[code] WinPFind35 logfile created on: 2/19/2008 7:44:30 PM WinPFind35U Version Beta50 Folder = C:\Documents and Settings\Owner\Desktop\fixing tims shite\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.73 Mb Total Physical Memory | 288.67 Mb Available Physical Memory | 57.42% Memory free 1.20 Gb Paging File | 0.97 Gb Available in Paging File | 81.27% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.89 Gb Total Space | 39.50 Gb Free Space | 55.72% Space Free | Partition Type: NTFS Drive D: | 3.62 Gb Total Space | 1.66 Gb Free Space | 45.86% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-05951D9DC8 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 155648 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 118784 bytes | Modified Date = 1/29/2004 9:13:00 PM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ] shwiconem.exe -> %ProgramFiles%\Digital Media Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 10/18/2004 5:05:12 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/15/2008 1:13:18 PM | Attr = ] e_fatiada.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 2/1/2005 10:00:00 PM | Attr = ] qdrmodule12.exe -> %ProgramFiles%\QdrModule\QdrModule12.exe -> [Ver = | Size = 352256 bytes | Modified Date = 1/18/2008 6:02:52 PM | Attr = ] mѕhta.exe -> %SystemRoot%\system32\WіnSxS\mѕhta.exe -> [Ver = | Size = 230400 bytes | Modified Date = 1/28/2008 11:29:44 AM | Attr = RHS] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/15/2008 1:13:17 PM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/15/2008 1:13:32 PM | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/15/2008 1:13:19 PM | Attr = ] prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 11/15/2004 6:09:20 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\fixing tims shite\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/11/2008 7:14:48 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 1/15/2008 2:40:04 AM | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/15/2008 1:13:17 PM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2/15/2008 1:13:32 PM | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/15/2008 1:13:19 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 6/28/2007 8:14:32 AM | Attr = ] (PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 11/15/2004 6:09:20 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 2:15:00 PM | Attr = ] (AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 10:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr = ] (asc) asc [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 10:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 10:51:58 PM | Attr = ] (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 11/15/2004 6:06:50 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/15/2008 1:13:33 PM | Attr = ] (Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/15/2008 1:13:39 PM | Attr = ] (Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/15/2008 1:13:39 PM | Attr = ] (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] (AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 10:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 10:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 4:49:14 PM | Attr = ] (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ] (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Modified Date = 6/17/2004 5:56:22 PM | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 6/17/2004 5:55:04 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3722 | Size = 95579 bytes | Modified Date = 1/29/2004 9:13:06 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> system32\drivers\lvusbsta.sys -> File not found (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 2:04:14 PM | Attr = ] (mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 10:52:12 PM | Attr = ] (mxnic) Macronix MX987xx Family Fast Ethernet NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxnic.sys -> Macronix International Co., Ltd. [Ver = 2.12 (XPClient.010817-1148) | Size = 19968 bytes | Modified Date = 8/17/2001 3:49:32 PM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:56 AM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Modified Date = 9/19/2003 3:45:48 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 7/26/2007 6:06:18 PM | Attr = ] (QCMerced) Logitech QuickCam Communicate [Kernel | On_Demand | Stopped] -> system32\DRIVERS\LVCM.sys -> File not found (ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 10:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 10:52:18 PM | Attr = ] (SbcpHid) SbcpHid [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\SbcpHid.sys -> [Ver = 5,00,21,0 | Size = 38176 bytes | Modified Date = 2/23/2001 12:49:44 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 8:07:44 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3571 | Size = 542976 bytes | Modified