Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo I am pretty sure [RESOLVED]

Started by nicholas.alipaz , May 14 2008 03:24 PM

  • This topic is locked This topic is locked

#1
nicholas.alipaz
Posted 14 May 2008 - 03:24 PM

nicholas.alipaz

    Member

  • Member
  • PipPip
  • 12 posts
I have recently gotten this malware and it keeps forwarding my browser along to fling.com. I can't seem to get rid of it with the suggested tools in the sticky. Please if anyone could give me some assistance?

I am on Windows XP with McAfee Antivirus.

I have tried Spybot Search & Destroy, VundoFix, VirtumundoBegone, ATF_Cleaner, SuperAntispyware, and HiJackThis!

Steps I have taken:

I took all steps in the first post of this thread
Here are the files I have:

VBG.txt
[05/31/2008, 14:07:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nalipaz\Desktop\VirtumundoBeGone.exe" )[05/31/2008, 14:07:48] - Detected System Information:[05/31/2008, 14:07:48] -  Windows Version: 5.1.2600, Service Pack 2[05/31/2008, 14:07:48] -  Current Username: nalipaz (Admin)[05/31/2008, 14:07:48] -  Windows is in NORMAL mode.[05/31/2008, 14:07:48] - Searching for Browser Helper Objects:[05/31/2008, 14:07:48] -  BHO 1: {026CA60A-C663-4C60-A284-0C9AB846EBBA} ()[05/31/2008, 14:07:48] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:07:48] -  Checking for HKLM\...\Winlogon\Notify\hgGVmjkK[05/31/2008, 14:07:48] -  Key not found: HKLM\...\Winlogon\Notify\hgGVmjkK, continuing.[05/31/2008, 14:07:48] -  BHO 2: {22FFB3D4-2FF9-48E0-BB4E-6FE42D09FE49} ()[05/31/2008, 14:07:48] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:07:48] -  No filename found. Continuing.[05/31/2008, 14:07:48] -  BHO 3: {274809B2-F5BA-48D3-8D27-74B93A14935C} ()[05/31/2008, 14:07:48] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:07:48] -  Checking for HKLM\...\Winlogon\Notify\hgGxYSIA[05/31/2008, 14:07:48] -  Key not found: HKLM\...\Winlogon\Notify\hgGxYSIA, continuing.[05/31/2008, 14:07:48] -  BHO 4: {51356ae9-70d8-4dc1-8130-dd49d88e1016} ()[05/31/2008, 14:07:48] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:07:48] -  Checking for HKLM\...\Winlogon\Notify\xepsimld[05/31/2008, 14:07:48] -  Key not found: HKLM\...\Winlogon\Notify\xepsimld, continuing.[05/31/2008, 14:07:48] -  BHO 5: {5341B716-F28C-4D51-845E-A43B36199F8B} ()[05/31/2008, 14:07:48] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:07:48] -  No filename found. Continuing.[05/31/2008, 14:07:48] -  BHO 6: {601ED020-FB6C-11D3-87D8-0050DA59922B} (WsftpBrowserHelper Class)[05/31/2008, 14:07:48] -  BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)[05/31/2008, 14:07:48] -  BHO 8: {E660CF3B-B13A-499E-BD1B-AC1044A2A3AC} ()[05/31/2008, 14:07:48] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:07:48] -  Checking for HKLM\...\Winlogon\Notify\yayvTnoM[05/31/2008, 14:07:48] -  Key not found: HKLM\...\Winlogon\Notify\yayvTnoM, continuing.[05/31/2008, 14:07:48] - Finished Searching Browser Helper Objects[05/31/2008, 14:07:48] - Finishing up...[05/31/2008, 14:07:48] - Nothing found! Exiting...[05/31/2008, 14:13:20] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nalipaz\Desktop\VirtumundoBeGone.exe" )[05/31/2008, 14:13:23] - Detected System Information:[05/31/2008, 14:13:23] -  Windows Version: 5.1.2600, Service Pack 2[05/31/2008, 14:13:23] -  Current Username: nalipaz (Admin)[05/31/2008, 14:13:23] -  Windows is in NORMAL mode.[05/31/2008, 14:13:23] - Searching for Browser Helper Objects:[05/31/2008, 14:13:23] -  BHO 1: {026CA60A-C663-4C60-A284-0C9AB846EBBA} ()[05/31/2008, 14:13:23] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:13:23] -  Checking for HKLM\...\Winlogon\Notify\hgGVmjkK[05/31/2008, 14:13:23] -  Key not found: HKLM\...\Winlogon\Notify\hgGVmjkK, continuing.[05/31/2008, 14:13:23] -  BHO 2: {22FFB3D4-2FF9-48E0-BB4E-6FE42D09FE49} ()[05/31/2008, 14:13:23] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:13:23] -  No filename found. Continuing.[05/31/2008, 14:13:23] -  BHO 3: {51356ae9-70d8-4dc1-8130-dd49d88e1016} ()[05/31/2008, 14:13:23] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:13:23] -  Checking for HKLM\...\Winlogon\Notify\xepsimld[05/31/2008, 14:13:23] -  Key not found: HKLM\...\Winlogon\Notify\xepsimld, continuing.[05/31/2008, 14:13:23] -  BHO 4: {5341B716-F28C-4D51-845E-A43B36199F8B} ()[05/31/2008, 14:13:23] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:13:23] -  No filename found. Continuing.[05/31/2008, 14:13:23] -  BHO 5: {601ED020-FB6C-11D3-87D8-0050DA59922B} (WsftpBrowserHelper Class)[05/31/2008, 14:13:23] -  BHO 6: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)[05/31/2008, 14:13:23] -  BHO 7: {B9AAE7B1-0177-45C9-8937-C0D7624FAB85} ()[05/31/2008, 14:13:23] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:13:23] -  Checking for HKLM\...\Winlogon\Notify\hgGxYSIA[05/31/2008, 14:13:23] -  Key not found: HKLM\...\Winlogon\Notify\hgGxYSIA, continuing.[05/31/2008, 14:13:23] -  BHO 8: {E660CF3B-B13A-499E-BD1B-AC1044A2A3AC} ()[05/31/2008, 14:13:23] - WARNING: BHO has no default name. Checking for Winlogon reference.[05/31/2008, 14:13:23] -  Checking for HKLM\...\Winlogon\Notify\yayvTnoM[05/31/2008, 14:13:23] -  Key not found: HKLM\...\Winlogon\Notify\yayvTnoM, continuing.[05/31/2008, 14:13:23] - Finished Searching Browser Helper Objects[05/31/2008, 14:13:23] - Finishing up...[05/31/2008, 14:13:23] - Nothing found! Exiting...

mbam-log-5-31-2008 (15-05-24).txt
Database version _linenums:748'>Malwarebytes' Anti-Malware 1.12Database version: 748Scan type: Quick ScanObjects scanned: 42520Time elapsed: 4 minute(s), 40 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 11Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 0Files Infected: 12Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\hgGxYSIA.dll (Trojan.Vundo) -> Unloaded module successfully.C:\WINDOWS\system32\wengbpif.dll (Trojan.Vundo) -> Unloaded module successfully.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6311bace-7c35-4cbd-b974-e51aef811048} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{6311bace-7c35-4cbd-b974-e51aef811048} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cc4ae07 (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM1ff79d9b (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxysia -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxysia  -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ggptupac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\caputpgg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\hgGxYSIA.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\AISYxGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\AISYxGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\wengbpif.dll (Trojan.Vundo) -> Delete on reboot.C:\WINDOWS\system32\fipbgnew.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\yayvTnoM.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\MonTvyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\MonTvyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nkokevog.dll (Trojan.Agent) -> Delete on reboot.C:\WINDOWS\Explorer.EXE.Z-missing.txt (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

VundoFix.txt
VundoFix V7.0.3Scan started at 1:55:42 PM 5/31/2008Listing files found while scanning....No infected files were found.Beginning removal...VundoFix V7.0.3Scan started at 2:13:42 PM 5/31/2008Listing files found while scanning....No infected files were found.VundoFix V7.0.3Scan started at 2:53:12 PM 5/31/2008Listing files found while scanning....

