hi. the
new WinPFind35U report is:WinPFind35 logfile created on: 28/01/2008 21:39:38
WinPFind35U Version Beta34 Folder = C:\Documents and Settings\Nazam Hussain\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
510.79 Mb Total Physical Memory | 107.36 Mb Available Physical Memory | 21.02% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.37% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 12.91 Gb Free Space | 46.19% Space Free | Partition Type: NTFS
Drive D: | 197.95 Gb Total Space | 139.79 Gb Free Space | 70.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: ANISHA
Current User Name: Nazam Hussain
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ]
appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ]
ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ]
sprtsvc.exe -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ]
vzfw.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ]
vztaskscheduler.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ]
hkserv.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ]
vaioupdt.exe -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ]
avrmtctr.exe -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ]
pdservice.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ]
vzhardwareresourcemanager.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
hkwnd.exe -> %ProgramFiles%\Sony\HotKey Utility\HKWnd.exe -> Sony Corporation [Ver = 4, 1, 1, 6260 | Size = 389120 bytes | Modified Date = 26/06/2004 21:48:42 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ]
vzrs.exe -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
sprtcmd.exe -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ]
vztrayicon.exe -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307200 bytes | Modified Date = 23/01/2008 12:59:16 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.53 | Size = 554616 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 12:31:10 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ]
(comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 13/01/2007 03:40:58 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 15/04/2007 19:38:43 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
(ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 14/01/2007 07:11:06 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.53 | Size = 2983544 bytes | Modified Date = 11/05/2007 16:03:52 | Attr = ]
(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 10/01/2007 05:59:32 | Attr = ]
(LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 114754 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 06/11/2006 13:21:10 | Attr = ]
(sprtsvc_O2) SupportSoft Sprocket Service (O2) [Win32_Own | Auto | Running] -> %ProgramFiles%\O2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 202280 bytes | Modified Date = 05/06/2007 08:25:50 | Attr = R ]
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SupportSoft\bin\ssrc.exe -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 01/11/2007 23:48:46 | Attr = ]
(SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 05/01/2007 08:19:28 | Attr = ]
(VAIO Entertainment Aggregation and Control Service) VAIO Entertainment Aggregation and Control Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118784 bytes | Modified Date = 09/07/2004 04:27:20 | Attr = ]
(VAIO Entertainment File Import Service) VAIO Entertainment File Import Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 118877 bytes | Modified Date = 09/07/2004 04:26:54 | Attr = ]
(VAIO Entertainment Task Scheduler) VAIO Entertainment Task Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\vaio entertainment\VzTaskScheduler.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 401408 bytes | Modified Date = 28/07/2004 16:51:08 | Attr = ]
(VAIO Entertainment TV Device Arbitration Service) VAIO Entertainment TV Device Arbitration Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 69632 bytes | Modified Date = 09/07/2004 04:19:04 | Attr = ]
(VAIO Entertainment UPnP Client Adapter) VAIO Entertainment UPnP Client Adapter [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -> Sony Corporation [Ver = 1.1.00.07080 | Size = 278528 bytes | Modified Date = 09/07/2004 04:17:54 | Attr = ]
(VAIOMediaPlatform-IntegratedServer-AppServer) VAIO Media Integrated Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\VMISrv.exe -> Sony Corporation [Ver = 3.1.00.07090 | Size = 1826816 bytes | Modified Date = 09/07/2004 16:28:14 | Attr = ]
(VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 3.0.00.06160 | Size = 57344 bytes | Modified Date = 16/06/2004 02:42:34 | Attr = ]
(VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 6.0.00.06220 | Size = 733184 bytes | Modified Date = 22/06/2004 10:58:14 | Attr = ]
(VAIOMediaPlatform-Mobile-Gateway) VAIO Media Gateway Server [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -> Sony Corporation [Ver = 3.1.00.06160 | Size = 188416 bytes | Modified Date = 16/06/2004 02:41:06 | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 01/04/2002 14:15:00 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 17/07/2002 01:05:10 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 30/05/2007 12:10:42 | Attr = ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DgiVecp) Team MFP Comm Driver [Kernel | Auto | Stopped] -> %System32%\drivers\DGIVECP.SYS -> Samsung Electronics Co., Ltd. [Ver = 1.1.2.40 | Size = 41984 bytes | Modified Date = 11/08/2004 06:39:38 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(DMICall) Sony DMI Call service [Kernel | System | Running] -> %System32%\drivers\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 05/12/2000 16:18:02 | Attr = R ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 389432 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ]
