Done...
WinPFind3 logfile created on: 10/15/2007 9:00:01 AM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Matthew Sekerak\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
1015.17 Mb Total Physical Memory | 593.96 Mb Available Physical Memory | 58.51% Memory free
2.39 Gb Paging File | 2.08 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 79.08 Gb Free Space | 85.06% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: TOSHIBA
Current User Name: Matthew Sekerak
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
00thotkey.exe -> %System32%\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 2, 0, 2 | Size = 258048 bytes | Modified Date = 7/5/2006 3:14:30 PM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/13/2005 10:50:02 AM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 2:08:42 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 6/28/2007 4:06:52 AM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ]
ddwmon.exe -> %ProgramFiles%\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe -> TOSHIBA Corporation [Ver = 1.0.0.9 | Size = 299008 bytes | Modified Date = 4/25/2006 8:57:00 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 6:08:02 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 3:55:22 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 3:59:20 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 94208 bytes | Modified Date = 6/30/2006 3:58:38 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 501048 bytes | Modified Date = 7/31/2007 6:44:34 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 271672 bytes | Modified Date = 7/31/2007 6:44:42 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 8/18/2004 6:37:44 AM | Attr = ]
padexe.exe -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 10, 0 | Size = 1077322 bytes | Modified Date = 12/6/2005 1:06:10 AM | Attr = ]
picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.6.35.970 | Size = 366400 bytes | Modified Date = 12/11/2006 8:36:32 PM | Attr = ]
pinger.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ]
psqltray.exe -> %ProgramFiles%\Protector Suite QL\psqltray.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 46592 bytes | Modified Date = 5/5/2006 8:39:54 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 11:11:06 AM | Attr = ]
smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/26/2005 7:13:20 PM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 3564344 bytes | Modified Date = 7/19/2007 10:54:28 PM | Attr = ]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 5361464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr = ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ]
tfnf5.exe -> %System32%\TFNF5.exe -> TOSHIBA Corp. [Ver = 3, 4, 4, 1 | Size = 593920 bytes | Modified Date = 3/16/2006 8:34:48 PM | Attr = ]
thpsrv.exe -> %System32%\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 3:46:20 PM | Attr = ]
toddsrv.exe -> %System32%\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 | Size = 114688 bytes | Modified Date = 5/25/2006 9:30:16 PM | Attr = ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ]
toshkcw.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 2 | Size = 49152 bytes | Modified Date = 5/17/2005 2:42:02 PM | Attr = ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 1, 0 | Size = 126976 bytes | Modified Date = 6/28/2005 11:43:00 PM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 3, 0 | Size = 45056 bytes | Modified Date = 4/24/2006 10:54:04 PM | Attr = ]
tpsmain.exe -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 23, 0 | Size = 315392 bytes | Modified Date = 4/24/2006 10:54:12 PM | Attr = ]
tpsoddctl.exe -> %System32%\TPSODDCtl.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 110592 bytes | Modified Date = 4/24/2006 10:54:14 PM | Attr = ]
tvstray.exe -> %ProgramFiles%\Toshiba\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 7 | Size = 73728 bytes | Modified Date = 2/2/2006 3:11:38 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 6/28/2007 4:06:52 AM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/3/2007 7:13:08 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 6:24:18 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 501048 bytes | Modified Date = 7/31/2007 6:44:34 PM | Attr = ]
(SDService) SDService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\SpywareDetector\SDService.exe -> File not found
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ]
(Thpsrv) TOSHIBA HDD Protection [Win32_Shared | Auto | Running] -> %System32%\ThpSrv.exe -> TOSHIBA Corporation [Ver = 1, 1, 8, 4 | Size = 176128 bytes | Modified Date = 12/20/2005 3:46:20 PM | Attr = ]
(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> %System32%\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 3 | Size = 114688 bytes | Modified Date = 5/25/2006 9:30:16 PM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 3564344 bytes | Modified Date = 7/19/2007 10:54:28 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
000StTHK -> %System32%\000StTHK.exe -> [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 7:28:00 AM | Attr = ]
00THotkey -> %System32%\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 2, 0, 2 | Size = 258048 bytes | Modified Date = 7/5/2006 3:14:30 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/13/2005 10:50:02 AM | Attr = ]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/24/2004 1:40:42 AM | Attr = ]