SUPERAntiSpyware Scan Log
SUPERAntiSpyware Scan LogGenerated 05/31/2008 at 05:07 PMApplication Version : 3.6.1000Core Rules Database Version : 3143Trace Rules Database Version: 1159Scan type       : Complete ScanTotal Scan Time : 01:51:34Memory items scanned      : 381Memory threats detected   : 0Registry items scanned    : 5749Registry threats detected : 0File items scanned        : 135674File threats detected     : 0

hijackthis.log
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:12:14 PM, on 5/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Kaseya\Agent\AgentMon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\Kaseya\Agent\KaUsrTsk.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Kaseya\Agent\KaUsrTsk.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\7-Zip\7zG.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = [url="http://www.dell.com"]http://www.dell.com[/url]O1 - Hosts: 207.97.231.27 exchange.sageryder.localO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exeO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUNO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Vantage360 Agent] C:\Program Files\Kaseya\Agent\KaUsrTsk.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - S-1-5-18 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'SYSTEM')O4 - .DEFAULT Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'Default user')O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - [url="http://enu.vs.mcafeeasap.com/VS2/bin/myCioAgt.20051117222623.cab"]http://enu.vs.mcafeeasap.com/VS2/bin/myCio...51117222623.cab[/url]O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - [url="https://accounting.quickbooks.com/c2/v21.120/qboax10.cab"]https://accounting.quickbooks.com/c2/v21.120/qboax10.cab[/url]O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: Kaseya Agent (KaseyaAgent) - Kaseya - C:\Program Files\Kaseya\Agent\AgentMon.exeO23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exeO23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 5559 bytes

Edited by nicholas.alipaz, 14 May 2008 - 03:28 PM.

  • 0

Advertisements

#2
Essexboy
Posted 14 May 2008 - 03:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need to take a deeper look at your system

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • File - Lop Check
    • Reg - BotCheck
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • File - Additional Folder Scans
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#3
nicholas.alipaz
Posted 14 May 2008 - 04:01 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for the quick reponse! I hope you are able to help. The OTCScanIt file wouldn't attach, so it is below:

