[code] OTScanIt logfile created on: 08/23/08 3:15:17 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy 447.48 Mb Total Physical Memory | 105.75 Mb Available Physical Memory | 23.63% Memory free 1.03 Gb Paging File | 0.67 Gb Available in Paging File | 65.04% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.73 Gb Total Space | 50.87 Gb Free Space | 72.96% Space Free | Partition Type: NTFS Drive D: | 4.79 Gb Total Space | 0.62 Gb Free Space | 12.95% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MULEY Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 234656 bytes | Modified Date = 09/06/03 7:20:50 AM | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 255136 bytes | Modified Date = 09/06/03 7:20:46 AM | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 07/19/08 7:25:06 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 07/19/08 7:38:28 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 02/22/08 4:25:21 AM | Attr = ] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 05/07/98 5:04:38 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/03 4:38:42 PM | Attr = ] hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,1,7 | Size = 483328 bytes | Modified Date = 08/21/03 4:15:48 AM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 02/11/03 8:02:48 PM | Attr = ] vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 1.100.2004.0115 | Size = 49152 bytes | Modified Date = 01/16/04 4:33:44 AM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 06/29/04 9:06:38 AM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 07/19/08 7:38:34 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 04/01/04 2:01:06 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 70816 bytes | Modified Date = 09/06/03 7:20:44 AM | Attr = ] motivesb.exe -> %ProgramFiles%\Verizon\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.22.asst_classic.smartbridge.20060421_153000 | Size = 438359 bytes | Modified Date = 06/23/06 12:33:02 PM | Attr = ] moffice.exe -> %ProgramFiles%\Browser Mouse\MOffice.exe -> [Ver = 1, 0, 0, 1 | Size = 958464 bytes | Modified Date = 11/11/06 3:56:37 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 03/09/07 11:09:58 AM | Attr = ] mouse32a.exe -> %ProgramFiles%\Browser Mouse\mouse32a.exe -> [Ver = 4.0.0.0 | Size = 356352 bytes | Modified Date = 11/11/06 3:56:33 PM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 09/16/03 1:19:24 PM | Attr = ] popsub.exe -> %ProgramFiles%\InterMute\PopSubtract\PopSub.exe -> interMute, Inc. [Ver = 1, 3, 8, 0 | Size = 233472 bytes | Modified Date = 02/03/04 11:05:18 AM | Attr = ] ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 218272 bytes | Modified Date = 09/06/03 7:20:48 AM | Attr = ] gearsec.exe -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 11/03/03 8:47:08 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 01/04/07 2:38:08 PM | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 07/19/08 7:38:04 AM | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 07/23/08 7:25:45 AM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 42 | Size = 111816 bytes | Modified Date = 11/10/04 9:15:31 PM | Attr = ] jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 329104 bytes | Modified Date = 02/22/08 4:25:20 AM | Attr = ] hptskmgr.exe -> %ProgramFiles%\HP\hpcoretech\comp\hptskmgr.exe -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 135168 bytes | Modified Date = 12/22/03 4:38:40 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 04/01/04 1:41:13 AM | Attr = ] rnathchk.exe -> %CommonProgramFiles%\Real\Update_OB\rnathchk.exe -> RealNetworks, Inc. [Ver = 7.0.0.1176 | Size = 57389 bytes | Modified Date = 04/01/04 1:41:12 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 07/12/08 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 07/19/08 7:25:06 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 07/19/08 7:38:28 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 07/19/08 7:38:04 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 07/23/08 7:25:45 AM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 255136 bytes | Modified Date = 09/06/03 7:20:46 AM | Attr = ] (ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 218272 bytes | Modified Date = 09/06/03 7:20:48 AM | Attr = ] (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 87200 bytes | Modified Date = 09/06/03 7:20:48 AM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.0.2.806 | Size = 234656 bytes | Modified Date = 09/06/03 7:20:50 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 08/04/04 12:56:48 AM | Attr = ] (GEARSecurity) Gear Security Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 11/03/03 8:47:08 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/04 4:24:18 AM | Attr = ] (iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.2.0.74 | Size = 417792 bytes | Modified Date = 01/16/04 8:16:06 PM | Attr = ] (KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> File not found (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.2.0.108 | Size = 197896 bytes | Modified Date = 08/31/03 9:27:40 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 01/04/07 2:38:08 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 07/19/08 7:32:15 AM | Attr = ] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/07/04 6:16:04 PM | Attr = ] (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 06/29/04 9:07:18 AM | Attr = ] (ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> Sensaura Ltd [Ver = 5.10.00.3511D | Size = 391424 bytes | Modified Date = 12/12/03 7:54:14 AM | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/01/04 10:24:02 AM | Attr = ] (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 07/19/08 7:37:42 AM | Attr = ] (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 07/19/08 7:37:21 AM | Attr = ] (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 07/19/08 7:33:42 AM | Attr = ] (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 07/19/08 7:35:18 AM | Attr = ] (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 07/19/08 7:32:36 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 08/03/04 11:07:17 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 08/03/04 11:07:16 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 08/29/02 5:00:00 AM | Attr = ] (fasttx2k) fasttx2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Fasttx2k.sys -> Promise Technology, Inc. [Ver = 1.00.0030.11 | Size = 142336 bytes | Modified Date = 12/02/03 7:23:20 PM | Attr = ] (FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.41.00.0426 | Size = 42496 bytes | Modified Date = 12/16/04 1:36:30 PM | Attr = ] (FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5b.sys -> VIA Technologies, Inc. [Ver = 3.27.00.0412 | Size = 41984 bytes | Modified Date = 11/12/03 2:41:00 AM | Attr = ] (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software [Ver = 1.028 | Size = 9760 bytes | Modified Date = 11/03/03 8:47:08 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3762 | Size = 681469 bytes | Modified Date = 02/10/04 7:17:06 PM | Attr = ] (Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> InterVideo, Inc. [Ver = 1, 0, 0, 0 | Size = 21060 bytes | Modified Date = 09/10/03 11:36:54 PM | Attr = ] (moufiltr) Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\moufiltr.sys -> Chic Tech. [Ver = 1.00 | Size = 62592 bytes | Modified Date = 11/11/06 3:56:29 PM | Attr = ] (MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 11/22/04 3:36:39 PM | Attr = ] (Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 09/19/03 1:47:00 AM | Attr = ] (Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 14112 bytes | Modified Date = 06/04/01 2:00:00 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 08/29/02 5:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.11B | Size = 46080 bytes | Modified Date = 11/03/05 4:00:00 AM | Attr = ] (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.505.1004.2002 built by: WinDDK | Size = 46976 bytes | Modified Date = 10/04/02 6:04:10 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/07 3:25:53 AM | Attr = ] (SiS315) SiS315 