DDWMon -> %ProgramFiles%\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe -> TOSHIBA Corporation [Ver = 1.0.0.9 | Size = 299008 bytes | Modified Date = 4/25/2006 8:57:00 PM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 3:55:22 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 3:59:20 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 94208 bytes | Modified Date = 6/30/2006 3:58:38 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.2.6 | Size = 271672 bytes | Modified Date = 7/31/2007 6:44:42 PM | Attr = ]
LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 8/18/2004 6:37:44 AM | Attr = ]
PadTouch -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 10, 0 | Size = 1077322 bytes | Modified Date = 12/6/2005 1:06:10 AM | Attr = ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.6.35.970 | Size = 366400 bytes | Modified Date = 12/11/2006 8:36:32 PM | Attr = ]
Pinger -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ]
PSQLLauncher -> %ProgramFiles%\Protector Suite QL\launcher.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 30208 bytes | Modified Date = 5/5/2006 8:36:28 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/26/2005 7:13:20 PM | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 5/6/2005 5:06:00 PM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 11:11:06 AM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,48 | Size = 5361464 bytes | Modified Date = 7/19/2007 10:54:32 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
TFNF5 -> %System32%\TFNF5.exe -> TOSHIBA Corp. [Ver = 3, 4, 4, 1 | Size = 593920 bytes | Modified Date = 3/16/2006 8:34:48 PM | Attr = ]
TOSDCR -> %System32%\TOSDCR.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 9 | Size = 57344 bytes | Modified Date = 12/13/2005 1:54:44 PM | Attr = ]
TosHKCW.exe -> %ProgramFiles%\Toshiba\Wireless Hotkey\TosHKCW.exe -> TOSHIBA CORPORATION [Ver = 2, 1, 0, 2 | Size = 49152 bytes | Modified Date = 5/17/2005 2:42:02 PM | Attr = ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 1, 0 | Size = 126976 bytes | Modified Date = 6/28/2005 11:43:00 PM | Attr = ]
TPSMain -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 23, 0 | Size = 315392 bytes | Modified Date = 4/24/2006 10:54:12 PM | Attr = ]
TPSODDCtl -> %System32%\TPSODDCtl.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 110592 bytes | Modified Date = 4/24/2006 10:54:14 PM | Attr = ]
Tvs -> %ProgramFiles%\Toshiba\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 7 | Size = 73728 bytes | Modified Date = 2/2/2006 3:11:38 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 6:08:02 AM | Attr = ]
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 4.2006.627.443 | Size = 135680 bytes | Modified Date = 8/18/2006 10:52:00 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4631 | Size = 139264 bytes | Modified Date = 6/30/2006 3:54:26 PM | Attr = ]
psfus -> %System32%\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 40448 bytes | Modified Date = 5/5/2006 8:48:24 PM | Attr = ]
WRNotifier -> %System32%\WRLogonNTF.dll -> Webroot Software, Inc. [Ver = 3,5,6,56 | Size = 219448 bytes | Modified Date = 7/19/2007 10:42:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (34504 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page ->
http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page ->
http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL ->
http://www.google.com/ie ->
HKLM: SearchAssistant ->
http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar ->
http://www.google.com/ie ->
HKCU: Search Page ->
http://www.google.com ->
HKCU: Start Page ->
http://www.google.com/ ->
HKCU: SearchAssistant ->
http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0C52D24D-A0E0-48C7-9070-B68374E88306} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{67B50E96-9946-48B0-9117-38CFABA570E8} -> (Intel(R) PRO/1000 PL Network Connection) ->
{92E5E964-56B7-4234-BFC0-6274B6BC9A56} -> (Intel(R) PRO/100 VE Network Connection) ->
{9C72516D-0FF5-4BE1-9A23-C96DA7CF8788} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase =
http://security.symantec.com/sscv6/Shar ... vSniff.cab ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase =
http://security.symantec.com/sscv6/Shar ... /cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 4661257500 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase =
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://download.macromedia.com/pub/shoc ... wflash.cab ->
[Files/Folders - Created Within 30 days]
85f11906521bd3719141282a670d -> %SystemDrive%\85f11906521bd3719141282a670d -> [Folder | Created Date = 10/13/2007 2:55:12 PM | Attr = ]
c4a66dd03c23161197d6415523 -> %SystemDrive%\c4a66dd03c23161197d6415523 -> [Folder | Created Date = 10/13/2007 2:48:35 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064554496 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
$NtUninstallbasecsp$ -> %SystemRoot%\$NtUninstallbasecsp$ -> [Folder | Created Date = 10/13/2007 2:47:03 PM | Attr = H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Created Date = 10/13/2007 2:46:53 PM | Attr = H ]