CODE

OTScanIt logfile created on: 5/31/2008 5:55:48 PM
OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\nalipaz\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 322.99 Mb Available Physical Memory | 63.33% Memory free
1.97 Gb Paging File | 1.72 Gb Available in Paging File | 87.19% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 3.85 Gb Free Space | 10.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICHOLASA
Current User Name: nalipaz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
agentmon.exe -> %ProgramFiles%\Kaseya\Agent\AgentMon.exe -> Kaseya [Ver = 5.0.0.5 | Size = 598016 bytes | Modified Date = 4/28/2008 12:58:32 PM | Attr = ]
myagtsvc.exe -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> McAfee, Inc. [Ver = 4.5.0.464 | Size = 140864 bytes | Modified Date = 3/6/2007 6:25:20 PM | Attr = ]
hpzipm12.exe -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 1:05:02 PM | Attr = ]
winvnc4.exe -> %ProgramFiles%\RealVNC\VNC4\WinVNC4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 438272 bytes | Modified Date = 3/25/2008 5:06:55 PM | Attr = ]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 5:32:24 PM | Attr = ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 5:36:20 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 7:48:14 PM | Attr = ]
myagttry.exe -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtTry.exe -> McAfee, Inc. [Ver = 4.5.1.180 | Size = 190016 bytes | Modified Date = 5/18/2007 5:03:00 AM | Attr = ]
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.1.2004121400 | Size = 483328 bytes | Modified Date = 12/14/2004 3:12:02 AM | Attr = ]
kausrtsk.exe -> %ProgramFiles%\Kaseya\Agent\KaUsrTsk.exe -> Kaseya [Ver = 5.0.0.0 | Size = 229376 bytes | Modified Date = 3/7/2008 1:12:38 PM | Attr = ]
kausrtsk.exe -> %ProgramFiles%\Kaseya\Agent\KaUsrTsk.exe -> Kaseya [Ver = 5.0.0.0 | Size = 229376 bytes | Modified Date = 3/7/2008 1:12:38 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee\Managed VirusScan\VScan\McShield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.0.139.x86 | Size = 144960 bytes | Modified Date = 1/31/2007 1:12:08 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 5/9/2008 9:51:12 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2/16/2006 1:11:27 PM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 4/1/2008 4:53:02 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found
(KaseyaAgent) Kaseya Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaseya\Agent\AgentMon.exe -> Kaseya [Ver = 5.0.0.5 | Size = 598016 bytes | Modified Date = 4/28/2008 12:58:32 PM | Attr = ]
(McShield) McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\Managed VirusScan\VScan\McShield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.0.139.x86 | Size = 144960 bytes | Modified Date = 1/31/2007 1:12:08 PM | Attr = ]
(myAgtSvc) McAfee Virus and Spyware Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -> McAfee, Inc. [Ver = 4.5.0.464 | Size = 140864 bytes | Modified Date = 3/6/2007 6:25:20 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel® Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 3:33:40 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 10, 1, 1, 2 | Size = 69632 bytes | Modified Date = 3/14/2005 1:05:02 PM | Attr = ]
(WinVNC4) VNC Server Version 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\RealVNC\VNC4\WinVNC4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 438272 bytes | Modified Date = 3/25/2008 5:06:55 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 6.0.1.2004121400 | Size = 483328 bytes | Modified Date = 12/14/2004 3:12:02 AM | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 9/20/2005 5:32:24 PM | Attr = ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 9/20/2005 5:36:20 PM | Attr = ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 9/20/2005 5:35:40 PM | Attr = ]
Kaseya Agent Service Helper -> %ProgramFiles%\Kaseya\Agent\KaUsrTsk.exe [C:\Program Files\Kaseya\Agent\KaUsrTsk.exe] -> Kaseya [Ver = 5.0.0.0 | Size = 229376 bytes | Modified Date = 3/7/2008 1:12:38 PM | Attr = ]
McAfee Managed Services Tray -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\myAgtTry.exe ["C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"] -> McAfee, Inc. [Ver = 4.5.1.180 | Size = 190016 bytes | Modified Date = 5/18/2007 5:03:00 AM | Attr = ]
MVS Splash -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\Splash.exe [C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe] -> McAfee, Inc. [Ver = 4.5.0.464 | Size = 468544 bytes | Modified Date = 3/6/2007 6:25:14 PM | Attr = ]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 10:32:10 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe [C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe] -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 7:48:14 PM | Attr = ]
Vantage360 Agent -> %ProgramFiles%\Kaseya\Agent\KaUsrTsk.exe [C:\Program Files\Kaseya\Agent\KaUsrTsk.exe] -> Kaseya [Ver = 5.0.0.0 | Size = 229376 bytes | Modified Date = 3/7/2008 1:12:38 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
< Run [HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\] > -> HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
%SystemDrive%\Documents and Settings\Administrator\Start Menu\Programs\Startup\LivePerson.lnk -> %ProgramFiles%\LivePerson\hc.exe -> [Ver = 1, 0, 0, 1 | Size = 2011136 bytes | Modified Date = 4/4/2006 4:24:56 PM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< hpruett Startup Folder > -> C:\Documents and Settings\hpruett\Start Menu\Programs\Startup ->
< McAfeeMVSUser Startup Folder > -> C:\Documents and Settings\McAfeeMVSUser\Start Menu\Programs\Startup ->
< nalipaz Startup Folder > -> C:\Documents and Settings\nalipaz\Start Menu\Programs\Startup ->
< Nicholas Alipaz Startup Folder > -> C:\Documents and Settings\Nicholas Alipaz\Start Menu\Programs\Startup ->
< SageRyder Startup Folder > -> C:\Documents and Settings\SageRyder\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010] > -> HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 9/20/2005 5:31:28 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010] > -> HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_CD-ROM_GCR-8485B_______________1.05____\5&70107e7&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/11/2004 7:15:00 PM | Attr = ]
< HOSTS File > (238985 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
207.97.231.27 exchange.sageryder.local -> ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.co...ll/en/side.html ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.co...ll/en/side.html ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ig/dell?hl=en ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.google.com/ig/dell?hl=en ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
HKEY_USERS\.DEFAULT\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.google.com/ig/dell?hl=en ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.google.com/ig/dell?hl=en ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-18\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\] > -> ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\: Main\\Search Bar -> http://www.google.co...ll/en/side.html ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\: Main\\Search Page -> http://www.google.co...ll/en/side.html ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\: Main\\Start Page -> http://www.google.com/ig/dell?hl=en ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4423 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4422 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\] > -> HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\] > -> HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1248980583-1146615429-3783799651-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{026CA60A-C663-4C60-A284-0C9AB846EBBA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGVmjkK.dll [Reg Error: Value does not exist or could not be read.] -> File not found
{22FFB3D4-2FF9-48E0-BB4E-6FE42D09FE49} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{5341B716-F28C-4D51-845E-A43B36199F8B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{59150ca3-1479-417e-a110-81b4e63f8038} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\qeisyiuh.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 133120 bytes | Modified Date = 5/31/2008 2:49:59 PM | Attr = ]
{601ED020-FB6C-11D3-87D8-0050DA59922B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Ipswitch\WS_FTP Pro\wsbho2k0.dll [WsftpBrowserHelper Class] -> Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 [Ver = 9,0,0,0 | Size = 118830 bytes | Modified Date = 6/17/2004 2:00:36 PM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 3:13:40 AM | Attr = ]
{E0849D6F-005B-4781-BDB8-5B8D62F1CE74} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGxYSIA.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 370688 bytes | Modified Date = 5/31/2008 1:38:46 PM | Attr = ]
{E660CF3B-B13A-499E-BD1B-AC1044A2A3AC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayvTnoM.dll [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 3:13:40 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 3:13:40 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{C228B064-DE33-401F-841D-47A6CB45BD3A} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ]
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
myrm -> 2 = Trusted sites (Not a Default Protocol) ->
myui -> 2 = Trusted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
myrm:{4D034FC3-013F-4b95-B544-44D49ABE3E76} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\Managed VirusScan\Agent\MyRmProt4.5.1.191.dll[MyRmProtocol Class] -> McAfee, Inc. [Ver = 4.5.1.191 | Size = 143360 bytes | Modified Date = 8/7/2007 9:20:30 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.micros...ntent/opuc3.cab[Office Update Installation Engine] ->
{40C83AF8-FEA7-4A6A-A470-431EE84A0886}[HKEY_LOCAL_MACHINE] -> http://enu.vs.mcafee...51117222623.cab[SecureObjectFactory Class] ->
{843EE768-3A97-455C-9076-741BA3AD7B62}[HKEY_LOCAL_MACHINE] -> https://accounting.q...120/qboax10.cab[QuickBooks Online Edition Utilities Class v10] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macr...ash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/qboax10.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/qboax10.dll\\.Owner -> {843EE768-3A97-455C-9076-741BA3AD7B62} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/qboax10.dll\\{843EE768-3A97-455C-9076-741BA3AD7B62} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> C:\WINDOWS\system32\msv1_0.dll [msv1_0] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 704 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 09 AA 28 A7 63 96 00 DB 5D 88 16 D4 AD F8 13 94 63 39 34 61 32 38 66 33 00 00 00 00 AD 7D 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 85 6B B4 F5 97 68 4A 87 3A 12 67 C9 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 62 A9 6D 03 7F 96 6C E1 34 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 64 D3 23 21 84 D4 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 44 31 EB 6F 0E 25 2C 8F 5E 96 63 CE 69 35 DD 0F [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> EE 77 4F 75 51 C3 C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 78 9C 2F 12 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 29365 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:
  • 0