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3560 | Size = 432000 bytes | Modified Date = 01/02/04 8:20:40 PM | Attr = ] (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> Silicon Integrated Systems Corporation [Ver = 7.2.0.1170 built by: WinDDK | Size = 36992 bytes | Modified Date = 07/18/03 5:58:20 PM | Attr = ] (SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srvkp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3560 | Size = 11520 bytes | Modified Date = 01/02/04 9:05:48 PM | Attr = ] (sscdbus) SAMSUNG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdbus.sys -> MCCI Corporation [Ver = V4.40 | Size = 80552 bytes | Modified Date = 07/03/07 4:54:24 PM | Attr = ] (sscdmdfl) SAMSUNG Mobile Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdfl.sys -> MCCI Corporation [Ver = V4.40 | Size = 11944 bytes | Modified Date = 07/03/07 4:57:24 PM | Attr = ] (sscdmdm) SAMSUNG Mobile Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sscdmdm.sys -> MCCI Corporation [Ver = V4.40 | Size = 106792 bytes | Modified Date = 07/03/07 4:58:20 PM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 10728 bytes | Modified Date = 08/31/03 9:27:16 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.3.0.17 | Size = 82136 bytes | Modified Date = 08/16/03 7:22:12 AM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 164552 bytes | Modified Date = 08/31/03 9:27:18 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 46376 bytes | Modified Date = 08/31/03 9:27:20 PM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SymIDSCo.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 123240 bytes | Modified Date = 08/31/03 9:27:22 PM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 51560 bytes | Modified Date = 08/31/03 9:27:18 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 16328 bytes | Modified Date = 08/31/03 9:27:22 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.2.0.108 | Size = 263240 bytes | Modified Date = 08/31/03 9:27:24 PM | Attr = ] (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 07/02/03 12:42:00 PM | Attr = ] (viagfx) viagfx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vtmini.sys -> Copyright (C) VIA/S3 Graphics Co, Ltd. [Ver = 6.14.10.0194-16.94.42.03 | Size = 172672 bytes | Modified Date = 12/07/04 8:08:58 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 03/09/07 11:09:58 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 01/11/08 11:16:38 PM | Attr = ] AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 06/29/04 9:06:38 AM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 07/19/08 7:38:34 AM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["c:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 2.0.2.806 | Size = 70816 bytes | Modified Date = 09/06/03 7:20:44 AM | Attr = ] FLMOFFICE4DMOUSE -> %ProgramFiles%\Browser Mouse\MOffice.exe [C:\Program Files\Browser Mouse\MOffice.exe] -> [Ver = 1, 0, 0, 1 | Size = 958464 bytes | Modified Date = 11/11/06 3:56:37 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/03 4:38:42 PM | Attr = ] HPHmon05 -> %SystemRoot%\system32\hphmon05.exe [C:\WINDOWS\System32\hphmon05.exe] -> Hewlett-Packard [Ver = 5,1,7 | Size = 483328 bytes | Modified Date = 08/21/03 4:15:48 AM | Attr = ] HPHUPD05 -> %ProgramFiles%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe] -> Hewlett-Packard [Ver = 5,1,7 | Size = 49152 bytes | Modified Date = 08/21/03 4:23:08 AM | Attr = ] hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 05/07/98 5:04:38 PM | Attr = ] IPHSend -> %CommonProgramFiles%\AOL\IPHSend\IPHSend.exe [C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe] -> America Online, Inc. [Ver = 1.0.12.1 | Size = 124520 bytes | Modified Date = 02/17/06 9:59:46 AM | Attr = ] IS CfgWiz -> %CommonProgramFiles%\Symantec Shared\CfgWiz.exe [c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"] -> Symantec Corporation [Ver = 4.0.0.92 | Size = 124096 bytes | Modified Date = 08/20/03 8:55:28 PM | Attr = ] KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 02/11/03 8:02:48 PM | Attr = ] Motive SmartBridge -> %ProgramFiles%\Verizon\SmartBridge\MotiveSB.exe [C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe] -> Motive Communications, Inc. [Ver = 5.8.22.asst_classic.smartbridge.20060421_153000 | Size = 438359 bytes | Modified Date = 06/23/06 12:33:02 PM | Attr = ] PS2 -> %SystemRoot%\system32\ps2.EXE [C:\WINDOWS\system32\ps2.exe] -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 10/16/02 4:57:10 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 04/01/04 2:01:06 AM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 04/14/04 1:43:46 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 02/22/08 4:25:21 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 04/01/04 1:41:13 AM | Attr = ] VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 1.100.2004.0115 | Size = 49152 bytes | Modified Date = 01/16/04 4:33:44 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found BackupNotify -> %ProgramFiles%\HP\Digital Imaging\bin\BackupNotify.exe [c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe] -> Hewlett-Packard Company [Ver = 2004.01.08.0 | Size = 32768 bytes | Modified Date = 01/09/04 2:34:10 AM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 09/16/03 1:19:24 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\PopSubtract.lnk -> %ProgramFiles%\InterMute\PopSubtract\PopSub.exe -> interMute, Inc. [Ver = 1, 3, 8, 0 | Size = 233472 bytes | Modified Date = 02/03/04 11:05:18 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Modified Date = 07/30/03 5:49:48 AM | Attr = ] < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Secure Desktop Notification-ELF Desktop Beauty Advisor.lnk -> %ProgramFiles%\Secure Desktop Notification\ELF Desktop Beauty Advisor\sdn.exe -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 06/13/07 3:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 08/04/04 12:56:57 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 08/04/04 12:56:50 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/07 8:36:51 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 08/04/04 12:56:57 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 02/10/04 6:51:10 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallpaper -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 2 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 2 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 2 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 08/03/04 10:59:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CDRW/DVD_SM-352F________________T903____\5&22ac9df0&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 03/31/04 11:00:15 PM | Attr = ] AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 07/28/01 6:07:38 AM | Attr = HS] Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 45 bytes | Modified Date = 09/11/02 3:02:32 AM | Attr = HS] < HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOLTBSearch Class] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> localhost -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1962 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 41 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/06 12:08:42 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 02/22/08 4:25:19 AM | Attr = ] {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AOL Toolbar Launcher] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] {9ECB9560-04F9-4bbc-943D-298DDF1699E1} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [CNisExtBho Class] -> Symantec Corporation [Ver = 7.0.0.177 | Size = 126976 bytes | Modified Date = 09/06/03 11:31:28 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.0.177 | Size = 126976 bytes | Modified Date = 09/06/03 11:31:28 PM | Attr = ] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.6 | Size = 98304 bytes | Modified Date = 09/03/03 6:42:14 PM | Attr = ] {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.6 | Size = 98304 bytes | Modified Date = 09/03/03 6:42:14 PM | Attr = ] WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\AdBlocking\NISShExt.dll [Web assistant] -> Symantec Corporation [Ver = 7.0.0.177 | Size = 126976 bytes | Modified Date = 09/06/03 11:31:28 PM | Attr = ] WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.6 | Size = 98304 bytes | Modified Date = 09/03/03 6:42:14 PM | Attr = ] WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 02/22/08 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 02/22/08 4:25:19 AM | Attr = ] {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ] {F4430FE8-2638-42e5-B849-800749B94EED}:Exec -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AIM Toolbar 5.0\aoltb.dll [AIM Toolbar] -> AOL LLC [Ver = 5.0.75.1 | Size = 1090912 bytes | Modified Date = 10/10/07 7:56:58 AM | Attr = ] CmdMapping\\{5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ] CmdMapping\\{F4430FE8-2638-42e5-B849-800749B94EED} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 09/07/06 1:59:50 PM | Attr = ] Add To HP Organize... -> %ProgramFiles%\Hewlett-Packard\HP Organize\bin\core.hp.main\SendTo.html -> [Ver = | Size = 5438 bytes | Modified Date = 03/06/04 7:50:20 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {15B417F8-7750-4613-8CC9-7F099B6E7303} -> 85.255.115.44,85.255.112.187 (VIA Rhine II Fast Ethernet Adapter) -> {6908DE68-6E19-49AA-BFBB-4AC665A07F60} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/03 4:38:40 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {11260943-421B-11D0-8EAC-0000C07D88CF}[HKEY_LOCAL_MACHINE] -> http://www.ipix.com/download/ipixx.cab[iPIX ActiveX Control] -> {406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www2.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by136fd.bay136.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153364574781[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153364563187[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipixx.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipixx.ocx\\.Owner -> {11260943-421B-11D0-8EAC-0000C07D88CF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipixx.ocx\\{11260943-421B-11D0-8EAC-0000C07D88CF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/IPX32d56.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/IPX32d56.dll\\.Owner -> {11260943-421B-11D0-8EAC-0000C07D88CF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/IPX32d56.dll\\{11260943-421B-11D0-8EAC-0000C07D88CF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mm32DCMP.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mm32DCMP.DLL\\.Owner -> {11260943-421B-11D0-8EAC-0000C07D88CF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mm32DCMP.DLL\\{11260943-421B-11D0-8EAC-0000C07D88CF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 08/04/04 12:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 06/15/05 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 08/04/04 12:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 04/25/07 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 08/04/04 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 08/04/04 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 08/04/04 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> B3 EE A6 59 A8 8C 46 04 AD C6 54 C8 2B 2C DD A3 66 37 38 38 30 32 35 63 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 A8 12 00 08 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> B8 24 C8 9D 26 FC E2 18 94 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 24 CE 19 24 72 CD [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 22 A8 D2 B0 60 A3 B9 7A F3 A2 EF 90 52 48 2B EA [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> F4 16 7A 8C 91 AD C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 08/04/04 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 9753 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 08/04/04 12:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 08/04/04 12:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 08/04/04 12:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/03/06 12:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1150180843\ee\aolsoftware.exe -> %CommonProgramFiles%\AOL\1150180843\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1150180843\ee\aolsoftware.exe:*:Enabled:AOL Services] -> America Online, Inc. [Ver = 1.5.3.1 | Size = 50760 bytes | Modified Date = 05/09/06 5:24:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1150180843\ee\aim6.exe -> %CommonProgramFiles%\AOL\1150180843\ee\aim6.exe [C:\Program Files\Common Files\AOL\1150180843\ee\aim6.exe:*:Enabled:AIM] -> America Online, Inc. [Ver = 1.4.9.1 | Size = 50768 bytes | Modified Date = 08/28/06 1:22:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 08/04/04 12:56:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,195 | Size = 4662776 bytes | Modified Date = 10/24/06 5:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 0 | Size = 91128 bytes | Modified Date = 10/24/06 5:10:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G9CXUN4X\incredimail_install[1].exe -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\G9CXUN4X\incredimail_install[1].exe [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G9CXUN4X\incredimail_install[1].exe:*:Enabled:IncrediMail Installer] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 01/03/08 9:15:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{EBA699B6-825C-49D2-8E41-91617CD8E1C8} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 08/04/04 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 08/04/04 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 08/21/08 1:57:52 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 08/21/08 1:57:52 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] SITEguard -> %AllUsersProfile%\Application Data\SITEguard -> [Folder | Created Date = 08/18/08 8:34:15 PM | Attr = ] STOPzilla! -> %AllUsersProfile%\Application Data\STOPzilla! -> [Folder | Created Date = 08/18/08 8:33:30 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 08/23/08 3:09:52 PM | Attr = ] iS3 -> %CommonProgramFiles%\iS3 -> [Folder | Created Date = 08/18/08 8:33:31 PM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 08/18/08 9:07:24 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 469291008 bytes | Modified Date = 08/21/08 12:37:05 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 08/18/08 9:03:58 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 08/23/08 3:05:55 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 08/18/08 10:23:29 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 07/27/08 4:28:01 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 08/18/08 9:03:57 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 46924 bytes | Modified Date = 08/11/08 10:03:32 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 367980 bytes | Modified Date = 08/11/08 10:03:32 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 420736 bytes | Modified Date = 08/11/08 10:03:32 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 08/21/08 12:38:15 PM | Attr = ] hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [Ver = | Size = 246 bytes | Modified Date = 08/21/08 12:37:12 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 08/21/08 12:37:05 PM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 08/03/08 11:37:29 AM | Attr = ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 08/18/08 9:04:22 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 08/06/08 9:42:54 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 08/21/08 1:57:52 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 08/21/08 1:57:52 PM | Attr = H ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 08/18/08 9:07:24 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 08/18/08 10:24:41 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 08/23/08 12:44:49 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 08/18/08 8:33:33 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 08/21/08 12:37:10 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache -> [Folder | Modified Date = 04/01/04 1:56:03 AM | Attr = ] about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\about.dat -> [Ver = | Size = 1528 bytes | Modified Date = 06/18/03 8:00:00 PM | Attr = ] college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\college.dat -> [Ver = | Size = 327746 bytes | Modified Date = 06/18/03 8:00:00 PM | Attr = ] moreinfo.