[code] WinPFind35 logfile created on: 2/21/2008 11:27:54 PM WinPFind35U Version 1.0.0.1 Folder = C:\Documents and Settings\Patty Dong\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 96.80% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.12 Gb Total Space | 37.50 Gb Free Space | 52.74% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MANGO Current User Name: Patty Dong Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 161392 bytes | Modified Date = 6/2/2005 8:21:46 AM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 185968 bytes | Modified Date = 6/2/2005 8:21:40 AM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] client32.exe -> %ProgramFiles%\NetSupport Manager\client32.exe -> NetSupport Ltd [Ver = V9.10 | Size = 16447 bytes | Modified Date = 7/27/2005 10:30:54 AM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 19648 bytes | Modified Date = 6/23/2005 6:27:18 PM | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 4/25/2005 8:49:52 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 163908 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 12:51:48 AM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 1715904 bytes | Modified Date = 6/23/2005 6:27:28 PM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/23/2005 12:20:44 AM | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 4/25/2005 8:50:08 AM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 48752 bytes | Modified Date = 6/2/2005 8:21:38 AM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 85696 bytes | Modified Date = 6/23/2005 6:27:36 PM | Attr = ] winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 33792 bytes | Modified Date = 12/20/2004 1:41:22 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 3/12/2007 12:49:26 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ] nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 3/12/2007 12:49:46 PM | Attr = ] nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 2,0,5,0 | Size = 1209904 bytes | Modified Date = 3/12/2007 12:49:46 PM | Attr = ] acrobat_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 32256 bytes | Modified Date = 12/14/2004 3:44:16 AM | Attr = ] aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 10/27/2005 9:31:11 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 8/4/2005 4:02:58 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 185968 bytes | Modified Date = 6/2/2005 8:21:40 AM | Attr = ] (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 83568 bytes | Modified Date = 6/2/2005 8:21:46 AM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 161392 bytes | Modified Date = 6/2/2005 8:21:46 AM | Attr = ] (Client32) Client32 [Win32_Own | Auto | Running] -> %ProgramFiles%\NetSupport Manager\client32.exe -> NetSupport Ltd [Ver = V9.10 | Size = 16447 bytes | Modified Date = 7/27/2005 10:30:54 AM | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 19648 bytes | Modified Date = 6/23/2005 6:27:18 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (IAANTMon) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTMon.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 86142 bytes | Modified Date = 4/25/2005 8:49:52 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 3/12/2007 12:49:46 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 163908 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.1.1000 | Size = 124608 bytes | Modified Date = 6/23/2005 6:27:30 PM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.2.1 | Size = 206552 bytes | Modified Date = 4/22/2005 11:03:28 AM | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 3/30/2005 8:48:22 PM | Attr = ] (StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/2/2005 12:51:48 AM | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 1715904 bytes | Modified Date = 6/23/2005 6:27:28 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 1:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 1:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 1:51:58 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 8/4/2005 4:10:18 AM | Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 1:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 1:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (DP1112) DP1112 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\Drivers\DP.sys -> File not found (E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.15.0 built by: WinDDK | Size = 155648 bytes | Modified Date = 10/14/2004 8:30:46 PM | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/18/2008 4:00:00 AM | Attr = ] (gdihook5) gdihook5 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gdihook5.sys -> NetSupport Ltd [Ver = V9.10 | Size = 24633 bytes | Modified Date = 7/27/2005 10:30:26 AM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 5:45:54 PM | Attr = ] (iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 5.0.1.1001 | Size = 871040 bytes | Modified Date = 7/8/2005 10:02:00 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> Logitech, Inc. [Ver = 2.30.314.00 | Size = 24704 bytes | Modified Date = 12/10/2004 12:48:46 PM | Attr = ] (LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsbK.sys -> Logitech, Inc. [Ver = 2.30.314.00 | Size = 36480 bytes | Modified Date = 12/10/2004 12:48:18 PM | Attr = ] (LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> Logitech, Inc. [Ver = 2.30.314.00 | Size = 68992 bytes | Modified Date = 12/10/2004 12:48:40 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 1:52:12 PM | Attr = ] (NAL) Nal Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iqvw32.sys -> Intel Corporation [Ver = 1.01.0.4 built by: WinDDK | Size = 19456 bytes | Modified Date = 11/2/2004 3:12:14 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080221.002\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 82256 bytes | Modified Date = 2/20/2008 4:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080221.002\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.2.10 | Size = 895376 bytes | Modified Date = 2/20/2008 4:00:00 AM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 6704096 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 7:45:06 PM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCISys) PCISys [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pcisys.sys -> NetSupport Ltd [Ver = V9.10D | Size = 32823 bytes | Modified Date = 7/27/2005 10:30:28 AM | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (Phmsdtior) Phmsdtior [File_System | Disabled | Stopped] -> -> File not found (PRISM_A02) 802.11a/g USB Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WUSB20XP.sys -> Cisco-Linksys, LLC. [Ver = 1.0.8 | Size = 339488 bytes | Modified Date = 4/15/2004 12:13:00 AM | Attr = R ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 8/24/2006 10:47:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 1:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 1:52:18 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 1:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 5:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 12:39:26 PM | Attr = ] (SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 324232 bytes | Modified Date = 2/4/2005 7:14:30 PM | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 53896 bytes | Modified Date = 2/4/2005 7:14:32 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:44 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 2:07:44 PM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,5,1,3 | Size = 372832 bytes | Modified Date = 3/30/2005 8:48:20 PM | Attr = ] (STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4568.0 nd84 cp1 | Size = 180864 bytes | Modified Date = 6/14/2005 10:40:08 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 2:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 2:07:36 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.2.4 | Size = 123488 bytes | Modified Date = 5/13/2005 6:50:10 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.2.1 | Size = 17976 bytes | Modified Date = 4/22/2005 11:03:00 AM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.2.1 | Size = 267192 bytes | Modified Date = 4/22/2005 11:03:02 AM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 2:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 2:07:42 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 1:52:22 PM | Attr = ] (Vax347b) Vax347b [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347b.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 159616 bytes | Modified Date = 4/25/2005 9:43:58 AM | Attr = ] (Vax347s) Vax347s [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Vax347s.sys -> [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 4/30/2004 8:33:00 AM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] 10e21512 -> %SystemRoot%\system32\fmshssrw.DLL -> File not found ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 8/5/2005 9:05:00 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.4.3 | Size = 48752 bytes | Modified Date = 6/2/2005 8:21:38 AM | Attr = ] IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 5.0.1.1001 | Size = 139264 bytes | Modified Date = 4/25/2005 8:50:08 AM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.30.314 | Size = 49152 bytes | Modified Date = 12/10/2004 12:45:26 PM | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/9/2007 5:53:56 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 8425472 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 81920 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Modified Date = 3/23/2005 12:20:44 AM | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 85696 bytes | Modified Date = 6/23/2005 6:27:36 PM | Attr = ] WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 33792 bytes | Modified Date = 12/20/2004 1:41:22 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 3/12/2007 12:49:26 PM | Attr = ] Steam -> -> File not found SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ] WindowsUpd -> -> File not found < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SysUpd -> -> File not found WindowsUpd -> -> File not found < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SysUpd -> -> File not found WindowsUpd -> -> File not found < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SysUpd -> -> File not found WindowsUpd -> -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SysUpd -> -> File not found WindowsUpd -> -> File not found < Run [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 2,0,5,0 | Size = 153136 bytes | Modified Date = 3/12/2007 12:49:26 PM | Attr = ] Steam -> -> File not found SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr = ] WindowsUpd -> -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 1/23/2008 6:45:19 PM | Attr = R ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Patty Dong Startup Folder > -> C:\Documents and Settings\Patty Dong\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.0.1.1000 | Size = 43712 bytes | Modified Date = 6/23/2005 6:27:44 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> about:ror -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.pace.edu/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.dell4me.com/mywaybiz -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell4me.com/mywaybiz -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.dell4me.com/mywaybiz -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: Main\\Default_Page_URL -> about:21-32 -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: Main\\Start Page -> http://www.pace.edu/ -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1182 domain(s) found. -> 60 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1183 domain(s) found. -> 60 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 24 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1183 domain(s) found. -> 60 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 24 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1183 domain(s) found. -> 60 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 24 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1183 domain(s) found. -> 60 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 24 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1182 domain(s) found. -> 60 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 12:56:50 AM | Attr = ] {280FFED6-BD4F-4465-BA25-73CD567BE4D4} [HKEY_LOCAL_MACHINE] -> [] -> File not found {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] {2BC9C452-BB57-4896-A9A2-64611E06C9AA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\] > -> HKEY_USERS\S-1-5-21-3205047516-3732847533-3892552478-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 1:13:40 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {06BCAF69-5874-4A26-8870-2805270EC495} -> 10.10.1.1,0.0.0.0 (Intel(R) PRO/100 VE Network Connection) -> {859BB9C5-AC71-4AE0-A8A1-6A33B5AE1940} -> 10.10.1.1 (Linksys Wireless-G USB Network Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194325165515[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194325141375[MUWebControl Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] C:\WINDOWS\system32\mllji.dll -> %SystemRoot%\system32\mllji.dll -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8615 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP\SmartFTP.exe -> C:\Program Files\SmartFTP\SmartFTP.exe [C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Valve\Steam\SteamApps\raywu87\counter-strike\hl.exe -> C:\Program Files\Valve\Steam\SteamApps\raywu87\counter-strike\hl.exe [C:\Program Files\Valve\Steam\SteamApps\raywu87\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> Nexon [Ver = 1, 0, 0, 3 | Size = 110592 bytes | Modified Date = 5/20/2007 11:17:42 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetSupport Manager\client32.exe -> C:\Program Files\NetSupport Manager\client32.exe [C:\Program Files\NetSupport Manager\client32.exe:*:Enabled:NetSupport Client] -> NetSupport Ltd [Ver = V9.10 | Size = 16447 bytes | Modified Date = 