#4
nicholas.alipaz
Posted 14 May 2008 - 04:02 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Had to split into two posts, too big:
CODE
Gadu-Gadu -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Gadu-Gadu -> [Folder | Modified Date = 5/6/2008 8:35:12 AM | Attr = ]
backup -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Gadu-Gadu\backup -> [Folder | Modified Date = 5/6/2008 8:35:13 AM | Attr = ]
_cache -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Gadu-Gadu\backup\_cache -> [Folder | Modified Date = 5/6/2008 8:35:13 AM | Attr = ]
Ja -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Gadu-Gadu\backup\Ja -> [Folder | Modified Date = 5/6/2008 8:35:13 AM | Attr = ]
avatars -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Gadu-Gadu\backup\Ja\avatars -> [Folder | Modified Date = 5/6/2008 8:35:12 AM | Attr = ]
Google -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Google -> [Folder | Modified Date = 3/27/2008 8:53:43 AM | Attr = ]
Local Search History -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Google\Local Search History -> [Folder | Modified Date = 3/27/2008 8:53:43 AM | Attr = ]
Plugin -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Google\Plugin -> [Folder | Modified Date = 2/14/2006 4:04:42 PM | Attr = ]
gtk-2.0 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\gtk-2.0 -> [Folder | Modified Date = 5/7/2008 5:19:14 PM | Attr = ]
IcoFX -> C:\Documents and Settings\Nicholas Alipaz\Application Data\IcoFX -> [Folder | Modified Date = 4/15/2008 4:20:12 PM | Attr = ]
Identities -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Identities -> [Folder | Modified Date = 8/11/2004 7:20:36 PM | Attr = ]
{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} -> [Folder | Modified Date = 8/11/2004 7:20:36 PM | Attr = ]
Ipswitch -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch -> [Folder | Modified Date = 3/26/2008 12:28:11 PM | Attr = ]
WS_FTP -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP -> [Folder | Modified Date = 4/15/2008 11:07:13 AM | Attr = ]
DirCache -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\DirCache -> [Folder | Modified Date = 5/29/2008 2:02:38 PM | Attr = ]
FireScripts -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\FireScripts -> [Folder | Modified Date = 3/26/2008 12:28:11 PM | Attr = ]
HTML -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
Res409 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409 -> [Folder | Modified Date = 3/28/2008 11:38:09 AM | Attr = ]
CONNECTIONWIZARD -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\CONNECTIONWIZARD -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
CSS -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\CSS -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
ERRORS -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\ERRORS -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
FTPVIEW -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\FTPVIEW -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
LOGIN -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\LOGIN -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
NEWSITEFOLDER -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\NEWSITEFOLDER -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
NEWSITENAME -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\NEWSITENAME -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
PGPGENKEYWIZ -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\PGPGENKEYWIZ -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
PGPIMPKEYWIZ -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\PGPIMPKEYWIZ -> [Folder | Modified Date = 3/26/2008 12:28:13 PM | Attr = ]
SSHCLIENTKEYCREATE -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\SSHCLIENTKEYCREATE -> [Folder | Modified Date = 3/26/2008 12:28:13 PM | Attr = ]
SSHCLIENTKEYIMPORT -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\SSHCLIENTKEYIMPORT -> [Folder | Modified Date = 3/26/2008 12:28:13 PM | Attr = ]
SSHTRUSTEDKEYS -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\SSHTRUSTEDKEYS -> [Folder | Modified Date = 3/26/2008 12:28:13 PM | Attr = ]
SSLCERTIMPWIZ -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\SSLCERTIMPWIZ -> [Folder | Modified Date = 3/26/2008 12:28:13 PM | Attr = ]
SSLCREATECERTWIZ -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\SSLCREATECERTWIZ -> [Folder | Modified Date = 3/26/2008 12:28:13 PM | Attr = ]
TMP -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\HTML\Res409\TMP -> [Folder | Modified Date = 5/9/2008 3:55:35 PM | Attr = ]
Logs -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Logs -> [Folder | Modified Date = 5/29/2008 2:02:39 PM | Attr = ]
pgp -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\pgp -> [Folder | Modified Date = 4/10/2008 9:45:09 AM | Attr = ]
Sites -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Sites -> [Folder | Modified Date = 3/28/2008 11:38:15 AM | Attr = ]
SSH -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\SSH -> [Folder | Modified Date = 4/15/2008 11:07:05 AM | Attr = ]
ClientKeyStore -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\SSH\ClientKeyStore -> [Folder | Modified Date = 4/10/2008 9:45:09 AM | Attr = ]
TrustedKeyStore -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\SSH\TrustedKeyStore -> [Folder | Modified Date = 4/15/2008 11:07:05 AM | Attr = ]
SSL -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\SSL -> [Folder | Modified Date = 4/15/2008 12:34:54 PM | Attr = ]
Certs -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\SSL\Certs -> [Folder | Modified Date = 3/26/2008 12:28:12 PM | Attr = ]
Storage -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage -> [Folder | Modified Date = 4/17/2008 9:03:48 AM | Attr = ]
_temp_rr -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage\_temp_rr -> [Folder | Modified Date = 4/17/2008 3:55:21 PM | Attr = ]
seo -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage\seo -> [Folder | Modified Date = 4/15/2008 11:06:26 AM | Attr = ]
root -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage\seo\root -> [Folder | Modified Date = 4/15/2008 11:06:26 AM | Attr = ]
adm -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage\seo\root\adm -> [Folder | Modified Date = 4/15/2008 11:06:26 AM | Attr = ]
mods -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage\seo\root\adm\mods -> [Folder | Modified Date = 4/15/2008 11:06:26 AM | Attr = ]
includes -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Ipswitch\WS_FTP\Storage\seo\root\includes -> [Folder | Modified Date = 4/15/2008 11:06:26 AM | Attr = ]
Macromedia -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia -> [Folder | Modified Date = 4/2/2008 9:58:36 AM | Attr = ]
Common -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Common -> [Folder | Modified Date = 3/26/2008 1:59:46 PM | Attr = ]
8 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Common\8 -> [Folder | Modified Date = 3/26/2008 1:59:46 PM | Attr = ]
SourceControl -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Common\8\SourceControl -> [Folder | Modified Date = 3/26/2008 1:59:46 PM | Attr = ]
SourceSafeInfo -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Common\8\SourceControl\SourceSafeInfo -> [Folder | Modified Date = 3/26/2008 1:59:46 PM | Attr = ]
Dreamweaver 8 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8 -> [Folder | Modified Date = 5/30/2008 2:03:31 PM | Attr = ]
Configuration -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration -> [Folder | Modified Date = 4/10/2008 1:20:48 PM | Attr = ]
CodeCollapse -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\CodeCollapse -> [Folder | Modified Date = 3/26/2008 1:58:50 PM | Attr = ]
cache -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\CodeCollapse\cache -> [Folder | Modified Date = 3/26/2008 1:58:50 PM | Attr = ]
CodeColoring -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\CodeColoring -> [Folder | Modified Date = 3/26/2008 1:58:29 PM | Attr = ]
Content -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Content -> [Folder | Modified Date = 3/26/2008 1:58:46 PM | Attr = ]
Welcome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Content\Welcome -> [Folder | Modified Date = 3/26/2008 1:58:46 PM | Attr = ]
Flash -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Content\Welcome\Flash -> [Folder | Modified Date = 3/26/2008 1:58:46 PM | Attr = ]
CrashLogs -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\CrashLogs -> [Folder | Modified Date = 4/10/2008 1:20:48 PM | Attr = ]
Flash Player -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player -> [Folder | Modified Date = 3/26/2008 1:58:29 PM | Attr = ]
Menus -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus -> [Folder | Modified Date = 3/26/2008 1:58:30 PM | Attr = ]
Cache -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache -> [Folder | Modified Date = 3/26/2008 1:58:33 PM | Attr = ]