Date = 3/18/2003 2:00:00 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr = ] (Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 11:07:44 PM | Attr = ] (SunkFilt) Alcor Micro Corp - 9360 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Sunkfilt.sys -> Alcor Micro Corp. [Ver = 2, 0, 4, 1 | Size = 40724 bytes | Modified Date = 10/20/2004 2:39:32 PM | Attr = ] (SunkFilt39) Alcor Micro Corp - 3239 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Sunkfilt39.sys -> Alcor Micro Corp. [Ver = 1, 0, 0, 4 | Size = 42968 bytes | Modified Date = 10/18/2004 5:05:12 PM | Attr = ] (Sunkfiltp) HP && Alcor Micro Corp for Phison [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\sunkfiltp.sys -> File not found (symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 11:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 11:07:36 PM | Attr = ] (sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 11:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 11:07:42 PM | Attr = ] (ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 10:52:22 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 6/17/2004 5:55:38 PM | Attr = ] ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.14.10.3722 | Size = 122110 bytes | Modified Date = 1/29/2004 9:13:06 PM | Attr = ] ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.14.10.3722 | Size = 99002 bytes | Modified Date = 1/29/2004 9:13:04 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/15/2008 1:13:18 PM | Attr = ] EPSON Stylus CX4800 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 2/1/2005 10:00:00 PM | Attr = ] gbuxkhgq -> %SystemDrive%\gpbayees.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/15/2008 12:33:42 PM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 118784 bytes | Modified Date = 1/29/2004 9:13:00 PM | Attr = ] hubdmckq -> %SystemDrive%\xntamjdi.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/19/2008 5:00:18 PM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 155648 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ] KernelFaultCheck -> -> File not found NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 2:50:42 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4 | Size = 385024 bytes | Modified Date = 1/10/2008 3:27:36 PM | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 10:42:40 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ] SunKistEM -> %ProgramFiles%\Digital Media Reader\shwiconEM.exe -> Alcor Micro, Corp. [Ver = 1, 4, 0, 8 | Size = 135168 bytes | Modified Date = 10/18/2004 5:05:12 PM | Attr = ] vtivddte -> %SystemDrive%\yhswgpki.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Abhfsnh -> %SystemRoot%\system32\WіnSxS\mѕhta.exe -> [Ver = | Size = 230400 bytes | Modified Date = 1/28/2008 11:29:44 AM | Attr = RHS] EPSON Stylus CX4600 Series -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE -> File not found EPSON Stylus CX4800 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 2/1/2005 10:00:00 PM | Attr = ] QdrModule12 -> %ProgramFiles%\QdrModule\QdrModule12.exe -> [Ver = | Size = 352256 bytes | Modified Date = 1/18/2008 6:02:52 PM | Attr = ] QdrPack12 -> %ProgramFiles%\QdrPack\QdrPack12.exe -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnnkhh.dll [] -> [Ver = | Size = 37888 bytes | Modified Date = 2/16/2008 8:38:37 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/29/2004 9:13:24 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.yahoo.com/search/ie.html -> HKEY_CURRENT_USER\: Main\\Search Page -> http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.charter.net/index.php -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[{682DF67D-EE85-46E6-8446-ACFF0C62FBFF}] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11 domain(s) found. -> 11 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 12 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 13 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] {0E0A2AD5-1ADC-4EC3-90FC-0FB793C9259E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\pmnnkhh.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 37888 bytes | Modified Date = 2/16/2008 8:38:37 AM | Attr = ] {3434C6B9-2277-0FA1-0262-5D00CEB9DCEA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dkzcht.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 60928 bytes | Modified Date = 1/28/2008 11:29:02 AM | Attr = ] {549B5CA7-4A86-11D7-A4DF-000874180BB3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ] {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wscmp.dll [&WinSec Toolbar] -> File not found {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:29:16 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found &Yahoo! Search -> -> File not found Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {A4F8D62F-7CD2-40F2-8D4E-B6FC726FAD87} -> () -> {F78CE6D0-014B-4F65-9AE2-67BF75CFEB0B} -> (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{1A03F196-9617-4CA0-842B-A83CEECB022B}] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[{1A03F196-9617-4CA0-842B-A83CEECB022B}] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}[HKEY_LOCAL_MACHINE] -> http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[iTunesDetector Class] -> {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5}[HKEY_LOCAL_MACHINE] -> http://photofiddle.com/ocx/VUploaderProj1.cab[VUploader Control] -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://chat.msn.com/controls/msnchat45.cab[MSN Chat Control 4.5] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 684 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 54048 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 11/30/2006 9:49:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe -> C:\Program Files\WinMX\WinMX.exe [C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/15/2004 6:06:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3000 | Size = 1667584 bytes | Modified Date = 8/4/2004 10:06:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe -> C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe [C:\Program Files\GameHouse\CollapseCrunch\Collapse3.exe:*:Enabled:Collapse! Crunch] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 9/29/2005 1:51:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 9:19:14 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe -> C:\Program Files\Kazaa\kazaa.exe [C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Plus] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Shareaza\Shareaza.exe -> C:\Program Files\Shareaza\Shareaza.exe [C:\Program Files\Shareaza\Shareaza.exe:*:Disabled:Shareaza Ultimate File Sharing] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.3.0.54 | Size = 15330616 bytes | Modified Date = 6/28/2007 8:14:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameHouse\BounceOut\BounceOut.exe -> C:\Program Files\GameHouse\BounceOut\BounceOut.exe [C:\Program Files\GameHouse\BounceOut\BounceOut.exe:*:Enabled:Super Bounce Out!] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameHouse\Collapse\Collapse.exe -> C:\Program Files\GameHouse\Collapse\Collapse.exe [C:\Program Files\GameHouse\Collapse\Collapse.exe:*:Enabled:Super Collapse!] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2/15/2008 1:13:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2/15/2008 1:13:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/15/2008 1:13:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2/15/2008 1:13:19 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] avexport.bat -> %SystemDrive%\avexport.bat -> [Ver = | Size = 576 bytes | Modified Date = 2/19/2008 5:00:13 PM | Attr = ] backup-Fri 02.15.2008-12.24.29.46.zip -> %SystemDrive%\backup-Fri 02.15.2008-12.24.29.46.zip -> [Ver = | Size = 1383 bytes | Modified Date = 2/15/2008 12:13:12 PM | Attr = ] backup-Fri 02.15.2008-20.40.21.46.zip -> %SystemDrive%\backup-Fri 02.15.2008-20.40.21.46.zip -> [Ver = | Size = 1173 bytes | Modified Date = 2/15/2008 12:34:41 PM | Attr = ] backup-Tue 02.19.2008-18.40.10.21.zip -> %SystemDrive%\backup-Tue 02.19.2008-18.40.10.21.zip -> [Ver = | Size = 680968 bytes | Modified Date = 2/19/2008 5:36:30 PM | Attr = ] backup-Tue 02.19.2008-18.40.11.39.zip -> %SystemDrive%\backup-Tue 02.19.2008-18.40.11.39.zip -> [Ver = | Size = 22 bytes | Modified Date = 2/19/2008 6:40:11 PM | Attr = ] backup.reg -> %SystemDrive%\backup.reg -> [Ver = | Size = 0 bytes | Modified Date = 2/19/2008 6:40:11 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/23/2008 10:41:02 PM | Attr = HS] gpbayees.bat -> %SystemDrive%\gpbayees.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/15/2008 12:33:42 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527224832 bytes | Modified Date = 2/19/2008 7:17:14 PM | Attr = HS] reboot.bat -> %SystemDrive%\reboot.bat -> [Ver = | Size = 336 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] reboot.exe -> %SystemDrive%\reboot.exe -> [Ver = | Size = 19814 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2/19/2008 5:03:30 PM | Attr = ] xntamjdi.bat -> %SystemDrive%\xntamjdi.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/19/2008 5:00:18 PM | Attr = ] yhswgpki.bat -> %SystemDrive%\yhswgpki.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] zip.exe -> %SystemDrive%\zip.exe -> [Ver = | Size = 126976 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/15/2008 1:13:33 PM | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/15/2008 1:13:39 PM | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/15/2008 1:13:39 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] dhenfqbo.sys -> %SystemRoot%\System32\drivers\dhenfqbo.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2/19/2008 5:00:14 PM | Attr = ] ndisnies.sys -> %SystemRoot%\System32\drivers\ndisnies.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2/15/2008 12:33:34 PM | Attr = ] oenvphwh.sys -> %SystemRoot%\System32\drivers\oenvphwh.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] dkzcht.dll -> %SystemRoot%\System32\dkzcht.dll -> [Ver = | Size = 60928 bytes | Modified Date = 1/28/2008 11:29:02 AM | Attr = ] pmnnkhh.dll -> %SystemRoot%\System32\pmnnkhh.dll -> [Ver = | Size = 37888 bytes | Modified Date = 2/16/2008 8:38:37 AM | Attr = ] sex3.ico -> %SystemRoot%\System32\sex3.ico -> [Ver = | Size = 3262 bytes | Modified Date = 2/15/2008 6:23:51 PM | Attr = ] sex4.ico -> %SystemRoot%\System32\sex4.ico -> [Ver = | Size = 3262 bytes | Modified Date = 2/15/2008 6:24:22 PM | Attr = ] sex5.ico -> %SystemRoot%\System32\sex5.ico -> [Ver = | Size = 3262 bytes | Modified Date = 2/15/2008 6:24:55 PM | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 2/19/2008 7:06:02 PM | Attr = ] W?nSxS -> %SystemRoot%\System32\WіnSxS -> [Folder | Modified Date = 2/13/2008 10:13:28 PM | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ?ymantec -> %SystemRoot%\System32\Ѕymantec -> [Folder | Modified Date = 2/15/2008 2:00:04 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2/12/2008 2:36:34 PM | Attr = ] [Files/Folders - Modified Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2/19/2008 7:22:33 PM | Attr = RH ] avexport.bat -> %SystemDrive%\avexport.bat -> [Ver = | Size = 576 bytes | Modified Date = 2/19/2008 5:00:13 PM | Attr = ] backup-Fri 02.15.2008-12.24.29.46.zip -> %SystemDrive%\backup-Fri 02.15.2008-12.24.29.46.zip -> [Ver = | Size = 1383 bytes | Modified Date = 2/15/2008 12:13:12 PM | Attr = ] backup-Fri 02.15.2008-20.40.21.46.zip -> %SystemDrive%\backup-Fri 02.15.2008-20.40.21.46.zip -> [Ver = | Size = 1173 bytes | Modified Date = 2/15/2008 12:34:41 PM | Attr = ] backup-Tue 02.19.2008-18.40.10.21.zip -> %SystemDrive%\backup-Tue 02.19.2008-18.40.10.21.zip -> [Ver = | Size = 680968 bytes | Modified Date = 2/19/2008 5:36:30 PM | Attr = ] backup-Tue 02.19.2008-18.40.11.39.zip -> %SystemDrive%\backup-Tue 02.19.2008-18.40.11.39.zip -> [Ver = | Size = 22 bytes | Modified Date = 2/19/2008 6:40:11 PM | Attr = ] backup.reg -> %SystemDrive%\backup.reg -> [Ver = | Size = 0 bytes | Modified Date = 2/19/2008 6:40:11 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 210 bytes | Modified Date = 2/12/2008 2:40:35 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/12/2008 3:32:49 PM | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/19/2008 6:39:36 PM | Attr = ] gpbayees.bat -> %SystemDrive%\gpbayees.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/15/2008 12:33:42 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527224832 bytes | Modified Date = 2/19/2008 7:17:14 PM | Attr = HS] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 1/30/2008 12:20:04 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/15/2008 8:39:02 PM | Attr = R ] reboot.bat -> %SystemDrive%\reboot.bat -> [Ver = | Size = 336 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] reboot.exe -> %SystemDrive%\reboot.exe -> [Ver = | Size = 19814 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2/12/2008 7:09:42 PM | Attr = HS] TEMP -> %SystemDrive%\TEMP -> [Folder | Modified Date = 2/12/2008 2:54:27 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2/19/2008 7:05:58 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/17/2008 12:42:20 AM | Attr = ] xntamjdi.bat -> %SystemDrive%\xntamjdi.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/19/2008 5:00:18 PM | Attr = ] yhswgpki.bat -> %SystemDrive%\yhswgpki.bat -> [Ver = | Size = 1080 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] zip.exe -> %SystemDrive%\zip.exe -> [Ver = | Size = 126976 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/15/2008 1:13:33 PM | Attr = ] avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/15/2008 1:13:39 PM | Attr = ] avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/15/2008 1:13:39 PM | Attr = ] avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/15/2008 1:13:40 PM | Attr = ] dhenfqbo.sys -> %SystemRoot%\System32\drivers\dhenfqbo.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2/19/2008 5:00:14 PM | Attr = ] ndisnies.sys -> %SystemRoot%\System32\drivers\ndisnies.