[code] OTScanIt logfile created on: 3/16/2008 11:03:02 PM OTScanIt by OldTimer - Version 1.0.5.2 Folder = C:\Documents and Settings\Compaq_Owner\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.48 Mb Total Physical Memory | 603.95 Mb Available Physical Memory | 59.47% Memory free 1.64 Gb Paging File | 1.29 Gb Available in Paging File | 78.85% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 45.70 Gb Free Space | 61.32% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAIN Current User Name: Compaq_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ] appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 1:33:40 AM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 8:36:34 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 9:01:00 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 10/22/2007 9:28:44 PM | Attr = ] pnkbstrb.exe -> %SystemRoot%\system32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 12/8/2007 10:21:48 AM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr = ] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 7:04:38 PM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 11:02:48 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 12:01:56 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.48 | Size = 1228800 bytes | Modified Date = 1/28/2002 4:16:50 AM | Attr = R ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ] searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 10:59:38 AM | Attr = ] sweetim.exe -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 2, 1, 0, 25 | Size = 103712 bytes | Modified Date = 1/2/2008 9:15:26 PM | Attr = R ] compaq connections.exe -> %ProgramFiles%\Compaq Connections\6750491\Program\Compaq Connections.exe -> [Ver = | Size = 16423 bytes | Modified Date = 8/9/2004 4:59:57 AM | Attr = ] hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/6/2003 2:06:58 AM | Attr = ] aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] x_bat.exe -> %ProgramFiles%\Bat\X_Bat.exe -> BatCo [Ver = 1.0.0.27 | Size = 178419 bytes | Modified Date = 3/16/2008 11:51:28 AM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 2/13/2008 7:09:15 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.5.2 | Size = 310784 bytes | Modified Date = 3/14/2008 2:57:26 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 9/2/2006 8:36:34 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.0.0.142 | Size = 48272 bytes | Modified Date = 9/3/2006 4:54:52 AM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 9:01:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr = ] (ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 79496 bytes | Modified Date = 9/5/2006 10:22:26 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 9/2/2006 8:36:34 PM | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/9/2007 10:59:32 PM | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 8:51:10 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 4:31:02 PM | Attr = R ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 10/22/2007 9:28:44 PM | Attr = ] (PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 12/8/2007 10:21:48 AM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 2/13/2008 7:09:15 AM | Attr = ] (SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Modified Date = 9/2/2006 1:33:40 AM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 11:09:58 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ] AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 12:01:56 PM | Attr = ] AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 2:47:52 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/9/2007 10:59:52 PM | Attr = ] C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.48 | Size = 1228800 bytes | Modified Date = 1/28/2002 4:16:50 AM | Attr = R ] CmUsbSound -> -> File not found HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 11/2/2004 8:59:42 AM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 7:04:38 PM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3943 | Size = 155648 bytes | Modified Date = 11/2/2004 9:03:44 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr = ] KBD -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 2/11/2003 11:02:48 PM | Attr = ] NapsterShell -> %ProgramFiles%\Napster\napster.exe -> File not found NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 12:50:42 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe -> Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Modified Date = 9/5/2006 10:22:28 PM | Attr = ] PLNRNote -> %ProgramFiles%\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRnote.exe -> Creative Home [Ver = 3.00.201 | Size = 30720 bytes | Modified Date = 11/23/2004 8:24:38 AM | Attr = ] PS2 -> %SystemRoot%\system32\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.2.911 | Size = 98304 bytes | Modified Date = 9/12/2003 11:13:20 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 4/14/2004 11:43:46 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:35 AM | Attr = ] SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 2, 1, 0, 25 | Size = 103712 bytes | Modified Date = 1/2/2008 9:15:26 PM | Attr = R ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 8:51:10 PM | Attr = ] YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 10:59:38 AM | Attr = ] zzzHPSETUP -> -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> -> File not found BellesBeautyBoutiqueSetup.exe -> %SystemDrive%\DOWNLO~1\BELLES~1.EXE -> File not found MSMSGS -> %ProgramFiles%\Messenger\msmsgs.exe -> File not found MsnMsgr -> -> File not found SweetIM -> %ProgramFiles%\Macrogaming\SweetIM\SweetIM.exe -> MacroGaming LTD. [Ver = 2, 1, 0, 25 | Size = 103712 bytes | Modified Date = 1/2/2008 9:15:26 PM | Attr = R ] Yahoo! Pager -> -> File not found YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 6/8/2007 10:59:38 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\6750491\Program\Compaq Connections.exe -> [Ver = | Size = 16423 bytes | Modified Date = 8/9/2004 4:59:57 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/6/2003 2:06:58 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\officejet 6100.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposol08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 147456 bytes | Modified Date = 4/6/2003 1:37:38 AM | Attr = ] < Compaq_Owner Startup Folder > -> C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Bat - Auto Update.lnk -> %ProgramFiles%\Bat\Bat.exe -> BatCo [Ver = 1.0.0.27 | Size = 178419 bytes | Modified Date = 3/16/2008 11:51:28 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> zwebauth.dll -> %SystemRoot%\system32\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 7:37:34 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3943 | Size = 348160 bytes | Modified Date = 11/2/2004 8:59:20 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://armstrongmywire.com/news/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SweetIM For Internet Explorer] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 5:44:46 PM | Attr = R ] HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> free_aol.com [http] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ] {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SWEETIE Class] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 5:44:46 PM | Attr = R ] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.0\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Modified Date = 9/6/2006 2:18:24 AM | Attr = R ] {63F7460B-C831-4142-A4AA-5EC303EC4343} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bat\Bat.dll [Bat Class] -> BatCo [Ver = 1.0.0.27 | Size = 413696 bytes | Modified Date = 3/7/2008 9:15:12 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 11/11/2004 11:23:18 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 11/11/2004 11:23:18 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SweetIM For Internet Explorer] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 5:44:46 PM | Attr = R ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Macrogaming\SweetIMBarForIE\toolbar.dll [SweetIM For Internet Explorer] -> Macrogaming [Ver = 3, 0, 0, 21 | Size = 548992 bytes | Modified Date = 11/5/2006 5:44:46 PM | Attr = R ] WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ] {4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 11/11/2004 11:23:18 PM | Attr = ] {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 11/11/2004 11:23:18 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SIMBAR={7574AE9D-CCCE-463E-886F-1E9EBF985D9B} -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {35809599-3F6F-4A0C-BD43-E9EAFC342049} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {917F813F-D90A-41E6-9C63-8A0549FACED5} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {15589FA1-C456-11CE-BF01-00AA0055595A}[HKEY_LOCAL_MACHINE] -> http://w4s.work4sure.com/c/ge/w4sgeen9.exe[Reg Error: Key does not exist or could not be opened.] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {27527D31-447B-11D5-A46E-0001023B4289}[HKEY_LOCAL_MACHINE] -> http://gamingzone.ubisoft.com/dev/packages/GSManager.cab[CoGSManager Class] -> {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}[HKEY_LOCAL_MACHINE] -> http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?[MiniBugTransporterX Class] -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[ZoneBuddy Class] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://photos.walmart.com/WalmartActivia.cab[Snapfish Activia] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/rock/default/popcaploader1.cab[Reg Error: Key does not exist or could not be opened.] -> {5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[ZonePAChat Object] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {639658F3-B141-4D6B-B936-226F75A5EAC3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab[CPlayFirstDinerDash2Control Object] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> {6F750202-1362-4815-A476-88533DE61D0C}[HKEY_LOCAL_MACHINE] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab[Kodak Gallery Easy Upload Manager Class] -> {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}[HKEY_LOCAL_MACHINE] -> http://sympatico.zone.msn.com/bingame/luxr/default/mjolauncher.cab[MJLauncherCtrl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {A8683C98-5341-421B-B23C-8514C05354F1}[HKEY_LOCAL_MACHINE] -> http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab[FujifilmUploader Class] -> {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[Get_ActiveX Control] -> {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}[HKEY_LOCAL_MACHINE] -> https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {BE833F39-1E0C-468C-BA70-25AAEE55775E}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab.cab[System Requirements Lab Class] -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}[HKEY_LOCAL_MACHINE] -> http://a.download.toontown.com/sv1.0.15.41/ttinst.cab[Toontown Installer ActiveX Control] -> {C86FF4B0-AA1D-46D4-8612-025FB86583C7}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10[AstoundLauncher Control] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe[Reg Error: Key does not exist or could not be opened.] -> {D54160C3-DB7B-4534-9B65-190EE4A9C7F7}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/feed/default/SproutLauncher.cab[SproutLauncherCtrl Class] -> {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/gold/default/gf.cab[TikGames Online Control] -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[StadiumProxy Class] -> {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.89.cab[CPlayFirstDinerDashControl Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab[Reg Error: Key does not exist or could not be opened.] -> {E5D419D6-A846-4514-9FAD-97E826C84822}[HKEY_LOCAL_MACHINE] -> http://fdl.msn.com/zone/datafiles/heartbeat.cab[HeartbeatCtl Class] -> {FF3C5A9F-5A91-4930-80E8-4709194C2AD3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/zpagames/CheckersZPA.cab40641.cab[CheckersZPA Object] -> [Files/Folders - Created Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 3/16/2008 10:05:39 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/16/2008 2:50:46 PM | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/16/2008 2:50:44 PM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 3/16/2008 2:50:44 PM | Attr = ] mgmrwmrv.exe -> %SystemRoot%\System32\mgmrwmrv.exe -> Microsoft [Ver = 1.00.0384 | Size = 90544 bytes | Created Date = 3/16/2008 11:51:06 AM | Attr = ] MSNSA32.dll -> %SystemRoot%\System32\MSNSA32.dll -> [Ver = | Size = 23296 bytes | Created Date = 3/16/2008 12:06:59 PM | Attr = ] ntnut32.exe -> %SystemRoot%\System32\ntnut32.exe -> [Ver = | Size = 28928 bytes | Created Date = 3/16/2008 12:06:56 PM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 3/16/2008 2:50:44 PM | Attr = ] shdocpe.dll -> %SystemRoot%\System32\shdocpe.dll -> [Ver = | Size = 20480 bytes | Created Date = 3/16/2008 12:06:57 PM | Attr = ] SIPSPI32.dll -> %SystemRoot%\System32\SIPSPI32.dll -> [Ver = | Size = 8448 bytes | Created Date = 3/16/2008 12:06:57 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/16/2008 2:50:44 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/16/2008 2:50:42 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/16/2008 2:50:42 PM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 3/16/2008 2:50:43 PM | Attr = ] winfrun32.bin -> %SystemRoot%\System32\winfrun32.bin -> [Ver = | Size = 4 bytes | Created Date = 3/16/2008 11:51:17 AM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 3/16/2008 2:50:44 PM | Attr = ] 123messenger.per -> %SystemRoot%\123messenger.per -> [Ver = | Size = 26112 bytes | Created Date = 3/16/2008 12:06:57 PM | Attr = ] apphelp32.dll -> %SystemRoot%\apphelp32.dll -> [Ver = | Size = 18432 bytes | Created Date = 3/16/2008 12:06:53 PM | Attr = ] asferror32.dll -> %SystemRoot%\asferror32.dll -> [Ver = | Size = 22272 bytes | Created Date = 3/16/2008 12:06:53 PM | Attr = ] asycfilt32.dll -> %SystemRoot%\asycfilt32.dll -> [Ver = | Size = 23808 bytes | Created Date = 3/16/2008 12:06:54 PM | Attr = ] athprxy32.dll -> %SystemRoot%\athprxy32.dll -> [Ver = | Size = 15616 bytes | Created Date = 3/16/2008 12:06:54 PM | Attr = ] ati2dvaa32.dll -> %SystemRoot%\ati2dvaa32.dll -> [Ver = | Size = 22528 bytes | Created Date = 3/16/2008 12:06:54 PM | Attr = ] ati2dvag32.dll -> %SystemRoot%\ati2dvag32.dll -> [Ver = | Size = 15104 bytes | Created Date = 3/16/2008 12:06:54 PM | Attr = ] audiosrv32.dll -> %SystemRoot%\audiosrv32.dll -> [Ver = | Size = 25600 bytes | Created Date = 3/16/2008 12:06:54 PM | Attr = ] autodisc32.dll -> %SystemRoot%\autodisc32.dll -> [Ver = | Size = 27136 bytes | Created Date = 3/16/2008 12:06:55 PM | Attr = ] avifile32.dll -> %SystemRoot%\avifile32.dll -> [Ver = | Size = 16128 bytes | Created Date = 3/16/2008 12:06:55 PM | Attr = ] avisynthex32.dll -> %SystemRoot%\avisynthex32.dll -> [Ver = | Size = 12544 bytes | Created Date = 3/16/2008 12:06:55 PM | Attr = ] aviwrap32.dll -> %SystemRoot%\aviwrap32.dll -> [Ver = | Size = 13568 bytes | Created Date = 3/16/2008 12:06:55 PM | Attr = ] browserad.dll -> %SystemRoot%\browserad.dll -> [Ver = | Size = 14848 bytes | Created Date = 3/16/2008 12:06:55 PM | Attr = ] changeurl_30.dll -> %SystemRoot%\changeurl_30.dll -> [Ver = | Size = 28928 bytes | Created Date = 3/16/2008 12:06:53 PM | Attr = ] didduid.ini -> %SystemRoot%\didduid.ini -> [Ver = | Size = 9984 bytes | Created Date = 3/16/2008 2:47:19 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/16/2008 2:51:16 PM | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> FLEOK -> %SystemRoot%\FLEOK -> [Folder | Created Date = 3/16/2008 2:47:19 PM | Attr = ] msa64chk.dll -> %SystemRoot%\msa64chk.dll -> [Ver = | Size = 26880 bytes | Created Date = 3/16/2008 12:06:58 PM | Attr = ] msapasrc.dll -> %SystemRoot%\msapasrc.dll -> [Ver = | Size = 15872 bytes | Created Date = 3/16/2008 12:06:58 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/16/2008 2:50:44 PM | Attr = ] ntnut.exe -> %SystemRoot%\ntnut.exe -> [Ver = | Size = 17664 bytes | Created Date = 3/16/2008 12:06:56 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 3/16/2008 9:21:13 PM | Attr = ] shdocpe.dll -> %SystemRoot%\shdocpe.dll -> [Ver = | Size = 13824 bytes | Created Date = 3/16/2008 12:06:56 PM | Attr = ] shdocpl.dll -> %SystemRoot%\shdocpl.dll -> [Ver = | Size = 14336 bytes | Created Date = 3/16/2008 12:06:56 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 3/16/2008 3:11:05 PM | Attr = ] winsb.dll -> %SystemRoot%\winsb.dll -> [Ver = | Size = 13312 bytes | Created Date = 3/16/2008 12:06:55 PM | Attr = ] [Files/Folders - Modified Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 3/16/2008 10:06:04 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 3/8/2008 7:17:19 PM | Attr = H ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1064882176 bytes | Modified Date = 3/16/2008 8:55:32 PM | Attr = HS] hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 494 bytes | Modified Date = 3/14/2008 10:40:49 PM | Attr = ] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 4020 bytes | Modified Date = 2/23/2008 11:11:47 PM | Attr = H ] POOHPS -> %SystemDrive%\POOHPS -> [Folder | Modified Date = 3/8/2008 11:23:04 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/16/2008 2:57:15 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/16/2008 9:21:08 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/16/2008 9:21:13 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/16/2008 2:58:10 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 3/16/2008 2:58:10 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/16/2008 9:21:07 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/16/2008 2:55:53 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/16/2008 3:11:09 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 3/16/2008 11:08:09 AM | Attr = ] mgmrwmrv.exe -> %SystemRoot%\System32\mgmrwmrv.exe -> Microsoft [Ver = 1.00.0384 | Size = 90544 bytes | Modified Date = 3/16/2008 11:51:07 AM | Attr = ] MSNSA32.dll -> %SystemRoot%\System32\MSNSA32.dll -> [Ver = | Size = 23296 bytes | Modified Date = 3/16/2008 12:06:59 PM | Attr = ] ntnut32.exe -> %SystemRoot%\System32\ntnut32.exe -> [Ver = | Size = 28928 bytes | Modified Date = 3/16/2008 12:06:57 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 53436 bytes | Modified Date = 3/16/2008 3:12:18 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 381692 bytes | Modified Date = 3/16/2008 3:12:18 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 3/16/2008 3:12:17 PM | Attr = ] shdocpe.dll -> %SystemRoot%\System32\shdocpe.dll -> [Ver = | Size = 20480 bytes | Modified Date = 3/16/2008 12:06:57 PM | Attr = ] SIPSPI32.dll -> %SystemRoot%\System32\SIPSPI32.dll -> [Ver = | Size = 8448 bytes | Modified Date = 3/16/2008 12:06:57 PM | Attr = ] winfrun32.bin -> %SystemRoot%\System32\winfrun32.bin -> [Ver = | Size = 4 bytes | Modified Date = 3/16/2008 11:51:18 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 3/16/2008 8:57:05 PM | Attr = ] 123messenger.per -> %SystemRoot%\123messenger.per -> [Ver = | Size = 26112 bytes | Modified Date = 3/16/2008 12:06:57 PM | Attr = ] apphelp32.dll -> %SystemRoot%\apphelp32.dll -> [Ver = | Size = 18432 bytes | Modified Date = 3/16/2008 12:06:53 PM | Attr = ] asferror32.dll -> %SystemRoot%\asferror32.dll -> [Ver = | Size = 22272 bytes | Modified Date = 3/16/2008 12:06:53 PM | Attr = ] asycfilt32.dll -> %SystemRoot%\asycfilt32.dll -> [Ver = | Size = 23808 bytes | Modified Date = 3/16/2008 12:06:54 PM | Attr = ] athprxy32.dll -> %SystemRoot%\athprxy32.dll -> [Ver = | Size = 15616 bytes | Modified Date = 3/16/2008 12:06:54 PM | Attr = ] ati2dvaa32.dll -> %SystemRoot%\ati2dvaa32.dll -> [Ver = | Size = 22528 bytes | Modified Date = 3/16/2008 12:06:54 PM | Attr = ] ati2dvag32.dll -> %SystemRoot%\ati2dvag32.dll -> [Ver = | Size = 15104 bytes | Modified Date = 3/16/2008 12:06:54 PM | Attr = ] audiosrv32.dll -> %SystemRoot%\audiosrv32.dll -> [Ver = | Size = 25600 bytes | Modified Date = 3/16/2008 12:06:54 PM | Attr = ] autodisc32.dll -> %SystemRoot%\autodisc32.dll -> [Ver = | Size = 27136 bytes | Modified Date = 3/16/2008 12:06:55 PM | Attr = ] avifile32.dll -> %SystemRoot%\avifile32.dll -> [Ver = | Size = 16128 bytes | Modified Date = 3/16/2008 12:06:55 PM | Attr = ] avisynthex32.dll -> %SystemRoot%\avisynthex32.dll -> [Ver = | Size = 12544 bytes | Modified Date = 3/16/2008 12:06:55 PM | Attr = ] aviwrap32.dll -> %SystemRoot%\aviwrap32.dll -> [Ver = | Size = 13568 bytes | Modified Date = 3/16/2008 12:06:55 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/16/2008 8:55:44 PM | Attr = S] browserad.dll -> %SystemRoot%\browserad.dll -> [Ver = | Size = 14848 bytes | Modified Date = 3/16/2008 12:06:55 PM | Attr = ] changeurl_30.dll -> %SystemRoot%\changeurl_30.dll -> [Ver = | Size = 28928 bytes | Modified Date = 3/16/2008 12:06:53 PM | Attr = ] didduid.ini -> %SystemRoot%\didduid.ini -> [Ver = | Size = 9984 bytes | Modified Date = 3/16/2008 2:47:19 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/16/2008 2:55:04 PM | Attr = S] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 3/16/2008 2:55:41 PM | Attr = ] FLEOK -> %SystemRoot%\FLEOK -> [Folder | Modified Date = 3/16/2008 2:47:19 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/17/2008 1:26:41 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/16/2008 12:07:06 PM | Attr = HS] kodakPN.ini -> %SystemRoot%\kodakPN.ini -> [Ver = | Size = 113 bytes | Modified Date = 3/9/2008 12:48:18 PM | Attr = ] msa64chk.dll -> %SystemRoot%\msa64chk.dll -> [Ver = | Size = 26880 bytes | Modified Date = 3/16/2008 12:06:58 PM | Attr = ] msapasrc.dll -> %SystemRoot%\msapasrc.dll -> [Ver = | Size = 15872 bytes | Modified Date = 3/16/2008 12:06:58 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 3/16/2008 11:45:13 AM | Attr = ] ntnut.exe -> %SystemRoot%\ntnut.exe -> [Ver = | Size = 17664 bytes | Modified Date = 3/16/2008 12:06:56 PM | Attr = ] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 45 bytes | Modified Date = 3/8/2008 11:00:15 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/16/2008 10:41:06 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 3/16/2008 10:05:44 PM | Attr = ] shdocpe.dll -> %SystemRoot%\shdocpe.dll -> [Ver = | Size = 13824 bytes | Modified Date = 3/16/2008 12:06:56 PM | Attr = ] shdocpl.dll -> %SystemRoot%\shdocpl.dll -> [Ver = | Size = 14336 bytes | Modified Date = 3/16/2008 12:06:56 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 182 bytes | Modified Date = 3/16/2008 2:58:23 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/16/2008 10:27:37 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/24/2008 11:16:04 AM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3/16/2008 10:27:49 PM | Attr = ] WinInit.ini -> %SystemRoot%\WinInit.ini -> [Ver = | Size = 621 bytes | Modified Date = 3/16/2008 2:48:47 PM | Attr = ] winsb.dll -> %SystemRoot%\winsb.dll -> [Ver = | Size = 13312 bytes | Modified Date = 3/16/2008 12:06:55 PM | Attr = ] Norton Internet Security - Run Full System Scan - Compaq_Owner.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job -> [Ver = | Size = 578 bytes | Modified Date = 3/14/2008 8:00:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/16/2008 8:56:15 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4096 bytes | Modified Date = 3/16/2008 3:38:42 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4096 bytes | Modified Date = 3/16/2008 3:38:42 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11148 bytes | Modified Date = 3/14/2008 7:00:09 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/17/2004 9:42:26 PM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 659040 bytes | Modified Date = 3/9/2008 9:26:35 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 659040 bytes | Modified Date = 3/9/2008 9:26:35 PM | Attr = ] IadHide5.dll -> C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 8/9/2004 4:59:57 AM | Attr = ] 2 C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\*.tmp -> < End of report > [/code]