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\moreinfo.dat -> [Ver = | Size = 102 bytes | Modified Date = 06/18/03 8:00:00 PM | Attr = ] ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ylpgscat.dat -> [Ver = | Size = 12283223 bytes | Modified Date = 06/18/03 8:00:00 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 04/01/04 12:31:13 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5522 bytes | Modified Date = 08/21/08 12:38:30 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5522 bytes | Modified Date = 08/21/08 12:38:30 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 09/13/06 6:54:15 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 09/10/06 4:32:34 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11300 bytes | Modified Date = 09/10/06 4:13:05 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data -> [Folder | Modified Date = 09/21/04 9:34:00 PM | Attr = ] data.data -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\data.data -> [Ver = | Size = 2408 bytes | Modified Date = 09/21/04 9:34:00 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 08/23/08 3:05:19 PM | Attr = ] AutoDL%3FBundleId=10750_b1977f85.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\AutoDL%3FBundleId=10750_b1977f85.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.3 | Size = 251656 bytes | Modified Date = 10/16/06 1:10:33 PM | Attr = ] giG5AO21.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\giG5AO21.exe -> [Ver = | Size = 717619 bytes | Modified Date = 08/08/06 3:32:07 PM | Attr = ] matcleanup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\matcleanup.exe -> [Ver = | Size = 16384 bytes | Modified Date = 05/02/06 5:57:36 PM | Attr = ] McciControlInstaller_DDR.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\McciControlInstaller_DDR.exe -> [Ver = | Size = 4087765 bytes | Modified Date = 05/12/06 11:02:18 AM | Attr = ] ose00000.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 11.0.5525 | Size = 89136 bytes | Modified Date = 07/28/03 8:28:22 PM | Attr = ] premiumseUpd1.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\premiumseUpd1.exe -> Macrovision Corporation [Ver = 14.0.162 | Size = 9980960 bytes | Modified Date = 02/15/08 11:11:24 PM | Attr = ] setup_wm.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 | Size = 774144 bytes | Modified Date = 08/04/04 12:56:56 AM | Attr = ] temp0.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\temp0.exe -> RealNetworks, Inc. [Ver = 1.0.6.71 | Size = 308780 bytes | Modified Date = 03/29/08 9:26:40 PM | Attr = ] ywc_update2.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ywc_update2.exe -> [Ver = | Size = 302648 bytes | Modified Date = 06/08/07 9:28:58 PM | Attr = ] ywreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ywreg.exe -> Yahoo! Inc. [Ver = 2001, 12, 3, 1 | Size = 114688 bytes | Modified Date = 12/03/01 5:39:08 PM | Attr = ] 408 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\ -> [Folder | Modified Date = 06/12/06 8:04:21 PM | Attr = ] g2a_customer.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\g2a_customer.exe -> Citrix Online [Ver = 6.0.0 Build 228 | Size = 338432 bytes | Modified Date = 06/12/06 8:04:20 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\2BG5A52O\PPOKER~1\presetup\ -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5A52O\PPOKER~1\presetup -> [Folder | Modified Date = 08/08/06 3:31:31 PM | Attr = ] ShowUrl1.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5A52O\PPOKER~1\presetup\ShowUrl1.exe -> [Ver = | Size = 24576 bytes | Modified Date = 07/21/06 11:17:04 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\ -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV -> [Folder | Modified Date = 08/08/06 3:32:23 PM | Attr = ] Resume.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\Resume.exe -> [Ver = | Size = 717619 bytes | Modified Date = 08/08/06 3:32:07 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\presetup\ -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\presetup -> [Folder | Modified Date = 08/08/06 3:32:07 PM | Attr = ] IconInIE.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\presetup\IconInIE.exe -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 07/21/06 11:17:04 AM | Attr = ] PGInstall.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\presetup\PGInstall.exe -> [Ver = 1, 0, 0, 1 | Size = 188416 bytes | Modified Date = 07/21/06 11:17:04 AM | Attr = ] regsvr32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\presetup\regsvr32.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 10000 bytes | Modified Date = 07/21/06 11:17:04 AM | Attr = ] ShowUrl1.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\presetup\ShowUrl1.exe -> [Ver = | Size = 24576 bytes | Modified Date = 07/21/06 11:17:04 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8 -> [Folder | Modified Date = 06/15/07 7:23:03 PM | Attr = ] Setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8\Setup.exe -> Adobe Systems Incorporated [Ver = 3.0.3.1 | Size = 304784 bytes | Modified Date = 05/11/07 1:50:42 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\IncrediMail\ -> C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\IncrediMail -> [Folder | Modified Date = 04/10/07 7:31:25 AM | Attr = ] incredimail_install[1].exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -> IncrediMail Ltd. [Ver = 7, 0, 0, 1266 | Size = 493160 bytes | Modified Date = 04/02/07 2:55:03 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for KillBox[1].zip\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for KillBox[1].zip\ -> [Folder | Modified Date = 07/23/06 12:00:20 PM | Attr = H ] KillBox.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for KillBox[1].zip\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0648 | Size = 73728 bytes | Modified Date = 02/08/06 3:02:44 AM | Attr = R ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for KillBox[1].zip\KillBox.exe:Zone.Identifier C:\Documents and Settings\Owner\Local Settings\Temp\WMC0000.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\WMC0000.tmp\ -> [Folder | Modified Date = 06/25/07 8:34:21 PM | Attr = ] WMPAU.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\WMC0000.tmp\WMPAU.exe -> Microsoft Corporation [Ver = 11.0.5721.5146 (WMP_11.061018-2006) | Size = 1669120 bytes | Modified Date = 11/01/06 6:31:38 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 08/23/08 3:05:19 PM | Attr = ] 5.1.10.5-EasyShrx.Dll -> C:\Documents and Settings\Owner\Local Settings\Temp\5.1.10.5-EasyShrx.Dll -> Eastman Kodak Company [Ver = 2.2.0.0 | Size = 450560 bytes | Modified Date = 06/12/06 6:39:04 PM | Attr = ] 6.9.30.16-EasyShrx.Dll -> C:\Documents and Settings\Owner\Local Settings\Temp\6.9.30.16-EasyShrx.Dll -> Eastman Kodak Company [Ver = 5, 3, 33, 26 | Size = 983040 bytes | Modified Date = 06/18/06 4:04:05 PM | Attr = ] cvfeqjwp.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\cvfeqjwp.dll -> [Ver = | Size = 53248 bytes | Modified Date = 08/23/08 3:05:19 PM | Attr = ] IadHide4.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll -> BackWeb [Ver = Version 6.2.3 (Build 66R) | Size = 24576 bytes | Modified Date = 04/01/04 2:16:42 PM | Attr = ] IadHide5.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 02/11/04 5:58:16 PM | Attr = ] instph.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\instph.dll -> AOL LLC [Ver = 5.0.2.0 | Size = 94288 bytes | Modified Date = 09/26/06 1:19:54 PM | Attr = ] yvertr.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\yvertr.dll -> [Ver = 2004, 1, 15, 1 | Size = 42080 bytes | Modified Date = 01/15/04 3:48:38 PM | Attr = ] ywreg.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\ywreg.dll -> Yahoo! Inc. [Ver = 2001, 11, 28, 1 | Size = 98304 bytes | Modified Date = 11/28/01 6:01:14 PM | Attr = ] 408 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\ -> [Folder | Modified Date = 06/12/06 8:04:21 PM | Attr = ] g2a_hook.