7/27/2005 10:30:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetSupport Manager\PCICTLUI.EXE -> C:\Program Files\NetSupport Manager\PCICTLUI.EXE [C:\Program Files\NetSupport Manager\PCICTLUI.EXE:*:Enabled:NetSupport Control] -> NetSupport Ltd [Ver = V9.10 | Size = 36924 bytes | Modified Date = 7/27/2005 10:30:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetSupport Manager\pcideply.exe -> C:\Program Files\NetSupport Manager\pcideply.exe [C:\Program Files\NetSupport Manager\pcideply.exe:*:Enabled:NetSupport Deploy] -> NetSupport Ltd [Ver = V9.10 | Size = 40960 bytes | Modified Date = 7/27/2005 10:01:16 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetSupport Manager\PCISA.EXE -> C:\Program Files\NetSupport Manager\PCISA.EXE [C:\Program Files\NetSupport Manager\PCISA.EXE:*:Enabled:NetSupport Scripting Agent] -> NetSupport Ltd [Ver = V9.10 | Size = 172092 bytes | Modified Date = 7/27/2005 10:31:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetSupport Manager\pciscrui.exe -> C:\Program Files\NetSupport Manager\pciscrui.exe [C:\Program Files\NetSupport Manager\pciscrui.exe:*:Enabled:NetSupport Script Editor] -> NetSupport Ltd [Ver = V9.10 | Size = 360511 bytes | Modified Date = 7/27/2005 10:31:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetSupport Manager\runscrip.exe -> C:\Program Files\NetSupport Manager\runscrip.exe [C:\Program Files\NetSupport Manager\runscrip.exe:*:Enabled:NetSupport Run Script] -> NetSupport Ltd [Ver = V9.10 | Size = 98367 bytes | Modified Date = 7/27/2005 10:31:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> -> File not found .cmd [@ = cmdfile] -> -> File not found .com [@ = comfile] -> -> File not found .exe [@ = exefile] -> -> File not found .hta [@ = ] -> Reg Error: Key does not exist or could not be opened. -> .pif [@ = piffile] -> -> File not found .scr [@ = scrfile] -> -> File not found [Files/Folders - Created Within 90 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2682425344 bytes | Modified Date = 2/21/2008 11:22:14 PM | Attr = HS] spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Created Date = 1/28/2008 10:21:35 AM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] dshexxxp.ini -> %SystemRoot%\System32\dshexxxp.ini -> [Ver = | Size = 1237291 bytes | Modified Date = 2/19/2008 9:37:18 PM | Attr = HS] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Modified Date = 7/31/2004 5:50:36 PM | Attr = ] EVGA -> %SystemRoot%\System32\EVGA -> [Folder | Created Date = 1/6/2008 3:21:42 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> evga.ico -> %SystemRoot%\System32\evga.ico -> [Ver = | Size = 16958 bytes | Modified Date = 6/24/2005 5:05:34 PM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:47 AM | Attr = ] ijllm.ini2 -> %SystemRoot%\System32\ijllm.ini2 -> [Ver = | Size = 240062 bytes | Modified Date = 2/20/2008 9:44:02 PM | Attr = HS] keystone.exe -> %SystemRoot%\System32\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvapi.dll -> %SystemRoot%\System32\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 335872 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = ] nvappbar.exe -> %SystemRoot%\System32\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [Ver = | Size = 111171 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 111171 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvcod.dll -> %SystemRoot%\System32\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36352 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = ] nvcodins.dll -> %SystemRoot%\System32\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 36352 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvcolor.exe -> %SystemRoot%\System32\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 143360 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvcpl.cpl -> %SystemRoot%\System32\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.2.14 | Size = 73728 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvcpl.dll -> %SystemRoot%\System32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 8425472 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = ] nvcplui.exe -> %SystemRoot%\System32\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.2.14 | Size = 815104 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvcpluir.dll -> %SystemRoot%\System32\nvcpluir.dll -> NVIDIA Corporation [Ver = 1.4.2.14 | Size = 1069056 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 17177 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvdisps.dll -> %SystemRoot%\System32\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 5718016 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvdispsr.dll -> %SystemRoot%\System32\nvdispsr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 5251072 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvdspsch.exe -> %SystemRoot%\System32\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvexpbar.dll -> %SystemRoot%\System32\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.2.14 | Size = 307200 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvgames.dll -> %SystemRoot%\System32\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 3145728 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvgamesr.dll -> %SystemRoot%\System32\nvgamesr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 3235840 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nview.dll -> %SystemRoot%\System32\nview.dll -> [Ver = | Size = 1470464 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvmccs.dll -> %SystemRoot%\System32\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 229376 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvmccsrs.dll -> %SystemRoot%\System32\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 45056 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvmccss.dll -> %SystemRoot%\System32\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 188416 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvmccssr.dll -> %SystemRoot%\System32\nvmccssr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 458752 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvmctray.dll -> %SystemRoot%\System32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 81920 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvmobls.dll -> %SystemRoot%\System32\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 958464 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvmoblsr.dll -> %SystemRoot%\System32\nvmoblsr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 2854912 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvnt4cpl.dll -> %SystemRoot%\System32\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvoglnt.dll -> %SystemRoot%\System32\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 6660096 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvrsar.dll -> %SystemRoot%\System32\nvrsar.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 327680 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrscs.dll -> %SystemRoot%\System32\nvrscs.