Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popunder.paypopup.com/close.php And Others


  • This topic is locked This topic is locked
6 replies to this topic

#1 linknl

linknl

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 18 February 2008 - 02:25 AM

Hello all,
I was infected with a whole row of crap, I got rit of the most, yet I cant get the popunder.paypopup to stop.
I only get a popup at the first startup of IE7 and only after I have clicked a link of try to open a page, the popups are random pages, MP3, Viagra ect.
The other thing is that opening a drive or folder is slow on the notebook, it also takes a long time to save a picture from the internet.
I did clean all the temp folders and did the scans with load of adware programs, did the kaspersky virus check online.

all help is really welcome,

here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
D:\removal tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Tmesrv.exe] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187774675159
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188473444848
O16 - DPF: {9BE3F230-CC84-4CC0-8CA5-8C20B1B61642} (Promis File Support) - http://10.100.100.153/mecal/promis2/window...FileSupport.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = maal.lan
O17 - HKLM\Software\..\Telephony: DomainName = maal.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5697DB0-A5A5-40B5-83F6-2A6B53CE4EF1}: Domain = maal.lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = maal.lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = maal.lan
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = maal.lan
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = maal.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = maal.lan
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10109 bytes

and the online kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
2008-02-18 04:12
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570328


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\rbou\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 16392
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:10:30

Infected Object Name Virus Name Last Action
C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\CSC\00000002 Object is locked skipped

C:\WINDOWS\CSC\00000003 Object is locked skipped

C:\WINDOWS\CSC\d2\00000011 Object is locked skipped

C:\WINDOWS\CSC\d2\00000041 Object is locked skipped

C:\WINDOWS\CSC\d3\00000012 Object is locked skipped

C:\WINDOWS\CSC\d3\00000052 Object is locked skipped

C:\WINDOWS\CSC\d3\0000005A Object is locked skipped

C:\WINDOWS\CSC\d4\00000013 Object is locked skipped

C:\WINDOWS\CSC\d5\0000004C Object is locked skipped

C:\WINDOWS\CSC\d5\0000005C Object is locked skipped

C:\WINDOWS\CSC\d6\0000003D Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped

C:\WINDOWS\system32\drivers\core.sys Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\cch~6f3f9e46f.htp Object is locked skipped

C:\WINDOWS\Temp\cch~6f3f9e82f.htp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\rbou\LOCALS~1\Temp\Perflib_Perfdata_a30.dat Object is locked skipped

C:\DOCUME~1\rbou\LOCALS~1\Temp\Perflib_Perfdata_b44.dat Object is locked skipped

C:\DOCUME~1\rbou\LOCALS~1\Temp\Perflib_Perfdata_e84.dat Object is locked skipped

C:\DOCUME~1\rbou\LOCALS~1\Temp\~DFCE0A.tmp Object is locked skipped

C:\DOCUME~1\rbou\LOCALS~1\Temp\~DFCE18.tmp Object is locked skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 linknl

linknl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 18 February 2008 - 02:49 AM

did some more reading on the forum, and I found the core.cash.dsk still on the system, deleted it but it just come back.

core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 167545 bytes | Modified Date = 2008-02-16 17:07:34 | Attr = ]
core.sys -> %SystemRoot%\System32\drivers\core.sys -> [Ver = | Size = 80384 bytes | Modified Date = 2008-02-16 17:07:32 | Attr = ]

Edited by linknl, 18 February 2008 - 02:51 AM.


#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:33 AM

Posted 23 February 2008 - 05:19 PM

Hello linknl and welcome to the BC HijackThis forum. I don't see anything in the HijackThis log. It's clean. Let's try something else.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 linknl

linknl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 24 February 2008 - 04:25 AM

Thanks OT,

I removed a lot of carbage in the last few days, I seem to run ok now.
just want to make sure.

Thanks so far, and here is report.

WinPFind35 logfile created on: 2008-02-24 10:23:08
WinPFind35U Version Beta52	 Folder = C:\Documents and Settings\rbou\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd
 
2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.84% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 2046;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.25 Gb Total Space | 15.58 Gb Free Space | 49.85% Space Free | Partition Type: NTFS
Drive D: | 80.53 Gb Total Space | 70.88 Gb Free Space | 88.02% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 31.25 Gb Total Space | 15.58 Gb Free Space | 49.85% Space Free | Partition Type: *NT5CSC