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.2.0.100 | Size = 106808 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 13:44:04 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 197120 bytes | Modified Date = 14/10/2003 16:08:00 | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.04.01 | Size = 1043072 bytes | Modified Date = 14/10/2003 16:04:00 | Attr = ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %System32%\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 3.1.2.24 | Size = 392544 bytes | Modified Date = 05/08/2004 08:27:02 | Attr = ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09/04/2003 13:48:00 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVENG.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 77688 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070526.023\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.2.0.18 | Size = 852824 bytes | Modified Date = 10/04/2007 08:00:00 | Attr = ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10/10/2006 07:54:34 | Attr = ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10/10/2006 07:54:32 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 2484352 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\drivers\Pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Modified Date = 07/01/2007 20:29:36 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(PrivateDisk) PrivateDisk [Kernel | System | Running] -> %System32%\drivers\privatediskm.sys -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 45627 bytes | Modified Date = 06/07/2004 13:07:06 | Attr = R ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 18/04/2006 22:34:55 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> %System32%\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.504.613.2002 built by: WinDDK | Size = 45568 bytes | Modified Date = 13/06/2002 11:37:16 | Attr = ]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 13:53:48 | Attr = ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 17:51:08 | Attr = R ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 12:39:26 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> %System32%\drivers\smrt.sys -> Sony Corporation [Ver = 1.2.04.07070 | Size = 774784 bytes | Modified Date = 07/07/2004 16:53:38 | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3860 | Size = 594048 bytes | Modified Date = 01/10/2003 14:48:24 | Attr = ]
(SNC) Sony Notebook Control Device [Kernel | On_Demand | Running] -> %System32%\drivers\SonyNC.sys -> Sony Corporation [Ver = 6.0.1.08290 | Size = 48896 bytes | Modified Date = 09/11/2000 19:15:08 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.2.1.3 | Size = 417592 bytes | Modified Date = 01/02/2007 02:21:02 | Attr = ]
(SRTSP) SRTSP [File_System | On_Demand | Running] -> %System32%\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ]
(SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %System32%\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ]
(SRTSPX) SRTSPX [Kernel | System | Running] -> %System32%\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 30/11/2007 23:57:12 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 12848 bytes | Modified Date = 30/10/2007 19:55:14 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 145968 bytes | Modified Date = 30/10/2007 19:55:20 | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 39856 bytes | Modified Date = 30/10/2007 19:55:28 | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20070525.001\SymIDSCo.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 14/02/2007 15:51:40 | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 35120 bytes | Modified Date = 30/10/2007 19:55:24 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 27696 bytes | Modified Date = 30/10/2007 19:55:34 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.1.110 | Size = 191536 bytes | Modified Date = 30/10/2007 19:55:38 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(tifmsony) tifmsony [Kernel | On_Demand | Running] -> %System32%\drivers\tifmsony.sys -> Texas Instruments [Ver = 1.0.2.0 | Size = 65024 bytes | Modified Date = 21/05/2004 13:46:50 | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.04.01 built by: WinDDK | Size = 679808 bytes | Modified Date = 14/10/2003 16:05:00 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 02:06:32 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 10/01/2007 05:59:52 | Attr = ]
HKSERV.EXE -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 4, 1, 1, 6290 | Size = 122880 bytes | Modified Date = 29/06/2004 21:49:34 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6210 | Size = 4136960 bytes | Modified Date = 07/07/2004 22:02:00 | Attr = ]
O2 -> %ProgramFiles%\O2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 08/03/2007 19:21:38 | Attr = ]
osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 14/01/2007 07:11:10 | Attr = ]
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 82, 70, 2 | Size = 222720 bytes | Modified Date = 28/11/2006 13:12:12 | Attr = ]
PDService.exe -> %ProgramFiles%\Utimaco\SafeGuard PrivateDisk\pdservice.exe -> Utimaco Safeware AG [Ver = 1.00.6.7 | Size = 40960 bytes | Modified Date = 06/07/2004 13:15:38 | Attr = R ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
Samsung PanelMgr -> %SystemRoot%\Samsung\PanelMgr\SSMMgr.exe -> [Ver = 2, 5, 7, 0 | Size = 507904 bytes | Modified Date = 07/06/2006 11:25:14 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:36 | Attr = ]
Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 12/03/2007 17:30:14 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 13/09/2007 11:34:21 | Attr = ]
VAIO Update 2 -> %ProgramFiles%\Sony\vaio update 2\VAIOUpdt.exe -> Sony Corporation [Ver = 2, 1, 2, 1140 | Size = 151552 bytes | Modified Date = 14/01/2005 12:43:28 | Attr = ]
VZRemoteCommander -> %ProgramFiles%\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe -> [Ver = 1.1.01.08050 | Size = 184320 bytes | Modified Date = 05/08/2004 15:23:34 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 01/03/2007 09:37:52 | Attr = R ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 21/06/2007 14:06:28 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 15/04/2007 19:38:47 | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.0.2003073000 | Size = 217195 bytes | Modified Date = 30/07/2003 01:52:00 | Attr = ]
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 06/08/2002 13:37:50 | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> File not found
