[code] OTS logfile created on: 5/18/2010 7:40:11 PM - Run 2 OTS by OldTimer - Version 3.1.31.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 181.51 Gb Total Space | 62.55 Gb Free Space | 34.46% Space Free | Partition Type: NTFS Drive D: | 4.79 Gb Total Space | 0.72 Gb Free Space | 14.97% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HP Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/05/18 19:12:09 | 000,640,000 | ---- | M] (OldTimer Tools) ramaint.exe -> C:\Program Files\LogMeIn\x86\ramaint.exe -> [2009/10/01 21:50:59 | 000,116,032 | ---- | M] (LogMeIn, Inc.) lmiguardian.exe -> C:\Program Files\LogMeIn\x86\LMIGuardian.exe -> [2009/10/01 21:50:41 | 000,378,176 | ---- | M] (LogMeIn, Inc.) outlook.exe -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) ccsvchst.exe -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009/03/16 15:35:24 | 000,108,392 | ---- | M] (Symantec Corporation) rtvscan.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2009/03/16 15:35:22 | 002,440,120 | ---- | M] (Symantec Corporation) smc.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2009/03/16 15:35:22 | 001,795,400 | ---- | M] (Symantec Corporation) smcgui.exe -> C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe -> [2009/03/16 15:35:22 | 001,443,144 | ---- | M] (Symantec Corporation) ccapp.exe -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe -> [2009/03/16 15:35:22 | 000,115,560 | ---- | M] (Symantec Corporation) windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) logmeinsystray.exe -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe -> [2007/04/17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) logmein.exe -> C:\Program Files\LogMeIn\x86\LogMeIn.exe -> [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) vvx3000.exe -> C:\WINDOWS\vVX3000.exe -> [2006/10/13 18:04:06 | 000,707,376 | ---- | M] (Microsoft Corporation) mscams32.exe -> C:\Program Files\Microsoft LifeCam\MSCamS32.exe -> [2006/10/13 18:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) vttimer.exe -> C:\WINDOWS\system32\VTTimer.exe -> [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) zstatus.exe -> C:\WINDOWS\system32\zstatus.exe -> [2001/12/15 12:10:36 | 000,036,864 | ---- | M] (Zenographics) [Modules - Safe List] ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/05/18 19:12:09 | 000,640,000 | ---- | M] (OldTimer Tools) msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (navapsvc) Norton AntiVirus Auto Protect Service [Auto | Stopped] -> -> File not found (LMIMaint) LogMeIn Maintenance Service [Auto | Running] -> C:\Program Files\LogMeIn\x86\RaMaint.exe -> [2009/10/01 21:50:59 | 000,116,032 | ---- | M] (LogMeIn, Inc.) (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/09/12 22:14:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) (ccSetMgr) Symantec Settings Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009/03/16 15:35:24 | 000,108,392 | ---- | M] (Symantec Corporation) (ccEvtMgr) Symantec Event Manager [Auto | Running] -> C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -> [2009/03/16 15:35:24 | 000,108,392 | ---- | M] (Symantec Corporation) (Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -> [2009/03/16 15:35:22 | 002,440,120 | ---- | M] (Symantec Corporation) (SmcService) Symantec Management Client [Auto | Running] -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -> [2009/03/16 15:35:22 | 001,795,400 | ---- | M] (Symantec Corporation) (SNAC) Symantec Network Access Control [On_Demand | Stopped] -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -> [2009/03/16 15:35:22 | 000,320,840 | ---- | M] (Symantec Corporation) (LiveUpdate) LiveUpdate [On_Demand | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -> [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) (LogMeIn) LogMeIn [Auto | Running] -> C:\Program Files\LogMeIn\x86\LogMeIn.exe -> [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) (Adobe Version Cue CS3) Adobe Version Cue CS3 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) (MSCamSvc) MSCamSvc [Auto | Running] -> C:\Program Files\Microsoft LifeCam\MSCamS32.exe -> [2006/10/13 18:01:06 | 000,207,664 | ---- | M] (Microsoft Corporation) (Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -> [2004/10/04 19:09:55 | 000,068,096 | ---- | M] () [Driver Services - Safe List] (SASKUTIL) SASKUTIL [Kernel | Unknown | Running] -> -> File not found (aswTdi) avast! Network Shield Support [Kernel | Unknown | Running] -> -> File not found (aswSP) aswSP [Kernel | Unknown | Running] -> -> File not found (aswRdr) aswRdr [Kernel | Unknown | Running] -> -> File not found (aswMon2) aswMon2 [File_System | Unknown | Running] -> -> File not found (aswFsBlk) aswFsBlk [File_System | Unknown | Running] -> -> File not found (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | Unknown | Running] -> -> File not found (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100517.040\NAVEX15.SYS -> [2010/05/13 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) (NAVENG) NAVENG [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100517.040\NAVENG.SYS -> [2010/05/13 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2010/03/29 08:35:30 | 000,371,248 | ---- | M] (Symantec Corporation) (LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> C:\WINDOWS\system32\LMIRfsClientNP.dll -> [2009/10/01 21:50:42 | 000,083,288 | ---- | M] (LogMeIn, Inc.) (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/08/27 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) (SymEvent) SymEvent [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SYMEVENT.SYS -> [2009/04/03 13:29:29 | 000,123,952 | ---- | M] (Symantec Corporation) (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\srtspl.sys -> [2009/03/16 15:35:24 | 000,319,664 | ---- | M] (Symantec Corporation) (SRTSP) SRTSP [File_System | System | Running] -> C:\WINDOWS\system32\drivers\srtsp.sys -> [2009/03/16 15:35:24 | 000,279,600 | ---- | M] (Symantec Corporation) (SRTSPX) SRTSPX [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srtspx.sys -> [2009/03/16 15:35:24 | 000,043,824 | ---- | M] (Symantec Corporation) (SYMTDI) SYMTDI [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\SYMTDI.SYS -> [2009/03/16 15:35:20 | 000,191,536 | ---- | M] (Symantec Corporation) (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -> [2009/03/16 15:35:20 | 000,027,696 | ---- | M] (Symantec Corporation) (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -> [2009/03/16 15:35:18 | 000,420,400 | ---- | M] (Symantec Corporation) (COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\COH_Mon.sys -> [2009/03/16 15:35:18 | 000,023,904 | ---- | M] (Symantec Corporation) (LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -> [2008/10/17 22:20:19 | 000,047,640 | ---- | M] (LogMeIn, Inc.) (61883) 61883 Unit Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\61883.sys -> [2008/04/13 11:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) (Avc) AVC Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\avc.sys -> [2008/04/13 11:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) (MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\msdv.sys -> [2008/04/13 11:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) (sonydcam) Generic 1394 Desktop Camera [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sonydcam.sys -> [2008/04/13 11:46:07 | 000,025,344 | ---- | M] (Microsoft Corporation) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) (LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> C:\Program Files\LogMeIn\x86\rainfo.sys -> [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) (radpms) Driver for RADPMS Device [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\radpms.sys -> [2007/04/17 14:00:28 | 000,012,192 | ---- | M] (LogMeIn, Inc.) (VX3000) VX-3000 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\VX3000.sys -> [2006/10/13 18:04:30 | 001,966,384 | ---- | M] (Microsoft Corporation) (usbsermpt) Motorola USB Modem Driver for MPT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbsermpt.sys -> [2006/05/03 21:02:13 | 000,022,768 | ---- | M] (Microsoft