Accelerators -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Accelerators -> [Folder | Modified Date = 3/26/2008 1:58:31 PM | Attr = ]
Menus -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Menus -> [Folder | Modified Date = 3/26/2008 1:58:33 PM | Attr = ]
Tools -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Tools -> [Folder | Modified Date = 3/26/2008 1:58:30 PM | Attr = ]
Custom Sets -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Custom Sets -> [Folder | Modified Date = 3/26/2008 1:58:29 PM | Attr = ]
RDSINFO -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\RDSINFO -> [Folder | Modified Date = 3/26/2008 1:59:46 PM | Attr = ]
SiteCache -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache -> [Folder | Modified Date = 3/26/2008 1:58:41 PM | Attr = ]
Temp -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Temp -> [Folder | Modified Date = 5/30/2008 2:03:20 PM | Attr = ]
FlashElements -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Temp\FlashElements -> [Folder | Modified Date = 5/30/2008 2:03:20 PM | Attr = ]
ImageViewer -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Dreamweaver 8\Configuration\Temp\FlashElements\ImageViewer -> [Folder | Modified Date = 5/30/2008 2:03:21 PM | Attr = ]
Fireworks 8 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8 -> [Folder | Modified Date = 4/2/2008 10:07:29 AM | Attr = ]
Auto Shape Tools -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Auto Shape Tools -> [Folder | Modified Date = 4/2/2008 9:58:48 AM | Attr = ]
Auto Shapes -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Auto Shapes -> [Folder | Modified Date = 4/2/2008 9:58:49 AM | Attr = ]
Command Panels -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Command Panels -> [Folder | Modified Date = 4/2/2008 9:58:51 AM | Attr = ]
Commands -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Commands -> [Folder | Modified Date = 4/2/2008 9:58:44 AM | Attr = ]
English -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\English -> [Folder | Modified Date = 4/10/2008 4:23:01 PM | Attr = ]
Keyboard Shortcuts -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\English\Keyboard Shortcuts -> [Folder | Modified Date = 4/2/2008 9:58:49 AM | Attr = ]
Export Settings -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Export Settings -> [Folder | Modified Date = 4/2/2008 9:58:50 AM | Attr = ]
Libraries -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Libraries -> [Folder | Modified Date = 4/2/2008 9:58:48 AM | Attr = ]
Nav Menu -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Nav Menu -> [Folder | Modified Date = 4/2/2008 9:58:37 AM | Attr = ]
Presets -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Presets -> [Folder | Modified Date = 4/2/2008 9:58:53 AM | Attr = ]
Styles -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\Styles -> [Folder | Modified Date = 4/2/2008 9:58:37 AM | Attr = ]
URL Libraries -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Fireworks 8\URL Libraries -> [Folder | Modified Date = 4/2/2008 9:58:37 AM | Attr = ]
Flash Player -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 3/26/2008 2:21:22 PM | Attr = ]
#SharedObjects -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 3/26/2008 2:21:22 PM | Attr = ]
PEVZMJCS -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS -> [Folder | Modified Date = 5/29/2008 3:22:56 PM | Attr = ]
bankofamerica.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\bankofamerica.com -> [Folder | Modified Date = 4/7/2008 4:22:19 PM | Attr = ]
sas -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\bankofamerica.com\sas -> [Folder | Modified Date = 4/7/2008 4:22:19 PM | Attr = ]
sas-docs -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\bankofamerica.com\sas\sas-docs -> [Folder | Modified Date = 4/7/2008 4:22:19 PM | Attr = ]
html -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\bankofamerica.com\sas\sas-docs\html -> [Folder | Modified Date = 4/7/2008 4:22:19 PM | Attr = ]
pmfso.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\bankofamerica.com\sas\sas-docs\html\pmfso.swf -> [Folder | Modified Date = 4/7/2008 4:22:24 PM | Attr = ]
bin.clearspring.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\bin.clearspring.com -> [Folder | Modified Date = 4/2/2008 1:27:26 PM | Attr = ]
flash.quantserve.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\flash.quantserve.com -> [Folder | Modified Date = 5/1/2008 12:29:22 PM | Attr = ]
flash.revver.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\flash.revver.com -> [Folder | Modified Date = 4/3/2008 1:45:12 PM | Attr = ]
player -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\flash.revver.com\player -> [Folder | Modified Date = 4/3/2008 1:45:12 PM | Attr = ]
1.0 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\flash.revver.com\player\1.0 -> [Folder | Modified Date = 4/3/2008 1:45:12 PM | Attr = ]
core.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\flash.revver.com\player\1.0\core.swf -> [Folder | Modified Date = 4/3/2008 1:45:12 PM | Attr = ]
gdata.youtube.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\gdata.youtube.com -> [Folder | Modified Date = 5/29/2008 3:22:56 PM | Attr = ]
hostedtalkgadget.google.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\hostedtalkgadget.google.com -> [Folder | Modified Date = 5/2/2008 10:48:20 AM | Attr = ]
interclick.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\interclick.com -> [Folder | Modified Date = 3/31/2008 5:02:51 PM | Attr = ]
media1.break.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\media1.break.com -> [Folder | Modified Date = 5/8/2008 1:41:32 PM | Attr = ]
medium.co.uk -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\medium.co.uk -> [Folder | Modified Date = 4/8/2008 11:21:20 AM | Attr = ]
uploads -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\medium.co.uk\uploads -> [Folder | Modified Date = 4/8/2008 11:21:20 AM | Attr = ]
Flash -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\medium.co.uk\uploads\Flash -> [Folder | Modified Date = 4/8/2008 11:21:20 AM | Attr = ]
medium.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\medium.co.uk\uploads\Flash\medium.swf -> [Folder | Modified Date = 4/8/2008 11:21:20 AM | Attr = ]
pagead2.googlesyndication.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\pagead2.googlesyndication.com -> [Folder | Modified Date = 4/8/2008 1:56:00 PM | Attr = ]
pagead -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\pagead2.googlesyndication.com\pagead -> [Folder | Modified Date = 4/8/2008 1:56:00 PM | Attr = ]
googleadplayer.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\pagead2.googlesyndication.com\pagead\googleadplayer.swf -> [Folder | Modified Date = 4/8/2008 1:56:00 PM | Attr = ]
phatterism.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\phatterism.com -> [Folder | Modified Date = 4/2/2008 3:17:49 PM | Attr = ]
main.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\phatterism.com\main.swf -> [Folder | Modified Date = 4/2/2008 3:17:49 PM | Attr = ]
pub.widgetbox.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\pub.widgetbox.com -> [Folder | Modified Date = 5/1/2008 12:29:22 PM | Attr = ]
pub.widgetserver.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\pub.widgetserver.com -> [Folder | Modified Date = 5/1/2008 12:29:23 PM | Attr = ]
talkgadget.google.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\talkgadget.google.com -> [Folder | Modified Date = 5/2/2008 10:49:37 AM | Attr = ]
video.google.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\video.google.com -> [Folder | Modified Date = 5/29/2008 3:39:02 PM | Attr = ]
googleplayer.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\video.google.com\googleplayer.swf -> [Folder | Modified Date = 5/8/2008 1:40:11 PM | Attr = ]
www.howcast.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.howcast.com -> [Folder | Modified Date = 3/31/2008 5:29:31 PM | Attr = ]
flash -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.howcast.com\flash -> [Folder | Modified Date = 3/31/2008 5:29:31 PM | Attr = ]
standard_player.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.howcast.com\flash\standard_player.swf -> [Folder | Modified Date = 3/31/2008 5:29:31 PM | Attr = ]
www.sony.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.sony.com -> [Folder | Modified Date = 4/8/2008 4:18:49 PM | Attr = ]
www.usa.canon.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
html -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com\html -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
cusa -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com\html\cusa -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
app -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com\html\cusa\app -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