%AllUsersStartup%\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.940.34809.beta | Size = 124912 bytes | Modified Date = 08/08/2007 16:14:52 | Attr = ]
%AllUsersStartup%\Recording Status.lnk -> %ProgramFiles%\Sony\vaio entertainment\VzTrayIcon.exe -> Sony Corporation [Ver = 1.1.00.07280 | Size = 208896 bytes | Modified Date = 28/07/2004 16:54:22 | Attr = ]
< Nazam Hussain Startup Folder > -> C:\Documents and Settings\Nazam Hussain\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 12:29:58 | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 13:55:48 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 13:41:36 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 ->
< HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL ->
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL ->
http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page ->
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page ->
http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL ->
http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant ->
http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Search_URL ->
http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar ->
http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page ->
http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page ->
http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_CURRENT_USER\: Search\\SearchAssistant ->
http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\ ->
http://www.google.com/search?q=%s[gogl] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 83 domain(s) found. ->
sony-europe.com .[*] -> Trusted sites ->
sonystyle-europe.com .[*] -> Trusted sites ->
vaio-link.com .[*] -> Trusted sites ->
4 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 19 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 12/01/2007 07:04:50 | Attr = R ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 08/08/2007 16:14:56 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{90222687-F593-4738-B738-FBEE9C7B26DF} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 607888 bytes | Modified Date = 12/01/2007 07:05:00 | Attr = R ]
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 03/10/2007 16:21:58 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 05/01/2006 12:30:40 | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 03:00:35 | Attr = ]
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{200DB664-75B5-47c0-8B45-A44ACCF73F01} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage ->
http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0AD556B7-CE2B-426E-A401-F5D456FD8276} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{1335DBA4-071C-426E-9B58-955733A6F006} -> (Windows Mobile-based Device) ->
{2647C2CD-5992-467D-BFDC-838210AA5A62} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) ->
{55186764-8139-4AE9-9EE6-9C1B67CB2939} -> (1394 Net Adapter) ->
{67C386F0-A76E-4280-BCC6-20BEE05B999F} -> () ->
{BC963A18-731B-458B-B7A7-DC142A0D2D47} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
mctp:{d7b95390-b1c5-11d0-b111-0080c712fe82} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft ActiveSync\aatp.dll[mctp: Asynchronous Pluggable Protocol Handler] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] ->
http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] ->
http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] ->
http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}[HKEY_LOCAL_MACHINE] ->
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[WScanCtl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] ->
http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_05] ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_07] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] ->
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] ->
http://download.macromedia.com/pub/shockwa...ash/swflash.cab[Shockwave Flash Object] ->
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 17:49:30 | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 14:21:15 | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 632 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 240256 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\LEXPPS.EXE -> C:\WINDOWS\system32\LEXPPS.EXE [C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0\255.255 [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe -> C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe [C:\Documents and Settings\Nazam Hussain\Desktop\Wajid\utorrent.exe:*:Enabled:µTorrent] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\Wajid1\utorrent.exe -> D:\Wajid\Wajid1\utorrent.exe [D:\Wajid\Wajid1\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 174163 bytes | Modified Date = 11/11/2006 14:54:10 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Wajid\utorrent.exe -> D:\Wajid\utorrent.exe [D:\Wajid\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 17/02/2007 14:44:21 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 16:24:37 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.5.1.1036 | Size = 3313664 bytes | Modified Date = 17/10/2007 00:29:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.4.3.1 | Size = 15997240 bytes | Modified Date = 26/09/2007 13:41:58 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\bin\wificfg.exe -> C:\Program Files\O2\bin\wificfg.exe [C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe] -> SupportSoft, Inc. [Ver = 6.9.2224.0 | Size = 136744 bytes | Modified Date = 20/06/2007 08:36:22 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont.exe -> C:\Program Files\O2\agent\bin\bcont.exe [C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1000056 bytes | Modified Date = 06/08/2007 08:01:06 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe] -> SupportSoft, Inc. [Ver = 6.9.2555.0 | Size = 382320 bytes | Modified Date = 27/07/2007 06:39:32 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\O2\agent\bin\bcont_nm.exe -> C:\Program Files\O2\agent\bin\bcont_nm.exe [C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe] -> SupportSoft, Inc. [Ver = 6.9.2258.0 | Size = 1278584 bytes | Modified Date = 20/07/2007 10:53:14 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0\255.255 [26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager ->