Corporation) (Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) (PID_08A0) QuickCam IM(PID_08A0) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LV302AV.SYS -> [2005/05/27 02:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVUSBSta.sys -> [2005/05/27 02:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AGRSM.sys -> [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) (STVqx5) Digital Blue QX5(tm) Microscope [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\STVqx5.sys -> [2004/09/15 14:05:00 | 000,064,512 | ---- | M] (Digital Blue ) (STVqx5m) Digital Blue QX5(tm) Microscopem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\STVqx5m.sys -> [2004/09/15 14:05:00 | 000,006,144 | ---- | M] (Digital Blue ) (SiSkp) SiSkp [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\srvkp.sys -> [2004/01/02 21:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) (SiS315) SiS315 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sisgrp.sys -> [2004/01/02 20:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) (ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXSENS.SYS -> [2003/12/12 07:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) (fasttx2k) fasttx2k [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -> [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -> [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\viaagp1.sys -> [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) (Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ser2pl.sys -> [2003/05/08 15:28:42 | 000,039,552 | ---- | M] (Prolific Technology Inc.) (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\R8139n51.sys -> [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) (ENUM1394) %1394\031887&040892.DeviceDesc% [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\enum1394.sys -> [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) (Aspi32) Aspi32 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ASPI32.SYS -> [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Registry - All] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:5555 -> < Internet Explorer Settings [HKEY_USERS\Av_S-1-5-18\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:5555 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: Main\\"Page_Transitions" -> 1 -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: Main\\"SearchDefaultBranded" -> 1 -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: URLSearchHooks\\"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [Microsoft Url Search Hook] -> [2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\: "ProxyOverride" -> localhost;*.local -> < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\f4cka5b8.default\prefs.js -> browser.search.defaultenginename -> "Yahoo" -> browser.search.defaulturl -> "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgff&p=" -> browser.search.selectedEngine -> "Yahoo" -> browser.startup.homepage -> "http://www.yahoo.com/?.home=ytff" -> keyword.URL -> "http://search.yahoo.com/search?ei=UTF-8&fr=slv5-ab-&p=" -> network.proxy.no_proxies_on -> "localhost" -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\extensions -> -> HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/11 08:02:59 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions -> [2009/07/03 21:39:55 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org -> [2009/07/03 21:39:55 | 000,000,000 | ---D | M] -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f4cka5b8.default\extensions -> [2006/11/08 19:52:32 | 000,000,000 | ---D | M] Yahoo! Toolbar -> C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f4cka5b8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2006/11/08 19:52:32 | 000,000,000 | ---D | M] < HOSTS File > ([2002/08/29 12:00:00 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [ContributeBHO Class] -> [2007/03/16 15:13:06 | 000,118,784 | ---- | M] () {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2010/04/03 16:36:42 | 000,075,200 | ---- | M] (Adobe Systems Incorporated) {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [HKLM] -> C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [ST] -> [2004/08/13 18:42:00 | 000,155,648 | ---- | M] (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [MSNToolBandBHO] -> [2006/01/17 17:04:16 | 000,282,624 | ---- | M] (Microsoft Corporation) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/07/25 05:22:43 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [Contribute Toolbar] -> [2007/03/16 15:13:06 | 000,118,784 | ---- | M] () "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> [2003/09/03 18:42:14 | 000,098,304 | ---- | M] (Hewlett-Packard Company) "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [MSN] -> [2006/01/17 17:04:16 | 000,282,624 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found ShellBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> [2003/09/03 18:42:14 | 000,098,304 | ---- | M] (Hewlett-Packard Company) WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [&Address] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [&Links] -> [2008/06/17 12:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) WebBrowser\\"{855F3B16-6D32-4FE6-8A56-BBB695989046}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found WebBrowser\\"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll [HP view] -> [2003/09/03 18:42:14 | 000,098,304 | ---- | M] (Hewlett-Packard Company) WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [MSN] -> [2006/01/17 17:04:16 | 000,282,624 | ---- | M] (Microsoft Corporation) WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found WebBrowser\\"{F2CF5485-4E02-4F68-819C-B92DE9277049}" [HKLM] -> C:\WINDOWS\system32\ieframe.dll [&Links] -> [2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AGRSMMSG" -> C:\WINDOWS\AGRSMMSG.exe [AGRSMMSG.exe] -> [2005/03/04 12:01:56 | 000,088,209 | ---- | M] (Agere Systems) "ccApp" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2009/03/16 15:35:22 | 000,115,560 | ---- | M] (Symantec Corporation) "hpsysdrv" -> c:\WINDOWS\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> [1998/05/07 17:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) "KBD" -> C:\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> [2005/02/02 16:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) "LifeCam" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe ["C:\Program Files\Microsoft LifeCam\LifeExp.exe"] -> [2006/10/13 18:01:18 | 000,277,296 | ---- | M] (Microsoft Corporation) "LogMeIn GUI" -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> [2007/04/17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) "QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/11/11 00:08:18 | 000,417,792 | ---- | M] (Apple Inc.) "Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2004/04/13 21:43:46 | 000,233,472 | ---- | M] () "UpdateManager" -> c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe ["c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> [2003/08/19 02:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) "vdrdpup" -> C:\WINDOWS\system32\vdrdpup.DLL [C:\WINDOWS\system32\rundll32 C:\WINDOWS\system32\vdrdpup.dll,RegisterVirtualChannel] -> [2005/05/17 17:18:16 | 000,094,208 | ---- | M] (Emergent OnLine) "VTTimer" -> C:\WINDOWS\System32\VTTimer.exe [VTTimer.exe] -> [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) < Run [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "ctfmon.exe" -> C:\WINDOWS\system32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> [2008/04/13 17:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe -> [2009/09/30 08:50:46 | 000,503,808 | ---- | M] (Lime Wire, LLC) < LogMeInRemoteUser Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < Vishakha Startup Folder > -> C:\Documents and Settings\Vishakha\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions \Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found < Software Policy Settings [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoCDBurning" -> [0] -> File not found \\"HonorAutoRunSetting" -> [1] -> File not found \\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found \\"NoResolveSearch" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoActiveDesktopChanges" -> [0] -> File not found \\"NoSetActiveDesktop" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoActiveDesktopChanges" -> [0] -> File not found \\"NoSetActiveDesktop" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NofolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [0] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoActiveDesktopChanges" -> [0] -> File not found \\"NoSetActiveDesktop" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NofolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [0] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoActiveDesktopChanges" -> [0] -> File not found \\"NoSetActiveDesktop" -> [0] -> File not found \\"NofolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoActiveDesktopChanges" -> [0] -> File not found \\"NoSetActiveDesktop" -> [0] -> File not found \\"NofolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoActiveDesktopChanges" -> [0] -> File not found \\"NoSetActiveDesktop" -> [0] -> File not found \\"NofolderOptions" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [0] -> File not found \\"DisableRegistryTools" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> File not found Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> File not found Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000] -> [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation) Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 000,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 000,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\system32\msjava.dll [Web Browser Applet Control] -> [2008/07/31 10:16:54 | 000,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\"{77BF5300-1474-4EC7-9980-D32B190E9B07}" [HKLM] -> [Reg Error: Key error.] -> File not found CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Error: Value error.] -> [2001/08/01 18:05:42 | 000,270,336 | ---- | M] (Intertrust Technologies, Inc.) < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\Av_S-1-5-18\] > -> HKEY_USERS\Av_S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\Av_S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\Av_S-1-5-18\] > -> HKEY_USERS\Av_S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\Av_S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4824 domain(s) found. -> dssdisco.lausd_k12.ca.us [http] -> Trusted sites -> secure.vport_voyagerlearning.com [https] -> Trusted sites -> login_yahoo.com [https] -> Trusted sites -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01113300-3E00-11D2-8470-0060089874ED} [HKLM] -> http://activation.rr.com/install/downloads/tgctlcm.cab [Support.com Configuration Class] -> {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} [HKLM] -> http://www.anandabazar.com/wfplayer/tdserver.cab [TDServer Control] -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\yinsthelper.dll [YInstStarter Class] -> {41F17733-B041-4099-A042-B518BB6A408C} [HKLM] -> http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe [Reg Error: Value error.] -> {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab [DLM Control] -> {48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] -> {556EEC63-31E2-47C3-BF29-DFF799D2FE04} [HKLM] -> https://secure.logmein.com/activex/RACtrl.cab [Remote Access ActiveX Client] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147872663562 [MUWebControl Class] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Value error.] -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Value error.] -> {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/RACtrl.cab [Performance Viewer Activex Control] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 209.18.47.61 209.18.47.62 0.0.0.0 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6D7870B5-EA17-4700-A7F3-C05CAAB42DDE}\\DhcpNameServer -> 209.18.47.61 209.18.47.62 0.0.0.0 (VIA Rhine II Fast Ethernet Adapter) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\Userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> C:\WINDOWS\System32\logonui.exe -> [2008/04/13 17:12:24 | 000,514,560 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> C:\WINDOWS\System32\shell32.dll -> [2008/06/17 12:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Control_RunDLL "sysdm.cpl" -> C:\WINDOWS\System32\sysdm.cpl -> [2008/04/13 17:12:41 | 000,300,544 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain -> C:\WINDOWS\System32\crypt32.dll -> [2008/04/13 17:11:51 | 000,599,040 | ---- | M] (Microsoft Corporation) cryptnet -> C:\WINDOWS\System32\cryptnet.dll -> [2008/04/13 17:11:51 | 000,064,512 | ---- | M] (Microsoft Corporation) cscdll -> C:\WINDOWS\System32\cscdll.dll -> [2008/04/13 17:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation) dimsntfy -> C:\WINDOWS\system32\dimsntfy.dll -> [2008/04/13 17:11:52 | 000,019,456 | ---- | M] (Microsoft Corporation) igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/02/10 18:51:10 | 000,339,968 | ---- | M] (Intel Corporation) LMIinit -> C:\WINDOWS\System32\LMIinit.dll -> [2009/10/01 21:50:41 | 000,087,352 | ---- | M] (LogMeIn, Inc.) rainit -> C:\WINDOWS\System32\LMIinit.dll -> [2009/10/01 21:50:41 | 000,087,352 | ---- | M] (LogMeIn, Inc.) ScCertProp -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation) Schedule -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation) sclgntfy -> C:\WINDOWS\System32\sclgntfy.dll -> [2008/04/13 17:12:05 | 000,020,480 | ---- | M] (Microsoft Corporation) SensLogn -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation) termsrv -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation) WgaLogon -> C:\WINDOWS\System32\WgaLogon.dll -> [2007/03/15 18:16:42 | 000,236,928 | ---- | M] (Microsoft Corporation) wlballoon -> C:\WINDOWS\System32\wlnotify.dll -> [2008/04/13 17:12:09 | 000,092,672 | ---- | M] (Microsoft Corporation) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [CDBurn] -> [2008/06/17 12:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) "{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> C:\WINDOWS\system32\shell32.dll [PostBootReminder] -> [2008/06/17 12:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) "{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\system32\stobject.dll [SysTray] -> [2008/04/13 17:12:07 | 000,121,856 | ---- | M] (Microsoft Corporation) "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> C:\WINDOWS\system32\webcheck.dll [WebCheck] -> [2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 21:47:22 | 000,133,632 | ---- | M] (Microsoft Corporation) < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Browseui preloader] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) "{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> C:\WINDOWS\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 17:11:50 | 001,025,024 | ---- | M] (Microsoft Corporation) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 23:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> C:\WINDOWS\System32\shell32.dll [] -> [2008/06/17 12:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> C:\WINDOWS\System32\msapsspc.dll -> [2008/04/13 17:11:58 | 000,086,016 | ---- | M] (Microsoft Corporation) schannel.dll -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 01:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation) digest.dll -> C:\WINDOWS\System32\digest.dll -> [2008/04/13 17:11:52 | 000,068,608 | ---- | M] (Microsoft Corporation) msnsspc.dll -> C:\WINDOWS\System32\msnsspc.dll -> [2008/04/13 17:12:00 | 000,290,816 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 07:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> C:\WINDOWS\System32\kerberos.dll -> [2009/06/25 01:25:26 | 000,301,568 | ---- | M] (Microsoft Corporation) msv1_0 -> C:\WINDOWS\System32\msv1_0.dll -> [2009/09/11 07:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation) schannel -> C:\WINDOWS\System32\schannel.dll -> [2009/06/25 01:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation) wdigest -> C:\WINDOWS\System32\wdigest.dll -> [2009/06/25 01:25:26 | 000,054,272 