[code] WinPFind35 logfile created on: 3/2/2008 2:06:01 PM WinPFind35U Version 1.0.3.0 Folder = C:\Documents and Settings\Melinda Roman\Desktop\WinPFind35u Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 202.28 Mb Available Physical Memory | 39.55% Memory free 1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.30% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 133.62 Gb Free Space | 89.65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-6H1A8U6SJ2 Current User Name: Melinda Roman Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/29/2007 2:56:34 AM | Attr = ] incdsrv.exe -> %ProgramFiles%\Ahead\InCD\incdsrv.exe -> Ahead Software AG [Ver = 4, 2, 4, 2 | Size = 929916 bytes | Modified Date = 4/23/2004 2:48:38 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/29/2007 2:56:34 AM | Attr = ] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/14/2004 8:21:00 AM | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 1/14/2004 8:21:00 AM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 7/17/2003 1:16:38 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] ewidoctrl.exe -> %ProgramFiles%\ewido\security suite\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 16448 bytes | Modified Date = 11/11/2004 6:53:03 PM | Attr = ] navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116336 bytes | Modified Date = 11/14/2002 9:41:26 PM | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 10/3/2002 5:14:06 PM | Attr = ] ytbsdk.exe -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\YTBSDK.exe -> Symantec Corporation [Ver = 2006.0.0.13 | Size = 214704 bytes | Modified Date = 6/28/2006 3:34:34 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 3/1/2008 1:06:42 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4178 | Size = 483328 bytes | Modified Date = 9/29/2007 2:56:34 AM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0013 | Size = 114688 bytes | Modified Date = 9/13/2003 12:10:00 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 1.03.4 | Size = 317128 bytes | Modified Date = 7/17/2003 1:16:38 PM | Attr = ] (ccPwdSvc) Symantec Password Validation Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 99352 bytes | Modified Date = 12/2/2003 6:11:14 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] (ewido security suite control) ewido security suite control [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido\security suite\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 16448 bytes | Modified Date = 11/11/2004 6:53:03 PM | Attr = ] (ewido security suite guard) ewido security suite guard [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido\security suite\ewidoguard.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 163904 bytes | Modified Date = 7/19/2005 12:37:52 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 2:41:10 AM | Attr = ] (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\incdsrv.exe -> Ahead Software AG [Ver = 4, 2, 4, 2 | Size = 929916 bytes | Modified Date = 4/23/2004 2:48:38 PM | Attr = ] (iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 5:45:06 PM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/14/2004 8:21:00 AM | Attr = ] (navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 9.05.1015 | Size = 116336 bytes | Modified Date = 11/14/2002 9:41:26 PM | Attr = ] (SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 8/14/2001 2:18:36 AM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 1:17:22 PM | Attr = ] (SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 7:59:50 PM | Attr = ] (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 10/3/2002 5:14:06 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5046 | Size = 335872 bytes | Modified Date = 9/12/2003 11:10:00 PM | Attr = ] BellSouthAlertManager.exe -> %ProgramFiles%\BellSouth\Alert Manager\BellSouthAlertManager.exe -> BellSouth [Ver = 1.3.20.1229 | Size = 1896448 bytes | Modified Date = 1/10/2006 7:56:58 PM | Attr = ] BM5feda229 -> %SystemRoot%\System32\rqxchetk.DLL -> File not found ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 54296 bytes | Modified Date = 12/2/2003 6:11:04 PM | Attr = ] ccRegVfy -> %CommonProgramFiles%\Symantec Shared\ccRegVfy.exe -> Symantec Corporation [Ver = 1.0.10.006 | Size = 58392 bytes | Modified Date = 12/2/2003 6:11:12 PM | Attr = ] dvd43 -> %ProgramFiles%\dvd43\DVD43_Tray.exe -> [Ver = 3.5.2.113 | Size = 784896 bytes | Modified Date = 2/18/2005 12:44:28 AM | Attr = ] HelpCenter -> %ProgramFiles%\BellSouth\HelpCenter\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,7,1257,0 | Size = 192512 bytes | Modified Date = 10/30/2006 11:00:56 AM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1128345755\ee\AOLHostManager.exe -> America Online, Inc. [Ver = 1.3.5.0 | Size = 159832 bytes | Modified Date = 8/2/2005 2:33:02 PM | Attr = ] InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Ahead Software AG [Ver = 4, 2, 4, 2 | Size = 1298554 bytes | Modified Date = 4/23/2004 5:49:12 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 5:45:20 PM | Attr = ] Lexmark 2200 Series -> %ProgramFiles%\Lexmark 2200 Series\lxbvbmgr.exe -> Lexmark International, Inc. [Ver = 1.0.4.0 | Size = 57344 bytes | Modified Date = 2/13/2004 8:08:00 AM | Attr = ] NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 1:50:42 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 6/26/2006 7:01:20 PM | Attr = ] RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 1/3/2003 7:17:37 PM | Attr = ] showicon2k -> %ProgramFiles%\eM\Bay Reader\shwicon2k.exe -> Alcor Micro Corp [Ver = 1, 0, 0, 5 | Size = 135168 bytes | Modified Date = 7/4/2003 12:55:00 PM | Attr = ] SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\UsrPrmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 11/2/2004 7:59:52 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_08\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49263 bytes | Modified Date = 7/26/2006 5:03:14 AM | Attr = ] Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 10/7/2005 12:41:21 AM | Attr = ] Workflow -> E:\installs\Workflow.exe -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PhotoShow Deluxe Media Manager -> %ProgramFiles%\Ahead\Ahead\data\Xtras\mssysmgr.exe -> [Ver = | Size = 196608 bytes | Modified Date = 5/12/2004 3:04:54 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 7/16/2007 8:02:45 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PhotoShow Deluxe Media Manager -> %ProgramFiles%\Ahead\Ahead\data\Xtras\mssysmgr.exe -> [Ver = | Size = 196608 bytes | Modified Date = 5/12/2004 3:04:54 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 7/16/2007 8:02:45 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 7/31/2002 1:22:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 11/27/2001 10:10:00 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Juan Roman Startup Folder > -> C:\Documents and Settings\Juan Roman\Start Menu\Programs\Startup -> < Melinda Roman Startup Folder > -> C:\Documents and Settings\Melinda Roman\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk -> %ProgramFiles%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe -> Sony Corporation [Ver = 1.0.00.10282 | Size = 155648 bytes | Modified Date = 10/28/2005 2:12:04 PM | Attr = ] < ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\\Launch Browser -> No -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {54D9498B-CF93-414F-8984-8CE7FDE0D391} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ewido\security suite\shellhook.dll [ewido shell guard] -> [Ver = | Size = 39488 bytes | Modified Date = 9/30/2004 7:21:56 AM | Attr = ] {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 11:55:48 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 7/16/2007 8:02:45 PM | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 9/29/2007 2:57:56 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://hometab.bellsouth.net/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 2:28:40 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.emachines.com -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.emachines.com -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\: Main\\Local Page -> C:\WINDOWS\System32\blank.htm -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\: Main\\Start Page -> http://hometab.bellsouth.net/ -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 2:28:40 PM | Attr = ] HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1782 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 67 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1100 domain(s) found. -> 70 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1100 domain(s) found. -> 70 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1100 domain(s) found. -> 70 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1100 domain(s) found. -> 70 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1782 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 67 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 7:57:20 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_08\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 434279 bytes | Modified Date = 7/26/2006 5:17:55 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar Launcher] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] {AB749044-085B-4027-82F1-3F3F3AFEA2D8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\sstts.dll [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {231F6FAB-ECED-4975-9EF2-C0C7BC81927B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ISM\BndDrive.dll [Internet Speed Monitor] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {231F6FAB-ECED-4975-9EF2-C0C7BC81927B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ISM\BndDrive.dll [Internet Speed Monitor] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {231F6FAB-ECED-4975-9EF2-C0C7BC81927B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ISM\BndDrive.dll [Internet Speed Monitor] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 7:57:20 PM | Attr = ] {8E718888-423F-11D2-876E-00A0C9082467} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 2:28:40 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112248 bytes | Modified Date = 11/15/2002 2:09:06 AM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112248 bytes | Modified Date = 11/15/2002 2:09:06 AM | Attr = ] WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 7:57:20 PM | Attr = ] WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 2:28:40 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 7:57:20 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 7:57:20 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112248 bytes | Modified Date = 11/15/2002 2:09:06 AM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 9.05.15 | Size = 112248 bytes | Modified Date = 11/15/2002 2:09:06 AM | Attr = ] WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blstoolbar\blstoolbar.dll [BellSouth Toolbar] -> [Ver = 4.0.2.144 | Size = 1369088 bytes | Modified Date = 2/16/2006 7:57:20 PM | Attr = ] WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 2:28:40 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] {6224f700-cba3-4071-b251-47cb894244cd}:Exec -> %ProgramFiles%\ICQ\Icq.exe [ICQ] -> [Ver = | Size = 1995333 bytes | Modified Date = 2/7/2002 1:20:28 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ\Icq.exe [ICQ] -> [Ver = | Size = 1995333 bytes | Modified Date = 2/7/2002 1:20:28 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ\Icq.exe [ICQ] -> [Ver = | Size = 1995333 bytes | Modified Date = 2/7/2002 1:20:28 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ\Icq.exe [ICQ] -> [Ver = | Size = 1995333 bytes | Modified Date = 2/7/2002 1:20:28 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ\Icq.exe [ICQ] -> [Ver = | Size = 1995333 bytes | Modified Date = 2/7/2002 1:20:28 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\aim\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.MPG -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin3.dll [QuickTime Plug-in 7.0.4] -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 126976 bytes | Modified Date = 6/26/2006 7:01:26 PM | Attr = ] Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 8:05:42 PM | Attr = ] < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> acc=none -> -> acc=vonner -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {B4AAF555-7DC5-4808-8ABC-9F641811F3BD} -> (VIA Rhine II Fast Ethernet Adapter) -> {D53A2636-A458-472E-966D-158693E94A72} -> () -> {DED86A85-58DC-4C26-8ED6-8DB87D13E114} -> (1394 Net Adapter) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\] - Select to Repair > -> HKEY_USERS\S-1-5-21-1214970204-3266471654-2512236806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01118A01-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> https://password.bellsouth.net/sdccommon/download/tgctlsr.cab[Reg Error: Key does not exist or could not be opened.] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1005.cab[MySpace Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab[Java Plug-in 1.5.0_08] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.1701 (xpsp2.050614-1532) | Size = 285184 bytes | Modified Date = 6/15/2005 12:50:24 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 108544 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.1347 (xpsp2.040109-1800) | Size = 136704 bytes | Modified Date = 3/29/2004 8:48:36 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 46592 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 772 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 174592 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 112128 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;NLA;RasMan;ALG; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.1364 (xpsp2.040109-1800) | Size = 439808 bytes | Modified Date = 3/29/2004 8:48:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3630.1106 (xpsp1.020828-1920) | Size = 9216 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> [Files/Folders - Created Within 90 days] combofix -> %SystemDrive%\combofix -> [Folder | Created Date = 3/1/2008 6:52:05 PM | Attr = ] 2 C:\*.tmp files -> C:\*.tmp -> hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 3/1/2008 2:51:33 PM | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/29/2008 2:24:04 PM | Attr = ] SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 6/5/2007 10:56:40 AM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 3/1/2008 3:01:11 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 3/1/2008 6:53:32 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] CH8.wps -> %UserProfile%\My Documents\CH8.wps -> [Ver = | Size = 3551232 bytes | Modified Date = 2/20/2008 12:44:52 PM | Attr = ] ethicsreview[1].doc -> %UserProfile%\My Documents\ethicsreview[1].doc -> [Ver = | Size = 13824 bytes | Modified Date = 2/24/2008 10:21:00 PM | Attr = ] speech.wps -> %UserProfile%\My Documents\speech.wps -> [Ver = | Size = 6144 bytes | Modified Date = 2/27/2008 9:18:18 PM | Attr = ] .exe -> %UserProfile%\Desktop\.exe -> [Ver = | Size = 641 bytes | Modified Date = 3/1/2008 6:51:36 PM | Attr = ] Help and Support Center.lnk -> %UserProfile%\Desktop\Help and Support Center.lnk -> [Ver = | Size = 1272 bytes | Modified Date = 2/28/2008 2:07:02 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2/29/2008 8:38:57 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/29/2008 8:35:54 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/29/2008 2:22:39 PM | Attr = ] Windows Update.lnk -> %UserProfile%\Desktop\Windows Update.lnk -> [Ver = | Size = 1272 bytes | Modified Date = 2/28/2008 2:07:03 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 3/2/2008 2:04:27 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 482000 bytes | Modified Date = 3/2/2008 2:04:10 PM | Attr = ] [Files/Folders - Modified Within 90 days] 43ef6b9552b2f49dbd9145f8 -> %SystemDrive%\43ef6b9552b2f49dbd9145f8 -> [Folder | Modified Date = 2/29/2008 12:10:30 AM | Attr = ] 2 C:\*.tmp files -> C:\*.tmp -> combofix -> %SystemDrive%\combofix -> [Folder | Modified Date = 3/1/2008 6:53:34 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 3/1/2008 2:51:33 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/29/2008 2:24:24 PM | Attr = ] qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 3/1/2008 6:53:01 PM | Attr = ] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 3/1/2008 2:36:41 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/2/2008 2:03:27 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/29/2008 2:24:04 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/1/2008 3:10:20 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 3/1/2008 3:10:20 PM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2/29/2008 1:41:38 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/1/2008 6:52:37 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/1/2008 2:50:20 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/1/2008 6:53:39 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/1/2008 3:13:15 PM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/28/2008 11:11:32 PM | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/28/2008 11:11:31 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 2/20/2008 3:02:02 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/28/2008 11:11:32 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2/29/2008 1:44:35 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 3/1/2008 2:51:44 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/29/2008 1:30:19 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/1/2008 2:51:39 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/1/2008 2:47:38 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 3/1/2008 2:50:11 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/1/2008 2:47:45 PM | Attr = R S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/1/2008 3:01:12 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/20/2008 3:02:47 PM | Attr = HS] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 3/1/2008 3:01:11 PM | Attr = ] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 437 bytes | Modified Date = 2/29/2008 12:08:48 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/2/2008 2:04:28 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/28/2008 1:45:51 PM | Attr = ] SnVhbiBSb21hbg -> %SystemRoot%\SnVhbiBSb21hbg -> [Folder | Modified Date = 2/28/2008 9:50:35 PM | Attr = HS] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2/29/2008 1:41:33 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/1/2008 6:53:05 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/2/2008 2:03:28 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3/1/2008 6:53:32 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 858 bytes | Modified Date = 2/29/2008 8:16:40 AM | Attr = ] Norton AntiVirus - Scan my computer.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer.job -> [Ver = | Size = 480 bytes | Modified Date = 2/8/2008 8:00:22 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/1/2008 2:51:45 PM | Attr = H ] Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 380 bytes | Modified Date = 3/1/2008 4:18:14 PM | Attr = ] about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat -> [Ver = | Size = 1528 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat -> [Ver = | Size = 327746 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat -> [Ver = | Size = 102 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat -> [Ver = | Size = 12283223 bytes | Modified Date = 6/18/2003 3:00:00 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5394 bytes | Modified Date = 3/1/2008 2:52:45 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5394 bytes | Modified Date = 3/1/2008 2:52:45 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 10/17/2006 1:04:35 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/26/2005 10:16:21 AM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 734464 bytes | Modified Date = 2/27/2008 9:18:18 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 734464 bytes | Modified Date = 2/27/2008 9:18:18 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2/24/2008 11:17:59 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1104422 bytes | Modified Date = 2/20/2008 12:26:43 PM | Attr = H ] CH8.wps -> %UserProfile%\My Documents\CH8.wps -> [Ver = | Size = 3551232 bytes | Modified Date = 2/20/2008 12:44:52 PM | Attr = ] ethicsreview[1].doc -> %UserProfile%\My Documents\ethicsreview[1].doc -> [Ver = | Size = 13824 bytes | Modified Date = 2/24/2008 10:21:00 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 12/21/2007 6:23:40 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 1/24/2008 9:26:11 PM | Attr = R ] speech.wps -> %UserProfile%\My Documents\speech.wps -> [Ver = | Size = 6144 bytes | Modified Date = 2/27/2008 9:18:18 PM | Attr = ] .exe -> %UserProfile%\Desktop\.exe -> [Ver = | Size = 641 bytes | Modified Date = 3/1/2008 6:51:36 PM | Attr = ] combofix.exe -> %UserProfile%\Desktop\combofix.exe -> [Ver = | Size = 1579656 bytes | Modified Date = 2/29/2008 2:25:47 PM | Attr = ] Help and Support Center.lnk -> %UserProfile%\Desktop\Help and Support Center.lnk -> [Ver = | Size = 1272 bytes | Modified Date = 2/28/2008 2:07:02 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2/29/2008 8:38:57 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/29/2008 8:35:54 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/29/2008 2:22:39 PM | Attr = ] Windows Update.lnk -> %UserProfile%\Desktop\Windows Update.lnk -> [Ver = | Size = 1272 bytes | Modified Date = 2/28/2008 2:07:03 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 3/2/2008 2:04:27 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 482000 bytes | Modified Date = 3/2/2008 2:04:10 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2/29/2008 8:16:09 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]