[code] OTScanIt logfile created on: 6/7/2008 6:24:04 PM OTScanIt by OldTimer - Version 1.0.15.12 Folder = C:\Documents and Settings\Lynn Zerbe\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.98 Mb Total Physical Memory | 76.79 Mb Available Physical Memory | 15.06% Memory free 863.56 Mb Paging File | 374.27 Mb Available in Paging File | 43.34% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.68 Gb Total Space | 6.70 Gb Free Space | 19.88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LYNN Current User Name: Lynn Zerbe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/5/2008 11:03:01 AM | Attr = ] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] avsynmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\avsynmgr.exe -> [Ver = | Size = 155665 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 4:54:12 PM | Attr = ] vsstat.exe -> %ProgramFiles%\Network Associates\VirusScan\vsstat.exe -> [Ver = | Size = 98321 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] vshwin32.exe -> %ProgramFiles%\Network Associates\VirusScan\vshwin32.exe -> [Ver = | Size = 118801 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] webscanx.exe -> %ProgramFiles%\Network Associates\VirusScan\webscanx.exe -> [Ver = | Size = 143377 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] mcshield.exe -> %CommonProgramFiles%\Network Associates\McShield\mcshield.exe -> [Ver = | Size = 229499 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 3:42:54 PM | Attr = ] intelmem.exe -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 9:12:44 PM | Attr = ] hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 10:32:24 AM | Attr = ] igfxpers.exe -> %SystemRoot%\SYSTEM32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 10:36:20 AM | Attr = ] aolsoftware.exe -> %CommonProgramFiles%\AOL\1140537316\EE\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 8:52:48 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.30.165 | Size = 688128 bytes | Modified Date = 1/30/2007 2:52:06 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logitech\khalshared\KHALMNPR.exe -> Logitech Inc. [Ver = 3.30.152 | Size = 101136 bytes | Modified Date = 1/23/2007 4:44:00 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.12 | Size = 397312 bytes | Modified Date = 6/7/2008 11:09:00 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/5/2008 11:03:01 AM | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] (AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 3/19/2007 9:19:14 PM | Attr = ] (AvSynMgr) AVSync Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\avsynmgr.exe -> [Ver = | Size = 155665 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.45 | Size = 311296 bytes | Modified Date = 3/4/2004 11:30:48 AM | Attr = ] (McShield) McShield [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Network Associates\McShield\mcshield.exe -> [Ver = | Size = 229499 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 2:59:48 PM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 2/15/2006 6:26:13 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\afc.sys -> Arcsoft, Inc. [Ver = 1, 0, 0, 2 | Size = 11776 bytes | Modified Date = 2/23/2005 2:58:56 PM | Attr = ] (AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 2:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr = ] (asc) asc [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 2:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 2:51:58 PM | Attr = ] (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 7/29/2005 1:52:41 PM | Attr = ] (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 6:18:38 PM | Attr = ] (CmdIde) CmdIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 2:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 2:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.1.12.0 built by: WinDDK | Size = 154112 bytes | Modified Date = 2/10/2004 4:49:14 PM | Attr = ] (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4396 | Size = 1302332 bytes | Modified Date = 9/20/2005 11:00:54 AM | Attr = ] (IntelC51) IntelC51 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IntelC51.sys -> Intel Corporation [Ver = 2.15.36.0 | Size = 1233525 bytes | Modified Date = 3/5/2004 11:14:42 PM | Attr = ] (IntelC52) IntelC52 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IntelC52.sys -> Intel Corporation [Ver = 4.58.1 | Size = 647929 bytes | Modified Date = 3/5/2004 11:15:34 PM | Attr = ] (IntelC53) IntelC53 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IntelC53.sys -> Intel Corporation [Ver = 2.15.36.2 | Size = 61157 bytes | Modified Date = 6/15/2004 11:52:40 PM | Attr = ] (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\L8042Kbd.sys -> Logitech Inc. [Ver = 3.30.152.00 | Size = 20496 bytes | Modified Date = 1/23/2007 4:44:00 PM | Attr = ] (L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\L8042mou.Sys -> Logitech Inc. [Ver = 3.30.152.00 | Size = 62992 bytes | Modified Date = 1/23/2007 4:44:00 PM | Attr = ] (LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\LMouKE.Sys -> Logitech Inc. [Ver = 3.30.152.00 | Size = 78864 bytes | Modified Date = 1/23/2007 4:45:00 PM | Attr = ] (LUsbFilt) Logitech SetPoint KMDF USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\LUsbFilt.sys -> Logitech, Inc. [Ver = 3.30.152.00 | Size = 28176 bytes | Modified Date = 1/23/2007 4:45:00 PM | Attr = ] (mohfilt) mohfilt [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mohfilt.sys -> Intel Corporation [Ver = 7.11.0.0 | Size = 37048 bytes | Modified Date = 3/5/2004 11:13:38 PM | Attr = ] (mraid35x) mraid35x [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 2:52:12 PM | Attr = ] (NaiFiltr) NaiFiltr [File_System | On_Demand | Running] -> %CommonProgramFiles%\Network Associates\McShield\naifiltr.sys -> [Ver = | Size = 24480 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] (NaiFsRec) NaiFsRec [File_System | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\naifsrec.sys -> [Ver = | Size = 4512 bytes | Modified Date = 4/30/2001 4:51:00 AM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 11:29:56 PM | Attr = ] (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.18a | Size = 20576 bytes | Modified Date = 8/8/2005 1:45:35 PM | Attr = ] (ql1080) ql1080 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 2:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 2:52:18 PM | Attr = ] (RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.02.0000 | Size = 245248 bytes | Modified Date = 11/24/2005 7:51:38 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (senfilt) senfilt [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\senfilt.sys -> Creative Technology Ltd. [Ver = 5.10.00.3614 | Size = 732928 bytes | Modified Date = 9/17/2004 10:02:54 AM | Attr = ] (sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 12:07:44 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5246 | Size = 260352 bytes | Modified Date = 1/27/2005 4:31:06 PM | Attr = ] (Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 3:07:44 PM | Attr = ] (symc810) symc810 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 3:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 3:07:36 PM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symdns.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 12992 bytes | Modified Date = 2/15/2006 6:26:13 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symfw.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 110784 bytes | Modified Date = 2/15/2006 6:26:13 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symids.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 31936 bytes | Modified Date = 2/15/2006 6:26:13 PM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symndis.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 28352 bytes | Modified Date = 2/15/2006 6:26:13 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\symredrv.