BootExecute -> autocheck autochk *; ->
ExcludeFromKnownDlls -> ->
*PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations ->
\??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe [\??\C:\DOCUME~1\NAZAMH~1\LOCALS~1\Temp\symlcsv1.exe] -> %LocalSettings%\Temp\symlcsv1.exe [%LocalSettings%\Temp\symlcsv1.exe] -> [Ver = | Size = 58760 bytes | Modified Date = 28/01/2008 21:33:07 | Attr = ]
*MultiFile Done* -> ->
< Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment ->
ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files\PC Connectivity Solution\ -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Modified Date = 23/06/2007 17:23:16 | Attr = ]
%SystemRoot%\system32 -> %System32% -> [Folder | Modified Date = 28/01/2008 18:12:30 | Attr = ]
%SystemRoot% -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ]
%SystemRoot%\System32\Wbem -> %System32%\wbem -> [Folder | Modified Date = 12/02/2007 19:09:07 | Attr = ]
C:\Program Files\Common Files\Teleca Shared -> -> File not found
C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 08/10/2007 19:50:06 | Attr = ]
*MultiFile Done* -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> .COM -> File not found
.EXE -> .EXE -> File not found
.BAT -> .BAT -> File not found
.CMD -> .CMD -> File not found
.VBS -> .VBS -> File not found
.VBE -> .VBE -> File not found
.JS -> .JS -> File not found
.JSE -> .JSE -> File not found
.WSF -> .WSF -> File not found
.WSH -> .WSH -> File not found
*MultiFile Done* -> ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|F
itWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOu
t|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs
|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Che
ck Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEd
iting|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHide
ToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|Sh
owHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProductio
n|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHi
deToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|Show
HideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignat
ures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|Add
FileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|H
elpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:
3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.
hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:
3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.
mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst
:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.
scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:
3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.
zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|m
ailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownMedia -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\AllowLockdownBrowse -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 18/04/2007 16:12:23 | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 37888 bytes | Modified Date = 04/08/2004 12:00:00 | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
å -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Utimaco\SafeGuard PrivateDisk\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Created Date = 14/01/2008 15:30:06 | Attr = HS]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ]
IEDFix.exe -> %System32%\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Created Date = 05/01/2008 15:36:36 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ]
VCCLSID.exe -> %System32%\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ]
WS2Fix.exe -> %System32%\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 14/01/2008 15:19:03 | Attr = ]
{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Created Date = 20/01/2008 23:46:06 | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 24/01/2008 22:29:56 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 14/01/2008 14:35:51 | Attr = ]
@Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 24/01/2008 22:29:44 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 784 bytes | Created Date = 24/01/2008 22:29:47 | Attr = ]
01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Created Date = 21/01/2008 21:51:26 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier
HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 14/01/2008 16:16:33 | Attr = ]
LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Created Date = 21/01/2008 09:06:24 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier
New Folder -> %UserDesktop%\New Folder -> [Folder | Created Date = 26/01/2008 12:44:00 | Attr = ]
Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Created Date = 20/01/2008 21:13:07 | Attr = ]
O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Created Date = 20/01/2008 23:46:21 | Attr = ]
Pehla Pehla Pyar Remix.wav -> %UserDesktop%\Pehla Pehla Pyar Remix.wav -> [Ver = | Size = 7949804 bytes | Created Date = 26/01/2008 20:48:42 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Created Date = 14/01/2008 15:19:01 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Created Date = 14/01/2008 15:12:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Created Date = 24/01/2008 22:26:08 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Created Date = 23/01/2008 23:17:04 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Created Date = 23/01/2008 23:16:33 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 24/01/2008 22:28:20 | Attr = ]
[Files/Folders - Modified Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535678976 bytes | Modified Date = 28/01/2008 21:31:16 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28/01/2008 21:28:48 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 20/01/2008 23:46:33 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 24/01/2008 23:00:45 | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 4102 bytes | Modified Date = 14/01/2008 15:19:43 | Attr = ]