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 245760 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsda.dll -> %SystemRoot%\System32\nvrsda.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 253952 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsde.dll -> %SystemRoot%\System32\nvrsde.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 274432 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsel.dll -> %SystemRoot%\System32\nvrsel.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 282624 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrseng.dll -> %SystemRoot%\System32\nvrseng.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 245760 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrses.dll -> %SystemRoot%\System32\nvrses.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 282624 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsesm.dll -> %SystemRoot%\System32\nvrsesm.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 274432 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsfi.dll -> %SystemRoot%\System32\nvrsfi.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 245760 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsfr.dll -> %SystemRoot%\System32\nvrsfr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 282624 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrshe.dll -> %SystemRoot%\System32\nvrshe.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 327680 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrshu.dll -> %SystemRoot%\System32\nvrshu.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 258048 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsit.dll -> %SystemRoot%\System32\nvrsit.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 278528 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsja.dll -> %SystemRoot%\System32\nvrsja.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 266240 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsko.dll -> %SystemRoot%\System32\nvrsko.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 262144 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsnl.dll -> %SystemRoot%\System32\nvrsnl.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 274432 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsno.dll -> %SystemRoot%\System32\nvrsno.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 253952 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrspl.dll -> %SystemRoot%\System32\nvrspl.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 253952 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrspt.dll -> %SystemRoot%\System32\nvrspt.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 270336 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsptb.dll -> %SystemRoot%\System32\nvrsptb.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 266240 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrsru.dll -> %SystemRoot%\System32\nvrsru.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 266240 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrssk.dll -> %SystemRoot%\System32\nvrssk.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 258048 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrssl.dll -> %SystemRoot%\System32\nvrssl.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 253952 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrssv.dll -> %SystemRoot%\System32\nvrssv.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 253952 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrstr.dll -> %SystemRoot%\System32\nvrstr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 253952 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrszhc.dll -> %SystemRoot%\System32\nvrszhc.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 225280 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvrszht.dll -> %SystemRoot%\System32\nvrszht.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 122880 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvshell.dll -> %SystemRoot%\System32\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvsvc32.exe -> %SystemRoot%\System32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 163908 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvtuicpl.cpl -> %SystemRoot%\System32\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvucode.bin -> %SystemRoot%\System32\nvucode.bin -> [Ver = | Size = 928096 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = ] nvvitvs.dll -> %SystemRoot%\System32\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 3391488 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvvitvsr.dll -> %SystemRoot%\System32\nvvitvsr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 3620864 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvwddi.dll -> %SystemRoot%\System32\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 81920 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvwdmcpl.dll -> %SystemRoot%\System32\nvwdmcpl.dll -> [Ver = | Size = 1662976 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwimg.dll -> %SystemRoot%\System32\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsar.dll -> %SystemRoot%\System32\nvwrsar.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 282624 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrscs.dll -> %SystemRoot%\System32\nvwrscs.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 286720 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsda.dll -> %SystemRoot%\System32\nvwrsda.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 294912 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsde.dll -> %SystemRoot%\System32\nvwrsde.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 311296 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsel.dll -> %SystemRoot%\System32\nvwrsel.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 335872 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrseng.dll -> %SystemRoot%\System32\nvwrseng.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 286720 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrses.dll -> %SystemRoot%\System32\nvwrses.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 335872 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsesm.dll -> %SystemRoot%\System32\nvwrsesm.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 327680 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsfi.dll -> %SystemRoot%\System32\nvwrsfi.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 303104 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsfr.dll -> %SystemRoot%\System32\nvwrsfr.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 327680 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrshe.dll -> %SystemRoot%\System32\nvwrshe.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 278528 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrshu.dll -> %SystemRoot%\System32\nvwrshu.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 315392 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsit.dll -> %SystemRoot%\System32\nvwrsit.