flash -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com\html\cusa\app\flash -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
promo1 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com\html\cusa\app\flash\promo1 -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
promo_nav.swf -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.usa.canon.com\html\cusa\app\flash\promo1\promo_nav.swf -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
www.youtube.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\www.youtube.com -> [Folder | Modified Date = 5/30/2008 12:18:00 PM | Attr = ]
youtube.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\#SharedObjects\PEVZMJCS\youtube.com -> [Folder | Modified Date = 4/2/2008 5:12:42 PM | Attr = ]
macromedia.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com -> [Folder | Modified Date = 3/26/2008 2:21:22 PM | Attr = ]
support -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support -> [Folder | Modified Date = 3/26/2008 2:21:22 PM | Attr = ]
flashplayer -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer -> [Folder | Modified Date = 3/26/2008 2:21:22 PM | Attr = ]
sys -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys -> [Folder | Modified Date = 5/30/2008 4:47:10 PM | Attr = ]
#bankofamerica.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com -> [Folder | Modified Date = 4/7/2008 4:22:19 PM | Attr = ]
#bin.clearspring.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com -> [Folder | Modified Date = 4/2/2008 1:27:26 PM | Attr = ]
#flash.quantserve.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com -> [Folder | Modified Date = 5/1/2008 12:29:22 PM | Attr = ]
#flash.revver.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.revver.com -> [Folder | Modified Date = 4/3/2008 1:45:12 PM | Attr = ]
#gdata.youtube.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#gdata.youtube.com -> [Folder | Modified Date = 5/29/2008 3:22:56 PM | Attr = ]
#hostedtalkgadget.google.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hostedtalkgadget.google.com -> [Folder | Modified Date = 4/1/2008 3:41:00 PM | Attr = ]
#interclick.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com -> [Folder | Modified Date = 3/31/2008 5:02:50 PM | Attr = ]
#media1.break.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.break.com -> [Folder | Modified Date = 5/8/2008 1:41:32 PM | Attr = ]
#medium.co.uk -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#medium.co.uk -> [Folder | Modified Date = 4/8/2008 11:21:20 AM | Attr = ]
#pagead2.googlesyndication.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com -> [Folder | Modified Date = 4/8/2008 1:56:00 PM | Attr = ]
#phatterism.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#phatterism.com -> [Folder | Modified Date = 4/2/2008 3:17:49 PM | Attr = ]
#pub.widgetbox.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com -> [Folder | Modified Date = 5/1/2008 12:29:22 PM | Attr = ]
#pub.widgetserver.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetserver.com -> [Folder | Modified Date = 5/1/2008 12:29:23 PM | Attr = ]
#talkgadget.google.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#talkgadget.google.com -> [Folder | Modified Date = 4/1/2008 5:39:22 PM | Attr = ]
#video.google.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com -> [Folder | Modified Date = 5/8/2008 1:40:11 PM | Attr = ]
#www.howcast.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.howcast.com -> [Folder | Modified Date = 3/31/2008 5:29:31 PM | Attr = ]
#www.sony.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.sony.com -> [Folder | Modified Date = 4/8/2008 4:18:49 PM | Attr = ]
#www.usa.canon.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.usa.canon.com -> [Folder | Modified Date = 4/7/2008 10:55:44 AM | Attr = ]
#www.youtube.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com -> [Folder | Modified Date = 3/27/2008 2:31:19 PM | Attr = ]
#youtube.com -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com -> [Folder | Modified Date = 4/2/2008 5:12:35 PM | Attr = ]
Microsoft -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft -> [Folder | Modified Date = 5/31/2008 8:33:11 AM | Attr = S]
AddIns -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\AddIns -> [Folder | Modified Date = 3/26/2008 12:33:05 PM | Attr = ]
Address Book -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Address Book -> [Folder | Modified Date = 3/26/2008 1:25:55 PM | Attr = ]
CLR Security Config -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\CLR Security Config -> [Folder | Modified Date = 8/11/2004 7:23:28 PM | Attr = ]
v1.1.4322 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\CLR Security Config\v1.1.4322 -> [Folder | Modified Date = 2/17/2006 4:02:33 AM | Attr = ]
Credentials -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 3/26/2008 12:25:17 PM | Attr = S]
S-1-5-21-1248980583-1146615429-3783799651-1009 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Credentials\S-1-5-21-1248980583-1146615429-3783799651-1009 -> [Folder | Modified Date = 3/26/2008 12:30:06 PM | Attr = S]
S-1-5-21-1248980583-1146615429-3783799651-500 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Credentials\S-1-5-21-1248980583-1146615429-3783799651-500 -> [Folder | Modified Date = 2/14/2006 3:53:20 PM | Attr = S]
S-1-5-21-861567501-1078081533-725345543-500 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500 -> [Folder | Modified Date = 8/11/2004 7:20:26 PM | Attr = S]
CryptnetUrlCache -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 3/27/2008 8:57:10 AM | Attr = S]
Content -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 5/30/2008 4:08:13 PM | Attr = S]
MetaData -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 5/30/2008 4:08:12 PM | Attr = S]
Crypto -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 4/2/2008 8:34:52 AM | Attr = S]
RSA -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 4/2/2008 8:34:52 AM | Attr = S]
S-1-5-21-1248980583-1146615429-3783799651-1009 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1248980583-1146615429-3783799651-1009 -> [Folder | Modified Date = 4/22/2008 4:18:41 PM | Attr = S]
Excel -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Excel -> [Folder | Modified Date = 4/21/2008 11:18:48 AM | Attr = ]
XLSTART -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Excel\XLSTART -> [Folder | Modified Date = 4/3/2008 5:15:00 PM | Attr = ]
HTML Help -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 3/31/2008 8:57:37 AM | Attr = ]
Internet Explorer -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 3/27/2008 12:30:37 PM | Attr = ]
Quick Launch -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 5/5/2008 8:14:44 AM | Attr = R ]
UserData -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer\UserData -> [Folder | Modified Date = 3/27/2008 12:30:37 PM | Attr = HS]
2OX4LJ8S -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer\UserData\2OX4LJ8S -> [Folder | Modified Date = 3/27/2008 12:30:37 PM | Attr = HS]
2Z90636G -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer\UserData\2Z90636G -> [Folder | Modified Date = 3/27/2008 12:30:37 PM | Attr = HS]
SKUG1M39 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer\UserData\SKUG1M39 -> [Folder | Modified Date = 3/27/2008 12:30:37 PM | Attr = HS]
WCMSR4GR -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Internet Explorer\UserData\WCMSR4GR -> [Folder | Modified Date = 3/27/2008 12:30:37 PM | Attr = HS]
Media Player -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 8/11/2004 7:14:50 PM | Attr = ]
MMC -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\MMC -> [Folder | Modified Date = 5/5/2008 8:11:44 AM | Attr = ]
Office -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Office -> [Folder | Modified Date = 4/3/2008 5:15:58 PM | Attr = ]
Recent -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Office\Recent -> [Folder | Modified Date = 4/21/2008 9:32:11 AM | Attr = S]
Outlook -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Outlook -> [Folder | Modified Date = 3/26/2008 12:37:28 PM | Attr = ]
Proof -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Proof -> [Folder | Modified Date = 3/31/2008 8:43:39 AM | Attr = ]
Protect -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Protect -> [Folder | Modified Date = 3/26/2008 12:29:49 PM | Attr = S]
S-1-5-21-1248980583-1146615429-3783799651-1009 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Protect\S-1-5-21-1248980583-1146615429-3783799651-1009 -> [Folder | Modified Date = 3/27/2008 11:27:48 AM | Attr = S]
Signatures -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Signatures -> [Folder | Modified Date = 3/27/2008 2:18:36 PM | Attr = ]
Speech -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Speech -> [Folder | Modified Date = 5/31/2008 8:33:11 AM | Attr = ]
Files -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Speech\Files -> [Folder | Modified Date = 5/31/2008 8:33:11 AM | Attr = ]