SYMEVENT.CAT -> %System32%\drivers\SYMEVENT.CAT -> [Ver = | Size = 10740 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ]
SYMEVENT.INF -> %System32%\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.2.1 | Size = 123952 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 28/01/2008 21:30:31 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/01/2008 05:08:08 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 14/01/2008 14:52:39 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 161136 bytes | Modified Date = 06/01/2008 03:27:24 | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 05/01/2008 15:41:52 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 4452 bytes | Modified Date = 28/01/2008 21:32:05 | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.2.2 | Size = 60800 bytes | Modified Date = 14/01/2008 14:52:44 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 28/01/2008 21:32:34 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 09/01/2008 05:32:35 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28/01/2008 21:31:22 | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 3527 bytes | Modified Date = 15/01/2008 19:54:34 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/01/2008 09:39:39 | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 03/01/2008 11:08:17 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 10/01/2008 05:07:59 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 27/01/2008 17:20:44 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/01/2008 22:29:51 | Attr = HS]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/01/2008 20:04:49 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 28/01/2008 21:32:37 | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 06/01/2008 02:00:52 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 28/01/2008 18:12:30 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 14/01/2008 15:19:43 | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/01/2008 21:37:05 | Attr = ]
{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> %SystemRoot%\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [Ver = | Size = 728 bytes | Modified Date = 20/01/2008 23:46:30 | Attr = ]
A72AC4B591CD7851.job -> %SystemRoot%\tasks\A72AC4B591CD7851.job -> [Ver = | Size = 286 bytes | Modified Date = 28/01/2008 21:00:15 | Attr = H ]
Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nazam Hussain.job -> [Ver = | Size = 638 bytes | Modified Date = 28/01/2008 21:03:05 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28/01/2008 21:31:30 | Attr = H ]
{22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{22BA5EBE-D659-45B7-9AB0-2356B7031272}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 25/01/2008 16:00:00 | Attr = H ]
{8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{8E00338B-AB45-4467-AB49-425216E01E02}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 28/01/2008 16:00:00 | Attr = H ]
{A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> %SystemRoot%\tasks\{A2790A0C-2CC2-4208-A689-8D3FA45DFF79}_ANISHA_Nazam Hussain.job -> [Ver = | Size = 406 bytes | Modified Date = 28/01/2008 09:00:01 | Attr = H ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Driving Test Success -> %AllUsersAppData%\Driving Test Success -> [Folder | Modified Date = 09/01/2008 10:47:59 | Attr = ]
Google Updater -> %AllUsersAppData%\Google Updater -> [Folder | Modified Date = 28/01/2008 19:35:39 | Attr = ]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 24/01/2008 22:29:56 | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 14/01/2008 15:07:59 | Attr = ]
@Alternate Data Stream - 119 bytes -> %AllUsersAppData%\TEMP:18B7103A
title tool face bin -> %AllUsersAppData%\title tool face bin -> [Folder | Modified Date = 24/01/2008 23:02:27 | Attr = ]
GDIPFONTCACHEV1.DAT -> %UserAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 07/01/2008 19:24:40 | Attr = ]
NMM-MetaData.db -> %UserAppData%\NMM-MetaData.db -> [Ver = | Size = 856806 bytes | Modified Date = 21/01/2008 21:27:12 | Attr = ]
Nokia Multimedia Player -> %UserAppData%\Nokia Multimedia Player -> [Folder | Modified Date = 26/01/2008 23:40:20 | Attr = ]
STYLE SAVE -> %UserAppData%\STYLE SAVE -> [Folder | Modified Date = 28/01/2008 21:28:49 | Attr = ]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 24/01/2008 22:29:44 | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 22/01/2008 23:01:17 | Attr = ]
Vso -> %UserAppData%\Vso -> [Folder | Modified Date = 06/01/2008 01:08:53 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 123392 bytes | Modified Date = 27/01/2008 22:32:02 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34576 bytes | Modified Date = 27/01/2008 01:18:03 | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 03/01/2008 11:12:05 | Attr = R ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 27/01/2008 17:24:59 | Attr = R ]
My PSP8 Files -> %UserDocuments%\My PSP8 Files -> [Folder | Modified Date = 12/01/2008 15:33:52 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 28/01/2008 19:26:03 | Attr = ]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDesktop%\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 784 bytes | Modified Date = 24/01/2008 22:29:47 | Attr = ]
01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3 -> [Ver = | Size = 6224000 bytes | Modified Date = 27/01/2008 17:13:02 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\01 - Jennifer Lopez - Love Dont Cost A Thing.mp3:Zone.Identifier
Abel Theory Test.lnk -> %UserDesktop%\Abel Theory Test.lnk -> [Ver = | Size = 722 bytes | Modified Date = 19/01/2008 12:02:26 | Attr = ]
Coursework -> %UserDesktop%\Coursework -> [Folder | Modified Date = 26/01/2008 14:48:14 | Attr = R ]
LA795035 Title register-339 bburn road.pdf -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf -> [Ver = | Size = 5057 bytes | Modified Date = 21/01/2008 09:06:27 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\LA795035 Title register-339 bburn road.pdf:Zone.Identifier
Microsoft Word.lnk -> %UserDesktop%\Microsoft Word.lnk -> [Ver = | Size = 2483 bytes | Modified Date = 28/01/2008 13:33:41 | Attr = ]
New Folder -> %UserDesktop%\New Folder -> [Folder | Modified Date = 26/01/2008 12:50:55 | Attr = ]