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 24768 bytes | Modified Date = 2/15/2006 6:26:13 PM | Attr = ] (sym_hi) sym_hi [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 3:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 3:07:42 PM | Attr = ] (TnIDriver) TnIDriver [Kernel | On_Demand | Stopped] -> %UserProfile%\Local Settings\Temp\tni487.tmp -> [Ver = | Size = 99456 bytes | Modified Date = 5/26/2008 11:39:25 PM | Attr = ] (ultra) ultra [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 2:52:22 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = R ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 00d6281d -> %SystemRoot%\SYSTEM32\ctrltkfc.dll [rundll32.exe "C:\WINDOWS\system32\ctrltkfc.dll",b] -> [Ver = | Size = 117248 bytes | Modified Date = 6/5/2008 1:29:50 PM | Attr = ] AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:37 AM | Attr = R ] BM03e51b81 -> %SystemRoot%\SYSTEM32\avvpnmce.dll [Rundll32.exe "C:\WINDOWS\system32\avvpnmce.dll",s] -> [Ver = | Size = 126976 bytes | Modified Date = 6/5/2008 1:21:32 PM | Attr = ] HostManager -> %CommonProgramFiles%\AOL\1140537316\EE\aolsoftware.exe [C:\Program Files\Common Files\AOL\1140537316\ee\AOLSoftware.exe] -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 8:52:48 PM | Attr = ] igfxhkcmd -> %SystemRoot%\SYSTEM32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 10:32:24 AM | Attr = ] igfxpers -> %SystemRoot%\SYSTEM32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 10:36:20 AM | Attr = ] igfxtray -> %SystemRoot%\SYSTEM32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 10:35:40 AM | Attr = ] IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe [C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe] -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 9:12:44 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech Inc. [Ver = 3.30.152 | Size = 101136 bytes | Modified Date = 1/23/2007 4:44:00 PM | Attr = ] Pure Networks Port Magic -> %ProgramFiles%\Pure Networks\Port Magic\PortAOL.exe ["C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run] -> Pure Networks, Inc. [Ver = 1.2.1393.0 | Size = 99480 bytes | Modified Date = 4/5/2004 5:33:54 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 3:42:54 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ares -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 962560 bytes | Modified Date = 11/23/2007 12:18:16 PM | Attr = ] MoneyAgent -> %ProgramFiles%\Microsoft Money\System\mnyexpr.exe ["C:\Program Files\Microsoft Money\System\mnyexpr.exe"] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.1.0.2008042300 | Size = 29696 bytes | Modified Date = 4/23/2008 3:38:16 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.30.165 | Size = 688128 bytes | Modified Date = 1/30/2007 2:52:06 AM | Attr = ] < Lynn Zerbe Startup Folder > -> C:\Documents and Settings\Lynn Zerbe\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Camio Viewer.lnk -> %ProgramFiles%\Sierra Imaging\Image Expert\IXApplet.exe -> Sierra Imaging [Ver = 1.9.1 (375) | Size = 103424 bytes | Modified Date = 5/7/2001 10:11:56 AM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\Webshots.lnk -> %ProgramFiles%\Webshots\Launcher.exe -> [Ver = | Size = 45056 bytes | Modified Date = 12/19/2005 12:37:18 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {91223DE9-F8E6-4FFD-8889-BE6784C18696} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtstrp.dll [] -> File not found {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Qualcomm\Eudora\EuShlExt.dll [Eudora's Shell Extension] -> File not found {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbXNDvst.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> awtstrp -> -> File not found cbXNDvst -> -> File not found igfxcui -> %SystemRoot%\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 10:31:28 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\CDROM.SYS [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_CD-ROM_GCR-8483B_______________1.07____\5&145a0a8f&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/10/2004 2:04:08 PM | Attr = ] < HOSTS File > (221589 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://bfc.myway.com/search/de_srchlft.html -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://mail.google.com/mail/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {012D7D23-E615-4809-98A4-89159CC9C34C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {05397560-6209-469B-B96C-28DDC4BAB347} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {12A2904F-6D26-40B7-A9FB-46BFA051F9EF} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qoMcASlm.dll [Reg Error: Value does not exist or could not be read.] -> File not found {34B1FDE9-1133-4655-BD39-F0E95B43DF78} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {398412DA-371C-47C7-A7E2-B7B65874CBE7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {3B343E32-D0CC-42F7-9CFF-6F236B911C94} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\yayvWoMg.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 373760 bytes | Modified Date = 6/1/2008 5:33:27 PM | Attr = ] {3C709D9F-CDDE-4552-92D1-F12DF5B1DF04} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqrq.dll [Reg Error: Value does not exist or could not be read.] -> File not found {42FA6415-837D-4D16-AF48-D15DCCFE83F4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4D25F921-B9FE-4682-BF72-8AB8210D6D75} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll [] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {5C3C74D6-CAD3-4FEC-8579-4CE6E4BBDC63} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {875A1348-7674-42aa-ADAC-B4F36A004A2D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [BndShell3 BHO Class] -> File not found {91223DE9-F8E6-4FFD-8889-BE6784C18696} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtstrp.dll [Reg Error: Value does not exist or could not be read.] -> File not found {9506910A-0F94-4ea1-B567-7070428B8B2B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mysidesearch_sidebar.dll [MySidesearch Search Assistant] -> File not found {9AA5A5E5-6D2B-44F2-AA0F-5546ABED8D09} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {a785f416-ac29-44a2-be67-3cd8944d4047} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AFFCA731-8265-4930-9DD9-954DBADF8108} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {B60FF9A7-3ECF-4B99-B48C-A4B22A4A8507} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkhhh.dll [Reg Error: Value does not exist or could not be read.] -> File not found {B613E05F-EC2C-4C86-B60E-7BAF07B3F5F2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\efcYrrSi.dll [Reg Error: Value does not exist or could not be read.] -> File not found {B95EA413-C3E1-4ABD-B40B-571CACE9D0C1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {BC4BCF9A-090F-4865-8DFE-A9F627B1FF02} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {e87b7871-21fb-473f-b545-0a09584f1d3b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\puajvtdl.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 134144 bytes | Modified Date = 6/5/2008 1:26:51 PM | Attr = ] {EDC8CFF3-ADDF-4DE5-AD87-02B81775A88A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\khfDspMC.dll [Reg Error: Value does not exist or could not be read.] -> File not found {EF68646F-6C16-49BE-9D29-0D20096C56A9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ljJYPjif.dll [Reg Error: Value does not exist or could not be read.] -> File not found {F013C96C-CF2A-4FBE-BE27-3FBE3D7A5DBC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {F9DF827A-8FA7-48A3-B268-CA4DB563EA40} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cbXNDvst.dll [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {FABA076A-478A-4c32-A0A5-C774607901C2} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mysidesearch_sidebar.dll [ADPanel] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 6/9/2006 2:39:38 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 6/9/2006 2:39:38 PM | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 6/9/2006 2:39:38 PM | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 6/9/2006 2:39:38 PM | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 6/9/2006 2:39:38 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {80510EEC-95EA-442B-B429-83F6E9CBECD8} -> (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 4/23/2008 5:45:34 PM | Attr = R ] < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/html:{07851C6A-1C43-41d9-8319-BC89154A8C00}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\RcvSystem\httpdchk.