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\ActiveToolBand.dll [ShowBarObj Class] -> HiTRUST [Ver = 3, 0, 0, 2 | Size = 299008 bytes | Modified Date = 16/11/2006 1:20:26 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 5, 3022, 14 | Size = 151552 bytes | Modified Date = 16/11/2006 1:18:36 PM | Attr = ] {90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.3.6 | Size = 565960 bytes | Modified Date = 20/11/2006 8:45:10 PM | Attr = R ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 27, 1 | Size = 441408 bytes | Modified Date = 27/09/2006 2:42:50 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 5, 3022, 14 | Size = 151552 bytes | Modified Date = 16/11/2006 1:18:36 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\] > -> HKEY_USERS\S-1-5-21-2323275911-644588627-4202504780-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\eDStoolbar.dll [Acer eDataSecurity Management] -> HiTRUST [Ver = 2, 5, 3022, 14 | Size = 151552 bytes | Modified Date = 16/11/2006 1:18:36 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {59491320-FDB5-405E-AD8F-A5AA7722D0C3} -> (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> [Files/Folders - Created Within 90 days] $RECYCLE.BIN -> %SystemDrive%\$RECYCLE.BIN -> [Folder | Created Date = 23/02/2008 5:55:33 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 23/02/2008 6:09:09 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2147016704 bytes | Modified Date = 24/02/2008 11:23:32 AM | Attr = HS] RTKVHDA.sys -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5334 built by: WinDDK | Size = 1655464 bytes | Modified Date = 01/12/2006 5:38:00 AM | Attr = ] srtsp.cat -> %SystemRoot%\System32\drivers\srtsp.cat -> [Ver = | Size = 10545 bytes | Modified Date = 30/11/2007 11:57:42 PM | Attr = ] srtsp.inf -> %SystemRoot%\System32\drivers\srtsp.inf -> [Ver = | Size = 1415 bytes | Modified Date = 30/11/2007 11:57:42 PM | Attr = ] srtsp.sys -> %SystemRoot%\System32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 30/11/2007 11:57:12 PM | Attr = ] srtspl.cat -> %SystemRoot%\System32\drivers\srtspl.cat -> [Ver = | Size = 10549 bytes | Modified Date = 30/11/2007 11:57:42 PM | Attr = ] srtspl.inf -> %SystemRoot%\System32\drivers\srtspl.inf -> [Ver = | Size = 1430 bytes | Modified Date = 30/11/2007 11:57:42 PM | Attr = ] srtspl.sys -> %SystemRoot%\System32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 30/11/2007 11:57:12 PM | Attr = ] srtspx.cat -> %SystemRoot%\System32\drivers\srtspx.cat -> [Ver = | Size = 10549 bytes | Modified Date = 30/11/2007 11:57:42 PM | Attr = ] srtspx.inf -> %SystemRoot%\System32\drivers\srtspx.inf -> [Ver = | Size = 1421 bytes | Modified Date = 30/11/2007 11:57:42 PM | Attr = ] srtspx.sys -> %SystemRoot%\System32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 30/11/2007 11:57:12 PM | Attr = ] CheckD2DSystem.exe -> %SystemRoot%\System32\CheckD2DSystem.exe -> Acer Inc. [Ver = 2.5.0.11 | Size = 360448 bytes | Modified Date = 20/11/2006 4:11:26 PM | Attr = ] ClearEvent.exe -> %SystemRoot%\System32\ClearEvent.exe -> [Ver = 1.0.2169.16560 | Size = 16384 bytes | Modified Date = 09/12/2005 9:12:02 AM | Attr = ] coh.cache -> %SystemRoot%\System32\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 24/02/2008 2:51:54 AM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 23/02/2008 6:40:25 PM | Attr = ] i386 -> %SystemRoot%\System32\i386 -> [Folder | Created Date = 23/02/2008 5:57:03 PM | Attr = ] ISUSPM.cpl -> %SystemRoot%\System32\ISUSPM.cpl -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 73728 bytes | Modified Date = 11/08/2005 3:29:46 PM | Attr = ] LauncheRyAgentUser.exe -> %SystemRoot%\System32\LauncheRyAgentUser.exe -> [Ver = 3.0.0.0 | Size = 16384 bytes | Modified Date = 10/11/2006 5:27:34 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 23/02/2008 5:59:28 PM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 19/01/2007 3:04:44 PM | Attr = ] rasctrnm.h -> %SystemRoot%\System32\rasctrnm.h -> [Ver = | Size = 1820 bytes | Modified Date = 23/02/2008 6:59:25 PM | Attr = ] Remove_eRecovery.exe -> %SystemRoot%\System32\Remove_eRecovery.exe -> Acer Inc. [Ver = 2.5.0.8 | Size = 327680 bytes | Modified Date = 12/11/2006 11:54:42 AM | Attr = ] RtkAPO.dll -> %SystemRoot%\System32\RtkAPO.dll -> Realtek Semiconductor Corp. [Ver = 11.0.5600.13 built by: WinDDK | Size = 1766912 bytes | Modified Date = 07/11/2006 2:34:00 AM | Attr = ] RtkCoInst.dll -> %SystemRoot%\System32\RtkCoInst.