Ni Nachele Mix.wav -> %UserDesktop%\Ni Nachele Mix.wav -> [Ver = | Size = 10099874 bytes | Modified Date = 20/01/2008 21:13:08 | Attr = ]
O2 Broadband Assistant.lnk -> %UserDesktop%\O2 Broadband Assistant.lnk -> [Ver = | Size = 1939 bytes | Modified Date = 20/01/2008 23:46:21 | Attr = ]
Pehla Pehla Pyar Remix.wav -> %UserDesktop%\Pehla Pehla Pyar Remix.wav -> [Ver = | Size = 7949804 bytes | Modified Date = 26/01/2008 20:48:42 | Attr = ]
SmitfraudFix -> %UserDesktop%\SmitfraudFix -> [Folder | Modified Date = 14/01/2008 15:27:30 | Attr = ]
SmitfraudFix.exe -> %UserDesktop%\SmitfraudFix.exe -> [Ver = | Size = 1129580 bytes | Modified Date = 14/01/2008 15:12:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.exe:Zone.Identifier
SUPERAntiSpyware.exe -> %UserDesktop%\SUPERAntiSpyware.exe -> [Ver = | Size = 5914648 bytes | Modified Date = 24/01/2008 22:26:08 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SUPERAntiSpyware.exe:Zone.Identifier
WinPFind35u -> %UserDesktop%\WinPFind35u -> [Folder | Modified Date = 24/01/2008 22:39:42 | Attr = ]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe -> [Ver = | Size = 478232 bytes | Modified Date = 23/01/2008 23:16:36 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\WinPFind35u.exe:Zone.Identifier
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 24/01/2008 22:30:22 | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 24/01/2008 22:28:20 | Attr = ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 06/08/2007 16:37:35 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 09/01/2008 05:32:40 | Attr = ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 04/11/2007 17:42:22 | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 31/07/2005 17:36:11 | Attr = ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 863352 bytes | Modified Date = 27/01/2008 21:01:22 | Attr = ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 863352 bytes | Modified Date = 27/01/2008 21:01:22 | Attr = ]
[Manual Scans]
< C:\Documents and Settings\All Users\Application Data\title tool face bin\*.* /s >
C:\Documents and Settings\All Users\Application Data\title tool face bin\ -> C:\Documents and Settings\All Users\Application Data\title tool face bin -> [Folder | Modified Date = 24/01/2008 23:02:27 | Attr = ]
< End of report >
the SUPERAntiSpyware report is:SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/28/2008 at 09:11 PM
Application Version : 3.9.1008
Core Rules Database Version : 3387
Trace Rules Database Version: 1381
Scan type : Complete Scan
Total Scan Time : 02:42:20
Memory items scanned : 599
Memory threats detected : 0
Registry items scanned : 6526
Registry threats detected : 111
File items scanned : 102873
File threats detected : 180
Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}
HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}
HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}#xxx
HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}\InprocServer32
HKCR\CLSID\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ADD-ON\ISFMDL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0BACB5-FC95-451E-94D2-4959AB0949D2}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString
HKCR\multimediaControls.chl
HKCR\multimediaControls.chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion
Adware.Tracking Cookie
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@anat.tacoda[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tribalfusion[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@serving-sys[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tracking.foxnews[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@schoolsfinder.direct.gov[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tradedoubler[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@indexstats[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@www.burstnet[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ads.addynamix[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ad.zanox[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@1070535951[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@a[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adrevolver[3].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@statcounter[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@1064516409[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@media.adrevolver[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adtech[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@tacoda[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@edge.ru4[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@doubleclick[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adecn[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@windowsmedia[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@bs.serving-sys[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@realmedia[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@apmebf[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adserver.mediarun[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@xiti[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@cgi-bin[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@anad.tacoda[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@zedo[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adopt.euroclick[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@msnportal.112.2o7[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@bluestreak[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@fastclick[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@atwola[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@247realmedia[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@specificclick[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@indiads[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@server.iad.liveperson[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@s[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@2.adbrite[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adviva[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@c5[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adrevolver[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@questionmarket[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@25151352[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@mediaplex[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@statse.webtrendslive[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@advertising[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@revsci[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@adbrite[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@xbridge.122.2o7[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@atdmt[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ad.yieldmanager[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@2o7[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@newsquestmedia.uk.smarttargetting[1].