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 323584 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsja.dll -> %SystemRoot%\System32\nvwrsja.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 212992 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsko.dll -> %SystemRoot%\System32\nvwrsko.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 196608 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsnl.dll -> %SystemRoot%\System32\nvwrsnl.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 319488 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsno.dll -> %SystemRoot%\System32\nvwrsno.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 299008 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrspl.dll -> %SystemRoot%\System32\nvwrspl.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 294912 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrspt.dll -> %SystemRoot%\System32\nvwrspt.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 323584 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsptb.dll -> %SystemRoot%\System32\nvwrsptb.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 319488 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrsru.dll -> %SystemRoot%\System32\nvwrsru.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 315392 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrssk.dll -> %SystemRoot%\System32\nvwrssk.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 299008 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrssl.dll -> %SystemRoot%\System32\nvwrssl.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 303104 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrssv.dll -> %SystemRoot%\System32\nvwrssv.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 294912 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrstr.dll -> %SystemRoot%\System32\nvwrstr.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 303104 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrszhc.dll -> %SystemRoot%\System32\nvwrszhc.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 163840 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwrszht.dll -> %SystemRoot%\System32\nvwrszht.dll -> NVIDIA Corporation [Ver = 6.14.10.11080 | Size = 167936 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] nvwss.dll -> %SystemRoot%\System32\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 2113536 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nvwssr.dll -> %SystemRoot%\System32\nvwssr.dll -> NVIDIA Corporation [Ver = 6.14.11.0095 | Size = 2379776 bytes | Modified Date = 3/7/2007 8:49:00 AM | Attr = ] nwiz.exe -> %SystemRoot%\System32\nwiz.exe -> [Ver = | Size = 1622016 bytes | Modified Date = 3/6/2007 7:49:00 PM | Attr = R ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 6/5/2003 8:13:00 PM | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 4/27/2006 4:49:30 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 8/29/2006 6:43:54 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2006 9:36:06 AM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 12/1/2006 5:20:32 AM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2140 bytes | Modified Date = 2/20/2008 1:36:51 AM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 85504 bytes | Modified Date = 2/16/2008 7:46:45 PM | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 9/5/2007 11:22:23 PM | Attr = ] wrsshsmf.ini -> %SystemRoot%\System32\wrsshsmf.ini -> [Ver = | Size = 1244713 bytes | Modified Date = 2/20/2008 9:41:21 PM | Attr = HS] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 10/3/2007 11:36:46 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 2/20/2008 10:07:09 PM | Attr = R S] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1802 bytes | Modified Date = 2/20/2008 9:41:27 PM | Attr = ] NV3000812.TMP -> %SystemRoot%\NV3000812.TMP -> [Folder | Created Date = 1/6/2008 3:22:05 PM | Attr = ] NV33682136.TMP -> %SystemRoot%\NV33682136.TMP -> [Folder | Created Date = 1/6/2008 3:18:43 PM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Created Date = 1/6/2008 3:18:45 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2/20/2008 12:27:09 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2/20/2008 1:48:29 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2/20/2008 8:15:34 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/20/2008 1:48:38 AM | Attr = ] SealedMedia -> %AppData%\SealedMedia -> [Folder | Created Date = 2/4/2008 11:01:13 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2/20/2008 8:15:27 PM | Attr = ] Ventrilo -> %AppData%\Ventrilo -> [Folder | Created Date = 12/26/2007 3:47:17 PM | Attr = ] Steam -> %UserProfile%\Local Settings\Application Data\Steam -> [Folder | Created Date = 2/18/2008 12:10:32 AM | Attr = ] SealedMedia -> %AllUsersProfile%\Documents\SealedMedia -> [Folder | Created Date = 2/4/2008 11:01:01 AM | Attr = ] Patty Dong's Transcript.pdf -> %UserProfile%\My Documents\Patty Dong's Transcript.pdf -> [Ver = | Size = 121230 bytes | Modified Date = 1/30/2008 7:12:27 PM | Attr = ] ??curity -> %UserProfile%\My Documents\ѕеcurity -> [Folder | Modified Date = 5/21/2007 11:19:56 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/20/2008 1:48:34 AM | Attr = ] Ventrilo.lnk -> %AllUsersProfile%\Desktop\Ventrilo.lnk -> [Ver = | Size = 630 bytes | Modified Date = 12/26/2007 2:53:11 PM | Attr = ] KBYG_NIT_January 2008 (2).doc -> %UserProfile%\Desktop\KBYG_NIT_January 2008 (2).doc -> [Ver = | Size = 100352 bytes | Modified Date = 12/18/2007 2:47:38 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\KBYG_NIT_January 2008 (2).doc:Zone.Identifier KPMG New Hire Information SheetINTERN.doc -> %UserProfile%\Desktop\KPMG New Hire Information SheetINTERN.doc -> [Ver = | Size = 37376 bytes | Modified Date = 12/16/2007 7:07:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\KPMG New Hire Information SheetINTERN.doc:Zone.Identifier kpmg_campus_supp_application.doc -> %UserProfile%\Desktop\kpmg_campus_supp_application.doc -> [Ver = | Size = 70144 bytes | Modified Date = 1/2/2008 1:16:49 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\kpmg_campus_supp_application.doc:Zone.Identifier Pathway Student Letter.pdf -> %UserProfile%\Desktop\Pathway Student Letter.pdf -> [Ver = | Size = 1727118 bytes | Modified Date = 2/21/2008 12:15:00 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Pathway Student Letter.pdf:Zone.Identifier Spring 2008 -> %UserProfile%\Desktop\Spring 2008 -> [Folder | Created Date = 1/28/2008 9:29:33 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2/20/2008 8:15:28 PM | Attr = ] Winamp.lnk -> %UserProfile%\Desktop\Winamp.lnk -> [Ver = | Size = 654 bytes | Modified Date = 1/23/2008 6:01:27 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/21/2008 11:25:08 PM | Attr = ] Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 2/21/2008 11:23:07 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 12/26/2007 2:52:43 