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> File not found < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 11:53:32 | 000,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 17:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\Vishakha\Desktop\Phone\Skype.exe" -> C:\Documents and Settings\Vishakha\Desktop\Phone\Skype.exe [C:\Documents and Settings\Vishakha\Desktop\Phone\Skype.exe:*:Enabled:Skype] -> [2009/04/16 13:36:36 | 024,264,488 | R--- | M] (Skype Technologies S.A.) "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" -> C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe [C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3] -> [2007/03/20 18:06:52 | 016,087,224 | ---- | M] (Adobe Systems, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server] -> [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" -> C:\Program Files\Common Files\Symantec Shared\ccApp.exe [C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email] -> [2009/03/16 15:35:22 | 000,115,560 | ---- | M] (Symantec Corporation) "C:\Program Files\HP\HP Software Update\HPWUCli.exe" -> C:\Program Files\HP\HP Software Update\HPWUCli.exe [C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client] -> [2009/09/25 18:02:48 | 000,633,912 | ---- | M] (Hewlett-Packard) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/04/02 16:10:58 | 013,646,632 | ---- | M] (Apple Inc.) "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2009/09/30 08:50:46 | 000,503,808 | ---- | M] (Lime Wire, LLC) "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" -> C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004] -> [2003/09/05 19:33:42 | 011,882,496 | ---- | M] (Macromedia, Inc.) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft LifeCam\LifeExp.exe" -> C:\Program Files\Microsoft LifeCam\LifeExp.exe [C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe] -> [2006/10/13 18:01:18 | 000,277,296 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" -> C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service] -> [2009/03/16 15:35:22 | 001,795,400 | ---- | M] (Symantec Corporation) "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" -> C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service] -> [2009/03/16 15:35:22 | 000,320,840 | ---- | M] (Symantec Corporation) "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" -> C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903] -> [2004/04/01 14:16:42 | 000,016,384 | ---- | M] () "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 18:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 18:43:18 | 000,091,376 | ---- | M] (Yahoo! Inc.) "C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> [2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [System32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/03/31 23:00:15 | 000,000,000 | ---- | M] () D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Desktop WallPaper > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General -> BackupWallPaper -> C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp -> < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> -> File not found Ias -> C:\WINDOWS\system32\ias -> [2004/10/06 18:30:16 | 000,000,000 | ---D | M] Iprip -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found Wmi -> C:\WINDOWS\system32\wmi.dll -> [2008/04/13 17:11:15 | 000,005,632 | ---- | M] (Microsoft Corporation) WmdmPmSp -> -> File not found *MultiFile Done* -> -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 -> [2008/11/10 10:50:30 | 000,068,472 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/04/13 17:12:41 | 000,135,168 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {0046FA01-C5B9-4985-BACB-398DC480FC05} -> Adobe Photoshop CS3 {04AF207D-9A77-465A-8B76-991F6AB66245} -> Adobe Help Viewer CS3 {05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A} -> Macromedia Dreamweaver MX 2004 {06E73C0B-7DE7-4F41-860B-587033B75BD9} -> iPod Updater 2004-11-15 {07287123-B8AC-41CE-8346-3D777245C35B} -> Bonjour {08B32819-6EEF-4057-AEDA-5AB681A36A23} -> Adobe Bridge Start Meeting {09DA4F91-2A09-4232-AB8C-6BC740096DE3} -> Sonic Update Manager {1451DE6B-ABE1-4F62-BE9A-B363A17588A2} -> QuickTime {15F4085A-BC98-4590-AFFD-03BBBE49524E} -> Garmin Communicator Plugin {184CE391-7E0E-4C63-9935-D7A10EDFD3C6} -> Adobe WinSoft Linguistics Plugin {1D58229F-C505-45CA-8223-F35F3A34B963} -> Adobe Version Cue CS3 Server {ko_KR} {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 {1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54} -> DocProc {24D7346D-D4B4-45E8-98EA-75EC14B42DD8} -> Adobe ExtendScript Toolkit 2 {24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} -> Skype™ 4.0 {26A24AE4-039D-4CA4-87B4-2F83216011FF} -> Java(TM) 6 Update 15 {29B50D30-EAFC-4cea-9F76-3A0E3729E9B0} -> SkinsHP1 {29E5EA97-5F74-4A57-B8B2-D4F169117183} -> Adobe Stock Photos CS3 {2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} -> Adobe Flash Video Encoder {2F353D44-73BB-4971-B31D-F7642E9E9531} -> Macromedia Flash MX 2004 {318AB667-3230-41B5-A617-CB3BF748D371} -> iTunes {3248F0A8-6813-11D6-A77B-00B0D0150020} -> J2SE Runtime Environment 5.0 Update 2 {3248F0A8-6813-11D6-A77B-00B0D0150040} -> J2SE Runtime Environment 5.0 Update 4 {3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6 {3248F0A8-6813-11D6-A77B-00B0D0150110} -> J2SE Runtime Environment 5.0 Update 11 {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1 {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2 {3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3 {3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5 {3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7 {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP {366FFC89-C800-4366-B903-B9C4314109A5} -> Garmin WebUpdater {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} -> Adobe Media Player {3AC54383-31D1-4907-961B-B12CBB1D0AE8} -> MobileMe Control Panel {3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373} -> Symantec Endpoint Protection {3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF} -> HPSystemDiagnostics {3D047C15-C859-45F7-81CE-F2681778069B} -> iPod for Windows 2006-01-10 {3FA365DF-2D68-45ED-8F83-8C8A33E65143} -> Apple Application Support {48242276-DB89-42e8-9678-BD4280D7B99A} -> Copy {51846830-E7B2-4218-8968-B77F0FF475B8} -> Adobe Color EU Extra Settings {5421155F-B033-49DB-9B33-8F80F233D4D5} -> GdiplusUpgrade {54793AA1-5001-42F4-ABB6-C364617C6078} -> Adobe Linguistics CS3 {5764B025-75A6-4EBE-95A6-BF46974A8E0E} -> Adobe Setup {595D0DE8-C38A-4432-B851-47DECC1A99BD} -> HP Unload DLL Patch {64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} -> Adobe Setup {65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E} -> Garmin USB Drivers {6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update {6ABE0BEE-D572-4FE8-B434-9E72A289431B} -> Adobe Fonts All {6B52140A-F189-4945-BFFC-DB3F00B8C589} -> Adobe Flash CS3 {6B708481-748A-4EB4-97C1-CD386244FF77} -> Adobe MotionPicture Color Files {6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} -> AHV content for Acrobat and Flash {6C11D561-620B-47DA-A693-4C597F3CDF40} -> EPSON Smart Panel {6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A} -> Microsoft Outlook Web Access S/MIME {6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} -> Adobe Color Common Settings {6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} -> Adobe Asset Services CS3 {7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03 {7148F0A8-6813-11D6-A77B-00B0D0142050} -> Java 2 Runtime Environment, SE v1.4.2_05 {7148F0A8-6813-11D6-A77B-00B0D0142060} -> Java 2 Runtime Environment, SE v1.4.2_06 {723C033E-63EA-4227-BAB2-0AA8693C16EB} -> Director {745A92AF-53B4-41A7-91C3-9B026B1D5897} -> InstantShare {766273C1-A39B-47EB-ACE8-DEBDD8094BCC} -> overland {77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com {7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} -> Adobe Dreamweaver CS3 {7DFC1012-D346-46CE-B03E-FF79125AE029} -> Adobe Fireworks CS3 {802771A9-A856-4A41-ACF7-1450E523C923} -> Adobe XMP Panels CS3 {818ABC3C-635C-4651-8183-D0E9640B7DD1} -> HP Update {81DD5688-695A-4c1d-AE7D-368BF857725A} -> TrayApp {820D3F45-F6EE-4AAF-81EF-CE21FF21D230} -> Adobe Type Support CS4 {8413C059-F88F-4232-AF4A-68DDAFCFCD7D} -> LogMeIn {8777AC6D-89F9-4793-8266-DE406F343E89} -> QFolder {8A708DD8-A5E6-11D4-A706-000629E95E20} -> {8CFC7570-DD90-486E-A239-E31D455BDE93} -> Microsoft LifeCam {8D2BA474-F406-4710-9AE4-D4F22D21F0DD} -> Adobe Device Central CS3 {90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12 {90120000-0011-0000-0000-0000000FF1CE} -> Microsoft Office Professional Plus 2007 {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581) {90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007 {90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007 {90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007 {90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007 {90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007 {90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007 {90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) {90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007 {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) {90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007 {90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007 {90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007 {90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007 {90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007 {90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2) {90176341-0A8B-4CCC-A78D-F862228A6B95} -> Adobe Anchor Service CS3 {930FE07E-1ED7-425D-B417-E891B20E9E41} -> Adobe Creative Suite 3 Web Premium {94D398EB-D2FD-4FD1-B8C4-592635E8A191} -> Adobe CMaps CS4 {9541FED0-327F-4DF0-8B96-EF57EF622F19} -> RecordNow! {95655ED4-7CA5-46DF-907F-7144877A32E5} -> Adobe Color NA Recommended Settings {975C8028-51D8-44A9-9585-82E9810FE96A} -> hp LaserJet 1000 {9A3EABC0-CA06-11D4-BF77-00104B130C19} -> EPSON TWAIN 5 {9B03C535-3AEA-4ef2-B326-0A01A2207034} -> CreativeProjects {9C9824D9-9000-4373-A6A5-D0E5D4831394} -> Adobe Bridge CS3 {A2BCA9F1-566C-4805-97D1-7FDC93386723} -> Adobe AIR {A2D81E70-2A98-4A08-A628-94388B063C5E} -> Adobe Color - Photoshop Specific {A5BA14E0-7384-11D4-BAE7-00409631A2C8} -> Macromedia Extension Manager {A73EFA95-4872-4AE3-8EE9-10D2E2D713CF} -> RoadRunner {AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} -> Apple Mobile Device Support {AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} -> PDF Settings {AC76BA86-7AD7-1033-7B44-A93000000001} -> Adobe Reader 9.3.2 {AC76BA86-7AD7-2447-0000-900000000003} -> Chinese Simplified Fonts Support For Adobe Reader 9 {AC76BA86-7AD7-5760-0000-900000000003} -> Japanese Fonts Support For Adobe Reader 9 {B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} -> Adobe Camera Raw 4.0 {B3C02EC1-A7B0-4987-9A43-8789426AAA7D} -> Adobe Setup {B69CC1A5-0404-11D6-ABCB-005004C21D30} -> EPSON Copy Utility {B7F560B3-6EFF-4026-A982-843895A41149} -> Adobe BridgeTalk Plugin CS3 {BAD8CA9C-77C0-4663-B00B-A8D3B13C341B} -> Motorola Phone Tools {BC339BFD-F550-471a-8D26-4D08126C62F7} -> SkinsHP2 {BE5F3842-8309-4754-92D5-83E02E6077A3} -> Adobe Extension Manager CS3 {C2E8B236-7554-45FE-92C0-94EF76E4D182} -> Garmin City Navigator North America NT 2010.20 {C52E3EC1-048C-45E1-8D53-10B0C6509683} -> Adobe Default Language CS4 {C5BD220A-EFE8-48A5-B70E-9503D535FACE} -> Adobe WAS CS3 {C6A7AF96-4EB1-4AAE-8318-1AB393C64F88} -> Microsoft Plus! Digital Media Edition {C6C44651-7C66-4b11-92E8-17565D3D22DD} -> HP Image Zone Plus 3.5 {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 {CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F} -> QuickProjects {D0DFF92A-492E-4C40-B862-A74A173C25C5} -> Adobe Version Cue CS3 Client {D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90} -> Safari {D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7} -> Garmin POI Loader {DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3} -> Garmin City Navigator North America NT 2009 Update {DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38} -> HpSdpAppCoreApp {DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} -> Adobe Color JA Extra Settings {E583ED6F-BD99-4066-A420-C815BF692B69} -> Macromedia Fireworks MX 2004 {E69AE897-9E0B-485C-8552-7841F48D42D8} -> Adobe Update Manager CS3 {E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A} -> PhotoGallery {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} -> ScanToWeb {ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} -> Adobe Flash Player 10 Plugin {F08E8D2E-F132-4742-9C87-D5FF223A016A} -> Adobe Illustrator CS3 {F247869D-3643-4A9F-821B-3534145928E3} -> HPIZ350 {F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729) {F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01 {F419D20A-7719-4639-8E30-C073A040D878} -> HP Deskjet Preloaded Printer Drivers {F93C84A6-0DC6-42AF-89FA-776F7C377353} -> Adobe PDF Library Files CS4 {FBBF532A-47AC-457d-AC06-0D3163D8911E} -> WebReg {FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7} -> Adobe Contribute CS3 {FD4776A5-A39D-4208-AC34-AF4373C81967} -> EOL Universal Printer Client {FF102450-55AA-4AE1-ACE4-E271E2470C83} -> hpmdtab 49CF605F02C7954F4E139D18828DE298CD59217C -> Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) 62067F4C-84A9-45B9-8573-B90468B0A3EF -> Orbital from Hewlett-Packard Desktops (remove only) 6723E59E-322A-417A-8E03-27A61E18253C -> Overball from Hewlett-Packard Desktops (remove only) Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 Adobe AIR -> Adobe AIR Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX Adobe Shockwave Player -> Adobe Shockwave Player 11.5 Adobe SVG Viewer -> Adobe SVG Viewer 3.0 Adobe_3e054d2218e7aa282c2369d939e58ff -> Adobe ExtendScript Toolkit 2 Adobe_6c8e2cb4fd241c55406016127a6ab2e -> Adobe Color Common Settings Adobe_f4ca0de7e69bc77df34b5de71c8a078 -> Add or Remove Adobe Creative Suite 3 Web Premium Agere Systems Soft Modem -> Agere Systems PCI Soft Modem Allway Sync_is1 -> Allway Sync version 9.4.1 Audio MP3 Sound Recorder -> Audio MP3 Sound Recorder BackWeb-137903 Uninstaller -> Updates from HP BFBCBAE3-8293-4215-9C4F-C2402C118EDB -> Otto from Hewlett-Packard Desktops (remove only) C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A -> Slyder from Hewlett-Packard Desktops (remove only) com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com Easy Grade Pro -> Easy Grade Pro EPSON Photo Print -> EPSON Photo Print ExamView Pro -> ExamView Assessment Suite HP Instant Support -> HP Instant Support HP Photo & Imaging -> HP Image Zone 3.5 HPTOOLKIT -> Toolkit View(HP) IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ie7 -> Windows Internet Explorer 7 ie8 -> Windows Internet Explorer 8 InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9} -> iPod Updater 2004-11-15 InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B} -> iPod for Windows 2006-01-10 kSolo -> kSolo Recorder LimeWire -> LimeWire 5.3.6 LiveUpdate -> LiveUpdate 3.3 (Symantec Corporation) Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP MSN Music Assistant -> MSN Music Assistant MSN Toolbar -> MSN Toolbar MSTTS -> Microsoft Text-to-Speech Engine 4.0 (English) NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs NSS -> Norton Security Scan NVIDIA -> Photomatix Pro_is1 -> Photomatix Pro version 2.3.1 PROPLUS -> Microsoft Office Professional Plus 2007 QuickLink Mobile Phonebook -> QuickLink Mobile Phonebook RealPlayer 6.0 -> RealPlayer S3 -> VIA/S3G Display Driver Silent Package Run-Time Sample -> EPSON Scanner Reference Guide USB Drivers -> USB Drivers VN_VUIns_Rhine_VIA -> VIA Rhine-Family Fast Ethernet Adapter VTDisplay -> S3 S3Display VTGamma2 -> S3 S3Gamma2 VTInfo2 -> S3 S3Info2 VTOverlay -> S3 S3Overlay WGA -> Windows Genuine Advantage Validation Tool Windows Media Format Runtime -> Windows Media Format 11 runtime Windows Media Player -> Windows Media Player 11 Windows XP Service Pack -> Windows XP Service Pack 3 WMFDist11 -> Windows Media Format 11 runtime wmp11 -> Windows Media Player 11 Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 Yahoo! Messenger -> Yahoo! Messenger Yahoo! Photos Drag-Drop Uploader 1v7 -> Yahoo! Photos Easy Upload Tool < Uninstall List [HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\] > -> HKEY_USERS\S-1-5-21-1519133620-2797194910-1890090545-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 5/17/2010 1:01:49 PM Computer Name = HP | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: A connection with the server could not be established Application [ Error ] 5/17/2010 1:01:50 PM Computer Name = HP | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. Application [ Error ] 5/17/2010 2:01:47 PM Computer Name = HP | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: A connection with the server could not be established Application [ Error ] 5/17/2010 2:01:48 PM Computer Name = HP | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist. Application [ Error ] 5/17/2010 2:22:30 PM Computer Name = HP | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Trojan.FakeAV in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\4bf16f24.