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 2 | Size = 14336 bytes | Modified Date = 24/11/2006 11:58:00 AM | Attr = ] setup.iss -> %SystemRoot%\System32\setup.iss -> [Ver = | Size = 552 bytes | Modified Date = 24/02/2006 11:28:24 AM | Attr = ] wlan.tmf -> %SystemRoot%\System32\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 23/02/2008 6:57:51 PM | Attr = ] Acer(Normal).ini -> %SystemRoot%\Acer(Normal).ini -> [Ver = | Size = 44 bytes | Modified Date = 03/11/2006 4:23:50 PM | Attr = ] Acer(Normal).scr -> %SystemRoot%\Acer(Normal).scr -> [Ver = | Size = 187392 bytes | Modified Date = 19/10/2006 10:00:56 AM | Attr = ] Acer(Wide).ini -> %SystemRoot%\Acer(Wide).ini -> [Ver = | Size = 42 bytes | Modified Date = 02/11/2006 4:38:58 PM | Attr = ] Acer(Wide).scr -> %SystemRoot%\Acer(Wide).scr -> [Ver = | Size = 187392 bytes | Modified Date = 19/10/2006 10:00:56 AM | Attr = ] Acer_Normal -> %SystemRoot%\Acer_Normal -> [Folder | Created Date = 23/02/2008 5:59:18 PM | Attr = ] Acer_Wide -> %SystemRoot%\Acer_Wide -> [Folder | Created Date = 23/02/2008 5:59:21 PM | Attr = ] ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Modified Date = 23/02/2008 7:00:45 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 23/02/2008 6:09:41 PM | Attr = ] RtHDVCpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 11 | Size = 4186112 bytes | Modified Date = 01/12/2006 5:37:00 AM | Attr = ] RtlUpd.exe -> %SystemRoot%\RtlUpd.exe -> Realtek Semiconductor Corp. [Ver = 2, 7, 0, 2 | Size = 1183744 bytes | Modified Date = 13/11/2006 5:07:00 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 23/02/2008 5:32:45 PM | Attr = ] Norton Internet Security - Run Full System Scan - lostonearth.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - lostonearth.job -> [Ver = | Size = 500 bytes | Modified Date = 24/02/2008 2:35:54 AM | Attr = ] [Files/Folders - Modified Within 30 days] $RECYCLE.BIN -> %SystemDrive%\$RECYCLE.BIN -> [Folder | Modified Date = 23/02/2008 5:55:33 PM | Attr = HS] AcerSW -> %SystemDrive%\AcerSW -> [Folder | Modified Date = 23/02/2008 6:05:09 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 23/02/2008 6:09:09 PM | Attr = ] DRV -> %SystemDrive%\DRV -> [Folder | Modified Date = 23/02/2008 4:25:59 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2147016704 bytes | Modified Date = 24/02/2008 11:23:32 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 23/02/2008 6:36:49 PM | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 23/02/2008 6:39:21 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 24/02/2008 2:47:21 AM | Attr = HS] Users -> %SystemDrive%\Users -> [Folder | Modified Date = 23/02/2008 5:53:03 PM | Attr = R ] Windows -> %SystemRoot% -> [Folder | Modified Date = 24/02/2008 3:24:17 AM | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 24/02/2008 2:35:01 AM | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 24/02/2008 3:24:54 AM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 24/02/2008 3:24:54 AM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 24/02/2008 3:24:54 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 23/02/2008 5:31:40 PM | Attr = ] Msft_User_WpdFs_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 23/02/2008 5:31:40 PM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3072 bytes | Modified Date = 24/02/2008 11:23:46 AM | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3072 bytes | Modified Date = 24/02/2008 11:23:46 AM | Attr = H ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 24/02/2008 2:46:34 AM | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 23/02/2008 6:27:13 PM | Attr = ] coh.cache -> %SystemRoot%\System32\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 24/02/2008 2:51:54 AM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 24/02/2008 3:24:53 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 24/02/2008 2:35:02 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 228720 bytes | Modified Date = 24/02/2008 2:35:45 AM | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 23/02/2008 6:40:25 PM | Attr = ] i386 -> %SystemRoot%\System32\i386 -> [Folder | Modified Date = 23/02/2008 5:57:03 PM | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 24/02/2008 2:35:05 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 23/02/2008 5:59:28 PM | Attr = ] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 24/02/2008 2:35:02 AM | Attr = ] OEM -> %SystemRoot%\System32\OEM -> [Folder | Modified Date = 23/02/2008 6:04:41 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 108122 bytes | Modified Date = 24/02/2008 11:28:26 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 