UserLexicons -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Speech\Files\UserLexicons -> [Folder | Modified Date = 5/31/2008 8:33:11 AM | Attr = ]
Stationery -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Stationery -> [Folder | Modified Date = 3/26/2008 3:32:53 PM | Attr = ]
SystemCertificates -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 8/11/2004 7:06:56 PM | Attr = S]
My -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 8/11/2004 7:06:56 PM | Attr = S]
Certificates -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 8/11/2004 7:06:56 PM | Attr = S]
CRLs -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 8/11/2004 7:06:56 PM | Attr = S]
CTLs -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 8/11/2004 7:06:56 PM | Attr = S]
Templates -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Templates -> [Folder | Modified Date = 3/26/2008 2:11:27 PM | Attr = ]
Windows -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Windows -> [Folder | Modified Date = 3/27/2008 9:43:53 AM | Attr = ]
Themes -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Windows\Themes -> [Folder | Modified Date = 4/18/2008 5:17:57 PM | Attr = ]
Word -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Word -> [Folder | Modified Date = 3/27/2008 5:54:47 PM | Attr = ]
STARTUP -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Microsoft\Word\STARTUP -> [Folder | Modified Date = 3/26/2008 12:36:34 PM | Attr = ]
Mozilla -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla -> [Folder | Modified Date = 3/26/2008 2:30:01 PM | Attr = ]
Extensions -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Extensions -> [Folder | Modified Date = 3/26/2008 2:30:01 PM | Attr = ]
{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [Folder | Modified Date = 3/26/2008 2:30:01 PM | Attr = ]
Firefox -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox -> [Folder | Modified Date = 5/31/2008 11:02:37 AM | Attr = ]
Crash Reports -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Crash Reports -> [Folder | Modified Date = 4/14/2008 8:29:36 AM | Attr = ]
pending -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Crash Reports\pending -> [Folder | Modified Date = 5/30/2008 4:44:49 PM | Attr = ]
submitted -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Crash Reports\submitted -> [Folder | Modified Date = 5/30/2008 4:44:49 PM | Attr = ]
Profiles -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles -> [Folder | Modified Date = 4/22/2008 12:55:20 PM | Attr = ]
qgtlek3o.Firefox3 -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3 -> [Folder | Modified Date = 5/31/2008 11:15:57 AM | Attr = ]
bookmarkbackups -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\bookmarkbackups -> [Folder | Modified Date = 5/31/2008 11:05:18 AM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\chrome -> [Folder | Modified Date = 4/22/2008 1:14:46 PM | Attr = ]
CookieSwap -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\CookieSwap -> [Folder | Modified Date = 4/22/2008 1:14:47 PM | Attr = ]
custombuttons -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\custombuttons -> [Folder | Modified Date = 5/31/2008 11:15:55 AM | Attr = ]
extensions -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions -> [Folder | Modified Date = 5/2/2008 9:21:46 AM | Attr = ]
{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}\chrome -> [Folder | Modified Date = 4/22/2008 1:14:54 PM | Attr = ]
{31513E58-F253-47ad-86DB-D5F21E905429} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\chrome -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
components -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
defaults -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\defaults -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
preferences -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\defaults\preferences -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
{39952c40-5197-11da-8cd6-0800200c9a66} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{39952c40-5197-11da-8cd6-0800200c9a66} -> [Folder | Modified Date = 4/25/2008 8:03:45 AM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}\chrome -> [Folder | Modified Date = 4/25/2008 8:03:45 AM | Attr = ]
defaults -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}\defaults -> [Folder | Modified Date = 4/25/2008 8:03:45 AM | Attr = ]
preferences -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}\defaults\preferences -> [Folder | Modified Date = 4/25/2008 8:03:45 AM | Attr = ]
{3e270ac3-8936-43fb-ad20-b4685172a83d} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d} -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}\chrome -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
defaults -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}\defaults -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
preferences -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}\defaults\preferences -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
platform -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}\platform -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
Darwin -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}\platform\Darwin -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
{4A6F6861-6E6E-6573-B4BD-0B1E4B21BAF3} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{4A6F6861-6E6E-6573-B4BD-0B1E4B21BAF3} -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{4A6F6861-6E6E-6573-B4BD-0B1E4B21BAF3}\chrome -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = ]
{65d1639c-419f-4b52-9520-2d1455e5091b} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{65d1639c-419f-4b52-9520-2d1455e5091b} -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{65d1639c-419f-4b52-9520-2d1455e5091b}\chrome -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
defaults -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{65d1639c-419f-4b52-9520-2d1455e5091b}\defaults -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
preferences -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{65d1639c-419f-4b52-9520-2d1455e5091b}\defaults\preferences -> [Folder | Modified Date = 4/25/2008 8:03:44 AM | Attr = ]
{6AC85730-7D0F-4de0-B3FA-21142DD85326} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\chrome -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ]
components -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\components -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ]
defaults -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ]
palettes -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults\palettes -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ]
preferences -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\defaults\preferences -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [Folder | Modified Date = 4/22/2008 1:14:49 PM | Attr = ]
chrome -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
content -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\content -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
locale -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
af-ZA -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\af-ZA -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
ar -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\ar -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
be-BY -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\be-BY -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
bg-BG -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\bg-BG -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
ca-AD -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\ca-AD -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
cs-CZ -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\cs-CZ -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
da-DK -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\da-DK -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
de-DE -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\de-DE -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
el-GR -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\el-GR -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
en-US -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\en-US -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
es-AR -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\es-AR -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
es-ES -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\es-ES -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
fa-IR -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\locale\fa-IR -> [Folder | Modified Date = 4/22/2008 1:14:51 PM | Attr = ]
fi-FI -> C:\Documents and Settings\Nicholas Alipaz\Application Data\Mozilla\Firefox\Profiles\qgtlek3o.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\chrome\loca
  • 0

