[code] WinPFind35 logfile created on: 2/19/2008 9:45:12 PM WinPFind35U Version Beta51 Folder = C:\Documents and Settings\ME\Desktop\WinPFind35u Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.04 Mb Total Physical Memory | 817.03 Mb Available Physical Memory | 80.57% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4000 4096; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.60 Gb Total Space | 69.54 Gb Free Space | 62.31% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RADIOMONSTER Current User Name: ME Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user [Processes - Non-Microsoft Only] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309248 bytes | Modified Date = 2/13/2008 10:50:32 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 9/30/2006 2:20:11 PM | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 4:38:38 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 9:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ] (DomainService) DomainService [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pmarptik.exe -> File not found (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 12:33:00 AM | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 10:29:00 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] (McShield) Network Associates McShield [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 8/18/2004 7:00:00 AM | Attr = ] (McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 8/18/2004 7:00:00 AM | Attr = ] (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 10:28:14 AM | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 10:31:32 AM | Attr = ] (Swupdtmr) Swupdtmr [Win32_Own | Auto | Stopped] -> %SystemDrive%\Toshiba\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 5:14:42 PM | Attr = ] (Wscaspupdws) Wscaspupdws [Win32_Shared | On_Demand | Stopped] -> -> File not found [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 8/31/2006 6:34:42 PM | Attr = ] (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.62 2.1.62 11/14/2005 16:00:19 | Size = 1122656 bytes | Modified Date = 11/15/2005 9:00:22 AM | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 6.0.301.201 | Size = 101874 bytes | Modified Date = 11/15/2004 4:22:08 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (DLABOIOM) DLABOIOM [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 25628 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 12:16:52 PM | Attr = ] (DLADResN) DLADResN [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 2496 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (DLAIFS_M) DLAIFS_M [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 86524 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (DLAOPIOM) DLAOPIOM [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 14684 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (DLAPoolM) DLAPoolM [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 6364 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 12:16:16 PM | Attr = ] (DLAUDFAM) DLAUDFAM [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 94332 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (DLAUDF_M) DLAUDF_M [File_System | Auto | Stopped] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.09a | Size = 87036 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 3:30:00 AM | Attr = ] (DRVNDDM) DRVNDDM [File_System | Auto | Stopped] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 5:20:00 AM | Attr = ] (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.5.12.0 built by: WinDDK | Size = 231424 bytes | Modified Date = 7/26/2006 5:24:40 PM | Attr = ] (EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EagleNT.sys -> File not found (EntDrv51) EntDrv51 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.240 | Size = 8320 bytes | Modified Date = 8/18/2004 7:00:00 AM | Attr = ] (FdRedir) FdRedir [File_System | Auto | Stopped] -> %CommonProgramFiles%\Protector Suite QL\Drivers\FdRedir.sys -> UPEK Inc. [Ver = 5.4.0.2726 | Size = 13568 bytes | Modified Date = 1/13/2006 6:52:36 PM | Attr = ] (FileDisk2) FileDisk Protector Kernel Driver [Kernel | Auto | Stopped] -> %CommonProgramFiles%\Protector Suite QL\Drivers\filedisk.sys -> UPEK Inc. [Ver = 5.4.0.2726 | Size = 33024 bytes | Modified Date = 1/13/2006 6:52:22 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4704 | Size = 1181824 bytes | Modified Date = 10/6/2006 2:24:00 PM | Attr = ] (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5200 built by: WinDDK | Size = 4123136 bytes | Modified Date = 12/9/2005 4:48:40 PM | Attr = ] (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> InterVideo, Inc. [Ver = 1, 0, 0, 0 | Size = 21060 bytes | Modified Date = 9/10/2003 11:36:54 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> Matsushita Electric Industrial Co.,Ltd. [Ver = 4.0.7.0 | Size = 102384 bytes | Modified Date = 6/2/2005 3:33:00 AM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 108256 bytes | Modified Date = 8/18/2004 7:00:00 AM | Attr = ] (NaiAvTdi1) NaiAvTdi1 [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 58016 bytes | Modified Date = 8/18/2004 7:00:00 AM | Attr = ] (Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 1/29/2003 2:35:00 PM | Attr = ] (npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Gravity\RO\npkcrypt.sys -> File not found (npkycryp) npkycryp [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Gravity\RO\npkycryp.sys -> File not found (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 9/19/2003 1:47:00 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/7/2007 3:51:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (s24trans) WLAN Transport [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 2 | Size = 13568 bytes | Modified Date = 11/28/2005 11:09:26 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 2:25:53 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (smihlp) SMI helper driver [Kernel | Auto | Stopped] -> %ProgramFiles%\Protector Suite QL\smihlp.sys -> UPEK Inc. [Ver = 5.4.0.2726 | Size = 3456 bytes | Modified Date = 1/13/2006 6:24:44 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 12:56:16 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (sptd) sptd [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\sptd.sys -> Duplex Secure Ltd. [Ver = 1.43.0.0 built by: WinDDK | Size = 682232 bytes | Modified Date = 6/14/2007 10:07:11 PM | Attr = ] (STEC3) STEC3 [Kernel | Auto | Stopped] -> %SystemRoot%\system32\STEC3.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 1/20/2008 10:54:26 AM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (tbiosdrv) Toshiba Logical Tbios Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tbiosdrv.sys -> [Ver = | Size = 9472 bytes | Modified Date = 8/24/2005 3:20:28 PM | Attr = ] (TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.8.1.55 | Size = 28800 bytes | Modified Date = 1/13/2006 6:35:06 PM | Attr = ] (tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.4 | Size = 162560 bytes | Modified Date = 11/30/2005 10:12:36 AM | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (TPwSav) Common Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\TPwSav.sys -> TOSHIBA [Ver = 1, 0, 0, 6 | Size = 11264 bytes | Modified Date = 12/1/2005 10:55:24 AM | Attr = ] (Tvs) TOSHIBA Virtual Sound with SRS technologies [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Tvs.sys -> TOSHIBA Corporation [Ver = 2, 0, 0, 5 | Size = 43392 bytes | Modified Date = 11/30/2005 11:01:02 AM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbio.sys -> Thesycon GmbH, Germany [Ver = 1.42.572 | Size = 19805 bytes | Modified Date = 5/7/2001 2:56:02 AM | Attr = R ] (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-13 Driver | Size = 1428096 bytes | Modified Date = 12/5/2005 1:55:30 AM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 12:13:04 PM | Attr = R ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (zenx1) zenx1 [Kernel | On_Demand | Stopped] -> %UserProfile%\Desktop\ZenxEngine_LATEST\zenx.sys -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.60.5 2.1.60.5 10/14/2005 13:29:07 | Size = 88203 bytes | Modified Date = 10/15/2005 6:29:08 AM | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/23/2004 10:40:42 PM | Attr = ] CeEKEY -> %ProgramFiles%\TOSHIBA\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 38 | Size = 671744 bytes | Modified Date = 12/1/2005 11:13:42 AM | Attr = ] DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.09a | Size = 122940 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] Host Process -> %SystemRoot%\Fonts\svchost.exe -> File not found HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 114688 bytes | Modified Date = 10/6/2006 12:13:28 PM | Attr = ] HWSetup -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\HWSetup.exe -> TOSHIBA CO.,LTD. [Ver = 1, 0, 0, 18 | Size = 28672 bytes | Modified Date = 5/1/2004 1:45:30 PM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 94208 bytes | Modified Date = 10/6/2006 12:10:06 PM | Attr = ] igfxtray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Modified Date = 10/6/2006 12:11:10 PM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 0, 17 | Size = 602182 bytes | Modified Date = 11/28/2005 10:41:50 AM | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 0, 42 | Size = 667718 bytes | Modified Date = 12/5/2005 11:37:40 AM | Attr = ] McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/10/2004 4:00:00 AM | Attr = ] NDSTray.exe -> NDSTray.exe -> File not found Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 8:48:56 AM | Attr = ] PadTouch -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 9, 0 | Size = 1077322 bytes | Modified Date = 7/15/2005 10:52:42 AM | Attr = ] Persistence -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 94208 bytes | Modified Date = 10/6/2006 12:10:06 PM | Attr = ] Pinger -> %SystemDrive%\Toshiba\IVP\ISM\pinger.exe -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 5:37:26 PM | Attr = ] PSQLLauncher -> %ProgramFiles%\Protector Suite QL\launcher.exe -> UPEK Inc. [Ver = 5.4.0.2726 | Size = 30208 bytes | Modified Date = 1/13/2006 6:28:04 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> File not found RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.3.2 | Size = 15691264 bytes | Modified Date = 12/9/2005 3:49:42 PM | Attr = ] ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 8/18/2004 7:00:00 AM | Attr = ] SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 122880 bytes | Modified Date = 4/26/2005 4:13:20 PM | Attr = ] SVPWUTIL -> %ProgramFiles%\TOSHIBA\Windows Utilities\SVPWUTIL.exe -> TOSHIBA [Ver = 1, 0, 0, 15 | Size = 65536 bytes | Modified Date = 5/1/2004 1:45:40 PM | Attr = ] TCtryIOHook -> %SystemRoot%\system32\TCtrlIOHook.exe -> TOSHIBA [Ver = 1, 0, 0, 7 | Size = 28672 bytes | Modified Date = 1/3/2006 4:11:58 PM | Attr = ] TDispVol -> %SystemRoot%\system32\TDispVol.exe -> TOSHIBA Corporation [Ver = 3, 18, 0, 0 | Size = 73728 bytes | Modified Date = 12/27/2005 1:22:42 PM | Attr = ] TFncKy -> TFncKy.exe -> File not found TPNF -> %ProgramFiles%\TOSHIBA\TouchPad\TPTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 10 | Size = 53248 bytes | Modified Date = 12/13/2005 4:28:56 PM | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 282624 bytes | Modified Date = 5/31/2005 5:16:44 PM | Attr = ] Tvs -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 7 | Size = 73728 bytes | Modified Date = 11/30/2005 12:25:22 PM | Attr = ] ZoomingHook -> %SystemRoot%\system32\ZoomingHook.exe -> TOSHIBA [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 6/6/2005 9:58:44 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 5:23:34 PM | Attr = ] DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.09.0.0 | Size = 165784 bytes | Modified Date = 4/3/2007 2:29:15 PM | Attr = ] TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 12:32:20 AM | Attr = ] Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\svchost.exe -> [Ver = | Size = 311296 bytes | Modified Date = 2/5/2008 4:13:04 PM | Attr = ] Uniblue SpyEraser -> %ProgramFiles%\Uniblue\SpyEraser\SpyEraser.exe -> Uniblue Software [Ver = 2.0.1.1530 | Size = 1260296 bytes | Modified Date = 12/3/2007 3:39:04 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Clean Access Agent.lnk -> %ProgramFiles%\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe -> Cisco Systems, Inc. [Ver = 4.01.0003 | Size = 28672 bytes | Modified Date = 12/7/2007 5:12:50 PM | Attr = ] < ME Startup Folder > -> C:\Documents and Settings\ME\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {8831B863-8FF4-48D3-8747-3CEE143F6065} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nnnmjjg.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ddcdcby -> ddcdcby.dll -> File not found igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Modified Date = 10/6/2006 12:09:04 PM | Attr = ] psfus -> %SystemRoot%\system32\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2726 | Size = 40448 bytes | Modified Date = 1/13/2006 6:40:08 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisAllowRun -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisAllowRun\\1 -> LimeWire.exe [LimeWire.exe] -> File not found < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3152 domain(s) found. -> 113 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {0ED2361E-494B-4C10-976C-0160EF8F8E97} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {151E16B3-70C5-4FEF-8278-88E583E6FBF2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awvvw.dll [Reg Error: Value does not exist or could not be read.] -> File not found {18F2C7CF-CC07-45F5-836F-328FFDA8B317} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ddcca.dll [Reg Error: Value does not exist or could not be read.] -> File not found {4B4EA3F0-3E62-40EB-BE16-EA504AFCCDE8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.09a | Size = 110652 bytes | Modified Date = 10/6/2005 5:20:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {8831B863-8FF4-48D3-8747-3CEE143F6065} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nnnmjjg.dll [Reg Error: Value does not exist or could not be read.] -> File not found {EF9FD424-32E0-4444-808F-5669947307CF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtqn.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 334336 bytes | Modified Date = 2/11/2008 9:54:42 PM | Attr = ] {FCBB840E-83D5-410E-9E5A-1C841A60B8CC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {CC62A8B9-FB9D-4726-B433-94DFBDC362CA} -> (1394 Net Adapter) -> {DBA22648-52DA-4BDA-B397-156A5CB2AC2D} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {F67D195C-0D95-48CD-8FD0-7FC20AD576F7} -> (Intel(R) PRO/1000 PL Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 12:37:00 AM | Attr = ] [Files/Folders - Created Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/12/2008 11:52:23 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/13/2008 2:55:05 PM | Attr = ] awtqn.dll -> %SystemRoot%\System32\awtqn.dll -> [Ver = | Size = 334336 bytes | Modified Date = 2/11/2008 9:54:42 PM | Attr = ] kuahmrop.ini -> %SystemRoot%\System32\kuahmrop.ini -> [Ver = | Size = 1222600 bytes | Modified Date = 2/12/2008 11:30:10 AM | Attr = HS] ldhllysy.ini -> %SystemRoot%\System32\ldhllysy.ini -> [Ver = | Size = 1221070 bytes | Modified Date = 2/10/2008 9:54:12 PM | Attr = HS] nqtwa.ini -> %SystemRoot%\System32\nqtwa.ini -> [Ver = | Size = 1997 bytes | Modified Date = 2/19/2008 9:43:31 PM | Attr = HS] nqtwa.ini2 -> %SystemRoot%\System32\nqtwa.ini2 -> [Ver = | Size = 1895 bytes | Modified Date = 2/19/2008 9:43:21 PM | Attr = HS] pdqjqqil.ini -> %SystemRoot%\System32\pdqjqqil.ini -> [Ver = | Size = 1222479 bytes | Modified Date = 2/11/2008 11:00:57 AM | Attr = HS] rjqkfhoa.ini -> %SystemRoot%\System32\rjqkfhoa.ini -> [Ver = | Size = 1239677 bytes | Modified Date = 2/13/2008 11:00:02 AM | Attr = HS] tdmkechn.ini -> %SystemRoot%\System32\tdmkechn.ini -> [Ver = | Size = 1219654 bytes | Modified Date = 2/8/2008 12:08:56 PM | Attr = HS] vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 2/6/2008 9:43:30 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/12/2008 11:52:46 PM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3446 bytes | Modified Date = 2/11/2008 12:48:08 AM | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/11/2008 12:45:56 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Help -> %AppData%\Help -> [Folder | Created Date = 1/27/2008 2:56:10 AM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 1/27/2008 2:56:10 AM | Attr = ] friend.gif -> %UserProfile%\My Documents\friend.gif -> [Ver = | Size = 19684 bytes | Modified Date = 2/18/2008 10:49:00 PM | Attr = ] Clean Access Agent.lnk -> %AllUsersProfile%\Desktop\Clean Access Agent.lnk -> [Ver = | Size = 1900 bytes | Modified Date = 2/1/2008 3:46:59 PM | Attr = ] spybotsd152.exe -> %AllUsersProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9723880 bytes | Modified Date = 2/11/2008 12:48:06 AM | Attr = ] CleanUp!.lnk -> %UserProfile%\Desktop\CleanUp!.lnk -> [Ver = | Size = 691 bytes | Modified Date = 2/11/2008 8:12:48 AM | Attr = ] CleanUp40.exe -> %UserProfile%\Desktop\CleanUp40.exe -> [Ver = | Size = 318775 bytes | Modified Date = 2/11/2008 8:12:22 AM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/12/2008 11:47:51 PM | Attr = ] Essay_One_1_23_08.doc -> %UserProfile%\Desktop\Essay_One_1_23_08.doc -> [Ver = | Size = 13738 bytes | Modified Date = 2/7/2008 7:27:36 PM | Attr = ] Figure.jpg -> %UserProfile%\Desktop\Figure.jpg -> [Ver = | Size = 84577 bytes | Modified Date = 2/2/2008 5:13:20 PM | Attr = ] FixBlast.exe -> %UserProfile%\Desktop\FixBlast.exe -> Symantec Corporation [Ver = 1.0.6.1 | Size = 135360 bytes | Modified Date = 2/6/2008 9:42:22 PM | Attr = ] Fourd.jpg -> %UserProfile%\Desktop\Fourd.jpg -> [Ver = | Size = 559936 bytes | Modified Date = 2/14/2008 11:55:28 PM | Attr = ] FourdNoBackground.jpg -> %UserProfile%\Desktop\FourdNoBackground.jpg -> [Ver = | Size = 559934 bytes | Modified Date = 2/14/2008 11:55:44 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1738 bytes | Modified Date = 2/11/2008 8:18:10 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/11/2008 8:17:58 AM | Attr = ] KamikazeBladeCamp.jpg -> %UserProfile%\Desktop\KamikazeBladeCamp.jpg -> [Ver = | Size = 72552 bytes | Modified Date = 2/17/2008 3:40:20 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/13/2008 10:58:39 AM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 937 bytes | Modified Date = 2/11/2008 12:48:52 AM | Attr = ] VundoFix(2).exe -> %UserProfile%\Desktop\VundoFix(2).exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/11/2008 12:43:00 AM | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/11/2008 8:14:48 AM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/15/2008 4:31:37 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480325 bytes | Modified Date = 2/15/2008 10:02:22 AM | Attr = ] Adobe Gamma Loader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> [Ver = | Size = 1929 bytes | Modified Date = 11/8/2006 2:08:30 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1761 bytes | Modified Date = 11/21/2007 12:44:37 AM | Attr = ] Clean Access Agent.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Clean Access Agent.lnk -> [Ver = | Size = 1962 bytes | Modified Date = 2/1/2008 3:46:59 PM | Attr = ] [Files/Folders - Modified Within 30 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 2/14/2008 12:22:09 AM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/1/2008 6:34:49 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/12/2008 11:52:23 PM | Attr = ] DOCS -> %SystemDrive%\DOCS -> [Folder | Modified Date = 1/26/2008 5:21:54 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/11/2008 8:18:08 AM | Attr = ] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 2/13/2008 10:56:54 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/13/2008 3:28:20 PM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2/12/2008 4:36:22 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/14/2008 11:19:19 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/13/2008 2:55:05 PM | Attr = ] awtqn.dll -> %SystemRoot%\System32\awtqn.dll -> [Ver = | Size = 334336 bytes | Modified Date = 2/11/2008 9:54:42 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/14/2008 11:21:10 AM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> DLA -> %SystemRoot%\System32\DLA -> [Folder | Modified Date = 2/14/2008 11:16:16 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/13/2008 1:53:48 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/13/2008 1:53:48 AM | Attr = ] kuahmrop.ini -> %SystemRoot%\System32\kuahmrop.ini -> [Ver = | Size = 1222600 bytes | Modified Date = 2/12/2008 11:30:10 AM | Attr = HS] Lang -> %SystemRoot%\System32\Lang -> [Folder | Modified Date = 2/14/2008 11:20:38 AM | Attr = ] ldhllysy.ini -> %SystemRoot%\System32\ldhllysy.ini -> [Ver = | Size = 1221070 bytes | Modified Date = 2/10/2008 9:54:12 PM | Attr = HS] nqtwa.ini -> %SystemRoot%\System32\nqtwa.ini -> [Ver = | Size = 1997 bytes | Modified Date = 2/19/2008 9:43:31 PM | Attr = HS] nqtwa.ini2 -> %SystemRoot%\System32\nqtwa.ini2 -> [Ver = | Size = 1895 bytes | Modified Date = 2/19/2008 9:43:21 PM | Attr = HS] pdqjqqil.ini -> %SystemRoot%\System32\pdqjqqil.ini -> [Ver = | Size = 1222479 bytes | Modified Date = 2/11/2008 11:00:57 AM | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63418 bytes | Modified Date = 2/9/2008 4:35:48 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 402974 bytes | Modified Date = 2/9/2008 4:35:48 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 473204 bytes | Modified Date = 2/9/2008 4:35:48 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/13/2008 3:28:20 PM | Attr = ] rjqkfhoa.ini -> %SystemRoot%\System32\rjqkfhoa.ini -> [Ver = | Size = 1239677 bytes | Modified Date = 2/13/2008 11:00:02 AM | Attr = HS] tdmkechn.ini -> %SystemRoot%\System32\tdmkechn.ini -> [Ver = | Size = 1219654 bytes | Modified Date = 2/8/2008 12:08:56 PM | Attr = HS] vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 2/6/2008 9:43:30 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/14/2008 11:18:21 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/12/2008 10:23:15 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ACTIVEJP.INI -> %SystemRoot%\ACTIVEJP.INI -> [Ver = | Size = 312 bytes | Modified Date = 2/11/2008 10:48:45 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/19/2008 9:42:19 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/12/2008 11:53:49 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2/12/2008 11:52:46 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2/11/2008 8:03:18 AM | Attr = R S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/13/2008 1:53:43 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/13/2008 1:53:51 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/1/2008 3:47:14 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/19/2008 7:32:26 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2/14/2008 12:12:12 AM | Attr = ] randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 2/19/2008 9:52:17 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/14/2008 11:17:33 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2/14/2008 12:22:09 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/14/2008 11:14:10 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/19/2008 9:12:10 PM | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3446 bytes | Modified Date = 2/11/2008 12:48:08 AM | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/11/2008 12:45:56 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 573 bytes | Modified Date = 2/14/2008 12:22:09 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/14/2008 11:16:40 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2/14/2008 11:18:18 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2/14/2008 11:18:18 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11148 bytes | Modified Date = 6/19/2007 6:27:55 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/14/2006 7:09:00 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162475 bytes | Modified Date = 9/14/2006 7:16:04 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2/19/2008 4:04:04 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/11/2008 8:07:00 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2/19/2008 6:10:36 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 1/27/2008 2:56:10 AM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 1/27/2008 2:56:10 AM | Attr = ] ENVS 25 -> %UserProfile%\My Documents\ENVS 25 -> [Folder | Modified Date = 2/13/2008 9:49:52 AM | Attr = ] friend.gif -> %UserProfile%\My Documents\friend.gif -> [Ver = | Size = 19684 bytes | Modified Date = 2/18/2008 10:49:00 PM | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 1/28/2008 3:19:49 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 563 bytes | Modified Date = 2/2/2008 8:36:56 PM | Attr = ] PHYS 1 -> %UserProfile%\My Documents\PHYS 1 -> [Folder | Modified Date = 2/13/2008 12:43:56 PM | Attr = ] Clean Access Agent.lnk -> %AllUsersProfile%\Desktop\Clean Access Agent.lnk -> [Ver = | Size = 1900 bytes | Modified Date = 2/1/2008 3:46:59 PM | Attr = ] spybotsd152.exe -> %AllUsersProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9723880 bytes | Modified Date = 2/11/2008 12:48:06 AM | Attr = ] Background.abw -> %UserProfile%\Desktop\Background.abw -> [Ver = | Size = 230584 bytes | Modified Date = 2/15/2008 12:43:35 AM | Attr = ] CleanUp!.lnk -> %UserProfile%\Desktop\CleanUp!.lnk -> [Ver = | Size = 691 bytes | Modified Date = 2/11/2008 8:12:48 AM | Attr = ] CleanUp40.exe -> %UserProfile%\Desktop\CleanUp40.exe -> [Ver = | Size = 318775 bytes | Modified Date = 2/11/2008 8:12:22 AM | Attr = ] Crescendo Game -> %UserProfile%\Desktop\Crescendo Game -> [Folder | Modified Date = 1/27/2008 3:02:35 AM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/12/2008 11:47:51 PM | Attr = ] Essay_One_1_23_08.doc -> %UserProfile%\Desktop\Essay_One_1_23_08.doc -> [Ver = | Size = 13738 bytes | Modified Date = 2/7/2008 7:27:36 PM | Attr = ] Figure.jpg -> %UserProfile%\Desktop\Figure.jpg -> [Ver = | Size = 84577 bytes | Modified Date = 2/2/2008 5:13:20 PM | Attr = ] FixBlast.exe -> %UserProfile%\Desktop\FixBlast.exe -> Symantec Corporation [Ver = 1.0.6.1 | Size = 135360 bytes | Modified Date = 2/6/2008 9:42:22 PM | Attr = ] Fourd.jpg -> %UserProfile%\Desktop\Fourd.jpg -> [Ver = | Size = 559936 bytes | Modified Date = 2/14/2008 11:55:28 PM | Attr = ] FourdNoBackground.jpg -> %UserProfile%\Desktop\FourdNoBackground.jpg -> [Ver = | Size = 559934 bytes | Modified Date = 2/14/2008 11:55:44 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1738 bytes | Modified Date = 2/11/2008 8:18:10 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/11/2008 8:17:58 AM | Attr = ] KamikazeBladeCamp.jpg -> %UserProfile%\Desktop\KamikazeBladeCamp.jpg -> [Ver = | Size = 72552 bytes | Modified Date = 2/17/2008 3:40:20 AM | Attr = ] Music & Media -> %UserProfile%\Desktop\Music & Media -> [Folder | Modified Date = 2/13/2008 2:34:44 PM | Attr = R ] New Folder (3) -> %UserProfile%\Desktop\New Folder (3) -> [Folder | Modified Date = 1/22/2008 10:41:14 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/13/2008 10:58:39 AM | Attr = ] Sparta -> %UserProfile%\Desktop\Sparta -> [Folder | Modified Date = 2/19/2008 7:20:09 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 937 bytes | Modified Date = 2/11/2008 12:48:52 AM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 671232 bytes | Modified Date = 2/17/2008 3:40:47 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable VundoFix(2).exe -> %UserProfile%\Desktop\VundoFix(2).exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/11/2008 12:43:00 AM | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/11/2008 8:14:48 AM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/15/2008 4:31:38 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480325 bytes | Modified Date = 2/15/2008 10:02:22 AM | Attr = ] Clean Access Agent.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Clean Access Agent.lnk -> [Ver = | Size = 1962 bytes | Modified Date = 2/1/2008 3:46:59 PM | Attr = ] [File Purity- Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8b,a5,52,4b,f5,1d,7d,dd,e1,5d,29,da,28,7b,27,5c,60,fd,ff,ed,4e,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:e4,35,40,c5,08,29,07,c3,ea,6d,c9,9c,09,cb,b8,50,91,3f,a5,61,fe,.. "a0"=hex:20,01,00,00,6f,0a,39,19,94,1b,25,a8,83,86,eb,0e,11,d8,d3,c2,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9b,0a,3b,4e,8e,9c,61,03,e8,8a,1a,dd,63,f8,93,f4,5c,68,45,22,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:51,f5,33,ea,2e,85,f5,b9,fc,6c,a8,f8,e6,c0,bc,bc,d0,31,ce,e2,92,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:8b,a5,52,4b,f5,1d,7d,dd,e1,5d,29,da,28,7b,27,5c,60,fd,ff,ed,4e,.. "p0"="C:\Program Files\DAEMON Tools\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:e4,35,40,c5,08,29,07,c3,ea,6d,c9,9c,09,cb,b8,50,91,3f,a5,61,fe,.. "a0"=hex:20,01,00,00,6f,0a,39,19,94,1b,25,a8,83,86,eb,0e,11,d8,d3,c2,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:9b,0a,3b,4e,8e,9c,61,03,e8,8a,1a,dd,63,f8,93,f4,5c,68,45,22,05,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:51,f5,33,ea,2e,85,f5,b9,fc,6c,a8,f8,e6,c0,bc,bc,d0,31,ce,e2,92,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PINKBELLSOFTWARE\\32 \xce] "Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,80,.. scanning hidden files ... C:\WINDOWS\system32\Thumbs.db:encryptable 0 bytes C:\WINDOWS\VALUEADD\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Sparta\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Sparta\New Folder (2)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Sparta\New Folder (4)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\SZS_vectors\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\New Folder (3)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\(1982) Survivor - Eye of the Tiger\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Cis-Trance-TouhouCarnival\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Crescendo_first_half\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Crescendo_second_half\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Scatman - Only You.wma:SummaryInformation 124 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Scatman - Only You.