622906 bytes | Modified Date = 24/02/2008 11:28:27 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 716948 bytes | Modified Date = 24/02/2008 11:28:26 AM | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 24/02/2008 2:35:05 AM | Attr = ] rasctrnm.h -> %SystemRoot%\System32\rasctrnm.h -> [Ver = | Size = 1820 bytes | Modified Date = 23/02/2008 6:59:25 PM | Attr = ] restore -> %SystemRoot%\System32\restore -> [Folder | Modified Date = 23/02/2008 5:53:19 PM | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Modified Date = 23/02/2008 5:54:15 PM | Attr = ] SLUI -> %SystemRoot%\System32\SLUI -> [Folder | Modified Date = 24/02/2008 2:34:54 AM | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 23/02/2008 6:33:33 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 24/02/2008 2:35:03 AM | Attr = ] WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 24/02/2008 2:27:14 AM | Attr = ] wlan.tmf -> %SystemRoot%\System32\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 23/02/2008 6:57:51 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 24/02/2008 2:35:02 AM | Attr = ] Acer_Normal -> %SystemRoot%\Acer_Normal -> [Folder | Modified Date = 23/02/2008 5:59:23 PM | Attr = ] Acer_Wide -> %SystemRoot%\Acer_Wide -> [Folder | Modified Date = 23/02/2008 5:59:22 PM | Attr = ] Alaunch.ini -> %SystemRoot%\Alaunch.ini -> [Ver = | Size = 95 bytes | Modified Date = 23/02/2008 6:05:12 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 24/02/2008 2:34:52 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 24/02/2008 2:40:08 AM | Attr = R S] ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Modified Date = 23/02/2008 7:00:45 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 24/02/2008 11:23:38 AM | Attr = S] CLEANUP.CMD -> %SystemRoot%\CLEANUP.CMD -> [Ver = | Size = 1306 bytes | Modified Date = 23/02/2008 4:26:49 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 23/02/2008 6:52:20 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 23/02/2008 5:59:18 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 23/02/2008 6:32:09 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 23/02/2008 6:09:41 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24/02/2008 11:28:26 AM | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/02/2008 11:29:50 AM | Attr = HS] Logs -> %SystemRoot%\Logs -> [Folder | Modified Date = 23/02/2008 5:55:54 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 24/02/2008 2:40:08 AM | Attr = ] Panther -> %SystemRoot%\Panther -> [Folder | Modified Date = 23/02/2008 5:40:07 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 24/02/2008 2:27:43 AM | Attr = ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 24/02/2008 2:38:34 AM | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 24/02/2008 2:47:38 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 23/02/2008 6:33:14 PM | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 24/02/2008 11:28:26 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 23/02/2008 6:33:33 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 24/02/2008 11:53:39 AM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 24/02/2008 2:38:45 AM | Attr = RH ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 24/02/2008 2:47:50 AM | Attr = ] Norton Internet Security - Run Full System Scan - lostonearth.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - lostonearth.job -> [Ver = | Size = 500 bytes | Modified Date = 24/02/2008 2:35:54 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 24/02/2008 11:23:42 AM | Attr = H ] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 23/02/2008 5:56:26 PM | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5710 bytes | Modified Date = 24/02/2008 2:46:43 AM | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 24/02/2008 2:46:43 AM | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 24/02/2008 2:27:56 AM | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 24/02/2008 2:27:57 AM | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 24/02/2008 2:27:57 AM | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 24 bytes | Modified Date = 24/02/2008 2:27:53 AM | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 24/02/2008 2:27:57 AM | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 6532 bytes | Modified Date = 24/02/2008 2:27:55 AM | Attr = ] lostonearth.dat -> C:\ProgramData\Microsoft\User Account Pictures\lostonearth.dat -> [Ver = | Size = 0 bytes | Modified Date = 23/02/2008 5:53:05 PM | Attr = ] < End of report > [/code]