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2/20/2008 11:12:20 AM | Attr = RHS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2682425344 bytes | Modified Date = 2/21/2008 11:22:14 PM | Attr = HS] My Downloads -> %SystemDrive%\My Downloads -> [Folder | Modified Date = 1/23/2008 6:05:49 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/20/2008 8:15:27 PM | Attr = ] spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Modified Date = 1/28/2008 10:21:35 AM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2/18/2008 11:16:12 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/20/2008 10:17:57 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/20/2008 10:01:06 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/21/2008 12:01:24 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/20/2008 10:15:41 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/20/2008 10:08:10 PM | Attr = ] dshexxxp.ini -> %SystemRoot%\System32\dshexxxp.ini -> [Ver = | Size = 1237291 bytes | Modified Date = 2/19/2008 9:37:18 PM | Attr = HS] EVGA -> %SystemRoot%\System32\EVGA -> [Folder | Modified Date = 1/6/2008 3:21:42 PM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:47 AM | Attr = ] ijllm.ini2 -> %SystemRoot%\System32\ijllm.ini2 -> [Ver = | Size = 240062 bytes | Modified Date = 2/20/2008 9:44:02 PM | Attr = HS] pcisys.ntk -> %SystemRoot%\System32\pcisys.ntk -> [Ver = | Size = 8 bytes | Modified Date = 2/21/2008 11:22:05 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 2/21/2008 11:26:32 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 2/21/2008 11:26:32 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 2/21/2008 11:26:32 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/19/2008 10:30:29 PM | Attr = ] SLIM.ini -> %SystemRoot%\System32\SLIM.ini -> [Ver = | Size = 77 bytes | Modified Date = 12/5/2007 3:17:45 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2140 bytes | Modified Date = 2/20/2008 1:36:51 AM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 85504 bytes | Modified Date = 2/16/2008 7:46:45 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2/21/2008 11:22:57 PM | Attr = ] wrsshsmf.ini -> %SystemRoot%\System32\wrsshsmf.ini -> [Ver = | Size = 1244713 bytes | Modified Date = 2/20/2008 9:41:21 PM | Attr = HS] zshp1000.GID -> %SystemRoot%\System32\zshp1000.GID -> [Ver = | Size = 8628 bytes | Modified Date = 12/16/2007 6:59:07 PM | Attr = H ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/20/2008 10:06:28 PM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/20/2008 10:07:09 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/21/2008 11:22:18 PM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1802 bytes | Modified Date = 2/20/2008 9:41:27 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/19/2008 9:58:10 PM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/6/2008 3:24:02 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/20/2008 10:08:11 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/20/2008 10:09:15 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/20/2008 10:10:15 PM | Attr = HS] lviewpro.ini -> %SystemRoot%\lviewpro.ini -> [Ver = | Size = 8500 bytes | Modified Date = 1/23/2008 6:13:19 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2/10/2008 2:12:02 AM | Attr = ] NV3000812.TMP -> %SystemRoot%\NV3000812.TMP -> [Folder | Modified Date = 1/6/2008 3:24:21 PM | Attr = ] NV33682136.TMP -> %SystemRoot%\NV33682136.TMP -> [Folder | Modified Date = 1/6/2008 3:24:02 PM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 1/6/2008 3:23:53 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/20/2008 11:39:58 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2/20/2008 12:27:23 AM | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 1/24/2008 9:34:26 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2/20/2008 11:12:20 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/21/2008 11:26:32 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/21/2008 11:24:28 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 114 bytes | Modified Date = 2/20/2008 11:12:20 AM | Attr = ] winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 2/18/2008 11:14:28 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/21/2008 11:22:22 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2/20/2008 10:06:07 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 2/20/2008 10:06:07 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 10/27/2005 10:21:30 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Patty Dong\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 146672 bytes | Modified Date = 6/21/2007 2:07:10 PM | Attr = ] UE.exe -> C:\Documents and Settings\Patty Dong\Local Settings\Temp\UE.exe -> [Ver = | Size = 71680 bytes | Modified Date = 1/9/2008 9:52:00 AM | Attr = ] 2 C:\Documents and Settings\Patty Dong\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Patty Dong\Local Settings\Temp\*.tmp -> index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 2/20/2008 8:08:24 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 2/20/2008 8:08:24 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 65536 bytes | Modified Date = 2/20/2008 8:08:24 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 2/20/2008 6:17:11 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2/20/2008 1:48:29 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/20/2008 8:15:34 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/20/2008 1:48:38 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 1/27/2008 6:33:55 PM | Attr = S] SealedMedia -> %AppData%\SealedMedia -> [Folder | Modified Date = 2/4/2008 11:01:13 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/20/2008 8:15:27 PM | Attr = ] Ventrilo -> %AppData%\Ventrilo -> [Folder | Modified Date = 12/26/2007 3:58:20 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 1/23/2008 6:01:03 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4309484 bytes | Modified Date = 2/21/2008 3:25:12 AM | Attr = H ] Steam -> %UserProfile%\Local Settings\Application Data\Steam -> [Folder | Modified Date = 2/18/2008 12:10:32 AM | Attr = ] SealedMedia -> %AllUsersProfile%\Documents\SealedMedia -> [Folder | Modified Date = 2/19/2008 10:11:00 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/21/2008 2:09:53 AM | Attr = R ] Patty Dong's Transcript.pdf -> %UserProfile%\My Documents\Patty Dong's Transcript.pdf -> [Ver = | Size = 121230 bytes | Modified Date = 1/30/2008 7:12:27 PM | Attr = ] ??curity -> %UserProfile%\My Documents\ѕеcurity -> [Folder | Modified Date = 5/21/2007 11:19:56 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 2/20/2008 1:48:34 AM | Attr = ] Ventrilo.lnk -> %AllUsersProfile%\Desktop\Ventrilo.lnk -> [Ver = | Size = 630 bytes | Modified Date = 12/26/2007 2:53:11 PM | Attr = ] COLLEGE -> %UserProfile%\Desktop\COLLEGE -> [Folder | Modified Date = 2/7/2008 2:27:52 AM | Attr = ] KBYG_NIT_January 2008 (2).doc -> %UserProfile%\Desktop\KBYG_NIT_January 2008 (2).doc -> [Ver = | Size = 100352 bytes | Modified Date = 12/18/2007 2:47:38 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\KBYG_NIT_January 2008 (2).doc:Zone.Identifier KPMG New Hire Information SheetINTERN.doc -> %UserProfile%\Desktop\KPMG New Hire Information SheetINTERN.doc -> [Ver = | Size = 37376 bytes | Modified Date = 12/16/2007 7:07:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\KPMG New Hire Information SheetINTERN.doc:Zone.Identifier kpmg_campus_supp_application.doc -> %UserProfile%\Desktop\kpmg_campus_supp_application.doc -> [Ver = | Size = 70144 bytes | Modified Date = 1/2/2008 1:16:49 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\kpmg_campus_supp_application.doc:Zone.Identifier movies -> %UserProfile%\Desktop\movies -> [Folder | Modified Date = 2/18/2008 11:14:36 PM | Attr = ] music -> %UserProfile%\Desktop\music -> [Folder | Modified Date = 2/18/2008 11:14:31 PM | Attr = ] Pathway Student Letter.pdf -> %UserProfile%\Desktop\Pathway Student Letter.pdf -> [Ver = | Size = 1727118 bytes | Modified Date = 2/21/2008 12:15:00 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Pathway Student Letter.pdf:Zone.Identifier Pictures -> %UserProfile%\Desktop\Pictures -> [Folder | Modified Date = 2/9/2008 5:39:23 PM | Attr = ] Spring 2008 -> %UserProfile%\Desktop\Spring 2008 -> [Folder | Modified Date = 2/7/2008 2:21:39 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2/20/2008 8:15:28 PM | Attr = ] Winamp.lnk -> %UserProfile%\Desktop\Winamp.lnk -> [Ver = | Size = 654 bytes | Modified Date = 1/23/2008 6:01:27 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/21/2008 11:25:08 PM | Attr = ] WORK -> %UserProfile%\Desktop\WORK -> [Folder | Modified Date = 2/20/2008 11:23:40 PM | Attr = ] Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 2/21/2008 11:23:07 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 1/23/2008 6:01:12 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2/20/2008 8:15:02 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 10/25/2005 2:07:40 AM | Attr = RH ] Gtek -> C:\Documents and Settings\Administrator\Application Data\Gtek -> [Folder | Modified Date = 10/25/2005 2:07:42 AM | Attr = ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 8/10/2004 1:08:32 PM | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 10/25/2005 1:58:12 AM | Attr = S] Sun -> C:\Documents and Settings\Administrator\Application Data\Sun -> [Folder | Modified Date = 10/25/2005 1:53:42 AM | Attr = ] Symantec -> C:\Documents and Settings\Administrator\Application Data\Symantec -> [Folder | Modified Date = 10/25/2005 2:04:07 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 2/20/2008 8:15:34 PM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 7/24/2007 10:59:04 PM | Attr = ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 10/27/2005 9:31:15 PM | Attr = ] Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [Folder | Modified Date = 10/2/2006 8:10:53 PM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 7/24/2007 10:48:56 PM | Attr = ] AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [Folder | Modified Date = 12/15/2006 1:53:39 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 12/27/2006 12:04:09 AM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 11/7/2007 11:32:46 PM | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 2/20/2008 1:48:29 AM | Attr = ] GTek -> C:\Documents and Settings\All Users\Application Data\GTek -> [Folder | Modified Date = 10/27/2005 9:11:36 PM | Attr = ] INAC -> C:\Documents and Settings\All Users\Application Data\INAC -> [Folder | Modified Date = 5/28/2007 1:32:49 PM | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 10/25/2005 2:02:37 AM | Attr = ] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [Folder | Modified Date = 10/25/2005 2:01:16 AM | Attr = ] Macrovision -> C:\Documents and Settings\All Users\Application Data\Macrovision -> [Folder | Modified Date = 4/29/2007 6:48:34 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 3/19/2006 5:19:29 PM | Attr = S] Nero -> C:\Documents and Settings\All Users\Application Data\Nero -> [Folder | Modified Date = 4/2/2007 8:00:40 PM | Attr = ] NexonUS -> C:\Documents and Settings\All Users\Application Data\NexonUS -> [Folder | Modified Date = 5/20/2007 11:17:17 PM | Attr = ] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [Folder | Modified Date = 10/25/2005 2:00:40 AM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/20/2008 8:15:34 PM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 5/25/2006 10:54:29 PM | Attr = ] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 7/24/2007 11:00:26 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 10/26/2005 8:36:34 PM | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 10/25/2005 2:07:40 AM | Attr = RH ] Gtek -> C:\Documents and Settings\Default User\Application Data\Gtek -> [Folder | Modified Date = 10/25/2005 2:07:42 AM | Attr = ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 8/10/2004 1:08:32 PM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 10/25/2005 1:58:12 AM | Attr = S] Sun -> C:\Documents and Settings\Default User\Application Data\Sun -> [Folder | Modified Date = 10/25/2005 1:53:42 AM | Attr = ] Symantec -> C:\Documents and Settings\Default User\Application Data\Symantec -> [Folder | Modified Date = 10/25/2005 2:04:07 AM | Attr = ] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 5/21/2007 11:22:42 PM | Attr = ] Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [Folder | Modified Date = 5/21/2007 11:23:02 PM | Attr = ] Google -> C:\Documents and Settings\LocalService\Application Data\Google -> [Folder | Modified Date = 5/21/2007 11:22:21 PM | Attr = ] Help -> C:\Documents and Settings\LocalService\Application Data\Help -> [Folder | Modified Date = 12/20/2005 12:36:56 AM | Attr = ] Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [Folder | Modified Date = 5/21/2007 10:30:32 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 8/21/2006 9:42:25 PM | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 8/10/2004 1:08:14 PM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 8/10/2004 12:57:26 PM | Attr = S] C:\Documents and Settings\Patty Dong\Application Data\ -> C:\Documents and Settings\Patty Dong\Application Data -> [Folder | Modified Date = 2/20/2008 8:15:27 PM | Attr = RH ] .ABC 3.0.0 -> C:\Documents and Settings\Patty Dong\Application Data\.ABC 3.0.0 -> [Folder | Modified Date = 10/31/2005 4:30:00 PM | Attr = ] Adobe -> C:\Documents and Settings\Patty Dong\Application Data\Adobe -> [Folder | Modified Date = 7/24/2007 10:59:04 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Patty Dong\Application Data\AdobeUM -> [Folder | Modified Date = 10/27/2005 10:15:46 PM | Attr = ] Ahead -> C:\Documents and Settings\Patty Dong\Application Data\Ahead -> [Folder | Modified Date = 9/8/2007 3:25:19 PM | Attr = ] Aim -> C:\Documents and Settings\Patty Dong\Application Data\Aim -> [Folder | Modified Date = 12/26/2006 11:41:41 PM | Attr = ] Apple Computer -> C:\Documents and Settings\Patty