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@ads.monster[2].txt
C:\Documents and Settings\Nazam Hussain\Cookies\nazam hussain@overture[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ad.yieldmanager[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adbrite[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adrevolver[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adrevolver[3].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ads.adbrite[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ads.veoh[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@advertising[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@adviva[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@atdmt[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@bs.serving-sys[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@doubleclick[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ehg-autotrader.hitbox[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@hitbox[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@media.adrevolver[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@mediaplex[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@msnportal.112.2o7[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@serving-sys[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@statcounter[2].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@tradedoubler[1].txt
C:\Documents and Settings\Nazam Hussain\Local Settings\Temp\Cookies\nazam hussain@tribalfusion[2].txt
C:\Documents and Settings\Saika\Cookies\saika@ad1.emediate[1].txt
C:\Documents and Settings\Saika\Cookies\saika@adecn[1].txt
C:\Documents and Settings\Saika\Cookies\saika@ads.cooltoad[2].txt
C:\Documents and Settings\Saika\Cookies\saika@ads.hi5[1].txt
C:\Documents and Settings\Saika\Cookies\saika@ads.joinaxxess[2].txt
C:\Documents and Settings\Saika\Cookies\saika@ads.monster[1].txt
C:\Documents and Settings\Saika\Cookies\saika@adserver.adreactor[1].txt
C:\Documents and Settings\Saika\Cookies\saika@adserver.mediarun[1].txt
C:\Documents and Settings\Saika\Cookies\saika@atwola[1].txt
C:\Documents and Settings\Saika\Cookies\saika@findmusiconline[1].txt
C:\Documents and Settings\Saika\Cookies\saika@kanoodle[2].txt
C:\Documents and Settings\Saika\Cookies\saika@keywordmax[1].txt
C:\Documents and Settings\Saika\Cookies\saika@monstersandcritics.advertserve[1].txt
C:\Documents and Settings\Saika\Cookies\saika@partners.webmasterplan[2].txt
C:\Documents and Settings\Saika\Cookies\saika@serving.rpowermedia[1].txt
C:\Documents and Settings\Saika\Cookies\saika@specificclick[2].txt
C:\Documents and Settings\Saika\Cookies\saika@stats.thescripts[2].txt
C:\Documents and Settings\Saika\Cookies\saika@www.0stats[2].txt
C:\Documents and Settings\Saika\Cookies\saika@www.tns-counter[1].txt
C:\Documents and Settings\Saika\Cookies\saika@xiti[1].txt
Adware.HotBar/SpamBlockerUtility (Low Risk)
HKLM\Software\SpamBlockerUtility
HKLM\Software\SpamBlockerUtility\SpamBlockerUtility
Browser Hijacker.Favorites
C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy\New York Thyroid Center Radioactive Iodine.url
C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy\The fluid mosaic model of the structure of cell me...[Science. 1972] - PubMed Result.url
C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy\VSEPR Theory.url
C:\Documents and Settings\Nazam Hussain\Favorites\Pharmacy
Adware.180solutions/Seekmo
HKCR\SeekmoToolbar.SeekmoToolband.1
HKCR\SeekmoToolbar.SeekmoToolband.1\CLSID
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{53E0B6E8-A51D-448B-B692-40B67B285543} [ Seekmo Toolbar ]
C:\Program Files\Seekmo Programs\Seekmo Toolbar
C:\Program Files\Seekmo Programs
Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId
Malware.VirusProtect
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\0
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\0\win32
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\FLAGS
HKCR\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}\1.0\HELPDIR
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid32
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib#Version
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid32
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib#Version
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid32
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib#Version
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid32
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib#Version
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid32
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib#Version
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid32
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib#Version
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid32
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib#Version
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid32
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib#Version
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid32
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib#Version
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid32
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib#Version
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid32