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\g2a_hook.dll -> Citrix Online [Ver = 6.0.0 Build 228 | Size = 32842 bytes | Modified Date = 06/12/06 8:04:20 PM | Attr = ] g2a_resource.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL2A.tmp\g2a_resource.dll -> Citrix Online [Ver = 6.0.0 Build 228 | Size = 90112 bytes | Modified Date = 06/12/06 8:04:20 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\ -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV -> [Folder | Modified Date = 08/08/06 3:32:23 PM | Attr = ] unpack.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\unpack.dll -> [Ver = | Size = 35328 bytes | Modified Date = 08/08/06 3:32:07 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\plugins\0\ -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\plugins\0 -> [Folder | Modified Date = 08/08/06 3:32:07 PM | Attr = ] CustomUI.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\2BG5ALLV\PPOKER~1\plugins\0\CustomUI.dll -> [Ver = | Size = 349696 bytes | Modified Date = 03/28/05 3:24:46 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\3cca214.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\3cca214.tmp\ -> [Folder | Modified Date = 12/03/07 6:42:28 PM | Attr = ] CommonResources.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\3cca214.tmp\CommonResources.dll -> SWiSHzone.com [Ver = 2004, 10, 28, 0 | Size = 110592 bytes | Modified Date = 12/03/07 6:42:22 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\is-6QO3U.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\is-6QO3U.tmp\ -> [Folder | Modified Date = 06/13/06 7:34:03 AM | Attr = ] SecurityUtil.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\is-6QO3U.tmp\SecurityUtil.dll -> [Ver = 2, 0, 0, 18 | Size = 86016 bytes | Modified Date = 09/27/05 12:23:36 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 08/23/08 3:05:19 PM | Attr = ] NAVLiveReg.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\NAVLiveReg.dat -> [Ver = | Size = 172 bytes | Modified Date = 06/13/06 6:59:40 AM | Attr = ] Perflib_Perfdata_169c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_169c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/05/06 4:42:30 PM | Attr = ] Perflib_Perfdata_29c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_29c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/04/06 10:04:34 PM | Attr = ] Perflib_Perfdata_2a0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_2a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/13/06 9:36:51 AM | Attr = ] Perflib_Perfdata_360.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_360.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/20/06 9:18:30 AM | Attr = ] Perflib_Perfdata_368.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_368.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/03/07 11:35:36 AM | Attr = ] Perflib_Perfdata_378.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_378.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/31/06 4:05:30 PM | Attr = ] Perflib_Perfdata_394.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_394.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/18/07 2:59:59 PM | Attr = ] Perflib_Perfdata_3b0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_3b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/13/06 6:00:39 PM | Attr = ] Perflib_Perfdata_3d0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_3d0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/04/07 8:33:27 AM | Attr = ] Perflib_Perfdata_3dc.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_3dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/11/06 4:01:38 PM | Attr = ] Perflib_Perfdata_494.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_494.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/14/06 6:05:18 AM | Attr = ] Perflib_Perfdata_4a4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_4a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/16/07 8:27:07 AM | Attr = ] Perflib_Perfdata_628.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_628.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/10/06 10:35:27 PM | Attr = ] Perflib_Perfdata_6ac.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_6ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/21/06 7:05:34 AM | Attr = ] Perflib_Perfdata_6d4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_6d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/22/06 11:51:16 AM | Attr = ] Perflib_Perfdata_744.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_744.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/11/06 7:35:46 AM | Attr = ] Perflib_Perfdata_7c4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_7c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/15/06 4:59:10 PM | Attr = ] Perflib_Perfdata_8a8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/10/06 11:19:49 AM | Attr = ] Perflib_Perfdata_8c0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/26/07 10:33:40 AM | Attr = ] Perflib_Perfdata_8c8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/13/06 11:47:13 AM | Attr = ] Perflib_Perfdata_904.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_904.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/16/06 1:10:29 PM | Attr = ] Perflib_Perfdata_914.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_914.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/03/06 10:12:54 AM | Attr = ] Perflib_Perfdata_924.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_924.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/25/07 3:49:21 PM | Attr = ] Perflib_Perfdata_930.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_930.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/08/07 1:00:00 PM | Attr = ] Perflib_Perfdata_950.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_950.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/22/06 11:44:49 AM | Attr = ] Perflib_Perfdata_970.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_970.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/23/06 9:23:44 AM | Attr = ] Perflib_Perfdata_980.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_980.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/14/06 9:54:09 AM | Attr = ] Perflib_Perfdata_994.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_994.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/22/07 3:07:44 PM | Attr = ] Perflib_Perfdata_99c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_99c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/30/06 12:11:24 PM | Attr = ] Perflib_Perfdata_9a4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_9a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/15/06 2:11:11 PM | Attr = ] Perflib_Perfdata_9b8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_9b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/10/06 1:03:19 PM | Attr = ] Perflib_Perfdata_9e4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_9e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/06/06 6:21:22 PM | Attr = ] Perflib_Perfdata_9e8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_9e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/04/07 4:33:19 PM | Attr = ] Perflib_Perfdata_9fc.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_9fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/04/07 1:23:14 PM | Attr = ] Perflib_Perfdata_a08.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a08.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/11/06 2:20:38 PM | Attr = ] Perflib_Perfdata_a14.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a14.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/22/07 8:25:18 AM | Attr = ] Perflib_Perfdata_a20.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a20.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/04/07 12:52:34 PM | Attr = ] Perflib_Perfdata_a38.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a38.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/09/07 10:00:25 AM | Attr = ] Perflib_Perfdata_a40.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a40.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/19/06 11:19:06 PM | Attr = ] Perflib_Perfdata_a54.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a54.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/04/07 2:05:20 PM | Attr = ] Perflib_Perfdata_a88.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a88.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/08/07 9:15:18 AM | Attr = ] Perflib_Perfdata_ae0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_ae0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/02/06 2:31:52 PM | Attr = ] Perflib_Perfdata_aec.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_aec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/31/07 4:07:49 PM | Attr = ] Perflib_Perfdata_afc.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_afc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/18/06 11:19:52 AM | Attr = ] Perflib_Perfdata_b4c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_b4c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/26/07 12:17:30 PM | Attr = ] Perflib_Perfdata_c98.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_c98.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/28/06 1:26:54 PM | Attr = ] symcprop.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\symcprop.dat -> [Ver = | Size = 54692 bytes | Modified Date = 07/24/06 5:04:57 PM | Attr = ] 408 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads -> [Folder | Modified Date = 06/15/07 7:20:01 PM | Attr = ] nos_9095.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\nos_9095.dat -> [Ver = 1.0.0.92 | Size = 23402288 bytes | Modified Date = 06/15/07 7:22:59 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Cookies -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 98304 bytes | Modified Date = 09/13/07 5:26:19 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\ -> [Folder | Modified Date = 09/14/07 5:59:50 AM | Attr = S] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\index.dat -> [Ver = | Size = 278528 bytes | Modified Date = 09/13/07 5:26:19 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 09/13/07 9:45:00 AM | Attr = S] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 6537216 bytes | Modified Date = 09/13/07 5:26:19 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 08/23/08 3:05:19 PM | Attr = ] 00000000.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000000.ini -> [Ver = | Size = 364 bytes | Modified Date = 07/04/06 10:46:16 AM | Attr = ] 00000001.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000001.ini -> [Ver = | Size = 364 bytes | Modified Date = 10/02/06 4:56:10 PM | Attr = ] 00000002.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000002.ini -> [Ver = | Size = 364 bytes | Modified Date = 01/03/07 11:38:52 AM | Attr = ] 00000003.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000003.ini -> [Ver = | Size = 364 bytes | Modified Date = 04/10/07 7:36:23 AM | Attr = ] 00000004.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000004.ini -> [Ver = | Size = 364 bytes | Modified Date = 07/10/07 8:56:30 AM | Attr = ] 00000005.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000005.ini -> [Ver = | Size = 364 bytes | Modified Date = 10/08/07 4:52:36 PM | Attr = ] 00000006.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000006.ini -> [Ver = | Size = 364 bytes | Modified Date = 01/08/08 3:52:16 PM | Attr = ] 00000007.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000007.ini -> [Ver = | Size = 364 bytes | Modified Date = 04/08/08 5:28:58 PM | Attr = ] 00000008.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\00000008.ini -> [Ver = | Size = 364 bytes | Modified Date = 07/10/08 7:23:55 AM | Attr = ] 4194-1~3.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\4194-1~3.ini -> [Ver = | Size = 202 bytes | Modified Date = 07/25/08 7:45:32 PM | Attr = ] aolsetup.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\aolsetup.ini -> [Ver = | Size = 495 bytes | Modified Date = 07/25/08 7:45:17 PM | Attr = ] pp3C.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\pp3C.ini -> [Ver = | Size = 4940 bytes | Modified Date = 11/03/06 6:37:55 PM | Attr = ] ppB4.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\ppB4.ini -> [Ver = | Size = 5026 bytes | Modified Date = 06/12/06 11:41:04 PM | Attr = ] setup.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\setup.ini -> [Ver = | Size = 4561 bytes | Modified Date = 05/01/08 7:52:46 PM | Attr = ] temp2.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\temp2.ini -> [Ver = | Size = 86016 bytes | Modified Date = 07/23/07 2:28:47 PM | Attr = ] uninst.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\uninst.ini -> [Ver = | Size = 5792 bytes | Modified Date = 07/15/06 9:51:13 AM | Attr = ] {AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> [Ver = | Size = 810 bytes | Modified Date = 02/08/08 6:07:26 PM | Attr = ] {AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 578 bytes | Modified Date = 02/08/08 6:08:03 PM | Attr = ] 408 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\ -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini -> [Folder | Modified Date = 06/18/06 4:49:52 PM | Attr = ] EasyShare.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\EasyShare.ini -> [Ver = | Size = 13 bytes | Modified Date = 06/18/06 4:06:01 PM | Attr = ] ESAcct.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\ESAcct.ini -> [Ver = | Size = 171 bytes | Modified Date = 06/18/06 4:06:01 PM | Attr = ] OfotoXMI.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\OfotoXMI.ini -> [Ver = | Size = 611 bytes | Modified Date = 06/18/06 4:52:54 PM | Attr = ] printol.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\printol.ini -> [Ver = | Size = 74 bytes | Modified Date = 06/18/06 4:06:02 PM | Attr = ] Usersizes.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\Usersizes.ini -> [Ver = | Size = 13 bytes | Modified Date = 06/18/06 4:06:02 PM | Attr = ] VistaEmail.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\_Retain\bin\ini\VistaEmail.ini -> [Ver = | Size = 279 bytes | Modified Date = 06/18/06 4:06:02 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8 -> [Folder | Modified Date = 06/15/07 7:23:03 PM | Attr = ] abcpy.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8\abcpy.ini -> [Ver = | Size = 1728 bytes | Modified Date = 11/15/06 8:38:14 AM | Attr = ] setup.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe Reader 8\setup.ini -> [Ver = | Size = 292 bytes | Modified Date = 08/25/06 10:00:33 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\ -> [Folder | Modified Date = 09/14/07 5:59:50 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 09/12/06 12:04:59 PM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 09/13/07 9:45:00 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:13:42 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\492V01IF\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\492V01IF -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\492V01IF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:14:00 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PAVM3QH\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PAVM3QH -> [Folder | Modified Date = 09/13/07 9:55:41 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PAVM3QH\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:35:13 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1E3KDEZ\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1E3KDEZ -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1E3KDEZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:35:13 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTER8DUF\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTER8DUF -> [Folder | Modified Date = 09/13/07 9:57:33 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTER8DUF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:14:00 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G521CTCV\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G521CTCV -> [Folder | Modified Date = 09/13/07 9:57:33 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\G521CTCV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:45:00 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDUBOXYV\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDUBOXYV -> [Folder | Modified Date = 09/13/07 9:57:33 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GDUBOXYV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:44:17 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9UD8541\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9UD8541 -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9UD8541\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:13:59 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K12RWDM7\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K12RWDM7 -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\K12RWDM7\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:35:12 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KDQR89YJ\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KDQR89YJ -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KDQR89YJ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:14:00 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9AZGPQN\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9AZGPQN -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\O9AZGPQN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:35:13 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UB4NYXMP\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UB4NYXMP -> [Folder | Modified Date = 09/13/07 9:55:39 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UB4NYXMP\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:35:12 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1IVOTQR\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1IVOTQR -> [Folder | Modified Date = 09/13/07 9:55:40 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\W1IVOTQR\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:13:59 AM | Attr = HS] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WN53EQZ5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WN53EQZ5 -> [Folder | Modified Date = 09/13/07 9:55:41 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WN53EQZ5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 09/13/07 9:13:59 AM | Attr = HS] C:\WINDOWS\Temp\394d5f6.tmp\ -> C:\WINDOWS\Temp\394d5f6.tmp\ -> [Folder | Modified Date = 11/19/07 5:55:38 PM | Attr = ] CommonResources.dll -> C:\WINDOWS\Temp\394d5f6.tmp\CommonResources.dll -> SWiSHzone.com [Ver = 2004, 10, 28, 0 | Size = 110592 bytes | Modified Date = 11/19/07 5:55:03 PM | Attr = ] StudioFSCmd.dll -> C:\WINDOWS\Temp\394d5f6.tmp\StudioFSCmd.dll -> SWiSHzone.com [Ver = 2005, 7, 12, 0 | Size = 438272 bytes | Modified Date = 11/19/07 5:55:43 PM | Attr = ] C:\WINDOWS\Temp\472b81e.tmp\ -> C:\WINDOWS\Temp\472b81e.tmp\ -> [Folder | Modified Date = 10/27/07 8:43:47 PM | Attr = ] CommonResources.dll -> C:\WINDOWS\Temp\472b81e.tmp\CommonResources.dll -> SWiSHzone.com [Ver = 2004, 10, 28, 0 | Size = 110592 bytes | Modified Date = 10/27/07 8:43:47 PM | Attr = ] StudioFSCmd.dll -> C:\WINDOWS\Temp\472b81e.tmp\StudioFSCmd.dll -> SWiSHzone.com [Ver = 2005, 7, 12, 0 | Size = 438272 bytes | Modified Date = 10/27/07 8:43:47 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 08/23/08 12:44:49 PM | Attr = ] Perflib_Perfdata_184.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_184.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/18/06 4:54:40 PM | Attr = ] Perflib_Perfdata_200.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_200.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/05/06 2:13:25 PM | Attr = ] Perflib_Perfdata_204.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_204.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/11/06 3:34:13 PM | Attr = ] Perflib_Perfdata_208.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_208.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/28/06 1:07:08 PM | Attr = ] Perflib_Perfdata_210.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_210.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/11/06 3:13:46 PM | Attr = ] Perflib_Perfdata_21c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/02/06 9:34:15 PM | Attr = ] Perflib_Perfdata_220.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_220.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/21/06 8:03:05 PM | Attr = ] Perflib_Perfdata_238.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_238.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/11/06 8:35:46 AM | Attr = ] Perflib_Perfdata_250.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_250.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/20/06 7:56:52 PM | Attr = ] Perflib_Perfdata_264.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_264.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/16/06 7:38:44 PM | Attr = ] Perflib_Perfdata_274.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_274.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/24/06 4:46:35 PM | Attr = ] Perflib_Perfdata_308.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_308.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/14/06 5:46:56 PM | Attr = ] Perflib_Perfdata_330.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_330.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/23/06 12:03:40 PM | Attr = ] Perflib_Perfdata_334.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_334.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/16/07 8:25:16 AM | Attr = ] Perflib_Perfdata_39c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_39c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/19/06 5:50:18 PM | Attr = ] Perflib_Perfdata_40c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_40c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/23/06 12:10:53 PM | Attr = ] Perflib_Perfdata_444.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_444.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/23/06 5:16:24 PM | Attr = ] Perflib_Perfdata_474.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_474.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/20/06 9:16:48 AM | Attr = ] Perflib_Perfdata_544.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_544.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/19/07 6:18:54 AM | Attr = ] Perflib_Perfdata_54c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_54c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/07/07 3:50:52 PM | Attr = ] Perflib_Perfdata_550.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_550.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/24/07 3:33:26 PM | Attr = ] Perflib_Perfdata_56c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 06/12/08 5:09:54 PM | Attr = ] Perflib_Perfdata_574.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_574.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/08/08 6:03:57 PM | Attr = ] Perflib_Perfdata_5ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/22/07 7:27:14 AM | Attr = ] Perflib_Perfdata_5f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/27/07 7:16:33 PM | Attr = ] Perflib_Perfdata_5f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/24/07 2:29:49 PM | Attr = ] Perflib_Perfdata_5f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/12/08 8:35:00 PM | Attr = ] Perflib_Perfdata_5fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/15/07 7:29:43 PM | Attr = ] Perflib_Perfdata_608.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_608.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/24/07 5:45:20 PM | Attr = ] Perflib_Perfdata_60c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/16/08 6:41:17 PM | Attr = ] Perflib_Perfdata_614.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_614.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/11/08 1:39:24 PM | Attr = ] Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/13/08 8:27:53 PM | Attr = ] Perflib_Perfdata_61c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 05/30/08 5:00:06 PM | Attr = ] Perflib_Perfdata_620.