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Application [ Error ] 5/17/2010 2:34:37 PM Computer Name = HP | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Trojan.FakeAV in File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ144.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Application [ Error ] 5/17/2010 2:50:56 PM Computer Name = HP | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Trojan.FakeAV in File: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100517-111055-919B8B75\AVSCAN-00000002.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. Application [ Error ] 5/17/2010 3:01:51 PM Computer Name = HP | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: with error: A connection with the server could not be established Application [ Error ] 5/17/2010 3:02:37 PM Computer Name = HP | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Trojan.FakeAV in File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ145.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Application [ Error ] 5/17/2010 3:12:41 PM Computer Name = HP | Source = Symantec AntiVirus | ID = 16711731 -> Description = Security Risk Found!Trojan.FakeAV in File: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20100517-111228-A59971C8\AVSCAN-00000002.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully. OSession [ Error ] 7/18/2009 11:06:56 AM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/18/2009 9:34:27 PM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/18/2009 9:34:48 PM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/18/2009 9:34:55 PM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/24/2009 1:24:06 AM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/24/2009 1:24:15 AM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/24/2009 1:24:23 AM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 8/24/2009 1:24:29 AM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. OSession [ Error ] 9/7/2009 4:00:07 PM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2223 seconds with 1980 seconds of active time. This session ended with a crash. OSession [ Error ] 3/20/2010 9:52:04 AM Computer Name = HP | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 487 seconds with 300 seconds of active time. This session ended with a crash. System [ Error ] 5/17/2010 3:44:40 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:40 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:41 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 System [ Error ] 5/17/2010 3:44:42 PM Computer Name = HP | Source = Service Control Manager | ID = 7023 -> Description = The Application Management service terminated with the following error: %%126 [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/05/18 19:11:59 | 000,640,000 | ---- | C] (OldTimer Tools) Config.Msi -> C:\Config.Msi -> [2010/05/17 12:44:25 | 000,000,000 | -HSD | C] RECYCLER -> C:\RECYCLER -> [2010/05/17 08:33:37 | 000,000,000 | -HSD | C] SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/05/14 21:27:19 | 000,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/05/14 21:27:19 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/05/14 21:27:19 | 000,136,704 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/05/14 21:27:19 | 000,031,232 | ---- | C] (NirSoft) ERDNT -> C:\WINDOWS\ERDNT -> [2010/05/14 21:27:04 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2010/05/14 21:26:30 | 000,000,000 | ---D | C] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2010/05/12 17:14:36 | 000,000,000 | ---D | C] SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2010/05/12 17:14:20 | 000,000,000 | ---D | C] Alwil Software -> C:\Program Files\Alwil Software -> [2010/05/11 19:45:37 | 000,000,000 | ---D | C] Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/05/11 19:45:37 | 000,000,000 | ---D | C] Avira -> C:\Program Files\Avira -> [2010/05/11 19:43:56 | 000,000,000 | ---D | C] tdsskiller -> C:\Documents and Settings\Owner\Desktop\tdsskiller -> [2010/05/09 19:51:42 | 000,000,000 | ---D | C] AskToolbar -> C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar -> [2010/05/09 18:26:57 | 000,000,000 | ---D | C] Ask.com -> C:\Program Files\Ask.com -> [2010/05/09 17:23:05 | 000,000,000 | ---D | C] Foxit Software -> C:\Program Files\Foxit Software -> [2010/05/09 17:22:40 | 000,000,000 | ---D | C] bbbturras -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\bbbturras -> [2010/05/09 08:42:57 | 000,000,000 | ---D | C] Sun -> C:\Documents and Settings\NetworkService\Application Data\Sun -> [2010/05/09 08:42:14 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\Owner\Application Data\Malwarebytes -> [2010/05/09 08:27:46 | 000,000,000 | ---D | C] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/05/09 08:27:34 | 000,000,000 | ---D | C] SxsCaPendDel -> C:\WINDOWS\SxsCaPendDel -> [2010/05/09 07:50:56 | 000,000,000 | ---D | C] IObit -> C:\Program Files\IObit -> [2010/05/09 07:16:25 | 000,000,000 | ---D | C] IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2010/05/09 07:16:25 | 000,000,000 | ---D | C] SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2010/05/08 12:55:14 | 000,095,024 | ---- | C] (Sunbelt Software) Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [2010/05/08 12:44:45 | 000,000,000 | ---D | C] Real -> C:\Documents and Settings\NetworkService\Application Data\Real -> [2010/05/06 22:57:26 | 000,000,000 | ---D | C] Tony's Scanned Documents -> C:\Documents and Settings\Owner\Desktop\Tony's Scanned Documents -> [2010/05/06 22:27:12 | 000,000,000 | ---D | C] Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2010/05/06 09:44:23 | 000,000,000 | ---D | C] Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2010/05/06 09:43:40 | 000,000,000 | ---D | C] LA tour -> C:\Documents and Settings\Owner\Desktop\LA tour -> [2010/04/20 17:25:46 | 000,000,000 | ---D | C] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 Days] OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2010/05/18 19:12:09 | 000,640,000 | ---- | M] (OldTimer Tools) Norton Security Scan for Owner.job -> C:\WINDOWS\tasks\Norton Security Scan for Owner.job -> [2010/05/18 15:51:24 | 000,000,558 | -H-- | M] () CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010/05/17 11:58:18 | 000,002,577 | ---- | M] () hpsysdrv.DAT -> C:\WINDOWS\System\hpsysdrv.DAT -> [2010/05/16 08:05:19 | 000,000,187 | ---- | M] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/05/16 08:05:08 | 000,001,158 | ---- | M] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/05/16 08:00:55 | 000,000,006 | -H-- | M] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/05/16 08:00:33 | 000,002,048 | --S- | M] () hiberfil.sys -> C:\hiberfil.sys -> [2010/05/16 08:00:08 | 1543,032,832 | -HS- | M] () NTUSER.DAT -> C:\Documents and Settings\Owner\NTUSER.DAT -> [2010/05/16 07:58:39 | 011,272,192 | -H-- | M] () bthservsdp.dat -> C:\WINDOWS\bthservsdp.dat -> [2010/05/16 07:58:26 | 000,000,012 | ---- | M] () ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2010/05/16 07:58:24 | 000,000,278 | -HS- | M] () IconCache.db -> C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db -> [2010/05/16 07:57:55 | 005,920,654 | -H-- | M] () system.ini -> C:\WINDOWS\system.ini -> [2010/05/14 22:03:33 | 000,000,227 | ---- | M] () AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/05/11 20:07:08 | 000,000,284 | ---- | M] () National_University.pdf -> C:\Documents and Settings\Owner\Desktop\National_University.pdf -> [2010/05/09 21:28:39 | 001,096,532 | ---- | M] () GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2010/05/09 20:01:40 | 000,079,736 | ---- | M] () FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/05/09 19:59:33 | 001,584,304 | ---- | M] () tdsskiller.zip -> C:\Documents and Settings\Owner\Desktop\tdsskiller.zip -> [2010/05/09 19:50:03 | 000,154,469 | ---- | M] () File0010.jpg -> C:\Documents and Settings\Owner\Desktop\File0010.jpg -> [2010/05/09 18:15:05 | 001,422,291 | ---- | M] () Driver's License.doc -> C:\Documents and Settings\Owner\My Documents\Driver's License.doc -> [2010/05/09 18:06:09 | 000,160,768 | ---- | M] () Certificate of Appreciation.doc -> C:\Documents and Settings\Owner\My Documents\Certificate of Appreciation.doc -> [2010/05/09 16:17:41 | 004,835,840 | ---- | M] () SBREDrv.sys -> C:\WINDOWS\System32\drivers\SBREDrv.sys -> [2010/05/08 12:55:09 | 000,095,024 | ---- | M] (Sunbelt Software) 10SpPACT565s.xls -> C:\Documents and Settings\Owner\Desktop\10SpPACT565s.xls -> [2010/05/07 13:30:38 | 000,025,088 | ---- | M] () woxcdv.dat -> C:\Documents and Settings\Owner\Application Data\woxcdv.dat -> [2010/05/06 08:52:27 | 000,000,016 | ---- | M] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010/04/23 14:48:01 | 000,234,496 | ---- | M] () LA tour.zip -> C:\Documents and Settings\Owner\Desktop\LA tour.zip -> [2010/04/20 17:25:27 | 015,119,812 | ---- | M] () 5 C:\Documents and Settings\Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\temp\*.tmp -> 5 C:\Documents and Settings\Owner\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\temp\*.tmp -> 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files - No Company Name] PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/05/14 21:27:19 | 000,256,512 | ---- | C] () sed.exe -> C:\WINDOWS\sed.exe -> [2010/05/14 21:27:19 | 000,098,816 | ---- | C] () grep.exe -> C:\WINDOWS\grep.exe -> [2010/05/14 21:27:19 | 000,080,412 | ---- | C] () MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/05/14 21:27:19 | 000,077,312 | ---- | C] () zip.exe -> C:\WINDOWS\zip.exe -> [2010/05/14 21:27:19 | 000,068,096 | ---- | C] () hiberfil.sys -> C:\hiberfil.sys -> [2010/05/10 21:57:11 | 1543,032,832 | -HS- | C] () National_University.pdf -> C:\Documents and Settings\Owner\Desktop\National_University.pdf -> [2010/05/09 21:28:39 | 001,096,532 | ---- | C] () tdsskiller.zip -> C:\Documents and Settings\Owner\Desktop\tdsskiller.zip -> [2010/05/09 19:50:03 | 000,154,469 | ---- | C] () File0010.jpg -> C:\Documents and Settings\Owner\Desktop\File0010.jpg -> [2010/05/09 18:15:00 | 001,422,291 | ---- | C] () Driver's License.doc -> C:\Documents and Settings\Owner\My Documents\Driver's License.doc -> [2010/05/09 18:06:08 | 000,160,768 | ---- | C] () Certificate of Appreciation.doc -> C:\Documents and Settings\Owner\My Documents\Certificate of Appreciation.doc -> [2010/05/09 16:17:40 | 004,835,840 | ---- | C] () 10SpPACT565s.xls -> C:\Documents and Settings\Owner\Desktop\10SpPACT565s.xls -> [2010/05/07 13:30:38 | 000,025,088 | ---- | C] () woxcdv.dat -> C:\Documents and Settings\Owner\Application Data\woxcdv.dat -> [2010/05/06 08:52:05 | 000,000,016 | ---- | C] () LA tour.zip -> C:\Documents and Settings\Owner\Desktop\LA tour.zip -> [2010/04/20 17:25:27 | 015,119,812 | ---- | C] () NPSWF32.dll -> C:\WINDOWS\System32\NPSWF32.dll -> [2008/09/14 17:49:27 | 002,463,976 | ---- | C] () idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () HP_48BitScanUpdatePatch.ini -> C:\WINDOWS\HP_48BitScanUpdatePatch.ini -> [2006/12/25 13:48:41 | 000,000,214 | ---- | C] () DEMO.INI -> C:\WINDOWS\DEMO.INI -> [2006/12/05 18:08:42 | 000,000,486 | ---- | C] () IlmImf.dll -> C:\WINDOWS\System32\IlmImf.dll -> [2006/10/23 13:02:13 | 000,782,336 | ---- | C] () pmtf2.dll -> C:\WINDOWS\System32\pmtf2.dll -> [2006/10/23 13:02:13 | 000,353,280 | ---- | C] () PhotomatixLib.dll -> C:\WINDOWS\System32\PhotomatixLib.dll -> [2006/10/23 13:02:13 | 000,238,592 | ---- | C] () pmjp.dll -> C:\WINDOWS\System32\pmjp.dll -> [2006/10/23 13:02:13 | 000,216,064 | ---- | C] () PhotomatixLib2.dll -> C:\WINDOWS\System32\PhotomatixLib2.dll -> [2006/10/23 13:02:13 | 000,212,992 | ---- | C] () pmtf1.dll -> C:\WINDOWS\System32\pmtf1.dll -> [2006/10/23 13:02:13 | 000,205,824 | ---- | C] () PhotomatixLib3.dll -> C:\WINDOWS\System32\PhotomatixLib3.dll -> [2006/10/23 13:02:13 | 000,110,592 | ---- | C] () pmexr.dll -> C:\WINDOWS\System32\pmexr.dll -> [2006/10/23 13:02:13 | 000,053,248 | ---- | C] () pmbm.dll -> C:\WINDOWS\System32\pmbm.dll -> [2006/10/23 13:02:13 | 000,011,776 | ---- | C] () lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2006/09/24 12:03:55 | 000,009,255 | R--- | C] () wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/05/20 17:04:19 | 000,000,393 | ---- | C] () HPGdiPlus.ini -> C:\WINDOWS\HPGdiPlus.ini -> [2006/04/29 09:24:42 | 000,000,206 | ---- | C] () cygxml2-2.dll -> C:\WINDOWS\System32\cygxml2-2.dll -> [2006/01/21 22:49:36 | 001,208,320 | ---- | C] () cygz.dll -> C:\WINDOWS\System32\cygz.dll -> [2006/01/21 22:49:36 | 000,062,464 | ---- | C] () cygiconv-2.dll -> C:\WINDOWS\System32\cygiconv-2.dll -> [2006/01/21 22:49:35 | 000,980,992 | ---- | C] () eolupclnt.ini -> C:\WINDOWS\eolupclnt.ini -> [2005/12/28 10:10:13 | 000,000,358 | ---- | C] () libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2005/12/27 19:00:00 | 000,395,776 | ---- | C] () TomsMoComp_ff.dll -> C:\WINDOWS\System32\TomsMoComp_ff.dll -> [2005/12/27 19:00:00 | 000,262,144 | ---- | C] () libmpeg2_ff.dll -> C:\WINDOWS\System32\libmpeg2_ff.dll -> [2005/12/27 19:00:00 | 000,112,640 | ---- | C] () libavcodec.dll -> C:\WINDOWS\System32\libavcodec.dll -> [2005/12/27 18:59:59 | 002,255,360 | ---- | C] () VX3000.ini -> C:\WINDOWS\VX3000.ini -> [2005/12/22 11:05:46 | 000,015,498 | ---- | C] () DEBUGSM.INI -> C:\WINDOWS\DEBUGSM.INI -> [2005/06/16 16:47:13 | 000,000,029 | ---- | C] () pythoncom21.dll -> C:\WINDOWS\System32\pythoncom21.dll -> [2005/06/16 16:45:03 | 000,290,919 | ---- | C] () PyWinTypes21.dll -> C:\WINDOWS\System32\PyWinTypes21.dll -> [2005/06/16 16:45:03 | 000,057,344 | ---- | C] () SlantAdj.dll -> C:\WINDOWS\SlantAdj.dll -> [2005/06/16 16:42:51 | 000,096,768 | ---- | C] () epDPE.ini -> C:\WINDOWS\System32\epDPE.ini -> [2005/06/16 16:42:51 | 000,000,072 | ---- | C] () EPSON 2400 Installer.ini -> C:\WINDOWS\EPSON 2400 Installer.ini -> [2005/06/16 16:41:01 | 000,000,198 | ---- | C] () cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2005/03/20 22:17:03 | 000,000,087 | ---- | C] () mdm.ini -> C:\WINDOWS\mdm.ini -> [2005/03/12 08:53:14 | 000,000,063 | ---- | C] () adistres.dll -> C:\WINDOWS\System32\adistres.dll -> [2004/12/12 19:53:48 | 000,077,824 | ---- | C] () VPC32.INI -> C:\WINDOWS\VPC32.INI -> [2004/10/16 18:13:40 | 000,000,000 | ---- | C] () isutil.dll -> C:\WINDOWS\System32\isutil.dll -> [2004/10/02 23:21:54 | 000,233,525 | ---- | C] () apptune.ini -> C:\WINDOWS\apptune.ini -> [2004/10/02 23:21:52 | 000,000,271 | ---- | C] () ractrlkeyhook.dll -> C:\WINDOWS\System32\ractrlkeyhook.dll -> [2004/09/30 11:48:30 | 000,008,520 | ---- | C] () vuins32.dll -> C:\WINDOWS\System32\vuins32.dll -> [2004/09/17 18:37:42 | 000,061,440 | ---- | C] () VGAunistlog.ini -> C:\WINDOWS\System32\VGAunistlog.ini -> [2004/04/02 16:33:15 | 000,000,000 | ---- | C] () VGAsetup.ini -> C:\WINDOWS\VGAsetup.ini -> [2004/04/02 16:33:14 | 000,000,451 | ---- | C] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2004/04/02 16:18:59 | 000,000,061 | ---- | C] () PCDrJNI_1_1.dll -> C:\WINDOWS\System32\PCDrJNI_1_1.dll -> [2004/04/01 14:29:07 | 000,167,936 | ---- | C] () CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2004/04/01 14:14:02 | 000,028,734 | ---- | C] () hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2004/04/01 14:13:21 | 000,045,056 | ---- | C] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2004/04/01 