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 20480 bytes | Modified Date = 12/27/2007 6:27:06 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab[Support.com Configuration Class] -> {02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> {0E8D0700-75DF-11D3-8B4A-0008C7450C4A}[HKEY_LOCAL_MACHINE] -> http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab[DjVuCtl Class] -> {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40}[HKEY_LOCAL_MACHINE] -> http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab[AOL Content Update] -> {62BC5DB2-0044-4040-B366-D628F3CFD551}[HKEY_LOCAL_MACHINE] -> file://C:\DOCUME~1\LYNNZE~1\LOCALS~1\Temp\IXP000.TMP\setup.cab[PowerTeam HTML Printing Behavior] -> {7584C670-2274-4EFB-B00B-D6AABA6D3850}[HKEY_LOCAL_MACHINE] -> http://66.192.131.66/msrdp.cab[Microsoft RDP Client Control (redist)] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab[ActiveDataInfo Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}[HKEY_LOCAL_MACHINE] -> https://cbu.webex.com/client/T25L10NSP41EP11-LOCKDOWN/training/ieatgpc.cab[GpcContainer Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Common Files/Symantec Shared/SymAData.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Common Files/Symantec Shared/SymAData.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Common Files/Symantec Shared/SymAData.dll\\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\.Owner -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msrdp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msrdp.ocx\\.Owner -> {7584C670-2274-4EFB-B00B-D6AABA6D3850} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msrdp.ocx\\{7584C670-2274-4EFB-B00B-D6AABA6D3850} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterBvr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterBvr.dll\\.Owner -> {62BC5DB2-0044-4040-B366-D628F3CFD551} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PrinterBvr.dll\\{62BC5DB2-0044-4040-B366-D628F3CFD551} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\\.Owner -> {01113300-3E00-11D2-8470-0060089874ED} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\\{01113300-3E00-11D2-8470-0060089874ED} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] C:\WINDOWS\system32\yayvWoMg -> %SystemRoot%\SYSTEM32\yayvWoMg.dll -> [Ver = | Size = 373760 bytes | Modified Date = 6/1/2008 5:33:27 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\WDIGEST.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 720 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 8F 3C AA 57 F4 19 C9 22 6F 08 E3 3B E5 98 35 12 30 61 38 34 35 61 37 37 00 00 00 00 E4 14 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 9F 0A 29 C1 5C 5C 84 4C 6D DA 74 0A [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 3E 01 C0 8F 6A 6C 6D DB 14 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 8A FD 32 94 63 92 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 86 D1 61 7C 50 43 0F 61 37 03 93 14 C4 29 64 81 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 7A 23 CA E9 90 7E C5 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 10 D8 CD 09 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8701 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:37 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 7/12/2005 1:17:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\WebConference.com\Version51239\webconference.exe -> %ProgramFiles%\WebConference.com\Version51239\webconference.exe [C:\Program Files\WebConference.com\Version51239\webconference.exe:*:Enabled:WebConference.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 10/23/2006 8:50:35 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 10/23/2006 8:50:37 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 7/12/2005 1:17:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 7/11/2005 5:35:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 4:54:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 4:54:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1140537316\EE\AOLServiceHost.exe -> %CommonProgramFiles%\AOL\1140537316\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1140537316\EE\AOLServiceHost.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 1.3.6.0 | Size = 151128 bytes | Modified Date = 7/29/2005 12:53:51 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> %CommonProgramFiles%\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> AOL LLC [Ver = 2, 2, 7, 1 | Size = 161328 bytes | Modified Date = 9/29/2006 5:23:01 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> %CommonProgramFiles%\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> %CommonProgramFiles%\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> %CommonProgramFiles%\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> Gteko Ltd. [Ver = 1, 0, 0, 35 | Size = 59992 bytes | Modified Date = 10/14/2004 4:34:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.5730.13 (longhorn(wmbla).070711-1130) | Size = 622080 bytes | Modified Date = 8/13/2007 6:43:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> %SystemRoot%\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 9.45 | Size = 174592 bytes | Modified Date = 3/4/2004 11:26:20 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Channel 3 Weather Wizard\TrueWeather.exe -> %CommonProgramFiles%\Channel 3 Weather Wizard\TrueWeather.exe [C:\Program Files\Common Files\Channel 3 Weather Wizard\TrueWeather.exe:*:Enabled:TrueWeather] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe -> %ProgramFiles%\America Online 9.0a\waol.exe [C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 7/12/2005 1:17:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WebConference.com\Version51239\webconference.exe -> %ProgramFiles%\WebConference.com\Version51239\webconference.exe [C:\Program Files\WebConference.com\Version51239\webconference.exe:*:Enabled:WebConference.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe -> %CommonProgramFiles%\AOL\TopSpeed\3.0\aoltpsd3.exe [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1140537316\EE\aolsoftware.exe -> %CommonProgramFiles%\AOL\1140537316\EE\aolsoftware.exe [C:\Program Files\Common Files\AOL\1140537316\EE\aolsoftware.exe:*:Enabled:AOL Services] -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 8:52:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1140537316\EE\AOLOpenRide.exe -> %CommonProgramFiles%\AOL\1140537316\EE\AOLOpenRide.exe [C:\Program Files\Common Files\AOL\1140537316\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 4/23/2008 5:09:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> %ProgramFiles%\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 3/6/2008 1:18:33 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> %ProgramFiles%\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 962560 bytes | Modified Date = 11/23/2007 12:18:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\DPVSETUP.EXE -> %SystemRoot%\SYSTEM32\DPVSETUP.EXE [C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\RUNDLL32.EXE -> %SystemRoot%\SYSTEM32\RUNDLL32.EXE [C:\WINDOWS\SYSTEM32\RUNDLL32.EXE:*:Enabled:Run a DLL as an App] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.8.0.115 | Size = 22058792 bytes | Modified Date = 4/23/2008 5:45:34 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 6/3/2008 5:12:58 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/3/2008 6:32:17 PM | Attr = ] eeaf814812c52ae4c35779999b6685 -> %SystemDrive%\eeaf814812c52ae4c35779999b6685 -> [Folder | Created Date = 5/28/2008 9:19:18 PM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 5/26/2008 11:38:29 PM | Attr = ] 1026c -> %SystemRoot%\System32\1026c -> [Folder | Created Date = 5/26/2008 11:39:17 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> acom1 -> %SystemRoot%\System32\acom1 -> [Folder | Created Date = 5/26/2008 11:39:15 PM | Attr = ] afdpucfp.dll -> %SystemRoot%\System32\afdpucfp.dll -> [Ver = | Size = 124416 bytes | Created Date = 5/28/2008 11:50:49 PM | Attr = ] avvpnmce.dll -> %SystemRoot%\System32\avvpnmce.dll -> [Ver = | Size = 126976 bytes | Created Date = 6/5/2008 1:21:28 PM | Attr = ] bjrhntqg.dll -> %SystemRoot%\System32\bjrhntqg.dll -> [Ver = | Size = 124416 bytes | Created Date = 5/28/2008 11:50:10 PM | Attr = ] bmcursqf.dll -> %SystemRoot%\System32\bmcursqf.dll -> [Ver = | Size = 126464 bytes | Created Date = 5/26/2008 11:49:46 PM | Attr = ] bpxjxikl.dll -> %SystemRoot%\System32\bpxjxikl.dll -> [Ver = | Size = 125440 bytes | Created Date = 6/3/2008 5:37:29 PM | Attr = ] bpybjcei.dll -> %SystemRoot%\System32\bpybjcei.dll -> [Ver = | Size = 126976 bytes | Created Date = 6/1/2008 5:34:12 PM | Attr = ] cacljjxv.dll -> %SystemRoot%\System32\cacljjxv.dll -> [Ver = | Size = 125440 bytes | Created Date = 6/2/2008 5:36:28 PM | Attr = ] cfktlrtc.ini -> %SystemRoot%\System32\cfktlrtc.ini -> [Ver = | Size = 474 bytes | Created Date = 6/5/2008 1:30:01 PM | Attr = HS] CMpsDfhk.ini -> %SystemRoot%\System32\CMpsDfhk.ini -> [Ver = | Size = 794553 bytes | Created Date = 5/29/2008 7:55:28 PM | Attr = HS] CMpsDfhk.ini2 -> %SystemRoot%\System32\CMpsDfhk.ini2 -> [Ver = | Size = 800617 bytes | Created Date = 5/29/2008 7:55:29 PM | Attr = HS] ctrltkfc.dll -> %SystemRoot%\System32\ctrltkfc.dll -> [Ver = | Size = 117248 bytes | Created Date = 6/5/2008 1:29:48 PM | Attr = ] ejydprvo.ini -> %SystemRoot%\System32\ejydprvo.ini -> [Ver = | Size = 1467714 bytes | Created Date = 5/29/2008 11:53:35 AM | Attr = HS] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 5/28/2008 9:44:46 PM | Attr = ] enntfwss.ini -> %SystemRoot%\System32\enntfwss.ini -> [Ver = | Size = 1474149 bytes | Created Date = 5/28/2008 11:53:00 PM | Attr = HS] eqxloytl.dll -> %SystemRoot%\System32\eqxloytl.dll -> [Ver = | Size = 116224 bytes | Created Date = 6/2/2008 5:36:52 PM | Attr = ] ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [Ver = | Size = 48 bytes | Created Date = 5/16/2008 3:09:17 PM | Attr = H ] fgxvqnay.ini -> %SystemRoot%\System32\fgxvqnay.ini -> [Ver = | Size = 1425586 bytes | Created Date = 5/26/2008 11:56:49 PM | Attr = HS] fijPYJjl.ini -> %SystemRoot%\System32\fijPYJjl.ini -> [Ver = | Size = 802998 bytes | Created Date = 5/29/2008 2:02:20 PM | Attr = HS] fijPYJjl.ini2 -> %SystemRoot%\System32\fijPYJjl.ini2 -> [Ver = | Size = 802998 bytes | Created Date = 5/29/2008 2:02:20 PM | Attr = HS] frhwvfhq.dll -> %SystemRoot%\System32\frhwvfhq.dll -> [Ver = | Size = 132096 bytes | Created Date = 5/28/2008 11:51:27 PM | Attr = ] g22.exe -> %SystemRoot%\System32\g22.exe -> [Ver = | Size = 401964 bytes | Created Date = 5/26/2008 11:39:52 PM | Attr = ] gMoWvyay.ini -> %SystemRoot%\System32\gMoWvyay.ini -> [Ver = | Size = 736943 bytes | Created Date = 6/1/2008 5:33:30 PM | Attr = HS] gMoWvyay.ini2 -> %SystemRoot%\System32\gMoWvyay.ini2 -> [Ver = | Size = 736943 bytes | Created Date = 6/1/2008 5:33:31 PM | Attr = HS] gside.exe -> %SystemRoot%\System32\gside.exe -> [Ver = | Size = 298315 bytes | Created Date = 5/27/2008 12:08:14 AM | Attr = ] isankysm.exe -> %SystemRoot%\System32\isankysm.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/26/2008 11:57:02 PM | Attr = ] iSrrYcfe.ini -> %SystemRoot%\System32\iSrrYcfe.ini -> [Ver = | Size = 804895 bytes | Created Date = 5/26/2008 11:45:57 PM | Attr = HS] iSrrYcfe.ini2 -> %SystemRoot%\System32\iSrrYcfe.ini2 -> [Ver = | Size = 804716 bytes | Created Date = 5/26/2008 11:46:01 PM | Attr = HS] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/3/2008 6:19:39 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 6/3/2008 6:19:39 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/3/2008 6:19:39 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 6/3/2008 6:19:39 PM | Attr = ] jiixvimr.exe -> %SystemRoot%\System32\jiixvimr.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/28/2008 11:53:09 PM | Attr = ] jpwnw64q.exe -> %SystemRoot%\System32\jpwnw64q.exe -> [Ver = 3, 0, 0, 1 | Size = 49170 bytes | Created Date = 5/27/2008 12:07:17 AM | Attr = ] lhassqpp.dll -> %SystemRoot%\System32\lhassqpp.dll -> [Ver = | Size = 134144 bytes | Created Date = 5/29/2008 11:59:53 AM | Attr = ] ltyolxqe.ini -> %SystemRoot%\System32\ltyolxqe.ini -> [Ver = | Size = 1500523 bytes | Created Date = 6/2/2008 5:36:57 PM | Attr = HS] mfwwlgop.ini -> %SystemRoot%\System32\mfwwlgop.ini -> [Ver = | Size = 2741109 bytes | Created Date = 5/29/2008 2:44:34 PM | Attr = HS] mgjgmjyq.ini -> %SystemRoot%\System32\mgjgmjyq.ini -> [Ver = | Size = 1484678 bytes | Created Date = 5/30/2008 8:04:48 PM | Attr = HS] mlSAcMoq.ini -> %SystemRoot%\System32\mlSAcMoq.ini -> [Ver = | Size = 802792 bytes | Created Date = 5/29/2008 11:32:28 AM | Attr = HS] mlSAcMoq.ini2 -> %SystemRoot%\System32\mlSAcMoq.ini2 -> [Ver = | Size = 802792 bytes | Created Date = 5/29/2008 11:32:29 AM | Attr = HS] mysidesearch_sidebar_uninstall.exe -> %SystemRoot%\System32\mysidesearch_sidebar_uninstall.exe -> [Ver = | Size = 88961 bytes | Created Date = 5/27/2008 12:08:33 AM | Attr = ] paxnrnbv.dll -> %SystemRoot%\System32\paxnrnbv.dll -> [Ver = | Size = 116224 bytes | Created Date = 5/27/2008 11:57:20 PM | Attr = ] pcefpsqj.dll -> %SystemRoot%\System32\pcefpsqj.dll -> [Ver = | Size = 133120 bytes | Created Date = 5/30/2008 8:01:41 PM | Attr = ] poglwwfm.dll -> %SystemRoot%\System32\poglwwfm.dll -> [Ver = | Size = 115200 bytes | Created Date = 5/29/2008 2:44:29 PM | Attr = ] puajvtdl.dll -> %SystemRoot%\System32\puajvtdl.dll -> [Ver = | Size = 134144 bytes | Created Date = 6/5/2008 1:26:48 PM | Attr = ] qqsmwgod.dll -> %SystemRoot%\System32\qqsmwgod.dll -> [Ver = | Size = 134144 bytes | Created Date = 5/29/2008 2:35:47 PM | Attr = ] qvfddkef.dll -> %SystemRoot%\System32\qvfddkef.dll -> [Ver = | Size = 125440 bytes | Created Date = 5/30/2008 7:58:55 PM | Attr = ] qyjmgjgm.dll -> %SystemRoot%\System32\qyjmgjgm.dll -> [Ver = | Size = 115200 bytes | Created Date = 5/30/2008 8:04:44 PM | Attr = ] rev3 -> %SystemRoot%\System32\rev3 -> [Folder | Created Date = 5/26/2008 11:39:17 PM | Attr = ] rltrwydy.dll -> %SystemRoot%\System32\rltrwydy.dll -> [Ver = | Size = 131584 bytes | Created Date = 6/2/2008 5:42:29 PM | Attr = ] roaiffly.dll -> %SystemRoot%\System32\roaiffly.dll -> [Ver = | Size = 127488 bytes | Created Date = 5/29/2008 2:32:27 PM | Attr = ] rucdegcg.dll -> %SystemRoot%\System32\rucdegcg.dll -> [Ver = | Size = 125440 bytes | Created Date = 6/4/2008 5:38:49 PM | Attr = ] rwsbbuwi.dll -> %SystemRoot%\System32\rwsbbuwi.dll -> [Ver = | Size = 125440 bytes | Created Date = 5/30/2008 7:58:40 PM | Attr = ] rwwnw64d.exe -> %SystemRoot%\System32\rwwnw64d.exe -> [Ver = 3, 0, 0, 1 | Size = 49159 bytes | Created Date = 5/26/2008 11:39:46 PM | Attr = ] sswftnne.dll -> %SystemRoot%\System32\sswftnne.dll -> [Ver = | Size = 116224 bytes | Created Date = 5/28/2008 11:52:45 PM | Attr = ] sxbhlwhe.dll -> %SystemRoot%\System32\sxbhlwhe.dll -> [Ver = | Size = 134144 bytes | Created Date = 5/26/2008 11:59:24 PM | Attr = ] tvghkjjo.exe -> %SystemRoot%\System32\tvghkjjo.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/27/2008 11:52:09 PM | Attr = ] vbnrnxap.ini -> %SystemRoot%\System32\vbnrnxap.ini -> [Ver = | Size = 1498376 bytes | Created Date = 5/27/2008 11:57:23 PM | Attr = HS] vd2 -> %SystemRoot%\System32\vd2 -> [Folder | Created Date = 5/26/2008 11:39:17 PM | Attr = ] vntiho01 -> %SystemRoot%\System32\vntiho01 -> [Folder | Created Date = 5/26/2008 11:38:31 PM | Attr = ] volfhxur.dll -> %SystemRoot%\System32\volfhxur.dll -> [Ver = | Size = 126464 bytes | Created Date = 5/27/2008 11:51:19 PM | Attr = ] walssajp.ini -> %SystemRoot%\System32\walssajp.ini -> [Ver = | Size = 1484618 bytes | Created Date = 5/29/2008 7:58:42 PM | Attr = HS] wnxxloki.dll -> %SystemRoot%\System32\wnxxloki.dll -> [Ver = | Size = 134144 bytes | Created Date = 5/29/2008 7:58:40 PM | Attr = ] wumnernm.dll -> %SystemRoot%\System32\wumnernm.dll -> [Ver = | Size = 127488 bytes | Created Date = 5/29/2008 11:50:54 AM | Attr = ] yayvWoMg.dll -> %SystemRoot%\System32\yayvWoMg.dll -> [Ver = | Size = 373760 bytes | Created Date = 6/1/2008 5:33:22 PM | Attr = ] yklhlvnh.dll -> %SystemRoot%\System32\yklhlvnh.dll -> [Ver = | Size = 133632 bytes | Created Date = 6/1/2008 5:36:31 PM | Attr = ] ytlwxkmj.ini -> %SystemRoot%\System32\ytlwxkmj.ini -> [Ver = | Size = 1500403 bytes | Created Date = 6/1/2008 5:34:45 PM | Attr = HS] {f153b7f0-0af0-579c-fd80-e3a1f2eabf28}.dll-uninst.exe -> %SystemRoot%\System32\{f153b7f0-0af0-579c-fd80-e3a1f2eabf28}.dll-uninst.exe -> [Ver = | Size = 63902 bytes | Created Date = 5/26/2008 11:40:17 PM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 5/28/2008 9:36:26 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 5/28/2008 9:34:10 PM | Attr = H ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1351 bytes | Created Date = 5/27/2008 9:07:13 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/3/2008 6:33:06 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 5/28/2008 9:38:36 PM | Attr = H ] megavid.cdt -> %SystemRoot%\megavid.cdt -> [Ver = | Size = 0 bytes | Created Date = 5/26/2008 11:39:41 PM | Attr = RHS] muotr.so -> %SystemRoot%\muotr.so -> [Ver = | Size = 33 bytes | Created Date = 5/26/2008 11:39:40 PM | Attr = RHS] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 5/28/2008 9:44:48 PM | Attr = ] winself.exe -> %SystemRoot%\winself.exe -> [Ver = | Size = 25857 bytes | Created Date = 5/26/2008 11:39:40 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Created Date = 5/16/2008 2:18:21 PM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Created Date = 5/16/2008 2:33:44 PM | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Created Date = 5/16/2008 3:09:04 PM | Attr = ] NOS -> %UserProfile%\Local Settings\Application Data\NOS -> [Folder | Created Date = 5/15/2008 4:27:35 PM | Attr = ] banquet.jpg -> %UserProfile%\My Documents\banquet.jpg -> [Ver = | Size = 126580 bytes | Created Date = 5/28/2008 11:15:34 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\banquet.jpg:Zone.Identifier estimate1.pdf -> %UserProfile%\My Documents\estimate1.pdf -> [Ver = | Size = 270980 bytes | Created Date = 5/22/2008 7:14:49 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\estimate1.pdf:Zone.Identifier invoice1.pdf -> %UserProfile%\My Documents\invoice1.pdf -> [Ver = | Size = 250758 bytes | Created Date = 5/22/2008 7:14:56 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\invoice1.pdf:Zone.Identifier mutual release.pdf -> %UserProfile%\My Documents\mutual release.pdf -> [Ver = | Size = 48954 bytes | Created Date = 5/27/2008 11:19:33 AM | Attr = ] WDI Report1.pdf -> %UserProfile%\My Documents\WDI Report1.pdf -> [Ver = | Size = 703086 bytes | Created Date = 5/22/2008 7:15:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WDI Report1.pdf:Zone.Identifier NetBeans IDE 6.1.lnk -> %AllUsersProfile%\Desktop\NetBeans IDE 6.1.lnk -> [Ver = | Size = 1698 bytes | Created Date = 6/3/2008 6:20:14 PM | Attr = ] 12707final.mp3 -> %UserProfile%\Desktop\12707final.mp3 -> [Ver = | Size = 32909584 bytes | Created Date = 6/5/2008 6:19:52 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/7/2008 6:11:39 PM | Attr = ] avenger -> %UserProfile%\Desktop\avenger -> [Folder | Created Date = 6/3/2008 5:02:34 PM | Attr = ] DelDomains.inf -> %UserProfile%\Desktop\DelDomains.inf -> [Ver = | Size = 1432 bytes | Created Date = 6/3/2008 5:57:46 PM | Attr = ] DownloadBook.asp -> %UserProfile%\Desktop\DownloadBook.asp -> [Ver = | Size = 2479455 bytes | Created Date = 5/29/2008 11:59:04 AM | Attr = ] dss(2).exe -> %UserProfile%\Desktop\dss(2).exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 6/3/2008 6:59:08 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 6/3/2008 6:31:56 PM | Attr = ] HelenKiller01_9572236.pdf -> %UserProfile%\Desktop\HelenKiller01_9572236.pdf -> [Ver = | Size = 13373454 bytes | Created Date = 5/27/2008 3:23:22 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 6/1/2008 5:32:15 PM | Attr = ] jdk-6u6-nb-6_1-windows.exe -> %UserProfile%\Desktop\jdk-6u6-nb-6_1-windows.exe -> [Ver = | Size = 114957350 bytes | Created Date = 6/3/2008 5:57:52 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/7/2008 6:18:42 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Created Date = 6/7/2008 6:11:34 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1757 bytes | Created Date = 5/15/2008 4:31:56 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 6/3/2008 6:15:12 PM | Attr = ] Skype -> %CommonProgramFiles%\Skype -> [Folder | Created Date = 5/16/2008 2:21:24 PM | Attr = ] NetBeans 6.1 -> %ProgramFiles%\NetBeans 6.1 -> [Folder | Created Date = 6/3/2008 6:19:44 PM | Attr = ] Skype -> %ProgramFiles%\Skype -> [Folder | Created Date = 5/16/2008 2:21:51 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 6/1/2008 5:32:14 PM | Attr = ] [Files/Folders - Modified Within 30 days] Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 6/3/2008 5:19:33 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/3/2008 6:32:17 PM | Attr = ] eeaf814812c52ae4c35779999b6685 -> %SystemDrive%\eeaf814812c52ae4c35779999b6685 -> [Folder | Modified Date = 5/28/2008 9:20:18 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 6/6/2008 6:25:33 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/3/2008 6:19:44 PM | Attr = R ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/26/2008 11:39:39 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/3/2008 6:33:06 PM | Attr = ] 1026c -> %SystemRoot%\System32\1026c -> [Folder | Modified Date = 5/28/2008 5:07:01 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> acom1 -> %SystemRoot%\System32\acom1 -> [Folder | Modified Date = 5/28/2008 5:07:01 PM | Attr = ] afdpucfp.dll -> %SystemRoot%\System32\afdpucfp.dll -> [Ver = | Size = 124416 bytes | Modified Date = 5/28/2008 11:50:49 PM | Attr = ] avvpnmce.dll -> %SystemRoot%\System32\avvpnmce.dll -> [Ver = | Size = 126976 bytes | Modified Date = 6/5/2008 1:21:32 PM | Attr = ] bjrhntqg.dll -> %SystemRoot%\System32\bjrhntqg.dll -> [Ver = | Size = 124416 bytes | Modified Date = 5/28/2008 11:50:26 PM | Attr = ] bmcursqf.dll -> %SystemRoot%\System32\bmcursqf.dll -> [Ver = | Size = 126464 bytes | Modified Date = 5/26/2008 11:50:27 PM | Attr = ] bpxjxikl.dll -> %SystemRoot%\System32\bpxjxikl.dll -> [Ver = | Size = 125440 bytes | Modified Date = 6/3/2008 5:37:29 PM | Attr = ] bpybjcei.dll -> %SystemRoot%\System32\bpybjcei.dll -> [Ver = | Size = 126976 bytes | Modified Date = 6/1/2008 5:34:14 PM | Attr = ] cacljjxv.dll -> %SystemRoot%\System32\cacljjxv.dll -> [Ver = | Size = 125440 bytes | Modified Date = 6/2/2008 5:36:33 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/6/2008 6:30:23 PM | Attr = ] cfktlrtc.ini -> %SystemRoot%\System32\cfktlrtc.ini -> [Ver = | Size = 474 bytes | Modified Date = 6/7/2008 6:22:13 PM | Attr = HS] CMpsDfhk.ini -> %SystemRoot%\System32\CMpsDfhk.ini -> [Ver = | Size = 794553 bytes | Modified Date = 5/30/2008 1:02:50 AM | Attr = HS] CMpsDfhk.ini2 -> %SystemRoot%\System32\CMpsDfhk.ini2 -> [Ver = | Size = 800617 bytes | Modified Date = 5/31/2008 1:01:44 AM | Attr = HS] CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 5/28/2008 9:49:32 PM | Attr = ] ctrltkfc.dll -> %SystemRoot%\System32\ctrltkfc.dll -> [Ver = | Size = 117248 bytes | Modified Date = 6/5/2008 1:29:50 PM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 5/29/2008 11:26:43 AM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 6/3/2008 5:12:58 PM | Attr = ] ejydprvo.ini -> %SystemRoot%\System32\ejydprvo.ini -> [Ver = | Size = 1467714 bytes | Modified Date = 5/29/2008 2:33:42 PM | Attr = HS] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 5/28/2008 9:44:48 PM | Attr = ] enntfwss.ini -> %SystemRoot%\System32\enntfwss.ini -> [Ver = | Size = 1474149 bytes | Modified Date = 5/29/2008 11:48:51 AM | Attr = HS] eqxloytl.dll -> %SystemRoot%\System32\eqxloytl.dll -> [Ver = | Size = 116224 bytes | Modified Date = 6/2/2008 5:36:54 PM | Attr = ] ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [Ver = | Size = 48 bytes | Modified Date = 5/16/2008 3:09:17 PM | Attr = H ] fgxvqnay.ini -> %SystemRoot%\System32\fgxvqnay.ini -> [Ver = | Size = 1425586 bytes | Modified Date = 5/27/2008 8:00:25 PM | Attr = HS] fijPYJjl.ini -> %SystemRoot%\System32\fijPYJjl.ini -> [Ver = | Size = 802998 bytes | Modified Date = 5/29/2008 7:48:30 PM | Attr = HS] fijPYJjl.ini2 -> %SystemRoot%\System32\fijPYJjl.ini2 -> [Ver = | Size = 802998 bytes | Modified Date = 5/29/2008 7:48:19 PM | Attr = HS] frhwvfhq.dll -> %SystemRoot%\System32\frhwvfhq.dll -> [Ver = | Size = 132096 bytes | Modified Date = 5/28/2008 11:51:28 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 5/26/2008 11:54:41 PM | Attr = ] g22.exe -> %SystemRoot%\System32\g22.exe -> [Ver = | Size = 401964 bytes | Modified Date = 5/26/2008 11:39:57 PM | Attr = ] gMoWvyay.ini -> %SystemRoot%\System32\gMoWvyay.ini -> [Ver = | Size = 736943 bytes | Modified Date = 6/7/2008 6:24:08 PM | Attr = HS] gMoWvyay.ini2 -> %SystemRoot%\System32\gMoWvyay.ini2 -> [Ver = | Size = 736943 bytes | Modified Date = 6/7/2008 6:23:45 PM | Attr = HS] gside.exe -> %SystemRoot%\System32\gside.exe -> [Ver = | Size = 298315 bytes | Modified Date = 5/27/2008 12:08:18 AM | Attr = ] isankysm.exe -> %SystemRoot%\System32\isankysm.exe -> [Ver = | Size = 2560 bytes | Modified Date = 5/26/2008 11:57:02 PM | Attr = ] iSrrYcfe.ini -> %SystemRoot%\System32\iSrrYcfe.ini -> [Ver = | Size = 804895 bytes | Modified Date = 5/29/2008 1:08:33 AM | Attr = HS] iSrrYcfe.ini2 -> %SystemRoot%\System32\iSrrYcfe.ini2 -> [Ver = | Size = 804716 bytes | Modified Date = 5/29/2008 1:06:46 AM | Attr = HS] jiixvimr.exe -> %SystemRoot%\System32\jiixvimr.exe -> [Ver = | Size = 2560 bytes | Modified Date = 5/28/2008 11:53:09 PM | Attr = ] jpwnw64q.exe -> %SystemRoot%\System32\jpwnw64q.exe -> [Ver = 3, 0, 0, 1 | Size = 49170 bytes | Modified Date = 5/27/2008 12:07:17 AM | Attr = ] lhassqpp.dll -> %SystemRoot%\System32\lhassqpp.dll -> [Ver = | Size = 134144 bytes | Modified Date = 5/29/2008 12:00:00 PM | Attr = ] ltyolxqe.ini -> %SystemRoot%\System32\ltyolxqe.ini -> [Ver = | Size = 1500523 bytes | Modified Date = 6/2/2008 11:32:50 PM | Attr = HS] mfwwlgop.ini -> %SystemRoot%\System32\mfwwlgop.ini -> [Ver = | Size = 2741109 bytes | Modified Date = 5/29/2008 3:26:07 PM | Attr = HS] mgjgmjyq.ini -> %SystemRoot%\System32\mgjgmjyq.ini -> [Ver = | Size = 1484678 bytes | Modified Date = 5/30/2008 8:05:09 PM | Attr = HS] mlSAcMoq.ini -> %SystemRoot%\System32\mlSAcMoq.ini -> [Ver = | Size = 802792 bytes | Modified Date = 5/29/2008 1:55:00 PM | Attr = HS] mlSAcMoq.ini2 -> %SystemRoot%\System32\mlSAcMoq.ini2 -> [Ver = | Size = 802792 bytes | Modified Date = 5/29/2008 1:54:56 PM | Attr = HS] mysidesearch_sidebar_uninstall.exe -> %SystemRoot%\System32\mysidesearch_sidebar_uninstall.exe -> [Ver = | Size = 88961 bytes | Modified Date = 5/27/2008 12:08:33 AM | Attr = ] paxnrnbv.dll -> %SystemRoot%\System32\paxnrnbv.dll -> [Ver = | Size = 116224 bytes | Modified Date = 5/27/2008 11:57:21 PM | Attr = ] pcefpsqj.dll -> %SystemRoot%\System32\pcefpsqj.dll -> [Ver = | Size = 133120 bytes | Modified Date = 5/30/2008 8:01:43 PM | Attr = ] poglwwfm.dll -> %SystemRoot%\System32\poglwwfm.dll -> [Ver = | Size = 115200 bytes | Modified Date = 5/29/2008 2:44:32 PM | Attr = ] puajvtdl.dll -> %SystemRoot%\System32\puajvtdl.dll -> [Ver = | Size = 134144 bytes | Modified Date = 6/5/2008 1:26:51 PM | Attr = ] qqsmwgod.dll -> %SystemRoot%\System32\qqsmwgod.dll -> [Ver = | Size = 134144 bytes | Modified Date = 5/29/2008 2:35:48 PM | Attr = ] qvfddkef.dll -> %SystemRoot%\System32\qvfddkef.dll -> [Ver = | Size = 125440 bytes | Modified Date = 5/30/2008 7:58:55 PM | Attr = ] qyjmgjgm.dll -> %SystemRoot%\System32\qyjmgjgm.dll -> [Ver = | Size = 115200 bytes | Modified Date = 5/30/2008 8:04:47 PM | Attr = ] rev3 -> %SystemRoot%\System32\rev3 -> [Folder | Modified Date = 5/28/2008 5:06:59 PM | Attr = ] rltrwydy.dll -> %SystemRoot%\System32\rltrwydy.dll -> [Ver = | Size = 131584 bytes | Modified Date = 6/2/2008 5:42:33 PM | Attr = ] roaiffly.dll -> %SystemRoot%\System32\roaiffly.dll -> [Ver = | Size = 127488 bytes | Modified Date = 5/29/2008 2:32:32 PM | Attr = ] rucdegcg.dll -> %SystemRoot%\System32\rucdegcg.dll -> [Ver = | Size = 125440 bytes | Modified Date = 6/4/2008 5:38:49 PM | Attr = ] rwsbbuwi.dll -> %SystemRoot%\System32\rwsbbuwi.dll -> [Ver = | Size = 125440 bytes | Modified Date = 5/30/2008 7:58:41 PM | Attr = ] rwwnw64d.exe -> %SystemRoot%\System32\rwwnw64d.exe -> [Ver = 3, 0, 0, 1 | Size = 49159 bytes | Modified Date = 5/26/2008 11:39:46 PM | Attr = ] sswftnne.dll -> %SystemRoot%\System32\sswftnne.dll -> [Ver = | Size = 116224 bytes | Modified Date = 5/28/2008 11:52:47 PM | Attr = ] sxbhlwhe.dll -> %SystemRoot%\System32\sxbhlwhe.dll -> [Ver = | Size = 134144 bytes | Modified Date = 5/26/2008 11:59:26 PM | Attr = ] tvghkjjo.exe -> %SystemRoot%\System32\tvghkjjo.exe -> [Ver = | Size = 2560 bytes | Modified Date = 5/27/2008 11:52:09 PM | Attr = ] vbnrnxap.ini -> %SystemRoot%\System32\vbnrnxap.ini -> [Ver = | Size = 1498376 bytes | Modified Date = 5/28/2008 3:07:48 PM | Attr = HS] vd2 -> %SystemRoot%\System32\vd2 -> [Folder | Modified Date = 5/26/2008 11:39:17 PM | Attr = ] vntiho01 -> %SystemRoot%\System32\vntiho01 -> [Folder | Modified Date = 5/26/2008 11:38:32 PM | Attr = ] volfhxur.dll -> %SystemRoot%\System32\volfhxur.dll -> [Ver = | Size = 126464 bytes | Modified Date = 5/27/2008 11:51:28 PM | Attr = ] walssajp.ini -> %SystemRoot%\System32\walssajp.ini -> [Ver = | Size = 1484618 bytes | Modified Date = 5/30/2008 7:59:53 PM | Attr = HS] wnxxloki.dll -> %SystemRoot%\System32\wnxxloki.dll -> [Ver = | Size = 134144 bytes | Modified Date = 5/29/2008 7:58:42 PM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 2206 bytes | Modified Date = 6/6/2008 6:27:05 PM | Attr = ] wumnernm.dll -> %SystemRoot%\System32\wumnernm.dll -> [Ver = | Size = 127488 bytes | Modified Date = 5/29/2008 11:50:54 AM | Attr = ] yayvWoMg.dll -> %SystemRoot%\System32\yayvWoMg.dll -> [Ver = | Size = 373760 bytes | Modified Date = 6/1/2008 5:33:27 PM | Attr = ] yklhlvnh.dll -> %SystemRoot%\System32\yklhlvnh.dll -> [Ver = | Size = 133632 bytes | Modified Date = 6/1/2008 5:36:34 PM | Attr = ] ytlwxkmj.ini -> %SystemRoot%\System32\ytlwxkmj.ini -> [Ver = | Size = 1500403 bytes | Modified Date = 6/2/2008 5:35:49 PM | Attr = HS] {f153b7f0-0af0-579c-fd80-e3a1f2eabf28}.dll-uninst.exe -> %SystemRoot%\System32\{f153b7f0-0af0-579c-fd80-e3a1f2eabf28}.dll-uninst.exe -> [Ver = | Size = 63902 bytes | Modified Date = 5/26/2008 11:40:17 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/28/2008 9:29:18 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 5/28/2008 9:36:26 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 5/28/2008 9:34:10 PM | Attr = H ] BM03e51b81.xml -> %SystemRoot%\BM03e51b81.xml -> [Ver = | Size = 109803 bytes | Modified Date = 6/7/2008 6:21:12 PM | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 6/6/2008 6:25:34 PM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1351 bytes | Modified Date = 5/29/2008 3:27:23 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 5/16/2008 3:00:57 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/3/2008 6:33:06 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/29/2008 11:26:43 AM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 5/28/2008 9:43:06 PM | Attr = H ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/28/2008 9:37:49 PM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 6/3/2008 12:23:58 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/3/2008 6:18:45 PM | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 5/28/2008 9:44:25 PM | Attr = ] megavid.cdt -> %SystemRoot%\megavid.cdt -> [Ver = | Size = 0 bytes | Modified Date = 5/26/2008 11:39:41 PM | Attr = RHS] muotr.so -> %SystemRoot%\muotr.so -> [Ver = | Size = 33 bytes | Modified Date = 5/26/2008 11:39:40 PM | Attr = RHS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/7/2008 6:20:40 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 6/6/2008 6:27:02 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/6/2008 6:27:11 PM | Attr = H ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 6/7/2008 6:22:13 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/7/2008 6:16:39 PM | Attr = ] THlubiBaZXJiZQ -> %SystemRoot%\THlubiBaZXJiZQ -> [Folder | Modified Date = 5/28/2008 5:07:05 PM | Attr = HS] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 5/28/2008 9:44:48 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 483 bytes | Modified Date = 5/29/2008 8:42:34 PM | Attr = ] winself.exe -> %SystemRoot%\winself.exe -> [Ver = | Size = 25857 bytes | Modified Date = 5/26/2008 11:39:38 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/6/2008 6:25:47 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/1/2005 7:03:46 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5522 bytes | Modified Date = 5/29/2008 11:53:42 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5522 bytes | Modified Date = 5/29/2008 11:53:42 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 5/1/2006 9:17:24 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11088 bytes | Modified Date = 5/1/2006 9:17:59 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder | Modified Date = 7/14/2005 10:17:22 AM | Attr = ] IsUninst.Exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 1:45:06 PM | Attr = R ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08} -> [Folder | Modified Date = 9/1/2006 3:21:16 PM | Attr = ] BTHotSWizard.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\BTHotSWizard.exe -> [Ver = 1, 0, 0, 1 | Size = 225280 bytes | Modified Date = 6/24/2003 8:43:00 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7} -> [Folder | Modified Date = 8/1/2007 2:28:06 PM | Attr = ] REGSVR32.EXE -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\REGSVR32.EXE -> Microsoft Corporation [Ver = 5.00.1641.1 | Size = 37136 bytes | Modified Date = 5/16/2001 6:15:50 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\ -> [Folder | Modified Date = 6/4/2008 1:21:03 AM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\ -> [Folder | Modified Date = 6/3/2008 6:55:32 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\ -> [Folder | Modified Date = 6/6/2008 6:30:20 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\ -> [Folder | Modified Date = 6/3/2008 7:00:59 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\ -> [Folder | Modified Date = 6/6/2008 6:23:55 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\ -> [Folder | Modified Date = 6/7/2008 3:47:43 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\ -> [Folder | Modified Date = 6/3/2008 6:53:35 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\ -> [Folder | Modified Date = 6/4/2008 1:34:44 AM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\ -> [Folder | Modified Date = 6/3/2008 6:37:25 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\ -> [Folder | Modified Date = 6/3/2008 6:34:03 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\ -> [Folder | Modified Date = 6/7/2008 12:35:38 AM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\ -> [Folder | Modified Date = 6/3/2008 6:43:32 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\ -> [Folder | Modified Date = 6/4/2008 1:31:54 AM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] sed.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] swreg.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/29/2007 10:23:07 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\WMC0000.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\WMC0000.tmp\ -> [Folder | Modified Date = 12/31/2007 10:11:39 PM | Attr = ] WMPAU.exe -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\WMC0000.tmp\WMPAU.exe -> Microsoft Corporation [Ver = 11.0.5721.5146 (WMP_11.061018-2006) | Size = 1669120 bytes | Modified Date = 11/1/2006 7:31:38 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp -> [Folder | Modified Date = 6/7/2008 6:18:26 PM | Attr = ] uninst.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\uninst.dll -> [Ver = | Size = 114688 bytes | Modified Date = 10/8/2004 2:06:04 AM | Attr = ] xerces-c_2_5_0_qb.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\xerces-c_2_5_0_qb.dll -> Apache Software Foundation [Ver = 2, 5, 0 | Size = 1916928 bytes | Modified Date = 10/10/2007 5:36:59 PM | Attr = ] 86 C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder | Modified Date = 7/14/2005 10:17:22 AM | Attr = ] Ctl3d32.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 3:46:26 PM | Attr = R ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08} -> [Folder | Modified Date = 9/1/2006 3:21:16 PM | Attr = ] isrt.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\isrt.dll -> InstallShield Software Corporation [Ver = 6, 22, 100, 1449 | Size = 323584 bytes | Modified Date = 10/5/2000 4:58:10 PM | Attr = ] WebUpdate.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\WebUpdate.dll -> HPS [Ver = 1, 0, 0, 1 | Size = 102400 bytes | Modified Date = 6/24/2003 8:43:00 AM | Attr = ] WebUpdateLANG.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\WebUpdateLANG.dll -> [Ver = | Size = 32768 bytes | Modified Date = 6/24/2003 8:43:00 AM | Attr = ] zlib.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\zlib.dll -> [Ver = 1.1.4.0 | Size = 53248 bytes | Modified Date = 6/24/2003 8:43:00 AM | Attr = ] _IsRes.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\_IsRes.dll -> InstallShield Software Corporation [Ver = 6, 20, 100, 1401 | Size = 217088 bytes | Modified Date = 5/14/2000 8:22:20 PM | Attr = ] _Isuser.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{c6ae8e1f-ec1b-11d4-a19d-00c04fa0fd08}\_Isuser.dll -> [Ver = | Size = 49152 bytes | Modified Date = 6/24/2003 8:42:48 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7} -> [Folder | Modified Date = 8/1/2007 2:28:06 PM | Attr = ] isrt.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\isrt.dll -> InstallShield Software Corporation [Ver = 6, 31, 100, 1190 | Size = 331776 bytes | Modified Date = 9/5/2001 4:20:54 AM | Attr = ] _IsRes.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\_IsRes.dll -> InstallShield Software Corporation [Ver = 6, 31, 100, 1190 | Size = 258048 bytes | Modified Date = 12/23/2004 6:56:58 PM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\ -> [Folder | Modified Date = 6/4/2008 1:21:03 AM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~aunptzs.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\ -> [Folder | Modified Date = 6/3/2008 6:55:32 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~ervpolr.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\ -> [Folder | Modified Date = 6/6/2008 6:30:20 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~fdcmktt.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\ -> [Folder | Modified Date = 6/3/2008 7:00:59 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~kwjclrl.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\ -> [Folder | Modified Date = 6/6/2008 6:23:55 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~mjhykdw.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\ -> [Folder | Modified Date = 6/7/2008 3:47:43 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~muewdls.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\ -> [Folder | Modified Date = 6/3/2008 6:53:35 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~piwgkvy.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\ -> [Folder | Modified Date = 6/4/2008 1:34:44 AM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~qsbvsmt.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\ -> [Folder | Modified Date = 6/3/2008 6:37:25 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~rjtvuzm.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\ -> [Folder | Modified Date = 6/3/2008 6:34:03 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~utylqej.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\ -> [Folder | Modified Date = 6/7/2008 12:35:38 AM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~wwbedzo.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\ -> [Folder | Modified Date = 6/3/2008 6:43:32 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xafepjh.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\ -> [Folder | Modified Date = 6/4/2008 1:31:54 AM | Attr = H ] dss.dll -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\~xkudfng.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 5/19/2008 12:12:26 AM | Attr = S] index.dat -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 5/19/2008 12:12:28 AM | Attr = ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder | Modified Date = 7/14/2005 10:17:22 AM | Attr = ] Corecomp.ini -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Corecomp.ini -> [Ver = | Size = 28290 bytes | Modified Date = 2/2/1999 1:21:18 PM | Attr = R ] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 5/19/2008 12:12:26 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 12:12:26 AM | Attr = HS] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\27YLEHMT\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\27YLEHMT -> [Folder | Modified Date = 5/26/2008 11:56:32 PM | Attr = S] desktop.ini -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\27YLEHMT\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 12:12:26 AM | Attr = HS] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1CNI70J\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1CNI70J -> [Folder | Modified Date = 5/26/2008 11:49:45 PM | Attr = S] desktop.ini -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1CNI70J\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 12:12:26 AM | Attr = HS] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZ0JINIF\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZ0JINIF -> [Folder | Modified Date = 5/26/2008 11:56:26 PM | Attr = S] desktop.ini -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\GZ0JINIF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 12:12:26 AM | Attr = HS] C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODAF2FA1\ -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODAF2FA1 -> [Folder | Modified Date = 5/26/2008 11:59:24 PM | Attr = S] desktop.ini -> C:\Documents and Settings\Lynn Zerbe\Local Settings\Temp\Temporary Internet Files\Content.IE5\ODAF2FA1\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 12:12:26 AM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 5/15/2008 4:31:44 PM | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 5/16/2008 2:22:08 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 5/15/2008 4:27:35 PM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Modified Date = 5/26/2008 11:57:51 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/16/2008 3:50:08 PM | Attr = S] Skype -> %AppData%\Skype -> [Folder | Modified Date = 6/6/2008 12:39:26 PM | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Modified Date = 6/5/2008 4:03:51 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 6/7/2008 6:12:02 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/29/2008 11:47:53 AM | Attr = ] NOS -> %UserProfile%\Local Settings\Application Data\NOS -> [Folder | Modified Date = 5/15/2008 4:32:48 PM | Attr = ] Azureus Downloads -> %UserProfile%\My Documents\Azureus Downloads -> [Folder | Modified Date = 6/2/2008 11:45:33 PM | Attr = ] banquet.jpg -> %UserProfile%\My Documents\banquet.jpg -> [Ver = | Size = 126580 bytes | Modified Date = 5/28/2008 11:15:35 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\banquet.jpg:Zone.Identifier DESKTOP.INI -> %UserProfile%\My Documents\DESKTOP.INI -> [Ver = | Size = 81 bytes | Modified Date = 5/29/2008 11:47:41 AM | Attr = HS] estimate1.pdf -> %UserProfile%\My Documents\estimate1.pdf -> [Ver = | Size = 270980 bytes | Modified Date = 5/22/2008 7:14:50 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\estimate1.pdf:Zone.Identifier invoice1.pdf -> %UserProfile%\My Documents\invoice1.pdf -> [Ver = | Size = 250758 bytes | Modified Date = 5/22/2008 7:14:58 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\invoice1.pdf:Zone.Identifier mutual release.pdf -> %UserProfile%\My Documents\mutual release.pdf -> [Ver = | Size = 48954 bytes | Modified Date = 5/27/2008 11:19:33 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/29/2008 11:47:42 AM | Attr = R ] WDI Report1.pdf -> %UserProfile%\My Documents\WDI Report1.pdf -> [Ver = | Size = 703086 bytes | Modified Date = 5/22/2008 7:15:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\WDI Report1.pdf:Zone.Identifier NetBeans IDE 6.1.lnk -> %AllUsersProfile%\Desktop\NetBeans IDE 6.1.lnk -> [Ver = | Size = 1698 bytes | Modified Date = 6/3/2008 6:20:14 PM | Attr = ] 12707final.mp3 -> %UserProfile%\Desktop\12707final.mp3 -> [Ver = | Size = 32909584 bytes | Modified Date = 6/5/2008 5:00:14 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/7/2008 3:56:14 PM | Attr = ] avenger -> %UserProfile%\Desktop\avenger -> [Folder | Modified Date = 6/3/2008 5:02:34 PM | Attr = ] DelDomains.inf -> %UserProfile%\Desktop\DelDomains.inf -> [Ver = | Size = 1432 bytes | Modified Date = 6/3/2008 5:21:26 PM | Attr = ] DownloadBook.asp -> %UserProfile%\Desktop\DownloadBook.asp -> [Ver = | Size = 2479455 bytes | Modified Date = 5/29/2008 11:59:38 AM | Attr = ] dss(2).exe -> %UserProfile%\Desktop\dss(2).exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 6/3/2008 6:59:18 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 6/3/2008 6:11:50 PM | Attr = ] HelenKiller01_9572236.pdf -> %UserProfile%\Desktop\HelenKiller01_9572236.pdf -> [Ver = | Size = 13373454 bytes | Modified Date = 5/27/2008 3:26:14 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 6/1/2008 5:32:15 PM | Attr = ] jdk-6u6-nb-6_1-windows.exe -> %UserProfile%\Desktop\jdk-6u6-nb-6_1-windows.exe -> [Ver = | Size = 114957350 bytes | Modified Date = 6/3/2008 5:50:12 PM | Attr = ] Luke -> %UserProfile%\Desktop\Luke -> [Folder | Modified Date = 6/7/2008 3:48:09 PM | Attr = ] Microsoft Office Word 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 5/29/2008 2:50:32 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/7/2008 6:22:00 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Modified Date = 6/7/2008 6:06:00 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1757 bytes | Modified Date = 5/15/2008 4:31:56 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 5/15/2008 4:31:08 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 6/3/2008 6:15:12 PM | Attr = ] Skype -> %CommonProgramFiles%\Skype -> [Folder | Modified Date = 5/16/2008 2:21:50 PM | Attr = ] < End of report > [/code]