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_620.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/14/08 5:13:08 PM | Attr = ] Perflib_Perfdata_628.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_628.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/22/08 4:23:08 PM | Attr = ] Perflib_Perfdata_630.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_630.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/04/07 8:32:15 AM | Attr = ] Perflib_Perfdata_638.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_638.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/15/06 5:01:18 PM | Attr = ] Perflib_Perfdata_63c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/08/08 7:41:33 PM | Attr = ] Perflib_Perfdata_648.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_648.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/07/08 9:48:40 AM | Attr = ] Perflib_Perfdata_65c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/23/06 8:18:29 AM | Attr = ] Perflib_Perfdata_660.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_660.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/11/06 3:55:43 PM | Attr = ] Perflib_Perfdata_670.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_670.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/14/06 2:59:09 PM | Attr = ] Perflib_Perfdata_674.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_674.dat -> [Ver = | Size = 16384 bytes | Modified Date = 04/30/07 2:43:15 PM | Attr = ] Perflib_Perfdata_678.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_678.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/18/06 11:17:36 AM | Attr = ] Perflib_Perfdata_67c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/22/07 3:05:02 PM | Attr = ] Perflib_Perfdata_680.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_680.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/14/06 9:51:40 AM | Attr = ] Perflib_Perfdata_688.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_688.dat -> [Ver = | Size = 16384 bytes | Modified Date = 09/19/06 3:27:13 PM | Attr = ] Perflib_Perfdata_694.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_694.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/22/06 6:20:40 AM | Attr = ] Perflib_Perfdata_69c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_69c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/25/07 3:47:16 PM | Attr = ] Perflib_Perfdata_6a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/16/06 9:39:40 AM | Attr = ] Perflib_Perfdata_6c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/03/06 6:12:49 AM | Attr = ] Perflib_Perfdata_6cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/25/06 5:09:08 PM | Attr = ] Perflib_Perfdata_6d8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/19/06 2:34:23 PM | Attr = ] Perflib_Perfdata_6dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/04/06 10:03:10 PM | Attr = ] Perflib_Perfdata_6e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/03/07 11:34:14 AM | Attr = ] Perflib_Perfdata_6f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/18/08 8:37:26 PM | Attr = ] Perflib_Perfdata_6f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 04/11/07 8:16:32 AM | Attr = ] Perflib_Perfdata_708.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_708.dat -> [Ver = | Size = 16384 bytes | Modified Date = 02/18/07 2:57:28 PM | Attr = ] Perflib_Perfdata_71c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/19/06 2:38:45 PM | Attr = ] Perflib_Perfdata_730.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_730.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/28/06 11:51:49 AM | Attr = ] Perflib_Perfdata_738.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_738.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/08/05 3:06:55 PM | Attr = ] Perflib_Perfdata_73c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/10/06 1:01:41 PM | Attr = ] Perflib_Perfdata_74c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/13/06 9:34:50 AM | Attr = ] Perflib_Perfdata_774.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_774.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/02/06 4:51:21 PM | Attr = ] Perflib_Perfdata_794.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_794.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/18/06 7:11:43 AM | Attr = ] Perflib_Perfdata_798.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_798.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/16/06 7:28:58 PM | Attr = ] Perflib_Perfdata_7b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/31/06 4:03:55 PM | Attr = ] Perflib_Perfdata_7f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/10/06 3:14:33 AM | Attr = ] Perflib_Perfdata_90.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_90.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/19/06 11:17:02 PM | Attr = ] Perflib_Perfdata_920.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_920.dat -> [Ver = | Size = 16384 bytes | Modified Date = 04/16/06 8:24:51 AM | Attr = ] Perflib_Perfdata_a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/15/06 3:08:51 AM | Attr = ] Perflib_Perfdata_a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 03/04/07 4:29:11 PM | Attr = ] Perflib_Perfdata_b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/11/06 2:16:03 PM | Attr = ] Perflib_Perfdata_b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/28/06 1:20:56 PM | Attr = ] Perflib_Perfdata_d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 01/22/07 8:22:07 AM | Attr = ] 7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 06/11/06 11:24:08 PM | Attr = S] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 06/12/06 10:23:17 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 08/23/08 12:44:49 PM | Attr = ] sdpintl.ini -> C:\WINDOWS\Temp\sdpintl.ini -> [Ver = | Size = 5856 bytes | Modified Date = 06/12/06 10:26:59 AM | Attr = ] 7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 06/11/06 11:24:08 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 06/11/06 11:24:08 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 10/22/07 8:52:41 AM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 06/11/06 11:24:08 PM | Attr = HS] C:\WINDOWS\Temp\vga2F\ -> C:\WINDOWS\Temp\vga2F -> [Folder | Modified Date = 04/02/04 4:33:14 PM | Attr = ] VGAsetup1.ini -> C:\WINDOWS\Temp\vga2F\VGAsetup1.ini -> [Ver = | Size = 451 bytes | Modified Date = 04/02/04 4:33:15 PM | Attr = ] VGAsetup2.ini -> C:\WINDOWS\Temp\vga2F\VGAsetup2.ini -> [Ver = | Size = 451 bytes | Modified Date = 04/02/04 4:33:15 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] SITEguard -> %AllUsersProfile%\Application Data\SITEguard -> [Folder | Modified Date = 08/18/08 8:41:17 PM | Attr = ] STOPzilla! -> %AllUsersProfile%\Application Data\STOPzilla! -> [Folder | Modified Date = 08/18/08 8:45:21 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 08/12/08 7:57:30 AM | Attr = ] @Alternate Data Stream - 105 bytes -> %AllUsersProfile%\Application Data\TEMP:4839F64D @Alternate Data Stream - 190 bytes -> %AllUsersProfile%\Application Data\TEMP:A4BC5811 @Alternate Data Stream - 142 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 08/21/08 12:37:41 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 08/15/08 8:57:04 AM | Attr = R ] wamu.doc -> %UserProfile%\My Documents\wamu.doc -> [Ver = | Size = 47616 bytes | Modified Date = 08/23/08 12:28:15 PM | Attr = ] Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [Ver = | Size = 2483 bytes | Modified Date = 07/31/08 5:23:50 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 08/23/08 3:13:27 PM | Attr = ] Premium Quote.lnk -> %UserProfile%\Desktop\Premium Quote.lnk -> [Ver = | Size = 1443 bytes | Modified Date = 07/24/08 9:35:12 PM | Attr = ] iS3 -> %CommonProgramFiles%\iS3 -> [Folder | Modified Date = 08/18/08 8:33:31 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 08/21/08 12:37:32 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan < Document and Settings folder & sub folders > please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform deep scan < End of report > [/code]