01:57:30 | 000,000,376 | ---- | C] () QUICKEN.INI -> C:\WINDOWS\QUICKEN.INI -> [2004/04/01 01:50:38 | 000,000,889 | ---- | C] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/04/01 00:55:37 | 000,001,793 | ---- | C] () psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2004/04/01 00:23:23 | 000,363,520 | ---- | C] () PythonCOM22.dll -> C:\WINDOWS\System32\PythonCOM22.dll -> [2004/04/01 00:14:18 | 000,299,073 | ---- | C] () PyWinTypes22.dll -> C:\WINDOWS\System32\PyWinTypes22.dll -> [2004/04/01 00:14:18 | 000,065,536 | ---- | C] () bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2004/04/01 00:12:07 | 000,016,896 | ---- | C] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/03/31 23:03:26 | 000,000,802 | ---- | C] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2004/03/31 21:50:07 | 000,000,549 | ---- | C] () px.ini -> C:\WINDOWS\System32\px.ini -> [2004/01/24 00:33:14 | 000,000,000 | ---- | C] () MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 11:46:56 | 000,065,536 | ---- | C] () REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 01:00:00 | 000,040,448 | ---- | C] () [File - Lop Check] Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/05/17 11:58:38 | 000,000,000 | ---D | M] BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2006/05/03 21:11:28 | 000,000,000 | ---D | M] GARMIN -> C:\Documents and Settings\All Users\Application Data\GARMIN -> [2009/11/15 23:27:57 | 000,000,000 | ---D | M] LogMeIn -> C:\Documents and Settings\All Users\Application Data\LogMeIn -> [2008/06/18 23:25:48 | 000,000,000 | ---D | M] Sync App Settings -> C:\Documents and Settings\All Users\Application Data\Sync App Settings -> [2009/10/14 17:52:59 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2007/03/09 19:06:32 | 000,000,000 | ---D | M] {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> [2009/04/17 13:11:08 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Default User\Application Data\SampleView -> [2004/04/01 14:49:28 | 000,000,000 | ---D | M] EPSON -> C:\Documents and Settings\Guest\Application Data\EPSON -> [2006/05/02 19:47:46 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Guest\Application Data\SampleView -> [2004/04/01 14:49:28 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\LogMeInRemoteUser\Application Data\SampleView -> [2004/04/01 14:49:28 | 000,000,000 | ---D | M] Alien Skin -> C:\Documents and Settings\Owner\Application Data\Alien Skin -> [2004/12/25 13:40:46 | 000,000,000 | ---D | M] Design Science -> C:\Documents and Settings\Owner\Application Data\Design Science -> [2008/04/07 06:15:07 | 000,000,000 | ---D | M] eFax Messenger -> C:\Documents and Settings\Owner\Application Data\eFax Messenger -> [2007/06/19 20:44:01 | 000,000,000 | ---D | M] EPSON -> C:\Documents and Settings\Owner\Application Data\EPSON -> [2005/06/16 16:47:23 | 000,000,000 | ---D | M] GARMIN -> C:\Documents and Settings\Owner\Application Data\GARMIN -> [2009/11/16 06:10:43 | 000,000,000 | ---D | M] IC Capture 2.0 -> C:\Documents and Settings\Owner\Application Data\IC Capture 2.0 -> [2006/04/27 10:24:52 | 000,000,000 | ---D | M] Inspiration Software -> C:\Documents and Settings\Owner\Application Data\Inspiration Software -> [2004/11/06 11:59:26 | 000,000,000 | ---D | M] InterTrust -> C:\Documents and Settings\Owner\Application Data\InterTrust -> [2004/12/12 19:52:47 | 000,000,000 | ---D | M] InterVideo -> C:\Documents and Settings\Owner\Application Data\InterVideo -> [2004/11/01 20:17:25 | 000,000,000 | ---D | M] IObit -> C:\Documents and Settings\Owner\Application Data\IObit -> [2010/05/09 07:16:25 | 000,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\Owner\Application Data\Leadertech -> [2008/03/02 22:09:15 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Owner\Application Data\SampleView -> [2004/04/01 14:49:28 | 000,000,000 | ---D | M] Sync App Settings -> C:\Documents and Settings\Owner\Application Data\Sync App Settings -> [2009/10/14 17:53:23 | 000,000,000 | ---D | M] Template -> C:\Documents and Settings\Owner\Application Data\Template -> [2005/06/09 06:23:50 | 000,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\Owner\Application Data\Viewpoint -> [2007/03/09 19:06:35 | 000,000,000 | ---D | M] Windows Desktop Search -> C:\Documents and Settings\Owner\Application Data\Windows Desktop Search -> [2010/03/08 14:23:17 | 000,000,000 | ---D | M] Windows Search -> C:\Documents and Settings\Owner\Application Data\Windows Search -> [2010/03/09 14:31:26 | 000,000,000 | ---D | M] LimeWire -> C:\Documents and Settings\Vishakha\Application Data\LimeWire -> [2010/04/26 18:42:37 | 000,000,000 | ---D | M] SampleView -> C:\Documents and Settings\Vishakha\Application Data\SampleView -> [2004/04/01 14:49:28 | 000,000,000 | ---D | M] Windows Desktop Search -> C:\Documents and Settings\Vishakha\Application Data\Windows Desktop Search -> [2010/04/25 07:37:07 | 000,000,000 | ---D | M] [Custom Scans] < %SYSTEMDRIVE%\*.exe > Egp.exe -> C:\Egp.exe -> [2003/11/14 13:42:20 | 002,191,460 | ---- | M] (Orbis Software Inc.) MathType.exe -> C:\MathType.exe -> [2007/08/29 17:07:30 | 001,926,672 | ---- | M] (Design Science, Inc.) StubInstaller.exe -> C:\StubInstaller.exe -> [2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) < MD5 Scans Start> < %systemdrive%\AGP440.SYS /md5 /s > AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys -> [2004/10/05 20:36:00 | 022,245,337 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys -> [2008/08/14 06:08:14 | 023,852,652 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys -> [2004/10/05 20:36:00 | 022,245,337 | ---- | M] () AGP440.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys -> [2008/08/14 06:08:14 | 023,852,652 | ---- | M] () agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ERDNT\cache\agp440.sys -> [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\ServicePackFiles\i386\agp440.sys -> [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7 -> C:\WINDOWS\system32\drivers\agp440.sys -> [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -> C:\WINDOWS\$NtServicePackUninstall$\agp440.sys -> [2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) < %systemdrive%\ATAPI.SYS /md5 /s > atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys -> [2002/08/29 12:00:00 | 010,158,890 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys -> [2004/10/05 20:36:00 | 022,245,337 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys -> [2008/08/14 06:08:14 | 023,852,652 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\I386\sp1.cab:atapi.sys -> [2002/08/29 05:00:00 | 010,158,890 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys -> [2004/10/05 20:36:00 | 022,245,337 | ---- | M] () atapi.sys : .cab file -> C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys -> [2008/08/14 06:08:14 | 023,852,652 | ---- | M] () atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINDOWS\$NtUninstallQ331958$\atapi.sys -> [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ERDNT\cache\atapi.sys -> [2010/05/09 19:54:13 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\system32\drivers\atapi.sys -> [2010/05/09 19:54:13 | 000,096,512 | ---- | M] (Microsoft Corporation) atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) < %systemdrive%\EVENTLOG.DLL /md5 /s > eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ERDNT\cache\eventlog.dll -> [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\system32\eventlog.dll -> [2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) < %systemdrive%\NETLOGON.DLL /md5 /s > netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ERDNT\cache\netlogon.dll -> [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\system32\netlogon.dll -> [2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) < %systemdrive%\SCECLI.DLL /md5 /s > scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ERDNT\cache\scecli.dll -> [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\system32\scecli.dll -> [2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) < MD5 Scans End> < %systemroot%\*. /mp /s > Restore point Set: OTS Restore Point (0) < End of report > [/code]