#5
Essexboy
Posted 15 May 2008 - 01:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately the file was corrupted, could you upload the entire text in one file to here http://www.mediafire.com/ and post the link
  • 0

#6
nicholas.alipaz
Posted 15 May 2008 - 01:48 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry about that...

Here is the new file:
http://nicholas.alip...mp/OTScanIt.Txt

EDIT:
the above file didn't seem to work, so here is a zipped version...
http://nicholas.alip...mp/OTScanIt.zip

Edited by nicholas.alipaz, 15 May 2008 - 01:52 PM.

  • 0

#7
Essexboy
Posted 15 May 2008 - 01:51 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK for some reason that was corrupted as well

Let me try another analyser

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#8
nicholas.alipaz
Posted 15 May 2008 - 01:52 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Looks like we cross posted.

EDIT:
the above file didn't seem to work, so here is a zipped version...
http://nicholas.alip...mp/OTScanIt.zip
  • 0

#9
nicholas.alipaz
Posted 15 May 2008 - 02:05 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the dss scan as well:
http://nicholas.alip...et/temp/dss.zip
  • 0

#10
Essexboy
Posted 15 May 2008 - 02:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was better lets do some killing whilst I look at the second analysis :)

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {026CA60A-C663-4C60-A284-0C9AB846EBBA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGVmjkK.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {22FFB3D4-2FF9-48E0-BB4E-6FE42D09FE49} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5341B716-F28C-4D51-845E-A43B36199F8B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YY -> {b97e2aac-8e83-40ee-9895-d4b207d71146} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ntydmtqh.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {D8DEB03E-54E1-4305-BA62-E1D3ACB7B3A7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hgGxYSIA.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {E660CF3B-B13A-499E-BD1B-AC1044A2A3AC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\yayvTnoM.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console]
[Files/Folders - Created Within 90 days]
NY -> AISYxGgh.ini -> %SystemRoot%\System32\AISYxGgh.ini
NY -> AISYxGgh.ini2 -> %SystemRoot%\System32\AISYxGgh.ini2
NY -> dxtbhich.exe -> %SystemRoot%\System32\dxtbhich.exe
NY -> fqcfrbys.ini -> %SystemRoot%\System32\fqcfrbys.ini
NY -> hgGxYSIA.dll -> %SystemRoot%\System32\hgGxYSIA.dll
NY -> KkjmVGgh.ini -> %SystemRoot%\System32\KkjmVGgh.ini
NY -> KkjmVGgh.ini2 -> %SystemRoot%\System32\KkjmVGgh.ini2
NY -> knopaxwd.exe -> %SystemRoot%\System32\knopaxwd.exe
NY -> ktotutmy.exe -> %SystemRoot%\System32\ktotutmy.exe
NY -> ntydmtqh.dll -> %SystemRoot%\System32\ntydmtqh.dll
NY -> Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll
NY -> pytplexf.exe -> %SystemRoot%\System32\pytplexf.exe
NY -> qeisyiuh.dll -> %SystemRoot%\System32\qeisyiuh.dll
NY -> qyxvcftf.dll -> %SystemRoot%\System32\qyxvcftf.dll
NY -> redcbome.dll -> %SystemRoot%\System32\redcbome.dll
NY -> svwhrfmf.exe -> %SystemRoot%\System32\svwhrfmf.exe
NY -> sybrfcqf.dll -> %SystemRoot%\System32\sybrfcqf.dll
NY -> vxytdvmg.ini -> %SystemRoot%\System32\vxytdvmg.ini
NY -> wcgbqraa.ini -> %SystemRoot%\System32\wcgbqraa.ini
NY -> wengbpif.dll -> %SystemRoot%\System32\wengbpif.dll
NY -> xepsimld.dll -> %SystemRoot%\System32\xepsimld.dll
[Files/Folders - Modified Within 90 days]
NY -> AISYxGgh.ini -> %SystemRoot%\System32\AISYxGgh.ini
NY -> AISYxGgh.ini2 -> %SystemRoot%\System32\AISYxGgh.ini2
NY -> dxtbhich.exe -> %SystemRoot%\System32\dxtbhich.exe
NY -> fqcfrbys.ini -> %SystemRoot%\System32\fqcfrbys.ini
NY -> FxsTmp -> %SystemRoot%\System32\FxsTmp
NY -> hgGxYSIA.dll -> %SystemRoot%\System32\hgGxYSIA.dll
NY -> KkjmVGgh.ini -> %SystemRoot%\System32\KkjmVGgh.ini
NY -> KkjmVGgh.ini2 -> %SystemRoot%\System32\KkjmVGgh.ini2
NY -> knopaxwd.exe -> %SystemRoot%\System32\knopaxwd.exe
NY -> ktotutmy.exe -> %SystemRoot%\System32\ktotutmy.exe
NY -> ntydmtqh.dll -> %SystemRoot%\System32\ntydmtqh.dll
NY -> pytplexf.exe -> %SystemRoot%\System32\pytplexf.exe
NY -> qeisyiuh.dll -> %SystemRoot%\System32\qeisyiuh.dll
NY -> qyxvcftf.dll -> %SystemRoot%\System32\qyxvcftf.dll
NY -> redcbome.dll -> %SystemRoot%\System32\redcbome.dll
NY -> svwhrfmf.exe -> %SystemRoot%\System32\svwhrfmf.exe
NY -> sybrfcqf.dll -> %SystemRoot%\System32\sybrfcqf.dll
NY -> vxytdvmg.ini -> %SystemRoot%\System32\vxytdvmg.ini
NY -> wcgbqraa.ini -> %SystemRoot%\System32\wcgbqraa.ini
NY -> wengbpif.dll -> %SystemRoot%\System32\wengbpif.dll
NY -> xepsimld.dll -> %SystemRoot%\System32\xepsimld.dll
NY -> C:\Documents and Settings\nalipaz\Local Settings\Temp\DRDld\ -> C:\Documents and Settings\nalipaz\Local Settings\Temp\DRDld
NY -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JUYUCNCJ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\JUYUCNCJ
NY -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S5RWYBPH\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S5RWYBPH
NY -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VQCSZY39\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\VQCSZY39
NY -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\X6UD7VZ4\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\X6UD7VZ4
[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
NY -> dhpruettsrvp -> C:\Documents and Settings\hpruett\Application Data\acccore\caches\users\dhpruettsrvp
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

Advertisements

#11
Essexboy
Posted 15 May 2008 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will then follow that with the killing machine :) Some of these files may allready be dead, but I would like to make sure :)

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\ntydmtqh.dll
C:\WINDOWS\system32\knopaxwd.exe
C:\WINDOWS\system32\sybrfcqf.dll
C:\WINDOWS\system32\redcbome.dll
C:\WINDOWS\system32\AISYxGgh.ini2
C:\WINDOWS\system32\dxtbhich.exe
C:\WINDOWS\system32\wengbpif.dll
C:\WINDOWS\system32\qeisyiuh.dll
C:\WINDOWS\system32\xepsimld.dll
C:\WINDOWS\system32\svwhrfmf.exe
C:\WINDOWS\system32\qyxvcftf.dll
C:\WINDOWS\system32\hgGxYSIA.dll
C:\WINDOWS\system32\ktotutmy.exe
C:\WINDOWS\system32\pytplexf.exe
C:\WINDOWS\system32\KkjmVGgh.ini2
C:\WINDOWS\system32\hgGVmjkK.dll
C:\WINDOWS\system32\ntydmtqh.dll
C:\WINDOWS\system32\hgGxYSIA.dll
C:\WINDOWS\system32\yayvTnoM.dll
Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#12
nicholas.alipaz
Posted 15 May 2008 - 02:56 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Following is the results of the OTScan Fix from above and a followup HijackThis! log:

http://nicholas.alip...ackthis0451.zip

Thanks again.

OTScan required a reboot when finished so I went along with it. Nothing weird on startup, the only odd thing was that upon attempting to open HijackThis from the start menu it told me that I did not have proper permissions. A second attempt to click HijackThis from my start menu worked as it should.

I have not yet been forwarded to any URL since reboot, but it usually happens pretty randomly and many times about 20 or so minutes into my browsing experience.
  • 0

#13
nicholas.alipaz
Posted 15 May 2008 - 03:08 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Now the results of OTMoveIt2 and another HiJackThis Log:
http://nicholas.alip...DHiJackThis.zip

Nothing weird on the reboot. Let me know what you think...

Haven't been forwarded to any sites yet.
  • 0

#14
Essexboy
Posted 15 May 2008 - 03:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just one stubborn one to remove - this requires the big hammer :) But it is looking much better

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:

Files to delete:
C:\WINDOWS\system32\hgGxYSIA.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .
  • 0

#15
nicholas.alipaz
Posted 15 May 2008 - 04:03 PM

nicholas.alipaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Ok, I did that. It looks as though it deleted that file. I sure hope that got it all! Let me know what you can see...
http://nicholas.alip...DHiJackThis.zip

Thanks AGAIN!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP