[code] WinPFind35 logfile created on: 2/20/2008 9:39:01 PM WinPFind35U Version 1.0.0.0 Folder = C:\Documents and Settings\angi\Desktop\WinPFind35u Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 204.18 Mb Available Physical Memory | 39.92% Memory free 731.29 Mb Paging File | 326.13 Mb Available in Paging File | 44.60% Paging File free Paging file location(s): C:\pagefile.sys 250 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76.32 Gb Total Space | 19.42 Gb Free Space | 25.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TERMINAL1 Current User Name: angi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 181608 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ] gbpoll.exe -> %ProgramFiles%\Norton SystemWorks\Norton GoBack\GBPoll.exe -> Symantec Corporation [Ver = 4.02.309 | Size = 763520 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] navapsvc.exe -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ] npfmntor.exe -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 12:54:52 PM | Attr = ] nprotect.exe -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 18.0.0.62 | Size = 95328 bytes | Modified Date = 8/30/2004 9:52:09 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 3/3/2006 9:03:10 PM | Attr = ] sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 4:24:03 PM | Attr = ] nopdb.exe -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 181416 bytes | Modified Date = 8/30/2004 9:50:38 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 1/7/2005 3:35:03 PM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 197992 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ] airpluscfg.exe -> %ProgramFiles%\D-Link\AirPlus Xtreme G\AirPlusCFG.exe -> D-Link [Ver = 3, 1, 6, 30919 | Size = 2498560 bytes | Modified Date = 9/19/2003 9:34:02 PM | Attr = ] wzcsldr.exe -> %ProgramFiles%\Alpha Networks\ANIWZCS Service\WZCSLDR.exe -> Alpha Networks Inc. [Ver = 1, 0, 2, 20724 | Size = 32768 bytes | Modified Date = 8/21/2003 4:12:02 PM | Attr = ] hpztsb04.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,76,0,0 | Size = 196608 bytes | Modified Date = 8/3/2001 9:24:40 PM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 58728 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ] hphmon03.exe -> %SystemRoot%\system32\hphmon03.exe -> Hewlett-Packard [Ver = 3,3,137 | Size = 311296 bytes | Modified Date = 8/3/2001 9:24:38 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/20/2007 4:19:24 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] gbtray.exe -> %ProgramFiles%\Norton SystemWorks\Norton GoBack\GBTray.exe -> Symantec Corporation [Ver = 4.02.309 | Size = 804480 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/20/2008 11:36:44 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 197992 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 79208 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 181608 bytes | Modified Date = 1/17/2008 11:42:04 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/23/2008 7:17:25 PM | Attr = ] (GBPoll) GoBack Polling Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton GoBack\GBPoll.exe -> Symantec Corporation [Ver = 4.02.309 | Size = 763520 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/24/2007 2:17:28 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 12:10:16 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ] (Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 1/13/2008 6:03:50 PM | Attr = ] (navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ] (NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 12:54:52 PM | Attr = ] (NProtectService) Norton Unerase Protection [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 18.0.0.62 | Size = 95328 bytes | Modified Date = 8/30/2004 9:52:09 PM | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 77824 bytes | Modified Date = 7/28/2003 2:19:00 PM | Attr = ] (Pml Driver) Pml Driver [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hphipm09.exe -> HP [Ver = 4, 5, 0, 770 | Size = 77824 bytes | Modified Date = 8/3/2001 9:24:36 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found (SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 2:59:36 PM | Attr = ] (SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 12:55:00 PM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 206552 bytes | Modified Date = 3/28/2007 6:41:56 PM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 4:24:03 PM | Attr = ] (Speed Disk service) Speed Disk service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 181416 bytes | Modified Date = 8/30/2004 9:50:38 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 819352 bytes | Modified Date = 1/7/2005 3:35:03 PM | Attr = ] (SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ] [Driver Services - Non-Microsoft Only] (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\A3AB.sys -> D-Link Corporation [Ver = 2.4.1.32 | Size = 323008 bytes | Modified Date = 9/9/2003 12:12:04 PM | Attr = ] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 7:20:04 AM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> Alpha Networks Inc. [Ver = 2.0.0.30505 | Size = 28205 bytes | Modified Date = 5/5/2003 6:25:48 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (BCMNTIO) BCMNTIO [Kernel | Auto | Running] -> %ProgramFiles%\CheckIt\Diagnostics\BCMNTIO.SYS -> [Ver = | Size = 3744 bytes | Modified Date = 3/5/2004 5:09:00 PM | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 780928 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146304 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (Dot4 HPH09) Dot4 HPH09 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphid409.sys -> HP [Ver = 4, 5, 0, 620 | Size = 50704 bytes | Modified Date = 8/3/2001 9:24:36 PM | Attr = ] (Dot4Print HPH09) Print Class Driver for IEEE-1284.4 HPH09 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphipr09.sys -> HP [Ver = 4, 5, 0, 449 | Size = 15984 bytes | Modified Date = 8/3/2001 9:24:36 PM | Attr = ] (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphs2k09.sys -> Hewlett-Packard [Ver = 1.00 | Size = 50051 bytes | Modified Date = 8/3/2001 9:24:36 PM | Attr = ] (Dot4Usb HPH09) Dot4Usb HPH09 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hphius09.sys -> HP [Ver = 4, 5, 0, 310 | Size = 18864 bytes | Modified Date = 8/3/2001 9:24:36 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 7:12:10 AM | Attr = ] (GBDevice) GBDevice [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\GBDevice.sys -> Symantec Corporation [Ver = 4.02.309 | Size = 4093 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] (GBFSHook) GBFSHook [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\GBFSHook.sys -> Symantec Corporation [Ver = 4.02.309 | Size = 16196 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ] (GoBack2K) GoBack2K [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\GoBack2k.sys -> Symantec Corporation [Ver = 4.02.309 | Size = 170718 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (hpt3xx) hpt3xx [Kernel | Disabled | Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 625537 bytes | Modified Date = 3/31/2003 2:29:00 PM | Attr = ] (MAPMEM) MAPMEM [Kernel | Auto | Running] -> %ProgramFiles%\CheckIt\Diagnostics\MAPMEM.SYS -> [Ver = | Size = 3904 bytes | Modified Date = 3/5/2004 5:09:02 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080213.023\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 82256 bytes | Modified Date = 1/22/2008 4:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080213.023\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.1.10 | Size = 895312 bytes | Modified Date = 1/22/2008 4:00:00 AM | Attr = ] (NPDriver) Norton Unerase Protection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NPDRIVER.SYS -> Symantec Corporation [Ver = 18.0.0.62 | Size = 81748 bytes | Modified Date = 8/30/2004 9:38:34 PM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 1341339 bytes | Modified Date = 7/28/2003 2:19:00 PM | Attr = ] (nv4) nv4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141) | Size = 731648 bytes | Modified Date = 8/17/2001 7:50:26 AM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] (SAVRT) SAVRT [Kernel | On_Demand | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 338056 bytes | Modified Date = 3/7/2005 2:59:44 PM | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 50312 bytes | Modified Date = 3/7/2005 2:59:50 PM | Attr = ] (SDdriver) SDdriver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SdDriver.SYS -> Symantec Corporation [Ver = 7.00.0.24 | Size = 90272 bytes | Modified Date = 8/30/2004 9:23:22 PM | Attr = ] (SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 3/25/2002 10:02:14 PM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,0,1,47 | Size = 341096 bytes | Modified Date = 7/21/2004 4:24:02 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 11480 bytes | Modified Date = 3/28/2007 6:41:12 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 9/15/2006 10:52:12 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 171928 bytes | Modified Date = 3/28/2007 6:41:14 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 37016 bytes | Modified Date = 3/28/2007 6:41:20 PM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20080215.002\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 11:18:19 AM | Attr = ] (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 478 | Size = 4608 bytes | Modified Date = 1/7/2005 3:35:03 PM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 47192 bytes | Modified Date = 3/28/2007 6:41:18 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 18904 bytes | Modified Date = 3/28/2007 6:41:24 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.6.604 | Size = 266552 bytes | Modified Date = 3/28/2007 6:41:26 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] ANIWZCSService -> %ProgramFiles%\Alpha Networks\ANIWZCS Service\WZCSLDR.exe -> Alpha Networks Inc. [Ver = 1, 0, 2, 20724 | Size = 32768 bytes | Modified Date = 8/21/2003 4:12:02 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.11.4 | Size = 58728 bytes | Modified Date = 1/17/2008 11:42:02 AM | Attr = ] D-Link AirPlus Xtreme G -> %ProgramFiles%\D-Link\AirPlus Xtreme G\AirPlusCFG.exe -> D-Link [Ver = 3, 1, 6, 30919 | Size = 2498560 bytes | Modified Date = 9/19/2003 9:34:02 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,76,0,0 | Size = 196608 bytes | Modified Date = 8/3/2001 9:24:40 PM | Attr = ] HPHmon03 -> %SystemRoot%\system32\hphmon03.exe -> Hewlett-Packard [Ver = 3,3,137 | Size = 311296 bytes | Modified Date = 8/3/2001 9:24:38 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 12:10:26 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 4841472 bytes | Modified Date = 7/28/2003 2:19:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 323584 bytes | Modified Date = 7/28/2003 2:19:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ] SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 11/2/2004 4:59:52 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ] Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.6.604 | Size = 100056 bytes | Modified Date = 4/5/2007 10:18:58 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/20/2007 4:19:24 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Norton SystemWorks -> %ProgramFiles%\Norton SystemWorks\CfgWiz.exe -> Symantec Corporation [Ver = 5.0.0.51 | Size = 132248 bytes | Modified Date = 9/9/2004 9:12:00 PM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 114688 bytes | Modified Date = 10/2/1998 5:22:44 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Norton GoBack.lnk -> %ProgramFiles%\Norton SystemWorks\Norton GoBack\GBTray.exe -> Symantec Corporation [Ver = 4.02.309 | Size = 804480 bytes | Modified Date = 12/21/2004 10:19:00 AM | Attr = R ] < angi Startup Folder > -> C:\Documents and Settings\angi\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> [Ver = 1, 0, 0, 1 | Size = 189952 bytes | Modified Date = 1/20/2004 7:54:58 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (662350 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://channels.aimtoday.com/search/aimtoolbar.jsp -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1037 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {BDF3E430-B101-42AD-A544-FADC6B084872} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 3/11/2005 11:22:58 AM | Attr = ] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] {8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 12:01:28 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar3.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 5:50:04 PM | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3C5F96DB-3434-4FFA-ADB7-883BE896ED30} -> (1394 Net Adapter) -> {468771BF-D7C3-4284-BA07-070251EBC500} -> (Intel(R) PRO/100 VE Network Connection) -> {C9AF043E-9DD5-4DDA-A7DC-ED7CBCBB8EC6} -> (D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B)) -> {D2E838B9-B80A-4EBF-BD67-DBB3F3475739} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ] < Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 12:01:28 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[LSSupCtl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203365557654[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab[Java Plug-in 1.6.0_03] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[Reg Error: Key does not exist or could not be opened.] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 8/29/2002 5:41:08 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 272896 bytes | Modified Date = 8/29/2002 5:41:00 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 8/29/2002 5:41:08 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.1347 (xpsp2.040109-1800) | Size = 136704 bytes | Modified Date = 3/29/2004 8:48:36 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46592 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 956 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 174592 bytes | Modified Date = 8/29/2002 5:41:12 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 112128 bytes | Modified Date = 8/29/2002 5:41:08 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;NLA;RasMan;ALG; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.1364 (xpsp2.040109-1800) | Size = 439808 bytes | Modified Date = 3/29/2004 8:48:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 8/29/2002 5:41:20 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.1361 (xpsp2.040109-1800) | Size = 263680 bytes | Modified Date = 3/5/2004 9:16:11 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 51712 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 67584 bytes | Modified Date = 8/29/2002 5:41:28 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.1361 (xpsp2.040109-1800) | Size = 263680 bytes | Modified Date = 3/5/2004 9:16:11 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/19/2008 11:03:23 PM | Attr = ] 1 C:\*.tmp files -> C:\*.tmp -> hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536391680 bytes | Modified Date = 2/20/2008 6:07:15 PM | Attr = HS] ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Modified Date = 8/29/2002 1:16:18 AM | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 450176 bytes | Modified Date = 8/29/2002 1:16:16 AM | Attr = ] atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56591 bytes | Modified Date = 8/29/2002 1:16:24 AM | Attr = ] atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Modified Date = 8/29/2002 1:16:24 AM | Attr = ] atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Modified Date = 8/29/2002 1:16:26 AM | Attr = ] atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Modified Date = 8/29/2002 1:16:26 AM | Attr = ] atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Modified Date = 8/29/2002 1:16:26 AM | Attr = ] atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Modified Date = 8/29/2002 1:16:28 AM | Attr = ] atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Modified Date = 8/29/2002 1:16:28 AM | Attr = ] atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Modified Date = 8/29/2002 1:16:28 AM | Attr = ] atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Modified Date = 8/29/2002 1:16:30 AM | Attr = ] atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Modified Date = 8/29/2002 1:16:30 AM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Modified Date = 4/15/2002 11:11:42 PM | Attr = ] sdrkjtscwscx.sys -> %SystemRoot%\System32\drivers\sdrkjtscwscx.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr = ] SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ] smpvgfgihmvs.sys -> %SystemRoot%\System32\drivers\smpvgfgihmvs.sys -> Panda Software International [Ver = 1, 0, 0, 5 | Size = 8576 bytes | Modified Date = 6/8/2007 9:44:36 AM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2/15/2008 7:29:32 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 8/2/2006 12:39:06 PM | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 8/29/2002 5:40:48 AM | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.13.10.6153 | Size = 202496 bytes | Modified Date = 8/29/2002 5:40:48 AM | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 844675 bytes | Modified Date = 8/29/2002 5:40:48 AM | Attr = ] ati3d2ag.dll -> %SystemRoot%\System32\ati3d2ag.dll -> ATI Technologies Inc. [Ver = 6.13.10.3338 | Size = 921475 bytes | Modified Date = 8/29/2002 5:40:50 AM | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12831 bytes | Modified Date = 8/29/2002 5:41:28 AM | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 31263 bytes | Modified Date = 8/29/2002 5:41:28 AM | Attr = ] compatui.dll -> %SystemRoot%\System32\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 238592 bytes | Modified Date = 8/29/2002 5:40:50 AM | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Modified Date = 4/19/2002 8:20:46 PM | Attr = ] dcache.bin -> %SystemRoot%\System32\dcache.bin -> [Ver = | Size = 1740 bytes | Modified Date = 8/29/2002 5:57:58 AM | Attr = ] defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 70656 bytes | Modified Date = 8/29/2002 5:41:22 AM | Attr = ] dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 76288 bytes | Modified Date = 8/29/2002 5:41:22 AM | Attr = ] dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 99328 bytes | Modified Date = 8/29/2002 5:41:22 AM | Attr = ] dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 35328 bytes | Modified Date = 8/29/2002 5:40:50 AM | Attr = ] dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 113152 bytes | Modified Date = 8/29/2002 5:40:50 AM | Attr = ] dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 103424 bytes | Modified Date = 8/29/2002 5:40:50 AM | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll -> [Ver = | Size = 498205 bytes | Modified Date = 8/29/2002 5:40:52 AM | Attr = ] encdec.dll -> %SystemRoot%\System32\encdec.dll -> [Ver = | Size = 155648 bytes | Modified Date = 8/29/2002 5:40:52 AM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/18/2008 7:08:32 AM | Attr = ] homepage.inf -> %SystemRoot%\System32\homepage.inf -> [Ver = | Size = 929 bytes | Modified Date = 8/29/2002 12:51:44 AM | Attr = ] ieuinit.inf -> %SystemRoot%\System32\ieuinit.inf -> [Ver = | Size = 19514 bytes | Modified Date = 8/29/2002 12:51:44 AM | Attr = ] instcat.sql -> %SystemRoot%\System32\instcat.sql -> [Ver = | Size = 766934 bytes | Modified Date = 4/22/2002 8:18:04 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr = ] keyboard.sys -> %SystemRoot%\System32\keyboard.sys -> [Ver = | Size = 42537 bytes | Modified Date = 8/28/2002 11:23:06 PM | Attr = ] l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 8/29/2002 5:39:20 AM | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 8/29/2002 5:39:46 AM | Attr = ] odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp -> [Ver = | Size = 4294 bytes | Modified Date = 7/11/2002 10:47:58 PM | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/18/2008 7:08:32 AM | Attr = ] proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 75776 bytes | Modified Date = 8/29/2002 5:39:20 AM | Attr = ] redir.exe -> %SystemRoot%\System32\redir.exe -> [Ver = | Size = 3338 bytes | Modified Date = 8/28/2002 11:24:16 PM | Attr = ] sbe.dll -> %SystemRoot%\System32\sbe.dll -> [Ver = | Size = 218112 bytes | Modified Date = 8/29/2002 5:41:12 AM | Attr = ] sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 8/29/2002 5:39:18 AM | Attr = ] spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 142 bytes | Modified Date = 2/19/2008 8:36:52 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/18/2008 7:08:32 AM | Attr = ] webfldrs.msi -> %SystemRoot%\System32\webfldrs.msi -> [Ver = | Size = 1325568 bytes | Modified Date = 7/1/2002 11:38:06 PM | Attr = ] wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 12922 bytes | Modified Date = 2/19/2008 8:51:46 PM | Attr = ] ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Modified Date = 3/25/2003 6:53:50 PM | Attr = ] $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 1/23/2008 7:14:18 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 2/19/2008 9:29:29 PM | Attr = H ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 2/19/2008 9:37:50 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 2/19/2008 10:44:49 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 2/19/2008 9:37:50 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 429 bytes | Modified Date = 2/14/2008 12:03:20 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Created Date = 1/23/2008 7:45:42 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2/16/2008 12:46:35 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 1/31/2008 9:48:13 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2/17/2008 1:15:56 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/17/2008 5:25:07 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/17/2008 1:15:30 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/17/2008 5:24:52 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2/17/2008 1:15:33 PM | Attr = ] Ad-Aware 2007.lnk -> %UserProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1808 bytes | Modified Date = 2/13/2008 4:41:48 PM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/17/2008 5:10:14 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2/18/2008 3:47:41 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2/14/2008 10:23:05 AM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/20/2008 9:35:52 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480944 bytes | Modified Date = 2/20/2008 9:35:07 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2/20/2008 5:53:31 PM | Attr = ] Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [Folder | Created Date = 1/23/2008 7:17:25 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 1/31/2008 9:46:36 AM | Attr = ] [Files/Folders - Modified Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/19/2008 11:03:23 PM | Attr = ] 1 C:\*.tmp files -> C:\*.tmp -> hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536391680 bytes | Modified Date = 2/20/2008 6:07:15 PM | Attr = HS] NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47580 bytes | Modified Date = 2/19/2008 9:34:47 PM | Attr = RHS] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 233632 bytes | Modified Date = 2/19/2008 9:34:47 PM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/20/2008 9:29:38 PM | Attr = R ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2/11/2008 3:46:30 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/20/2008 6:32:09 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2/20/2008 7:04:42 PM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 662350 bytes | Modified Date = 2/9/2008 3:04:52 AM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2/18/2008 7:59:12 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/19/2008 10:35:29 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/20/2008 5:57:14 PM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 2/19/2008 10:20:29 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/19/2008 10:22:40 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/19/2008 10:41:45 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 176264 bytes | Modified Date = 2/19/2008 10:42:22 PM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/18/2008 7:08:32 AM | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 2/19/2008 9:37:48 PM | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 2/19/2008 9:37:11 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 2/19/2008 9:36:28 PM | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/18/2008 7:08:32 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 2/19/2008 10:51:41 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 2/19/2008 10:51:41 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 2/19/2008 10:51:37 PM | Attr = ] Pride & Prejudice - Mr Darcy dir -> %SystemRoot%\System32\Pride & Prejudice - Mr Darcy dir -> [Folder | Modified Date = 1/31/2008 5:52:55 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/19/2008 9:37:11 PM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 2/19/2008 9:37:50 PM | Attr = ] spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 142 bytes | Modified Date = 2/19/2008 8:36:52 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/18/2008 7:08:32 AM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 2/19/2008 9:36:26 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2/19/2008 10:42:06 PM | Attr = ] wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 12922 bytes | Modified Date = 2/19/2008 8:51:46 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13002 bytes | Modified Date = 2/20/2008 9:29:43 PM | Attr = ] $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 1/23/2008 7:14:21 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 2/19/2008 9:31:53 PM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/19/2008 9:37:43 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/20/2008 6:08:10 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/20/2008 6:09:24 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/20/2008 5:57:16 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2/19/2008 9:37:50 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2/19/2008 10:42:04 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/19/2008 9:37:43 PM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 2/19/2008 10:42:06 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/19/2008 10:37:34 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/20/2008 5:57:16 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/20/2008 7:24:58 PM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2/16/2008 1:03:40 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/20/2008 9:36:23 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/11/2008 3:41:21 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 2/19/2008 9:37:50 PM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 2/19/2008 9:37:09 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2/19/2008 9:36:22 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/20/2008 5:58:45 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/14/2008 12:03:20 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/20/2008 9:31:10 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2/17/2008 1:05:19 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 654 bytes | Modified Date = 2/15/2008 3:20:32 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 429 bytes | Modified Date = 2/14/2008 12:03:20 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/19/2008 10:15:38 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2/14/2008 10:57:13 PM | Attr = ] Norton AntiVirus - Scan my computer - angi.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - angi.job -> [Ver = | Size = 546 bytes | Modified Date = 2/15/2008 8:13:04 PM | Attr = ] Norton SystemWorks One Button Checkup.job -> %SystemRoot%\tasks\Norton SystemWorks One Button Checkup.job -> [Ver = | Size = 290 bytes | Modified Date = 2/18/2008 2:47:56 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/20/2008 6:08:35 PM | Attr = H ] Symantec Drmc.job -> %SystemRoot%\tasks\Symantec Drmc.job -> [Ver = | Size = 306 bytes | Modified Date = 2/20/2008 12:00:13 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5462 bytes | Modified Date = 2/19/2008 9:15:49 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2/19/2008 9:15:49 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 1/13/2004 10:06:55 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2/20/2008 6:03:01 PM | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Modified Date = 1/23/2008 7:45:42 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2/16/2008 12:46:35 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 1/31/2008 9:49:17 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 1/31/2008 9:48:43 AM | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/16/2008 12:46:28 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/17/2008 1:15:56 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2/20/2008 6:18:55 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/17/2008 5:25:07 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 1/31/2008 9:48:44 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/20/2008 4:50:36 PM | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/17/2008 1:15:30 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 2/20/2008 6:18:53 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5632 bytes | Modified Date = 1/24/2008 2:56:27 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4315396 bytes | Modified Date = 2/20/2008 8:06:50 PM | Attr = H ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 75 bytes | Modified Date = 2/19/2008 10:47:20 PM | Attr = HS] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2/19/2008 10:47:20 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/19/2008 10:47:20 PM | Attr = R ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/17/2008 5:24:52 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2/17/2008 1:15:33 PM | Attr = ] Ad-Aware 2007.lnk -> %UserProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1808 bytes | Modified Date = 2/13/2008 4:41:48 PM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/17/2008 5:10:14 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2/18/2008 3:47:41 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2/14/2008 10:23:05 AM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 2/18/2008 12:13:51 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/20/2008 9:35:53 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480944 bytes | Modified Date = 2/20/2008 9:35:07 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2/20/2008 6:01:58 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2/20/2008 5:53:31 PM | Attr = ] Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [Folder | Modified Date = 1/23/2008 7:17:25 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2/18/2008 7:14:42 AM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2/19/2008 9:36:50 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2/17/2008 1:14:44 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 2/20/2008 5:38:06 PM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 2/20/2008 6:03:01 PM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 1/12/2007 8:40:28 AM | Attr = ] AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads -> [Folder | Modified Date = 1/5/2007 8:05:12 PM | Attr = ] AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [Folder | Modified Date = 1/5/2007 8:07:32 PM | Attr = ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 1/5/2008 10:41:39 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 1/5/2008 10:44:54 PM | Attr = ] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [Folder | Modified Date = 1/22/2006 4:46:49 PM | Attr = ] FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [Folder | Modified Date = 1/23/2008 7:45:42 PM | Attr = ] FullAudio -> C:\Documents and Settings\All Users\Application Data\FullAudio -> [Folder | Modified Date = 3/18/2004 8:02:58 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 11/2/2006 3:11:57 PM | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 2/16/2008 12:46:35 AM | Attr = ] HP -> C:\Documents and Settings\All Users\Application Data\HP -> [Folder | Modified Date = 4/5/2007 11:44:02 PM | Attr = ] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [Folder | Modified Date = 1/31/2008 9:49:17 AM | Attr = ] Macrovision -> C:\Documents and Settings\All Users\Application Data\Macrovision -> [Folder | Modified Date = 1/13/2008 6:08:11 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 1/31/2008 9:48:43 AM | Attr = S] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [Folder | Modified Date = 2/19/2004 6:43:44 PM | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/16/2008 12:46:28 AM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/17/2008 1:15:56 PM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 1/7/2005 3:38:14 PM | Attr = ] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 4/26/2005 3:17:46 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 1/21/2006 8:59:49 PM | Attr = ] C:\Documents and Settings\angi\Application Data\ -> C:\Documents and Settings\angi\Application Data -> [Folder | Modified Date = 2/19/2008 10:45:40 PM | Attr = RH ] Adobe -> C:\Documents and Settings\angi\Application Data\Adobe -> [Folder | Modified Date = 2/20/2008 6:18:55 PM | Attr = ] AdobeUM -> C:\Documents and Settings\angi\Application Data\AdobeUM -> [Folder | Modified Date = 1/25/2007 10:07:37 PM | Attr = ] Aim -> C:\Documents and Settings\angi\Application Data\Aim -> [Folder | Modified Date = 8/16/2005 7:53:52 PM | Attr = ] Apple Computer -> C:\Documents and Settings\angi\Application Data\Apple Computer -> [Folder | Modified Date = 12/25/2005 9:38:11 PM | Attr = ] FileOpen -> C:\Documents and Settings\angi\Application Data\FileOpen -> [Folder | Modified Date = 3/20/2005 1:32:53 PM | Attr = ] Google -> C:\Documents and Settings\angi\Application Data\Google -> [Folder | Modified Date = 10/27/2006 6:19:46 PM | Attr = ] Grisoft -> C:\Documents and Settings\angi\Application Data\Grisoft -> [Folder | Modified Date = 2/17/2008 5:25:07 PM | Attr = ] Help -> C:\Documents and Settings\angi\Application Data\Help -> [Folder | Modified Date = 2/21/2004 2:32:06 PM | Attr = ] HP -> C:\Documents and Settings\angi\Application Data\HP -> [Folder | Modified Date = 4/14/2007 11:48:54 AM | Attr = ] Identities -> C:\Documents and Settings\angi\Application Data\Identities -> [Folder | Modified Date = 1/17/2004 3:44:08 PM | Attr = ] Inspiration Software -> C:\Documents and Settings\angi\Application Data\Inspiration Software -> [Folder | Modified Date = 3/6/2004 10:46:55 PM | Attr = ] Lavasoft -> C:\Documents and Settings\angi\Application Data\Lavasoft -> [Folder | Modified Date = 1/31/2008 9:48:44 AM | Attr = ] Macromedia -> C:\Documents and Settings\angi\Application Data\Macromedia -> [Folder | Modified Date = 1/13/2008 6:26:09 PM | Attr = ] Microsoft -> C:\Documents and Settings\angi\Application Data\Microsoft -> [Folder | Modified Date = 2/20/2008 4:50:36 PM | Attr = S] MX -> C:\Documents and Settings\angi\Application Data\MX -> [Folder | Modified Date = 2/19/2004 6:45:19 PM | Attr = ] Real -> C:\Documents and Settings\angi\Application Data\Real -> [Folder | Modified Date = 7/18/2005 10:09:16 PM | Attr = ] Share-to-Web Upload Folder -> C:\Documents and Settings\angi\Application Data\Share-to-Web Upload Folder -> [Folder | Modified Date = 1/12/2004 10:29:54 PM | Attr = ] Sun -> C:\Documents and Settings\angi\Application Data\Sun -> [Folder | Modified Date = 9/25/2004 11:00:19 AM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\angi\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/17/2008 1:15:30 PM | Attr = ] Symantec -> C:\Documents and Settings\angi\Application Data\Symantec -> [Folder | Modified Date = 3/13/2004 9:10:12 AM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 2/14/2008 12:03:20 PM | Attr = S] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2/14/2008 10:57:13 PM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = RH ] Norton AntiVirus - Scan my computer - angi.job -> C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - angi.job -> [Ver = | Size = 546 bytes | Modified Date = 2/15/2008 8:13:04 PM | Attr = ] Norton SystemWorks One Button Checkup.job -> C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job -> [Ver = | Size = 290 bytes | Modified Date = 2/18/2008 2:47:56 PM | Attr = ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/20/2008 6:08:35 PM | Attr = H ] Symantec Drmc.job -> C:\WINDOWS\Tasks\Symantec Drmc.job -> [Ver = | Size = 306 bytes | Modified Date = 2/20/2008 12:00:13 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\Allyson\Local Settings\Temporary Internet Files\Content.IE5\0PU3WH6Z\imgres[1].: 1907 bytes hidden from API C:\Documents and Settings\Allyson\Local Settings\Temporary Internet Files\Content.IE5\AV6BI9YF\petrifiedjello[1].: 51750 bytes hidden from API C:\Documents and Settings\Allyson\Local Settings\Temporary Internet Files\Content.IE5\WVDNMQVP\imgres[1].: 1792 bytes hidden from API C:\Documents and Settings\Allyson\My Documents\Pics\Pixxxx\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allyson\My Documents\Pics\Pixxxx\Winterball 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Allyson\My Documents\Pics\Pixxxx\Band Banquet 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\john\Application Data C:\Documents and Settings\john\Application Data\Adobe C:\Documents and Settings\john\Application Data\Adobe\Flash Player C:\Documents and Settings\john\Application Data\Adobe\Flash Player\AssetCache C:\Documents and Settings\john\Application Data\Adobe\Flash Player\AssetCache\2GGW4S84 C:\Documents and Settings\john\Application Data\desktop.ini 62 bytes C:\Documents and Settings\john\Application Data\Google C:\Documents and Settings\john\Application Data\Grisoft C:\Documents and Settings\john\Application Data\Grisoft\AVG Antispyware 7.5 C:\Documents and Settings\john\Application Data\Grisoft\AVG Antispyware 7.5\quarantine C:\Documents and Settings\john\Application Data\Grisoft\AVG Antispyware 7.5\Reports C:\Documents and Settings\john\Application Data\Identities C:\Documents and Settings\john\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271} C:\Documents and Settings\john\Application Data\Macromedia C:\Documents and Settings\john\Application Data\Macromedia\Flash Player C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\#SharedObjects C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\#SharedObjects\W93QYAQ7 C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\macromedia.com C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\macromedia.com\support C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys C:\Documents and Settings\john\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes C:\Documents and Settings\john\Application Data\Microsoft C:\Documents and Settings\john\Application Data\Microsoft\AddIns C:\Documents and Settings\john\Application Data\Microsoft\Address Book C:\Documents and Settings\john\Application Data\Microsoft\Address Book\john.wab 176594 bytes C:\Documents and Settings\john\Application Data\Microsoft\Credentials C:\Documents and Settings\john\Application Data\Microsoft\Credentials\S-1-5-21-1644491937-527237240-682003330-1003 C:\Documents and Settings\john\Application Data\Microsoft\Excel C:\Documents and Settings\john\Application Data\Microsoft\Excel\XLSTART C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\brndlog.bak 141 bytes C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\brndlog.txt 10380 bytes C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Desktop.htt 2694 bytes C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini 177 bytes C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk 779 bytes C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf 79 bytes C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk 804 bytes C:\Documents and Settings\john\Application Data\Microsoft\Office C:\Documents and Settings\john\Application Data\Microsoft\Office\Excel10.pip 1472 bytes C:\Documents and Settings\john\Application Data\Microsoft\Office\Recent C:\Documents and Settings\john\Application Data\Microsoft\Office\Recent\Desktop.LNK 305 bytes C:\Documents and Settings\john\Application Data\Microsoft\Office\Recent\index.dat 70 bytes C:\Documents and Settings\john\Application Data\Microsoft\Office\Recent\New Microsoft Excel Worksheet.LNK 525 bytes C:\Documents and Settings\john\Application Data\Microsoft\Protect C:\Documents and Settings\john\Application Data\Microsoft\Protect\CREDHIST 296 bytes C:\Documents and Settings\john\Application Data\Microsoft\SystemCertificates C:\Documents and Settings\john\Application Data\Microsoft\SystemCertificates\My C:\Documents and Settings\john\Application Data\Microsoft\SystemCertificates\My\Certificates C:\Documents and Settings\john\Application Data\Microsoft\SystemCertificates\My\CRLs C:\Documents and Settings\john\Application Data\Microsoft\SystemCertificates\My\CTLs C:\Documents and Settings\john\Application Data\Microsoft\Windows C:\Documents and Settings\john\Application Data\Microsoft\Windows\Themes C:\Documents and Settings\john\Application Data\Microsoft\Windows\Themes\Custom.theme 5749 bytes C:\Documents and Settings\john\Application Data\Real C:\Documents and Settings\john\Application Data\Real\RealMediaSDK C:\Documents and Settings\john\Application Data\Real\RealPlayer C:\Documents and Settings\john\Application Data\Real\RealPlayer\ErrorLogs C:\Documents and Settings\john\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log 4 bytes C:\Documents and Settings\john\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log 4 bytes C:\Documents and Settings\john\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log 4 bytes C:\Documents and Settings\john\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log 4 bytes C:\Documents and Settings\john\Application Data\Real\rnadmin C:\Documents and Settings\john\Application Data\Share-to-Web Upload Folder C:\Documents and Settings\john\Application Data\Sun C:\Documents and Settings\john\Application Data\Sun\Java C:\Documents and Settings\john\Application Data\Sun\Java\Deployment C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0 C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\ext C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\tmp C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\tmp C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\deployment.properties 705 bytes C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\ext C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\log C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\log\plugin150_04.trace 709 bytes C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\log\plugin150_06.trace 1623 bytes C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\security C:\Documents and Settings\john\Application Data\Symantec C:\Documents and Settings\john\Application Data\Symantec\NPMDataStore C:\Documents and Settings\john\Cookies C:\Documents and Settings\john\Cookies\index.dat 32768 bytes C:\Documents and Settings\john\Cookies\john@adopt.specificclick[1].txt 542 bytes C:\Documents and Settings\john\Cookies\john@ads.pointroll[1].txt 621 bytes C:\Documents and Settings\john\Cookies\john@casalemedia[2].txt 583 bytes C:\Documents and Settings\john\Cookies\john@google[1].txt 136 bytes C:\Documents and Settings\john\Cookies\john@specificclick[1].txt 506 bytes C:\Documents and Settings\john\Cookies\john@synacor.112.2o7[1].txt 117 bytes C:\Documents and Settings\john\Cookies\john@wowway[1].txt 106 bytes C:\Documents and Settings\john\Cookies\john@wowway[2].txt 143 bytes C:\Documents and Settings\john\Desktop C:\Documents and Settings\john\Desktop\Internet Explorer.lnk 809 bytes C:\Documents and Settings\john\Desktop\Microsoft Access.lnk 1990 bytes C:\Documents and Settings\john\Desktop\Microsoft Excel.lnk 2481 bytes C:\Documents and Settings\john\Favorites C:\Documents and Settings\john\Favorites\CBS SportsLine.com.url 416 bytes C:\Documents and Settings\john\Favorites\Desktop.ini 122 bytes C:\Documents and Settings\john\Favorites\Links C:\Documents and Settings\john\Favorites\Links\Customize Links.url 119 bytes C:\Documents and Settings\john\Favorites\Links\Free Hotmail.url 113 bytes C:\Documents and Settings\john\Favorites\Links\Windows Media.url 118 bytes C:\Documents and Settings\john\Favorites\Links\Windows.url 113 bytes C:\Documents and Settings\john\Favorites\MSN.com.url 119 bytes C:\Documents and Settings\john\Favorites\Radio Station Guide.url 197 bytes C:\Documents and Settings\john\Local Settings C:\Documents and Settings\john\Local Settings\Application Data C:\Documents and Settings\john\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 49736 bytes C:\Documents and Settings\john\Local Settings\Application Data\Google C:\Documents and Settings\john\Local Settings\Application Data\Google\Custom Buttons C:\Documents and Settings\john\Local Settings\Application Data\Google\Custom Buttons\Enterprise C:\Documents and Settings\john\Local Settings\Application Data\Google\Custom Buttons\Overrides C:\Documents and Settings\john\Local Settings\Application Data\IconCache.db 4313586 bytes C:\Documents and Settings\john\Local Settings\Application Data\Identities C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271} C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271}\Microsoft C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271}\Microsoft\Outlook Express C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271}\Microsoft\Outlook Express\cleanup.log 1035 bytes C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271}\Microsoft\Outlook Express\Folders.dbx 75204 bytes C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271}\Microsoft\Outlook Express\Inbox.dbx 139376 bytes C:\Documents and Settings\john\Local Settings\Application Data\Identities\{95E871CB-B22E-4C2A-937C-C709FC055271}\Microsoft\Outlook Express\Offline.dbx 9656 bytes C:\Documents and Settings\john\Local Settings\Application Data\Microsoft C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\CD Burning C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Credentials C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1644491937-527237240-682003330-1003 C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Internet Explorer C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT 16384 bytes C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 262144 bytes C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 1024 bytes C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows Media C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows Media\10.0 C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD 498 bytes C:\Documents and Settings\john\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML 12787 bytes C:\Documents and Settings\john\Local Settings\desktop.ini 62 bytes C:\Documents and Settings\john\Local Settings\History C:\Documents and Settings\john\Local Settings\History\desktop.ini 113 bytes C:\Documents and Settings\john\Local Settings\History\History.IE5 C:\Documents and Settings\john\Local Settings\History\History.IE5\desktop.ini 113 bytes C:\Documents and Settings\john\Local Settings\History\History.IE5\index.dat 32768 bytes C:\Documents and Settings\john\Local Settings\History\History.IE5\MSHist012008022020080221 C:\Documents and Settings\john\Local Settings\History\History.IE5\MSHist012008022020080221\index.dat 32768 bytes C:\Documents and Settings\john\Local Settings\Temp C:\Documents and Settings\john\Local Settings\Temp\offcln10.log 36429 bytes C:\Documents and Settings\john\Local Settings\Temp\Google Toolbar C:\Documents and Settings\john\Local Settings\Temp\hph10 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph11 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph12 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph13 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph14 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph15 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph16 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph17 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph2 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph3 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph4 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph5 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph6 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph7 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph8 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hph9 3691 bytes C:\Documents and Settings\john\Local Settings\Temp\hsperfdata_john C:\Documents and Settings\john\Local Settings\Temp\java_install_reg.log 1664 bytes C:\Documents and Settings\john\Local Settings\Temp\jusched.log 884 bytes C:\Documents and Settings\john\Local Settings\Temp\Office XP Professional Setup(0001).txt 3176 bytes C:\Documents and Settings\john\Local Settings\Temp\Office XP Professional Setup(0001)_Task(0001).txt 579790 bytes C:\Documents and Settings\john\Local Settings\Temp\TWAIN.LOG 1116 bytes C:\Documents and Settings\john\Local Settings\Temp\Twain001.Mtx 2 bytes C:\Documents and Settings\john\Local Settings\Temp\Twunk001.MTX 156 bytes C:\Documents and Settings\john\Local Settings\Temp\Twunk002.MTX 0 bytes C:\Documents and Settings\john\Local Settings\Temp\WER10.tmp 0 bytes C:\Documents and Settings\john\Local Settings\Temp\WER10.tmp.dir00 C:\Documents and Settings\john\Local Settings\Temp\WER10.tmp.dir00\sysdata.xml 28968 bytes C:\Documents and Settings\john\Local Settings\Temp\WER4.tmp 0 bytes C:\Documents and Settings\john\Local Settings\Temp\WER4.tmp.dir00 C:\Documents and Settings\john\Local Settings\Temp\WER4.tmp.dir00\sysdata.xml 21346 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\14ALPFSM C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\14ALPFSM\desktop.ini 67 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\CCMR1QQF C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\CCMR1QQF\desktop.ini 67 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\index.dat 557056 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\VWVAA48H C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\VWVAA48H\desktop.ini 67 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\WT2LG1AH C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\WT2LG1AH\CSPCA[1].crl 552 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\Content.IE5\WT2LG1AH\desktop.ini 67 bytes C:\Documents and Settings\john\Local Settings\Temporary Internet Files\desktop.ini 67 bytes C:\Documents and Settings\john\My Documents C:\Documents and Settings\john\My Documents\desktop.ini 75 bytes C:\Documents and Settings\john\My Documents\My Music C:\Documents and Settings\john\My Documents\My Music\Desktop.ini 180 bytes C:\Documents and Settings\john\My Documents\My Music\Sample Music.lnk 638 bytes C:\Documents and Settings\john\My Documents\My Pictures C:\Documents and Settings\john\My Documents\My Pictures\Desktop.ini 182 bytes C:\Documents and Settings\john\My Documents\My Pictures\Sample Pictures.lnk 668 bytes C:\Documents and Settings\john\My Documents\My Pictures\Thumbs.db 10752 bytes C:\Documents and Settings\john\NetHood C:\Documents and Settings\john\ntuser.dat 1310720 bytes C:\Documents and Settings\john\ntuser.dat.LOG 1024 bytes C:\Documents and Settings\john\ntuser.ini 180 bytes C:\Documents and Settings\john\PrintHood C:\Documents and Settings\john\Recent C:\Documents and Settings\john\Recent\chickenofthesea.lnk 890 bytes C:\Documents and Settings\john\Recent\Desktop.ini 150 bytes C:\Documents and Settings\john\Recent\New Microsoft Excel Worksheet.lnk 585 bytes C:\Documents and Settings\john\Recent\Random Pics.lnk 612 bytes C:\Documents and Settings\john\SendTo C:\Documents and Settings\john\SendTo\Compressed (zipped) Folder.ZFSendToTarget 0 bytes C:\Documents and Settings\john\SendTo\Desktop (create shortcut).DeskLink 0 bytes C:\Documents and Settings\john\SendTo\desktop.ini 181 bytes C:\Documents and Settings\john\SendTo\Mail Recipient.MAPIMail 0 bytes C:\Documents and Settings\john\SendTo\My Documents.mydocs 0 bytes C:\Documents and Settings\john\Start Menu C:\Documents and Settings\john\Start Menu\desktop.ini 62 bytes C:\Documents and Settings\john\Start Menu\Programs C:\Documents and Settings\john\Start Menu\Programs\Accessories C:\Documents and Settings\john\Start Menu\Programs\Accessories\Accessibility C:\Documents and Settings\john\Start Menu\Programs\Accessories\Accessibility\desktop.ini 348 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 1525 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 1532 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 1501 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 1539 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Address Book.lnk 774 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Command Prompt.lnk 1555 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\desktop.ini 542 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Entertainment C:\Documents and Settings\john\Start Menu\Programs\Accessories\Entertainment\desktop.ini 84 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 804 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Notepad.lnk 1519 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 386 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Synchronize.lnk 1519 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Tour Windows XP.lnk 1527 bytes C:\Documents and Settings\john\Start Menu\Programs\Accessories\Windows Explorer.lnk 1487 bytes C:\Documents and Settings\john\Start Menu\Programs\desktop.ini 292 bytes C:\Documents and Settings\john\Start Menu\Programs\Internet Explorer.lnk 767 bytes C:\Documents and Settings\john\Start Menu\Programs\Outlook Express.lnk 738 bytes C:\Documents and Settings\john\Start Menu\Programs\Remote Assistance.lnk 1599 bytes C:\Documents and Settings\john\Start Menu\Programs\Startup C:\Documents and Settings\john\Start Menu\Programs\Startup\desktop.ini 84 bytes C:\Documents and Settings\john\Start Menu\Programs\Windows Media Player.lnk 792 bytes C:\Documents and Settings\john\Templates C:\Documents and Settings\john\Templates\amipro.sam 4570 bytes C:\Documents and Settings\john\Templates\excel.xls 5632 bytes C:\Documents and Settings\john\Templates\excel4.xls 1518 bytes C:\Documents and Settings\john\Templates\lotus.wk4 2448 bytes C:\Documents and Settings\john\Templates\powerpnt.ppt 12288 bytes C:\Documents and Settings\john\Templates\presenta.shw 461 bytes C:\Documents and Settings\john\Templates\quattro.wb2 4017 bytes C:\Documents and Settings\john\Templates\sndrec.wav 58 bytes C:\Documents and Settings\john\Templates\winword.doc 4608 bytes C:\Documents and Settings\john\Templates\winword2.doc 1769 bytes C:\Documents and Settings\john\Templates\wordpfct.wpd 30 bytes C:\Documents and Settings\john\Templates\wordpfct.wpg 57 bytes C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\4DQJ0PQZ\themario[1].: 44228 bytes hidden from API C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\ET9AZ6D4\imghp[1].: 2617 bytes hidden from API C:\Documents and Settings\Tina\Local Settings\Temporary Internet Files\Content.IE5\OZD3AMBX\sky_icons[1].: 4223 bytes hidden from API C:\Documents and Settings\Tina\My Documents\Pictures\Bleach\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\comics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\Fanart\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\FMA\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\Kitties\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\LJ Icons\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\Stuff2Print\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tina\My Documents\Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 277 < End of report > [/code]