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\GBA\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\SilverForest-TouhouSuisougaku\SilverForest-TouhouSuisougaku\scans\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\SOUND HOLIC MEETS TOHO VI\SOUND HOLIC MEETS TOHO ~ C:\Documents and Settings\ME\Desktop\Music & Media\Styx - Kilroy Was Here\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Edgar Winter Group\Edgar Winter Group - Free Ride.mp3:SummaryInformation 144 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Edgar Winter Group\Edgar Winter Group - Free Ride.mp3:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\tuki\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\01 Blue Flame.wma:SummaryInformation 124 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\01 Blue Flame.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\02 Waving Sands.wma:SummaryInformation 128 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\02 Waving Sands.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\03 Tea In The Sahara.wma:SummaryInformation 132 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\03 Tea In The Sahara.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\04 Dance Mediterranea.wma:SummaryInformation 132 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\04 Dance Mediterranea.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\05 Bosphorus Scene Under The Moonlight.wma:SummaryInformation 148 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\05 Bosphorus Scene Under The Moonlight.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\06 Silk Tears.wma:SummaryInformation 124 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\06 Silk Tears.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\07 Fantasie For Oud & String Quartet.wma:SummaryInformation 148 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\07 Fantasie For Oud & String Quartet.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\08 Saraab.wma:SummaryInformation 120 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\08 Saraab.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\09 Olive Harvest.wma:SummaryInformation 128 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\09 Olive Harvest.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\10 Al-Qantara.wma:SummaryInformation 124 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\10 Al-Qantara.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\11 Breeze In Bisaan.wma:SummaryInformation 132 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (1-19-2007 3-34-59 PM)\11 Breeze In Bisaan.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (12-12-2006 8-53-27 PM)\Van Halen - Right Now.wma:SummaryInformation 136 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Unknown Artist\Unknown Album (12-12-2006 8-53-27 PM)\Van Halen - Right Now.wma:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\14_-_corey_hart_-_sunglasses_at_night.mp3:SummaryInformation 88 bytes C:\Documents and Settings\ME\Desktop\Music & Media\14_-_corey_hart_-_sunglasses_at_night.mp3:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\IOSYS-TouhouKazeSakuraUtagePhantasmagoriamysticalexpectation\[IOSYS] Touhou Kaze Sakura Utage Phantasmagoria mystical expectation\[IOSYS]_Touhou_Kaze_Sakura_Utage_Phantasmagoria_mystical_expectation\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\CaveStory\Manual\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\CaveStory Remix\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Yandere_CG\fgimage\fgimage\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Yandere_CG\image\image\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\Yandere_CG\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\ZNES\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\_Nipponsei__Baccano__OP_Single_-_Gun_s___Roses__Paradise_Lunch_\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\__y_v__T_N__\sakuya\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Desktop\Music & Media\weekend\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\ehome\Video.db:encryptable 0 bytes C:\Documents and Settings\ME\My Documents\download\aoeniac\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\My Documents\My Pictures\New Folder\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\ME\Shared\Hermes House Band - Take me home country roads (Remix.mp3:SummaryInformation 88 bytes C:\Documents and Settings\ME\Shared\Hermes House Band - Take me home country roads (Remix.mp3:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\ME\Shared\The Pillows - Blues Drive Monster.mp3:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes scan completed successfully hidden files: 83 < End of report > [/code]