Dong\Application Data\Apple Computer -> [Folder | Modified Date = 10/27/2005 10:26:43 PM | Attr = ] CyberLink -> C:\Documents and Settings\Patty Dong\Application Data\CyberLink -> [Folder | Modified Date = 10/4/2006 9:05:11 PM | Attr = ] dvdcss -> C:\Documents and Settings\Patty Dong\Application Data\dvdcss -> [Folder | Modified Date = 4/2/2007 10:23:12 PM | Attr = ] Google -> C:\Documents and Settings\Patty Dong\Application Data\Google -> [Folder | Modified Date = 9/20/2006 7:41:53 PM | Attr = ] Grisoft -> C:\Documents and Settings\Patty Dong\Application Data\Grisoft -> [Folder | Modified Date = 2/20/2008 1:48:38 AM | Attr = ] Gtek -> C:\Documents and Settings\Patty Dong\Application Data\Gtek -> [Folder | Modified Date = 10/25/2005 2:07:42 AM | Attr = H ] Help -> C:\Documents and Settings\Patty Dong\Application Data\Help -> [Folder | Modified Date = 12/2/2005 11:30:20 PM | Attr = ] Identities -> C:\Documents and Settings\Patty Dong\Application Data\Identities -> [Folder | Modified Date = 8/10/2004 1:08:32 PM | Attr = ] IDS_COMPANY -> C:\Documents and Settings\Patty Dong\Application Data\IDS_COMPANY -> [Folder | Modified Date = 1/3/2007 4:16:51 PM | Attr = ] ijjigame -> C:\Documents and Settings\Patty Dong\Application Data\ijjigame -> [Folder | Modified Date = 7/17/2007 9:30:20 PM | Attr = H ] INAC -> C:\Documents and Settings\Patty Dong\Application Data\INAC -> [Folder | Modified Date = 5/28/2007 1:32:49 PM | Attr = ] Lavasoft -> C:\Documents and Settings\Patty Dong\Application Data\Lavasoft -> [Folder | Modified Date = 5/28/2007 1:33:11 PM | Attr = ] Logitech -> C:\Documents and Settings\Patty Dong\Application Data\Logitech -> [Folder | Modified Date = 12/28/2006 1:08:35 AM | Attr = ] Macromedia -> C:\Documents and Settings\Patty Dong\Application Data\Macromedia -> [Folder | Modified Date = 10/26/2005 7:22:20 PM | Attr = ] Microsoft -> C:\Documents and Settings\Patty Dong\Application Data\Microsoft -> [Folder | Modified Date = 1/27/2008 6:33:55 PM | Attr = S] Move Networks -> C:\Documents and Settings\Patty Dong\Application Data\Move Networks -> [Folder | Modified Date = 10/9/2007 9:18:50 PM | Attr = ] Real -> C:\Documents and Settings\Patty Dong\Application Data\Real -> [Folder | Modified Date = 11/7/2007 11:28:32 PM | Attr = ] SealedMedia -> C:\Documents and Settings\Patty Dong\Application Data\SealedMedia -> [Folder | Modified Date = 2/4/2008 11:01:13 AM | Attr = ] SmartFTP -> C:\Documents and Settings\Patty Dong\Application Data\SmartFTP -> [Folder | Modified Date = 11/6/2005 12:20:06 AM | Attr = ] Sun -> C:\Documents and Settings\Patty Dong\Application Data\Sun -> [Folder | Modified Date = 10/25/2005 1:53:42 AM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\Patty Dong\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2/20/2008 8:15:27 PM | Attr = ] Symantec -> C:\Documents and Settings\Patty Dong\Application Data\Symantec -> [Folder | Modified Date = 10/26/2005 6:58:06 PM | Attr = ] Ventrilo -> C:\Documents and Settings\Patty Dong\Application Data\Ventrilo -> [Folder | Modified Date = 12/26/2007 3:58:20 PM | Attr = ] Viewpoint -> C:\Documents and Settings\Patty Dong\Application Data\Viewpoint -> [Folder | Modified Date = 1/11/2007 8:32:43 PM | Attr = ] vlc -> C:\Documents and Settings\Patty Dong\Application Data\vlc -> [Folder | Modified Date = 11/2/2005 8:01:44 PM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 4/2/2007 7:31:05 PM | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/21/2008 11:22:22 PM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] C:\Program Files\F?nts\ -> C:\Program Files\Fоnts -> [Folder | Modified Date = 2/20/2008 8:11:00 PM | Attr = ] C:\Documents and Settings\Patty Dong\My Documents\??curity\ -> C:\Documents and Settings\Patty Dong\My Documents\ѕеcurity -> [Folder | Modified Date = 5/21/2007 11:19:56 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] "ujdew"=hex:20,02,00,00,88,9a,b3,2a,83,a1,84,fc,b0,43,77,24,12,50,33,66,60,.. "ljej40"=hex:c2,a0,ba,cc,0f,1f,61,50,57,0c,24,12,f4,a6,44,3e,cc,30,d3,b4,6e,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\Patty Dong\Favorites\Orisinal.url:favicon 894 bytes C:\Documents and Settings\Patty Dong\Favorites\Environment and Theoretical Structure of Financial Accounting.url:favicon 1014 bytes C:\Documents and Settings\Patty Dong\Favorites\FREQUENTLY USED\Bleach.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\FREQUENTLY USED\D. Gray-Man.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\FREQUENTLY USED\Facebook Welcome to Facebook!.url:favicon 1150 bytes C:\Documents and Settings\Patty Dong\Favorites\FREQUENTLY USED\Naruto.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\Accounting Firm Rankings.url:favicon 894 bytes C:\Documents and Settings\Patty Dong\Favorites\AFFLICTION TALENT CHART.url:favicon 4710 bytes C:\Documents and Settings\Patty Dong\Favorites\Baka-Updates.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\PACE UNIVERSITY\COOP.url:favicon 1150 bytes C:\Documents and Settings\Patty Dong\Favorites\PACE UNIVERSITY\FAFSA.url:favicon 318 bytes C:\Documents and Settings\Patty Dong\Favorites\PACE UNIVERSITY\MyPace Web Express.url:favicon 3574 bytes C:\Documents and Settings\Patty Dong\Favorites\PACE UNIVERSITY\Pace Message Center.url:favicon 318 bytes C:\Documents and Settings\Patty Dong\Favorites\PACE UNIVERSITY\PacePortal.url:favicon 21630 bytes C:\Documents and Settings\Patty Dong\Favorites\PACE UNIVERSITY\RateMyProfessor.url:favicon 0 bytes C:\Documents and Settings\Patty Dong\Favorites\PSP Hacks.url:favicon 2238 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\Abercrombie & Fitch.url:favicon 3638 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\American Eagle Outfitters.url:favicon 1150 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\Armani Exchange.url:favicon 894 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\Banana Republic.url:favicon 1150 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\Forever21.com.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\Gap.url:favicon 318 bytes C:\Documents and Settings\Patty Dong\Favorites\SHOPPING\Hollister Co..url:favicon 1150 bytes C:\Documents and Settings\Patty Dong\Favorites\Weather.com.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\IMPORTANT\HSBC Bank.url:favicon 318 bytes C:\Documents and Settings\Patty Dong\Favorites\IMPORTANT\LehmanLive.url:favicon 4710 bytes C:\Documents and Settings\Patty Dong\Favorites\Login - PayPal.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\MOVIES AND DOWNLOADS\Cowoneone Entertainment Index.url:favicon 894 bytes C:\Documents and Settings\Patty Dong\Favorites\MOVIES AND DOWNLOADS\Drama and Movie OSTs - soompi forums.url:favicon 1406 bytes C:\Documents and Settings\Patty Dong\Favorites\MOVIES AND DOWNLOADS\YouTube.url:favicon 1150 bytes C:\Documents and Settings\Patty Dong\Favorites\One Manga Claymore Chapter 6 Online Scans.url:favicon 3638 bytes scan completed successfully hidden files: 463 < End of report > [/code]