$NtUninstallKB912024$ -> %SystemRoot%\$NtUninstallKB912024$ -> [Folder | Created Date = 10/13/2007 2:47:21 PM | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Created Date = 10/13/2007 2:48:02 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Created Date = 10/15/2007 7:12:57 AM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Created Date = 10/13/2007 2:47:49 PM | Attr = H ]
$NtUninstallKB925876$ -> %SystemRoot%\$NtUninstallKB925876$ -> [Folder | Created Date = 10/13/2007 2:48:11 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Created Date = 10/13/2007 2:57:04 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Created Date = 10/15/2007 7:12:20 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Created Date = 10/11/2007 4:18:04 PM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 10/15/2007 7:11:22 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Created Date = 10/15/2007 7:11:58 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Created Date = 10/11/2007 4:18:53 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Created Date = 10/13/2007 2:56:55 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Created Date = 10/13/2007 2:48:41 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Created Date = 10/13/2007 2:55:35 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Created Date = 10/13/2007 2:56:21 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Created Date = 10/13/2007 2:55:02 PM | Attr = H ]
CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 10/11/2007 5:36:43 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 10/13/2007 9:57:22 AM | Attr = ]
CheckDll.dll -> %System32%\CheckDll.dll -> Max Secure Software [Ver = 3. 0. 0. 3 | Size = 270336 bytes | Created Date = 10/13/2007 1:41:49 PM | Attr = ]
CloseAll.exe -> %System32%\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Created Date = 10/13/2007 8:15:33 AM | Attr = ]
ProxySettings.ini -> %System32%\ProxySettings.ini -> [Ver = | Size = 104 bytes | Created Date = 10/13/2007 8:15:33 AM | Attr = ]
SDEarlyDelete.exe -> %System32%\SDEarlyDelete.exe -> [Ver = | Size = 6144 bytes | Created Date = 10/13/2007 1:41:57 PM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Created Date = 10/13/2007 2:50:40 PM | Attr = ]
apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 10/13/2007 2:57:00 PM | Attr = ]
apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 10/13/2007 2:57:00 PM | Attr = ]
sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 10/13/2007 2:57:00 PM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 10/13/2007 10:28:14 AM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 10/13/2007 2:55:07 PM | Attr = ]
hosts.20071013-103956.backup -> %System32%\drivers\etc\hosts.20071013-103956.backup -> [Ver = | Size = 734 bytes | Created Date = 10/13/2007 9:39:56 AM | Attr = ]
hosts.backup -> %System32%\drivers\etc\hosts.backup -> [Ver = | Size = 734 bytes | Created Date = 10/13/2007 8:14:50 AM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 10/13/2007 2:55:10 PM | Attr = H ]
[Files/Folders - Modified Within 30 days]
85f11906521bd3719141282a670d -> %SystemDrive%\85f11906521bd3719141282a670d -> [Folder | Modified Date = 10/13/2007 3:55:58 PM | Attr = ]
c4a66dd03c23161197d6415523 -> %SystemDrive%\c4a66dd03c23161197d6415523 -> [Folder | Modified Date = 10/13/2007 3:48:42 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064554496 bytes | Modified Date = 10/15/2007 8:57:06 AM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/15/2007 8:36:56 AM | Attr = ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 10/13/2007 12:33:28 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/15/2007 8:57:54 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 10/15/2007 8:05:34 AM | Attr = H ]
$NtUninstallbasecsp$ -> %SystemRoot%\$NtUninstallbasecsp$ -> [Folder | Modified Date = 10/13/2007 3:47:06 PM | Attr = H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Modified Date = 10/13/2007 3:46:56 PM | Attr = H ]
$NtUninstallKB912024$ -> %SystemRoot%\$NtUninstallKB912024$ -> [Folder | Modified Date = 10/13/2007 3:47:24 PM | Attr = H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ -> [Folder | Modified Date = 10/13/2007 3:48:04 PM | Attr = H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ -> [Folder | Modified Date = 10/15/2007 8:13:00 AM | Attr = H ]
$NtUninstallKB925766$ -> %SystemRoot%\$NtUninstallKB925766$ -> [Folder | Modified Date = 10/13/2007 3:47:52 PM | Attr = H ]
$NtUninstallKB925876$ -> %SystemRoot%\$NtUninstallKB925876$ -> [Folder | Modified Date = 10/13/2007 3:48:28 PM | Attr = H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ -> [Folder | Modified Date = 10/13/2007 3:57:06 PM | Attr = H ]
$NtUninstallKB929399$ -> %SystemRoot%\$NtUninstallKB929399$ -> [Folder | Modified Date = 10/15/2007 8:12:24 AM | Attr = H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ -> [Folder | Modified Date = 10/11/2007 5:18:08 PM | Attr = H ]
$NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 10/15/2007 8:11:26 AM | Attr = H ]
$NtUninstallKB939683$ -> %SystemRoot%\$NtUninstallKB939683$ -> [Folder | Modified Date = 10/15/2007 8:12:02 AM | Attr = H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ -> [Folder | Modified Date = 10/11/2007 5:18:56 PM | Attr = H ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ -> [Folder | Modified Date = 10/13/2007 3:56:56 PM | Attr = H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ -> [Folder | Modified Date = 10/13/2007 3:48:42 PM | Attr = H ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ -> [Folder | Modified Date = 10/13/2007 3:55:40 PM | Attr = H ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ -> [Folder | Modified Date = 10/13/2007 3:56:32 PM | Attr = H ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ -> [Folder | Modified Date = 10/13/2007 3:55:04 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 10/13/2007 3:59:14 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 10/13/2007 9:17:08 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/15/2007 8:57:10 AM | Attr = S]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 10/11/2007 6:36:44 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/13/2007 11:28:10 AM | Attr = S]
ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 10/13/2007 3:47:56 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 10/13/2007 3:50:36 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/13/2007 3:56:32 PM | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 10/11/2007 5:18:22 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 10/15/2007 8:12:28 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/15/2007 8:13:32 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/15/2007 8:13:16 AM | Attr = HS]
machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 2838 bytes | Modified Date = 9/29/2007 4:15:26 AM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 10/13/2007 9:17:08 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 10/13/2007 3:06:00 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 10/11/2007 4:59:34 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/11/2007 8:24:14 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/15/2007 8:58:00 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/15/2007 8:58:40 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 10/13/2007 3:58:48 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 10/13/2007 9:15:56 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 10/11/2007 6:22:40 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/15/2007 8:13:20 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/15/2007 8:59:32 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 10/13/2007 3:56:44 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 10/13/2007 3:55:54 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/15/2007 8:57:22 AM | Attr = H ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 10/13/2007 3:56:50 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 10/15/2007 8:13:20 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/15/2007 8:10:56 AM | Attr = ]
CloseAll.exe -> %System32%\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Modified Date = 9/17/2007 1:39:44 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/11/2007 6:24:46 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/15/2007 8:13:20 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/13/2007 3:55:48 PM | Attr = ]
en-US -> %System32%\en-US -> [Folder | Modified Date = 10/13/2007 3:50:40 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 158752 bytes | Modified Date = 10/13/2007 3:59:22 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 9/19/2007 11:10:48 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 10/13/2007 3:55:08 PM | Attr = ]
nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 10/13/2007 3:56:50 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 72042 bytes | Modified Date = 10/13/2007 3:54:08 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 441174 bytes | Modified Date = 10/13/2007 3:54:08 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 520446 bytes | Modified Date = 10/13/2007 3:54:08 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 10/11/2007 8:32:46 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 10/11/2007 6:23:48 AM | Attr = ]
spool -> %System32%\spool -> [Folder | Modified Date = 10/13/2007 3:48:54 PM | Attr = ]
usmt -> %System32%\usmt -> [Folder | Modified Date = 10/13/2007 3:47:00 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 10/11/2007 6:24:26 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 10/15/2007 8:59:40 AM | Attr = ]
XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 10/13/2007 3:50:42 PM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 10/13/2007 11:28:18 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/13/2007 2:41:50 PM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Modified Date = 10/13/2007 3:55:48 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 10/13/2007 3:55:12 PM | Attr = H ]
[File String Scan - Non-Microsoft Only]
ad-w-a-r-e.com , -> %SystemRoot%\hosts -> [Ver = | Size = 34504 bytes | Modified Date = 1/30/2007 12:20:44 PM | Attr = ]
Thawte Consulting , -> %System32%\CloseAll.exe -> Max Secure Software [Ver = 3, 0, 1, 1 | Size = 67024 bytes | Modified Date = 9/17/2007 1:39:44 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ]
PEC2 , -> %System32%\THR.DLL -> Picture Elements, Inc. [Ver = 0, 1, 37, 1 | Size = 204800 bytes | Modified Date = 5/16/2006 9:19:24 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 8:00:00 AM | Attr = ]
ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 34504 bytes | Modified Date = 1/30/2007 12:20:44 PM | Attr = ]
< End of report >