Computer Name: PAROS
Current User Name: rbou
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 413696 bytes | Modified Date = 2006-08-29 20:01:06 | Attr =	]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 2007-06-01 09:48:24 | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 413696 bytes | Modified Date = 2006-08-29 20:01:06 | Attr =	]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 2005-01-18 00:38:38 | Attr =	]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1   | Size = 647168 bytes | Modified Date = 2007-06-01 10:00:20 | Attr =	]
frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 2006-12-20 00:50:00 | Attr =	]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0   | Size = 327680 bytes | Modified Date = 2007-06-01 09:41:30 | Attr =	]
retrorun.exe -> %ProgramFiles%\Retrospect\Retrospect 7.5\retrorun.exe -> EMC Corporation [Ver = 7.5.387 | Size = 95776 bytes | Modified Date = 2007-04-26 17:27:32 | Attr =	]
tappsrv.exe -> %ProgramFiles%\Toshiba\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 2005-12-20 12:22:14 | Attr =	]
thpsrv.exe -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 167936 bytes | Modified Date = 2005-12-21 12:57:54 | Attr =	]
tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 118784 bytes | Modified Date = 2005-04-05 09:35:50 | Attr =	]
tosbtsrv.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> TOSHIBA CORPORATION [Ver = 1, 0, 1402, 0 | Size = 125048 bytes | Modified Date = 2007-02-25 20:55:18 | Attr =	]
naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 2006-12-20 00:50:00 | Attr =	]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 1024000 bytes | Modified Date = 2007-12-06 08:20:56 | Attr =	]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 2005-10-15 14:29:08 | Attr =	]
thotkey.exe -> %ProgramFiles%\Toshiba\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0018 | Size = 352256 bytes | Modified Date = 2006-01-05 15:02:24 | Attr =	]
tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 266240 bytes | Modified Date = 2005-08-03 15:26:14 | Attr =	]
syntoshiba.exe -> %ProgramFiles%\Synaptics\SynTP\SynToshiba.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 200704 bytes | Modified Date = 2007-12-06 08:16:22 | Attr =	]
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.14.00 | Size = 114688 bytes | Modified Date = 2004-11-26 15:16:26 | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2006-01-02 15:41:22 | Attr =	]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.6.4 | Size = 16206848 bytes | Modified Date = 2006-05-05 05:59:16 | Attr =	]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11.1.1.5 | Size = 823296 bytes | Modified Date = 2007-06-01 09:51:34 | Attr =	]
tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 40960 bytes | Modified Date = 2005-08-03 15:26:02 | Attr =	]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 974848 bytes | Modified Date = 2007-06-01 09:49:20 | Attr =	]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
wdbtnmgr.exe -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 2007-10-02 14:12:51 | Attr =	]
tmerzctl.exe -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 21 | Size = 77824 bytes | Modified Date = 2005-04-05 09:34:50 | Attr =	]
tmeejme.exe -> %ProgramFiles%\Toshiba\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 23 | Size = 77824 bytes | Modified Date = 2004-12-28 16:37:22 | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2008-02-21 14:18:08 | Attr =	]
tosbtmng.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7522.ALL | Size = 2756608 bytes | Modified Date = 2007-05-22 15:57:26 | Attr =	]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 491520 bytes | Modified Date = 2007-06-01 09:45:00 | Attr =	]
tosa2dp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7227.ALL | Size = 278528 bytes | Modified Date = 2007-02-27 19:21:10 | Attr =	]
tosbthid.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe -> TOSHIBA CORPORATION. [Ver = 4, 1, 1323, 0 | Size = 69632 bytes | Modified Date = 2006-01-23 22:14:10 | Attr =	]
tosbthsp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> TOSHIBA CORPORATION. [Ver = 5.10.05.70426 | Size = 274432 bytes | Modified Date = 2007-04-26 13:53:38 | Attr =	]
tosavrc.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7227.ALL | Size = 278528 bytes | Modified Date = 2007-02-27 18:57:56 | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2006-01-02 15:41:22 | Attr =	]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 2006-01-02 15:41:22 | Attr =	]
tosobex.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe -> TOSHIBA CORPORATION. [Ver = 5, 1, 0, 7130 | Size = 307200 bytes | Modified Date = 2007-01-30 16:47:48 | Attr =	]
tosbtproc.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe -> TOSHIBA CORPORATION. [Ver = 5.00.3018.ALL | Size = 2170880 bytes | Modified Date = 2007-05-18 15:14:14 | Attr =	]
udaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 2006-12-20 00:50:00 | Attr =	]
mctray.exe -> %ProgramFiles%\Network Associates\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.124 | Size = 86016 bytes | Modified Date = 2006-12-20 00:50:00 | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2008-02-16 13:03:26 | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 413696 bytes | Modified Date = 2006-08-29 20:01:06 | Attr =	]
(AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 12:42:38 | Attr =	]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 2005-01-18 00:38:38 | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.1.1   | Size = 647168 bytes | Modified Date = 2007-06-01 10:00:20 | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-12-18 16:38:51 | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-03 23:41:10 | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 2006-12-20 00:50:00 | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 2008-01-16 11:47:10 | Attr =	]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.1.0   | Size = 327680 bytes | Modified Date = 2007-06-01 09:41:30 | Attr =	]
(RetroLauncher) Retrospect Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Retrospect\Retrospect 7.5\retrorun.exe -> EMC Corporation [Ver = 7.5.387 | Size = 95776 bytes | Modified Date = 2007-04-26 17:27:32 | Attr =	]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 11, 1, 1, 4 | Size = 987136 bytes | Modified Date = 2007-06-01 09:48:24 | Attr =	]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 85, 91, 18 | Size = 353280 bytes | Modified Date = 2007-12-10 13:59:04 | Attr =	]
(TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 2005-12-20 12:22:14 | Attr =	]
(Thpsrv) TOSHIBA HDD Protection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 167936 bytes | Modified Date = 2005-12-21 12:57:54 | Attr =	]
(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 118784 bytes | Modified Date = 2005-04-05 09:35:50 | Attr =	]
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> TOSHIBA CORPORATION [Ver = 1, 0, 1402, 0 | Size = 125048 bytes | Modified Date = 2007-02-25 20:55:18 | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.7.4.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Cisco Systems, Inc. [Ver = 3.7.4.0 | Size = 21393 bytes | Modified Date = 2007-08-22 14:07:49 | Attr =	]
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.62 2.1.62 11/14/2005 16:00:19 | Size = 1122656 bytes | Modified Date = 2005-11-15 17:00:22 | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(AR5211) Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ar5211.sys -> Atheros Communications, Inc. [Ver = 4.1.2.111 | Size = 468768 bytes | Modified Date = 2005-09-15 01:49:52 | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6635 | Size = 1723904 bytes | Modified Date = 2006-08-29 20:09:12 | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(daqbk) Daqbk driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\DAQBK.SYS -> IOtech, Inc. [Ver = 3.00.00 | Size = 34796 bytes | Modified Date = 2001-09-25 12:48:22 | Attr =	]
(daqbk2k) Daqbk2k driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DAQBK2K.sys -> IOtech, Inc. [Ver = 4.8.2 Build 5 | Size = 201472 bytes | Modified Date = 2004-12-02 13:20:24 | Attr =	]
(daqbrd) Daqbrd driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DAQBRD.SYS -> IOtech, Inc. [Ver = 3.00.00 | Size = 28392 bytes | Modified Date = 2001-09-25 12:54:46 | Attr =	]
(daqbrd2k) Daqbrd2k driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DAQBRD2K.sys -> IOtech, Inc. [Ver = 4.9.3 Build 6 | Size = 438272 bytes | Modified Date = 2006-03-09 10:31:20 | Attr =	]
(daqres) Daqres driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\DAQRES.SYS ->  [Ver =  | Size = 4352 bytes | Modified Date = 1998-08-30 20:47:46 | Attr =	]
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 25628 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 2005-08-25 13:16:52 | Attr =	]
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 2496 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 86524 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 14684 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 6364 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 2005-08-25 13:16:16 | Attr =	]
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 94332 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 87036 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 2005-09-12 04:30:00 | Attr =	]
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 2005-08-12 06:20:00 | Attr =	]
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.2.24.0 built by: WinDDK | Size = 179200 bytes | Modified Date = 2005-09-15 02:24:08 | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005-01-07 18:07:18 | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5253 built by: WinDDK | Size = 4271616 bytes | Modified Date = 2006-05-05 06:13:52 | Attr =	]
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> InterVideo, Inc. [Ver = 1, 0, 0, 0 | Size = 21060 bytes | Modified Date = 2003-09-11 00:36:54 | Attr =	]
(kl1) kl1 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 110096 bytes | Modified Date = 2007-10-31 13:41:16 | Attr =	]
(klif) klif [Kernel | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.377 | Size = 195344 bytes | Modified Date = 2008-02-18 01:34:09 | Attr =	]
(klim5) Kaspersky Anti-Virus NDIS Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Modified Date = 2007-12-13 13:28:40 | Attr =	]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 2003-01-29 22:35:00 | Attr =	]
(NETw4x32) Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw4x32.sys -> Intel Corporation [Ver = 11.1.1.16 | Size = 2208512 bytes | Modified Date = 2007-06-21 03:43:26 | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 2003-09-19 02:47:00 | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2007-12-11 23:34:50 | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 11, 1, 1, 0 | Size = 12416 bytes | Modified Date = 2007-05-29 14:29:30 | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 11:25:53 | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SMCIRDA) SMSC IrCC Miniport Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smcirda.sys -> SMSC [Ver = 5.1.3600.7 | Size = 46592 bytes | Modified Date = 2004-12-09 15:54:12 | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(STIDATA) STIDATA [Kernel | On_Demand | Stopped] ->  -> File not found
(STIDATA_SYS) STIDATA_SYS [Kernel | Auto | Running] -> %ProgramFiles%\DASYLab 6.0\STIDATA.SYS ->  [Ver =  | Size = 24448 bytes | Modified Date = 1999-06-15 11:38:02 | Attr =	]
(SVRPEDRV) SVRPEDRV [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\be\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 220032 bytes | Modified Date = 2007-12-06 08:41:42 | Attr =	]
(tempbk) Tempbk driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TEMPBK.SYS -> IOtech, Inc. [Ver = 3.00.00 | Size = 32620 bytes | Modified Date = 2001-09-25 12:53:52 | Attr =	]
(Thpdrv) TOSHIBA HDD Protection Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\thpdrv.sys -> TOSHIBA Corporation [Ver = 1.1.7.0 | Size = 16384 bytes | Modified Date = 2004-12-28 00:31:50 | Attr =	]
(Thpevm) TOSHIBA HDD Protection - Shock Sensor Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Thpevm.sys -> TOSHIBA Corporation [Ver = 1.1.0.1 | Size = 6144 bytes | Modified Date = 2004-11-13 13:24:52 | Attr = R  ]
(tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.4 | Size = 162560 bytes | Modified Date = 2005-11-30 18:12:00 | Attr =	]
(TMEI3E) TMEI3E [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TMEI3E.SYS -> Toshiba Corporation [Ver = 1, 0, 0, 5 | Size = 5888 bytes | Modified Date = 2004-06-16 12:08:48 | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(tosporte) Bluetooth COM Port [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosporte.sys -> TOSHIBA Corporation [Ver = 5.00.1003.0 built by: WinDDK | Size = 41600 bytes | Modified Date = 2006-10-10 18:33:00 | Attr =	]
(tosrfbd) Bluetooth RFBUS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfbd.sys -> TOSHIBA CORPORATION [Ver = 5.00.1623.0 built by: WinDDK | Size = 113920 bytes | Modified Date = 2007-04-24 12:20:06 | Attr =	]
(tosrfbnp) Bluetooth RFBNEP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfbnp.sys -> TOSHIBA Corporation [Ver = 5.0.1120.00 built by: WinDDK | Size = 36480 bytes | Modified Date = 2006-11-20 16:55:16 | Attr =	]
(Tosrfcom) Bluetooth RFCOMM [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tosrfcom.sys -> TOSHIBA Corporation [Ver = 1.02 | Size = 64896 bytes | Modified Date = 2005-08-01 15:45:00 | Attr =	]
(tosrfec) Bluetooth ACPI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfec.sys -> TOSHIBA Corporation [Ver = 5.00.1023.0 built by: WinDDK | Size = 9216 bytes | Modified Date = 2006-10-23 15:32:20 | Attr =	]
(Tosrfhid) Bluetooth RFHID [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Tosrfhid.sys -> TOSHIBA Corporation. [Ver = Version 5.00.1501.0 built by: WinDDK | Size = 73728 bytes | Modified Date = 2007-03-01 15:53:12 | Attr =	]
(tosrfnds) Bluetooth Personal Area Network [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfnds.sys -> TOSHIBA Corporation. [Ver = Version 1.00.03 | Size = 18612 bytes | Modified Date = 2005-01-06 14:42:42 | Attr =	]
(TosRfSnd) Bluetooth Audio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TosRfSnd.sys -> TOSHIBA Corporation [Ver = 5.0.1322.0 | Size = 53376 bytes | Modified Date = 2007-01-22 09:43:26 | Attr =	]
(tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfusb.sys -> TOSHIBA CORPORATION [Ver = 5, 0, 1624, 0 | Size = 41856 bytes | Modified Date = 2007-04-24 18:36:00 | Attr =	]
(TVALD) Toshiba Mobile PC Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NBSMI.sys -> Toshiba Corporation [Ver = 1.0.0.11M built by: WinDDK | Size = 6144 bytes | Modified Date = 2005-10-20 15:03:42 | Attr =	]
(TVALG) Toshiba Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\TVALG.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 10 | Size = 5888 bytes | Modified Date = 2005-12-26 14:49:00 | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-13 Driver | Size = 1428096 bytes | Modified Date = 2005-12-05 02:55:30 | Attr =	]
(wavebk) Wavebk driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\WAVEBK.SYS -> IOtech, Inc. [Ver = 4.8.3 Build 1 | Size = 315392 bytes | Modified Date = 2005-02-08 11:50:40 | Attr =	]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008-01-11 22:16:38 | Attr =	]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 2005-10-15 14:29:08 | Attr =	]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 2006-05-10 09:12:06 | Attr =	]
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 2007-12-18 00:43:32 | Attr =	]
DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.1.1 | Size = 974848 bytes | Modified Date = 2007-06-01 09:49:20 | Attr =	]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 11.1.1.5 | Size = 823296 bytes | Modified Date = 2007-06-01 09:51:34 | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2008-01-31 23:13:08 | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.6.4 | Size = 16206848 bytes | Modified Date = 2006-05-05 05:59:16 | Attr =	]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 10.1.8 06Dec07 | Size = 1024000 bytes | Modified Date = 2007-12-06 08:20:56 | Attr =	]
SynTPStart -> %ProgramFiles%\Synaptics\SynTP\SynTPStart.exe -> Synaptics, Inc. [Ver = 10.0.11.1 15Aug07 | Size = 102400 bytes | Modified Date = 2007-08-15 05:31:50 | Attr =	]
TFncKy -> TFncKy.exe -> File not found
THotkey -> %ProgramFiles%\Toshiba\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0018 | Size = 352256 bytes | Modified Date = 2006-01-05 15:02:24 | Attr =	]
TMERzCtl.EXE -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 21 | Size = 77824 bytes | Modified Date = 2005-04-05 09:34:50 | Attr =	]
Tmesrv.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 49, 0 | Size = 118784 bytes | Modified Date = 2005-04-05 09:35:50 | Attr =	]
TPSMain -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 266240 bytes | Modified Date = 2005-08-03 15:26:14 | Attr =	]
WD Button Manager -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 2007-10-02 14:12:51 | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 287040 bytes | Modified Date = 2008-02-21 14:18:08 | Attr =	]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.5.32.202 | Size = 23167272 bytes | Modified Date = 2007-08-06 12:42:00 | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7522.ALL | Size = 2756608 bytes | Modified Date = 2007-05-22 15:57:26 | Attr =	]
< rbou Startup Folder > -> C:\Documents and Settings\rbou\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 86016 bytes | Modified Date = 2006-08-29 20:02:22 | Attr =	]
klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 219664 bytes | Modified Date = 2007-12-18 00:44:54 | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisablePersonalDirChange -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSimpleStartMenu -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (716 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.09a | Size = 110652 bytes | Modified Date = 2005-10-06 06:20:00 | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 00:11:33 | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 00:11:34 | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 2007-09-25 00:11:33 | Attr =	]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 223760 bytes | Modified Date = 2007-12-18 00:45:00 | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 00:11:34 | Attr =	]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 2006-10-31 15:07:16 | Attr =	]
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 2006-10-31 15:07:16 | Attr =	]
Lookup on Merriam Webster ->  -> File not found
Lookup on Wikipedia ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
sv1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4BFBBDD4-AFD7-4707-BC07-CAF197A20DDA} ->	() -> 
{AE5AE40B-618F-43A5-AD4E-BF8C1263C458} ->	(1394 Net Adapter) -> 
{C5697DB0-A5A5-40B5-83F6-2A6B53CE4EF1} ->	(Intel(R) PRO/1000 PL Network Connection) -> 
{F534A307-AE6B-41AB-B5D0-5757CCCE5894} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 12:42:30 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] -> 
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab[Windows Live Safety Center Base Module] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187774675159[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188473444848[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9BE3F230-CC84-4CC0-8CA5-8C20B1B61642}[HKEY_LOCAL_MACHINE] -> http://10.100.100.153/mecal/promis2/windows/components/PromisFileSupport.CAB[Promis File Support] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 18:49:30 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 15:21:15 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 05:37:50 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1564 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\\MachineSid -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 692 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 2007-01-19 11:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 2007-01-04 15:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe -> C:\Program Files\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe [C:\Program Files\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe -> C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe:*:Enabled:ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe -> C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe -> C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe [C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe -> C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe [C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\intel\AnsysWBU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\intel\AnsysWBU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\Solving\intel\ANSYS.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\Solving\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ReaderHostU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\CEExeServerU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\CEExeServerU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\JMServiceU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\JMServiceU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\tclsh.exe -> C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\tclsh.exe [C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\wish.exe -> C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\wish.exe [C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> C:\Program Files\ANSYS Inc\v90\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v90\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] ->  [Ver =  | Size = 287040 bytes | Modified Date = 2008-02-21 14:18:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\Rudi Prive\BitTorrent\bittorrent.exe -> D:\Rudi Prive\BitTorrent\bittorrent.exe [D:\Rudi Prive\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 2008-02-11 21:08:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 2006-12-20 00:50:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\ptc\proe25\i486_nt\nms\nmsd.exe -> C:\ptc\proe25\i486_nt\nms\nmsd.exe [C:\ptc\proe25\i486_nt\nms\nmsd.exe:*:Enabled:nmsd] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\ptc\proe25\i486_nt\obj\xtop.exe -> C:\ptc\proe25\i486_nt\obj\xtop.exe [C:\ptc\proe25\i486_nt\obj\xtop.exe:*:Enabled:xtop] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\ptc\proe25\i486_nt\obj\pro_comm_msg.exe -> C:\ptc\proe25\i486_nt\obj\pro_comm_msg.exe [C:\ptc\proe25\i486_nt\obj\pro_comm_msg.exe:*:Enabled:pro_comm_msg] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.32.202 | Size = 23167272 bytes | Modified Date = 2007-08-06 12:42:00 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 2007-01-19 11:54:56 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 2007-01-04 15:10:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 13:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe -> C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe:*:Enabled:ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe -> C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe -> C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe [C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe -> C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe [C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe -> C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe [C:\Program Files\ANSYS Inc\v100\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v100\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\Solving\intel\ANSYS.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\Solving\intel\ANSYS.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CommonFiles\Solving\intel\ANSYS.exe:*:Enabled:AWP ANSYS.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ActivePIMgrU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ActivePIMgrU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ReaderHostU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ReaderHostU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\CEExeServerU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\CEExeServerU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\CEExeServerU.exe:*:Enabled:CEExeServerU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\JMServiceU.exe -> C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\JMServiceU.exe [C:\Program Files\ANSYS Inc\v90\AISOL\CE\intel\JMServiceU.exe:*:Enabled:JMServiceU.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\tclsh.exe -> C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\tclsh.exe [C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\wish.exe -> C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\wish.exe [C:\Program Files\ANSYS Inc\v90\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ANSYS Inc\v90\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe -> C:\Program Files\ANSYS Inc\v90\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe [C:\Program Files\ANSYS Inc\v90\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 2007-12-06 12:01:25 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Rudi Prive\Azureus\Azureus.exe -> D:\Rudi Prive\Azureus\Azureus.exe [D:\Rudi Prive\Azureus\Azureus.exe:*:Enabled:Azureus] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\Polish\setup.exe -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\Polish\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.321\Polish\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72280 bytes | Modified Date = 2008-01-30 09:30:28 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\kav\kav7.0\english\setup.exe -> C:\kav\kav7.0\english\setup.exe [C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72264 bytes | Modified Date = 2007-12-20 22:23:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] ->  [Ver =  | Size = 287040 bytes | Modified Date = 2008-02-21 14:18:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Rudi Prive\BitTorrent\bittorrent.exe -> D:\Rudi Prive\BitTorrent\bittorrent.exe [D:\Rudi Prive\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 2008-02-11 21:08:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 2005-07-26 05:20:40 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-04 14:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 2005-07-26 05:20:40 | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Boot.bak -> %SystemDrive%\Boot.bak ->  [Ver =  | Size = 211 bytes | Modified Date = 2007-08-22 10:32:05 | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 2008-02-16 13:07:09 | Attr =	]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Modified Date = 2004-08-03 23:00:00 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-02-18 11:50:07 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145439744 bytes | Modified Date = 2008-02-24 10:11:59 | Attr =  HS]
kav -> %SystemDrive%\kav ->  [Folder | Created Date = 2008-02-18 01:17:52 | Attr =	]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-01-31 01:00:48 | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-02-05 11:26:08 | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-02-14 13:00:33 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-01-31 01:00:48 | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-02-05 11:26:08 | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-02-14 13:00:33 | Attr =  H ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 9397280 bytes | Modified Date = 2008-02-24 10:22:20 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 127616 bytes | Modified Date = 2008-02-23 23:31:31 | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 354080 bytes | Modified Date = 2008-02-24 10:18:54 | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 35192 bytes | Modified Date = 2008-02-23 23:31:31 | Attr =  HS]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 2008-02-18 01:29:15 | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 91700 bytes | Modified Date = 2008-02-18 01:33:52 | Attr =	]
BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 2008-02-12 11:01:15 | Attr =	]
cdintf251.dll -> %SystemRoot%\System32\cdintf251.dll -> Amyuni Technologies
http://www.amyuni.com [Ver = 2.51-d | Size = 2134016 bytes | Modified Date = 2007-03-20 15:56:10 | Attr =	]
DwgThumbnail.ocx -> %SystemRoot%\System32\DwgThumbnail.ocx -> Autodesk Developer Consulting Group [Ver = 1, 0, 0, 8 | Size = 274432 bytes | Modified Date = 1999-07-21 17:25:44 | Attr =	]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Created Date = 2008-02-16 10:47:27 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
nmwcdcls.dll -> %SystemRoot%\System32\nmwcdcls.dll -> Nokia [Ver = 6.83.6.0 | Size = 90624 bytes | Modified Date = 2007-02-22 10:15:12 | Attr =	]
QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 2008-01-31 23:13:18 | Attr =	]
QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 2008-01-31 23:13:18 | Attr =	]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-02-17 02:00:01 | Attr =	]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-02-17 02:00:01 | Attr =	]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
Slide.ocx -> %SystemRoot%\System32\Slide.ocx -> Autodesk [Ver = 4, 5, 0, 0 | Size = 339968 bytes | Modified Date = 1999-11-08 13:45:46 | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3716 bytes | Modified Date = 2008-02-16 14:10:00 | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
wintab32.dll -> %SystemRoot%\System32\wintab32.dll ->  [Ver =  | Size = 61440 bytes | Modified Date = 2004-10-20 08:54:00 | Attr =	]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 2008-02-16 13:06:27 | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 2008-02-16 13:46:07 | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 2008-02-16 13:46:00 | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 2000-08-31 08:00:00 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-02-16 13:05:03 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-02-23 14:08:11 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-02-23 14:08:11 | Attr =  H ]
Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job ->  [Ver =  | Size = 336 bytes | Modified Date = 2008-02-20 13:38:53 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Created Date = 2008-02-23 14:07:07 | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Created Date = 2008-02-23 14:07:23 | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Created Date = 2008-02-17 03:22:43 | Attr =	]
Installations -> %AllUsersProfile%\Application Data\Installations ->  [Folder | Created Date = 2008-02-05 12:27:35 | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Created Date = 2008-02-16 10:47:28 | Attr =	]
Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files ->  [Folder | Created Date = 2008-02-18 00:54:25 | Attr =	]
Nokia -> %AllUsersProfile%\Application Data\Nokia ->  [Folder | Created Date = 2008-02-05 13:58:54 | Attr =	]
PC Suite -> %AllUsersProfile%\Application Data\PC Suite ->  [Folder | Created Date = 2008-02-05 12:29:22 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2008-02-15 22:24:22 | Attr =	]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Uniblue -> %AllUsersProfile%\Application Data\Uniblue ->  [Folder | Created Date = 2008-02-20 13:37:37 | Attr =	]
.Torrent Swapper -> %AppData%\.Torrent Swapper ->  [Folder | Created Date = 2008-02-21 13:54:13 | Attr =	]
Ansys -> %AppData%\Ansys ->  [Folder | Created Date = 2008-02-16 13:16:22 | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 2008-02-23 14:09:17 | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Created Date = 2008-02-21 14:18:19 | Attr =	]
DassaultSystemes -> %AppData%\DassaultSystemes ->  [Folder | Created Date = 2008-02-16 13:39:35 | Attr =	]
DNA -> %AppData%\DNA ->  [Folder | Created Date = 2008-02-21 14:18:08 | Attr =	]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 2008-02-15 21:51:35 | Attr =	]
Nokia -> %AppData%\Nokia ->  [Folder | Created Date = 2008-02-05 12:29:02 | Attr =	]
Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player ->  [Folder | Created Date = 2008-02-12 13:58:36 | Attr =	]
PC Suite -> %AppData%\PC Suite ->  [Folder | Created Date = 2008-02-05 12:28:32 | Attr =	]
Progesoft -> %AppData%\Progesoft ->  [Folder | Created Date = 2008-02-12 11:02:04 | Attr =	]
PTC -> %AppData%\PTC ->  [Folder | Created Date = 2008-02-12 10:27:52 | Attr =	]
SmartDraw -> %AppData%\SmartDraw ->  [Folder | Created Date = 2008-02-12 15:44:41 | Attr =	]
Sunbelt Software -> %AppData%\Sunbelt Software ->  [Folder | Created Date = 2008-02-16 15:52:28 | Attr =	]
Uniblue -> %AppData%\Uniblue ->  [Folder | Created Date = 2008-02-20 13:15:19 | Attr =	]
WinRAR -> %AppData%\WinRAR ->  [Folder | Created Date = 2008-02-15 13:59:13 | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Created Date = 2008-02-23 14:07:08 | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Created Date = 2008-02-23 14:06:57 | Attr =	]
DassaultSystemes -> %UserProfile%\Local Settings\Application Data\DassaultSystemes ->  [Folder | Created Date = 2008-02-16 13:39:35 | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Created Date = 2008-02-21 14:18:12 | Attr =	]
Installer2924 -> %UserProfile%\Local Settings\Application Data\Installer2924 ->  [Folder | Created Date = 2008-02-21 06:52:33 | Attr =	]
Installer3024 -> %UserProfile%\Local Settings\Application Data\Installer3024 ->  [Folder | Created Date = 2008-02-21 06:59:10 | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Created Date = 2008-02-15 21:51:35 | Attr =	]
BitTorrent.lnk -> %AllUsersProfile%\Desktop\BitTorrent.lnk ->  [Ver =  | Size = 615 bytes | Modified Date = 2008-02-21 14:18:19 | Attr =	]
Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk ->  [Ver =  | Size = 2341 bytes | Modified Date = 2008-02-23 12:42:39 | Attr =	]
progeCAD Dwg Viewer.lnk -> %AllUsersProfile%\Desktop\progeCAD Dwg Viewer.lnk ->  [Ver =  | Size = 1796 bytes | Modified Date = 2008-02-12 10:59:26 | Attr =	]
RegistryBooster 2.lnk -> %AllUsersProfile%\Desktop\RegistryBooster 2.lnk ->  [Ver =  | Size = 794 bytes | Modified Date = 2008-02-20 13:54:16 | Attr =	]
SpyEraser.lnk -> %AllUsersProfile%\Desktop\SpyEraser.lnk ->  [Ver =  | Size = 724 bytes | Modified Date = 2008-02-20 13:37:30 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-02-24 10:14:38 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 2008-02-16 23:26:08 | Attr =	]
jv16 PowerTools.lnk -> %UserProfile%\Desktop\jv16 PowerTools.lnk ->  [Ver =  | Size = 678 bytes | Modified Date = 2008-02-16 17:07:28 | Attr =	]
Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1614 bytes | Modified Date = 2008-02-16 13:55:31 | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2008-02-18 08:41:35 | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480802 bytes | Modified Date = 2008-02-18 08:41:02 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
Bluetooth Manager.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth Manager.lnk ->  [Ver =  | Size = 715 bytes | Modified Date = 2008-02-20 00:24:57 | Attr =	]
Autodesk Shared -> %CommonProgramFiles%\Autodesk Shared ->  [Folder | Created Date = 2008-02-12 11:00:15 | Attr =	]
Nokia -> %CommonProgramFiles%\Nokia ->  [Folder | Created Date = 2008-02-20 12:09:21 | Attr =	]
PCSuite -> %CommonProgramFiles%\PCSuite ->  [Folder | Created Date = 2008-02-20 12:09:22 | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 281 bytes | Modified Date = 2008-02-16 13:07:17 | Attr = RHS]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 2008-02-16 13:07:17 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-02-18 11:50:08 | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145439744 bytes | Modified Date = 2008-02-24 10:11:59 | Attr =  HS]
kav -> %SystemDrive%\kav ->  [Folder | Modified Date = 2008-02-18 01:17:52 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-02-23 14:07:25 | Attr =	]
ptc -> %SystemDrive%\ptc ->  [Folder | Modified Date = 2008-02-16 17:08:56 | Attr =	]
quarantine -> %SystemDrive%\quarantine ->  [Folder | Modified Date = 2008-01-30 15:32:07 | Attr =	]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-01-31 01:00:48 | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-02-05 11:26:08 | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-02-14 13:00:33 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-01-31 01:00:48 | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-02-05 11:26:08 | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-02-14 13:00:33 | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-02-18 14:53:42 | Attr =  HS]
TEMP -> %SystemDrive%\TEMP ->  [Folder | Modified Date = 2008-02-18 04:17:05 | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-02-24 10:12:46 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2008-02-16 17:48:41 | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 716 bytes | Modified Date = 2008-02-16 17:48:41 | Attr =	]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 9397280 bytes | Modified Date = 2008-02-24 10:22:20 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 127616 bytes | Modified Date = 2008-02-23 23:31:31 | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 354080 bytes | Modified Date = 2008-02-24 10:18:54 | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 35192 bytes | Modified Date = 2008-02-23 23:31:31 | Attr =  HS]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 85860 bytes | Modified Date = 2008-02-18 01:29:15 | Attr =	]
klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.377 | Size = 195344 bytes | Modified Date = 2008-02-18 01:34:09 | Attr =	]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 91700 bytes | Modified Date = 2008-02-18 01:33:52 | Attr =	]
UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Modified Date = 2008-02-20 12:32:19 | Attr =	]
MsftWdf_user_01_05_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-02-18 00:43:55 | Attr =  H ]
Msft_User_PCCSWpdDriver_01_05_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-02-18 00:43:58 | Attr =  H ]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Modified Date = 2008-02-16 13:16:07 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll ->  [Ver =  | Size = 34308 bytes | Modified Date = 2008-02-12 11:01:15 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2008-02-18 07:47:33 | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2008-02-24 10:12:51 | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2008-02-05 14:44:20 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2008-02-18 07:49:53 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2008-02-18 11:09:25 | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2008-02-20 12:09:41 | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1591928 bytes | Modified Date = 2008-02-18 07:55:06 | Attr =	]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab ->  [Folder | Modified Date = 2008-02-16 10:47:27 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 72486 bytes | Modified Date = 2008-02-18 07:45:01 | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 444862 bytes | Modified Date = 2008-02-18 07:45:01 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 506148 bytes | Modified Date = 2008-02-18 07:45:01 | Attr =	]
QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 2008-01-31 23:13:18 | Attr =	]
QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 2008-01-31 23:13:18 | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2008-02-18 14:53:42 | Attr =	]
SBFC.dat -> %SystemRoot%\System32\SBFC.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-02-17 02:00:01 | Attr =	]
SBRC.dat -> %SystemRoot%\System32\SBRC.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-02-17 02:00:01 | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3716 bytes | Modified Date = 2008-02-16 14:10:00 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 2008-02-18 07:34:08 | Attr =	]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Modified Date = 2008-02-18 07:46:49 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-02-18 07:41:18 | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2008-02-20 14:10:17 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-02-24 10:12:02 | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 2008-02-23 11:48:57 | Attr =  HS]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2008-02-18 10:37:27 | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-02-17 15:01:24 | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 2008-02-16 13:06:27 | Attr =	]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 2008-02-16 13:46:07 | Attr =	]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 2008-02-16 13:46:00 | Attr =	]
hpbafd.ini -> %SystemRoot%\hpbafd.ini ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-02-12 09:22:38 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-02-23 08:40:55 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-02-23 15:12:34 | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2008-02-20 14:10:21 | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2008-02-22 14:07:12 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-02-24 10:22:21 | Attr =	]
PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-02-16 13:05:03 | Attr =	]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 2008-02-23 14:08:11 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-02-23 14:08:11 | Attr =  H ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2008-02-12 11:19:57 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2008-02-23 14:07:25 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-02-20 13:38:53 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-02-24 10:21:46 | Attr =	]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Modified Date = 2008-02-05 14:18:58 | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 444 bytes | Modified Date = 2008-02-15 21:44:31 | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2008-02-18 07:44:50 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-02-24 10:12:04 | Attr =  H ]
Uniblue SpyEraser.job -> %SystemRoot%\tasks\Uniblue SpyEraser.job ->  [Ver =  | Size = 336 bytes | Modified Date = 2008-02-20 13:38:53 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2008-02-18 07:42:31 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2008-02-18 07:42:31 | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11096 bytes | Modified Date = 2007-08-22 12:29:39 | Attr =	]
Perflib_Perfdata_b1c.dat -> C:\Documents and Settings\rbou\Local Settings\Temp\Perflib_Perfdata_b1c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-24 10:12:57 | Attr =	]
Perflib_Perfdata_d6c.dat -> C:\Documents and Settings\rbou\Local Settings\Temp\Perflib_Perfdata_d6c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-24 10:12:57 | Attr =	]
Perflib_Perfdata_db8.dat -> C:\Documents and Settings\rbou\Local Settings\Temp\Perflib_Perfdata_db8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-02-24 10:12:35 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 2008-02-21 06:52:02 | Attr =	]
Apple -> %AllUsersProfile%\Application Data\Apple ->  [Folder | Modified Date = 2008-02-23 14:07:07 | Attr =	]
Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer ->  [Folder | Modified Date = 2008-02-23 14:09:44 | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2008-02-17 03:22:43 | Attr =	]
Installations -> %AllUsersProfile%\Application Data\Installations ->  [Folder | Modified Date = 2008-02-20 12:06:31 | Attr =	]
Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab ->  [Folder | Modified Date = 2008-02-24 10:12:30 | Attr =	]
Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files ->  [Folder | Modified Date = 2008-02-18 00:54:25 | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2008-02-18 00:43:59 | Attr =   S]
Network Associates -> %AllUsersProfile%\Application Data\Network Associates ->  [Folder | Modified Date = 2008-02-18 01:24:16 | Attr =	]
Nokia -> %AllUsersProfile%\Application Data\Nokia ->  [Folder | Modified Date = 2008-02-05 13:58:54 | Attr =	]
PC Suite -> %AllUsersProfile%\Application Data\PC Suite ->  [Folder | Modified Date = 2008-02-18 00:42:22 | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2008-02-17 15:17:59 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2008-02-16 17:05:17 | Attr =	]
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Uniblue -> %AllUsersProfile%\Application Data\Uniblue ->  [Folder | Modified Date = 2008-02-20 13:37:37 | Attr =	]
.Torrent Swapper -> %AppData%\.Torrent Swapper ->  [Folder | Modified Date = 2008-02-21 14:01:11 | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 2008-02-23 09:31:52 | Attr =	]
Ansys -> %AppData%\Ansys ->  [Folder | Modified Date = 2008-02-16 13:36:19 | Attr =	]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Modified Date = 2008-02-23 14:09:17 | Attr =	]
Azureus -> %AppData%\Azureus ->  [Folder | Modified Date = 2008-02-21 13:06:03 | Attr =	]
BitTorrent -> %AppData%\BitTorrent ->  [Folder | Modified Date = 2008-02-23 23:03:32 | Attr =	]
DassaultSystemes -> %AppData%\DassaultSystemes ->  [Folder | Modified Date = 2008-02-16 13:39:40 | Attr =	]
DNA -> %AppData%\DNA ->  [Folder | Modified Date = 2008-02-24 10:22:28 | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2008-02-12 10:59:57 | Attr =   S]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 2008-02-15 21:51:35 | Attr =	]
Nokia -> %AppData%\Nokia ->  [Folder | Modified Date = 2008-02-20 12:31:32 | Attr =	]
Nokia Multimedia Player -> %AppData%\Nokia Multimedia Player ->  [Folder | Modified Date = 2008-02-12 13:58:36 | Attr =	]
PC Suite -> %AppData%\PC Suite ->  [Folder | Modified Date = 2008-02-20 12:32:32 | Attr =	]
Progesoft -> %AppData%\Progesoft ->  [Folder | Modified Date = 2008-02-12 11:02:04 | Attr =	]
PTC -> %AppData%\PTC ->  [Folder | Modified Date = 2008-02-12 10:27:52 | Attr =	]
Skype -> %AppData%\Skype ->  [Folder | Modified Date = 2008-02-24 10:13:14 | Attr =	]
SmartDraw -> %AppData%\SmartDraw ->  [Folder | Modified Date = 2008-02-12 15:46:53 | Attr =	]
Sunbelt Software -> %AppData%\Sunbelt Software ->  [Folder | Modified Date = 2008-02-16 15:52:28 | Attr =	]
Uniblue -> %AppData%\Uniblue ->  [Folder | Modified Date = 2008-02-20 13:37:33 | Attr =	]
WinRAR -> %AppData%\WinRAR ->  [Folder | Modified Date = 2008-02-15 13:59:13 | Attr =	]
Apple -> %UserProfile%\Local Settings\Application Data\Apple ->  [Folder | Modified Date = 2008-02-23 14:07:08 | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 2008-02-23 14:06:57 | Attr =	]
DassaultSystemes -> %UserProfile%\Local Settings\Application Data\DassaultSystemes ->  [Folder | Modified Date = 2008-02-16 13:39:35 | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 206848 bytes | Modified Date = 2008-02-23 11:05:23 | Attr =	]
DNA -> %UserProfile%\Local Settings\Application Data\DNA ->  [Folder | Modified Date = 2008-02-21 14:18:12 | Attr =	]
Installer2924 -> %UserProfile%\Local Settings\Application Data\Installer2924 ->  [Folder | Modified Date = 2008-02-21 06:52:35 | Attr =	]
Installer3024 -> %UserProfile%\Local Settings\Application Data\Installer3024 ->  [Folder | Modified Date = 2008-02-21 06:59:11 | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2008-02-23 15:09:53 | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Modified Date = 2008-02-15 21:51:35 | Attr =	]
My Music -> U:\My Music ->  [Folder | Modified Date = 2008-02-18 12:32:40 | Attr = R  ]
Bluetooth -> U:\Bluetooth ->  [Folder | Modified Date = 2008-02-18 14:57:45 | Attr =	]
My Received Files -> U:\My Received Files ->  [Folder | Modified Date = 2008-02-19 14:39:11 | Attr =	]
My Sharing Folders.lnk -> U:\My Sharing Folders.lnk ->  [Ver =  | Size = 384 bytes | Modified Date = 2008-02-23 14:26:52 | Attr =	]
BitTorrent.lnk -> %AllUsersProfile%\Desktop\BitTorrent.lnk ->  [Ver =  | Size = 615 bytes | Modified Date = 2008-02-21 14:18:19 | Attr =	]
Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk ->  [Ver =  | Size = 2341 bytes | Modified Date = 2008-02-23 12:42:39 | Attr =	]
progeCAD Dwg Viewer.lnk -> %AllUsersProfile%\Desktop\progeCAD Dwg Viewer.lnk ->  [Ver =  | Size = 1796 bytes | Modified Date = 2008-02-12 10:59:26 | Attr =	]
RegistryBooster 2.lnk -> %AllUsersProfile%\Desktop\RegistryBooster 2.lnk ->  [Ver =  | Size = 794 bytes | Modified Date = 2008-02-20 13:54:16 | Attr =	]
SpyEraser.lnk -> %AllUsersProfile%\Desktop\SpyEraser.lnk ->  [Ver =  | Size = 724 bytes | Modified Date = 2008-02-20 13:37:30 | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-02-24 10:14:38 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 2008-02-16 23:26:08 | Attr =	]
jv16 PowerTools.lnk -> %UserProfile%\Desktop\jv16 PowerTools.lnk ->  [Ver =  | Size = 678 bytes | Modified Date = 2008-02-16 17:07:28 | Attr =	]
Mozilla Firefox.lnk -> %UserProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1614 bytes | Modified Date = 2008-02-16 13:55:31 | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2008-02-18 08:45:32 | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480802 bytes | Modified Date = 2008-02-18 08:41:02 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
Bluetooth Manager.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth Manager.lnk ->  [Ver =  | Size = 715 bytes | Modified Date = 2008-02-20 00:24:57 | Attr =	]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 2008-02-21 06:51:53 | Attr =	]
Autodesk Shared -> %CommonProgramFiles%\Autodesk Shared ->  [Folder | Modified Date = 2008-02-12 11:00:15 | Attr =	]
Nokia -> %CommonProgramFiles%\Nokia ->  [Folder | Modified Date = 2008-02-20 12:09:21 | Attr =	]
PCSuite -> %CommonProgramFiles%\PCSuite ->  [Folder | Modified Date = 2008-02-20 12:09:22 | Attr =	]

< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:33 AM

Posted 24 February 2008 - 10:34 AM

Hi linknl. That all looks fine. You should be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 linknl

linknl
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 24 February 2008 - 04:30 PM

Thank you for the check OT.

This one can be closed.

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:33 AM

Posted 24 February 2008 - 08:15 PM

You are welcome linknl, I'm glad that we could help.

I will now close this topic. If you have any new malware related issues in the future please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users