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib#Version
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid32
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib#Version
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid32
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib#Version
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid32
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib#Version
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid32
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib#Version
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid32
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib#Version
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746595.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746596.EXE
Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\ACID CAST ARMY.EXE
C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\SQJFTPRK.EXE
C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\WQMLTKAK.EXE
C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\DESKTOP\WINPFIND35U\MOVEDFILES\01242008_223942\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TITLE TOOL FACE BIN\MAPI RDR.EXE
C:\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\DESKTOP\WINPFIND35U\MOVEDFILES\01242008_223942\DOCUMENTS AND SETTINGS\NAZAM HUSSAIN\APPLICATION DATA\STYLE SAVE\RDR VIEW META.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP680\A0731379.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP680\A0732334.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP681\A0733334.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP682\A0734334.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP682\A0734340.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734367.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734371.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734377.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP683\A0734394.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP684\A0734403.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP684\A0734433.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP685\A0734447.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP685\A0734452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP686\A0735452.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP686\A0735462.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP687\A0736463.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP688\A0738463.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP688\A0739462.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP689\A0739498.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP689\A0740464.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0740478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0740486.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0741484.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP690\A0741496.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP691\A0741534.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0741538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0742538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0743538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0744538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP692\A0745538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0745613.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746567.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746601.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746627.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP694\A0746673.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP694\A0746677.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP695\A0747677.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP695\A0747692.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP695\A0747705.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP696\A0748704.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP697\A0749704.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP698\A0750726.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750787.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750791.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750798.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP699\A0750836.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP700\A0750864.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP700\A0750869.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP701\A0750906.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP701\A0750911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP702\A0750958.EXE
Rogue.VirusProtectPro-FakeAlert
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746573.DLL
Adware.E404 Helper/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746579.DLL
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746589.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{562648CC-34F7-4C74-AC42-6FBFFB01D4D8}\RP693\A0746590.ICO
Trace.Known Threat Sources
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\OB5R66Z9\of_solo_zango_728x90_03_anna[1].swf
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\8PYV8HUJ\banner_install[1].js
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\LD8YON5J\AR_BrtnySprs_728[1].gif
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\GLAR4PU3\underbar_left[1].png
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\AK_zango_300x250_11[1].gif
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\C5EB0H2J\left_edge_on[1].gif
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\OB5R66Z9\both_off[1].gif
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\Z2D89333\BS_zango_300x250_11[1].gif
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\8PYV8HUJ\contentDisplay[1].js
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\8PYV8HUJ\underbar_right[1].png
C:\Documents and Settings\Saika\Local Settings\Temporary Internet Files\Content.IE5\GLAR4PU3\zango[1].js
i couldnt find latest .log file from the WinPFind3u. i checked the moved file but i couldnt find it. thanks for all the help