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2/15/2008 12:33:34 PM | Attr = ] oenvphwh.sys -> %SystemRoot%\System32\drivers\oenvphwh.sys -> [Ver = | Size = 60416 bytes | Modified Date = 2/15/2008 12:10:26 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 1/30/2008 6:59:23 AM | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dkzcht.dll -> %SystemRoot%\System32\dkzcht.dll -> [Ver = | Size = 60928 bytes | Modified Date = 1/28/2008 11:29:02 AM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/19/2008 5:00:14 PM | Attr = ] pmnnkhh.dll -> %SystemRoot%\System32\pmnnkhh.dll -> [Ver = | Size = 37888 bytes | Modified Date = 2/16/2008 8:38:37 AM | Attr = ] sex3.ico -> %SystemRoot%\System32\sex3.ico -> [Ver = | Size = 3262 bytes | Modified Date = 2/15/2008 6:23:51 PM | Attr = ] sex4.ico -> %SystemRoot%\System32\sex4.ico -> [Ver = | Size = 3262 bytes | Modified Date = 2/15/2008 6:24:22 PM | Attr = ] sex5.ico -> %SystemRoot%\System32\sex5.ico -> [Ver = | Size = 3262 bytes | Modified Date = 2/15/2008 6:24:55 PM | Attr = ] VundoFixSVC.exe -> %SystemRoot%\System32\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0003 | Size = 24576 bytes | Modified Date = 2/19/2008 7:06:02 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 2/19/2008 7:17:51 PM | Attr = ] W?nSxS -> %SystemRoot%\System32\WіnSxS -> [Folder | Modified Date = 2/13/2008 10:13:28 PM | Attr = ] ?ymantec -> %SystemRoot%\System32\Ѕymantec -> [Folder | Modified Date = 2/15/2008 2:00:04 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/19/2008 7:17:16 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/30/2008 7:00:40 AM | Attr = S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/30/2008 7:00:37 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/12/2008 3:32:27 PM | Attr = HS] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 2/11/2008 11:35:51 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/19/2008 7:18:55 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2/12/2008 2:40:34 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/15/2008 10:00:47 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2/15/2008 1:13:02 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2/12/2008 2:40:35 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/19/2008 7:06:02 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/19/2008 7:17:48 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 644 bytes | Modified Date = 2/12/2008 2:40:35 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/12/2008 9:46:14 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2/13/2008 10:32:04 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/19/2008 7:17:19 PM | Attr = H ] about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat -> [Ver = | Size = 1528 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat -> [Ver = | Size = 327746 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat -> [Ver = | Size = 102 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat -> [Ver = | Size = 12283223 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 1/15/2008 9:24:02 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5352 bytes | Modified Date = 1/15/2008 9:24:01 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[6].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 440 bytes | Modified Date = 1/27/2008 11:53:50 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[5].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1379 bytes | Modified Date = 1/27/2008 11:53:47 AM | Attr = ] dref=http%253A%252F%252Fwww.styledash[1].com%252F2008%252F01%252F23%252Fkim-cattralls-enormous-floppy-hat-is-stupid-but-still-a-good-r%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fwww.sty -> [Ver = | Size = 1491 bytes | Modified Date = 1/27/2008 1:36:50 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[1].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 732 bytes | Modified Date = 1/27/2008 11:52:00 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[2].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1050 bytes | Modified Date = 1/27/2008 11:53:30 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[3].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1379 bytes | Modified Date = 1/27/2008 11:53:33 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[4].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1358 bytes | Modified Date = 1/27/2008 11:53:44 AM | Attr = ] get_video[1].com -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\get_video[1].com -> [Ver = | Size = 6320900 bytes | Modified Date = 1/26/2008 10:15:47 PM | Attr = ] imp[1].com%2Fpage%2F5%2F&r=1 -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\imp[1].com -> [Ver = | Size = 616 bytes | Modified Date = 1/26/2008 10:13:57 PM | Attr = ] dref=http%253A%252F%252Fwww.styledash[2].com%252F2008%252F01%252F23%252Fkim-cattralls-enormous-floppy-hat-is-stupid-but-still-a-good-r%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fwww.sty -> [Ver = | Size = 440 bytes | Modified Date = 1/27/2008 1:36:54 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[5].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1375 bytes | Modified Date = 1/27/2008 11:53:45 AM | Attr = ] dref=http%253A%252F%252Fwww.styledash[1].com%252F2008%252F01%252F23%252Fkim-cattralls-enormous-floppy-hat-is-stupid-but-still-a-good-r%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fwww.sty -> [Ver = | Size = 1369 bytes | Modified Date = 1/27/2008 1:36:52 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[1].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1316 bytes | Modified Date = 1/27/2008 11:52:01 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[2].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1368 bytes | Modified Date = 1/27/2008 11:52:07 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[3].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1352 bytes | Modified Date = 1/27/2008 11:52:09 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[4].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1358 bytes | Modified Date = 1/27/2008 11:53:37 AM | Attr = ] imp[1].com%2Fpage%2F4%2F&r=1 -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\imp[1].com -> [Ver = | Size = 556 bytes | Modified Date = 1/26/2008 10:12:04 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[6].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1379 bytes | Modified Date = 1/27/2008 11:53:32 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[5].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1379 bytes | Modified Date = 1/27/2008 11:53:28 AM | Attr = ] dref=http%253A%252F%252Fwww.styledash[1].com%252F2008%252F01%252F23%252Fkim-cattralls-enormous-floppy-hat-is-stupid-but-still-a-good-r%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fwww.sty -> [Ver = | Size = 898 bytes | Modified Date = 1/27/2008 1:36:48 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[1].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1274 bytes | Modified Date = 1/27/2008 11:51:54 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[2].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1358 bytes | Modified Date = 1/27/2008 11:52:05 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[3].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 441 bytes | Modified Date = 1/27/2008 11:53:19 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[4].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1375 bytes | Modified Date = 1/27/2008 11:53:22 AM | Attr = ] imp[1].com%2Fpage%2F5%2F&r=1 -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\imp[1].com -> [Ver = | Size = 556 bytes | Modified Date = 1/26/2008 10:13:59 PM | Attr = ] get_video[1].com -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JE9C9ZFZ\get_video[1].com -> [Ver = | Size = 24624574 bytes | Modified Date = 1/26/2008 8:29:30 PM | Attr = ] dref=http%253A%252F%252Fmovies.aol[1].com%252Fsearch%252Flocations -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JSHUGSZZ\dref=http%253A%252F%252Fmovies.aol -> [Ver = | Size = 490 bytes | Modified Date = 1/25/2008 12:09:54 PM | Attr = ] dref=http%253A%252F%252Fwww.styledash[2].com%252F2008%252F01%252F23%252Fkim-cattralls-enormous-floppy-hat-is-stupid-but-still-a-good-r%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fwww.sty -> [Ver = | Size = 1347 bytes | Modified Date = 1/27/2008 1:36:51 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[6].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1358 bytes | Modified Date = 1/27/2008 11:53:43 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[3].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 898 bytes | Modified Date = 1/27/2008 11:52:11 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[7].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1358 bytes | Modified Date = 1/27/2008 11:53:49 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[4].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 1379 bytes | Modified Date = 1/27/2008 11:53:31 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[5].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 440 bytes | Modified Date = 1/27/2008 11:53:35 AM | Attr = ] dref=http%253A%252F%252Fwww.styledash[1].com%252F2008%252F01%252F23%252Fkim-cattralls-enormous-floppy-hat-is-stupid-but-still-a-good-r%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fwww.sty -> [Ver = | Size = 440 bytes | Modified Date = 1/27/2008 1:36:51 PM | Attr = ] dref=http%253A%252F%252Fwww.tmz[1].com%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fwww.tmz -> [Ver = | Size = 441 bytes | Modified Date = 1/26/2008 10:16:41 PM | Attr = ] dref=http%253A%252F%252Fwww.tmz[2].com%252F -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fwww.tmz -> [Ver = | Size = 1305 bytes | Modified Date = 1/26/2008 10:16:43 PM | Attr = ] dref=http%253A%252F%252Fmusic.aol[1].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 897 bytes | Modified Date = 1/27/2008 11:51:57 AM | Attr = ] dref=http%253A%252F%252Fmusic.aol[2].com%252Fblog-photo-gallery%252Fphotos-of-the-week-popscene -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\dref=http%253A%252F%252Fmusic.aol -> [Ver = | Size = 438 bytes | Modified Date = 1/27/2008 11:52:08 AM | Attr = ] get_video[1].com -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\M1MLGDSZ\get_video[1].com -> [Ver = | Size = 2349374 bytes | Modified Date = 1/26/2008 12:45:03 PM | Attr = ] get_video[2].com -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\M1MLGDSZ\get_video[2].com -> [Ver = | Size = 1381160 bytes | Modified Date = 1/26/2008 4:30:49 PM | Attr = ] get_video[1].com -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W34JUPC3\get_video[1].com -> [Ver = | Size = 11189466 bytes | Modified Date = 1/26/2008 12:47:30 PM | Attr = ] !update.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe -> [Ver = | Size = 70656 bytes | Modified Date = 2/19/2008 7:17:55 PM | Attr = ] snapsnet.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\snapsnet.exe -> [Ver = | Size = 28925 bytes | Modified Date = 2/12/2008 9:03:14 AM | Attr = ] xpre.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\xpre.exe -> [Ver = | Size = 69805 bytes | Modified Date = 2/12/2008 9:02:41 AM | Attr = ] yazzsnet.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\yazzsnet.exe -> [Ver = | Size = 31845 bytes | Modified Date = 2/12/2008 9:05:24 AM | Attr = ] 220 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> avenger.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for avenger[1].zip\avenger.exe -> [Ver = | Size = 130048 bytes | Modified Date = 2/25/2006 11:28:16 PM | Attr = ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for avenger[1].zip\avenger.exe:Zone.Identifier Perflib_Perfdata_1558.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_1558.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/12/2008 7:19:43 AM | Attr = ] Perflib_Perfdata_168.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_168.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/30/2008 4:59:41 PM | Attr = ] Perflib_Perfdata_6c8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_6c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/16/2008 10:20:36 PM | Attr = ] Perflib_Perfdata_824.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_824.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/5/2008 10:32:36 PM | Attr = ] Perflib_Perfdata_a38.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a38.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/30/2007 3:19:27 PM | Attr = ] 220 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Auos\index.dat -> [Ver = | Size = 313 bytes | Modified Date = 2/19/2008 7:17:49 PM | Attr = ] 3 C:\Documents and Settings\Owner\Local Settings\Temp\Auos\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\Auos\*.tmp -> index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 6488064 bytes | Modified Date = 1/28/2008 4:30:39 AM | Attr = ] RunTime.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\RunTime.ini -> [Ver = | Size = 578 bytes | Modified Date = 2/12/2008 9:45:34 AM | Attr = ] 220 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/29/2005 7:56:59 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\13535ENT\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/28/2008 3:51:02 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4NIJWRMQ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/25/2008 9:12:38 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4T6V4P2Z\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 10:04:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\6DO787K5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/28/2008 3:51:02 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\DJBLJLBC\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 10:04:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ENCJ16VU\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 10:04:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JE9C9ZFZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 7:25:44 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\JSHUGSZZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/25/2008 9:12:38 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1270PYR\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 10:04:29 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\L6KMVT1W\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/28/2008 3:51:02 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\M1MLGDSZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 7:25:44 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\RNCY7UWM\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/25/2008 9:12:38 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLQDEJGR\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/25/2008 9:12:38 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\URON2N6T\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 7:25:44 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W34JUPC3\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/26/2008 7:25:44 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WBP7I6ZT\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/28/2008 3:51:02 AM | Attr = HS] < End of report > [/code]