[code] OTScanIt2 logfile created on: 12/15/2008 1:02:39 PM - Run 1 OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = D:\Documents and Settings\e_ppierz\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29.98 Gb Total Space | 17.80 Gb Free Space | 59.39% Space Free | Partition Type: NTFS Drive D: | 106.69 Gb Total Space | 103.18 Gb Free Space | 96.71% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 6056.60 Gb Total Space | 1328.57 Gb Free Space | 21.94% Space Free | Partition Type: NTFS Drive H: | 6056.60 Gb Total Space | 1328.57 Gb Free Space | 21.94% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive O: | 6056.60 Gb Total Space | 1067.94 Gb Free Space | 17.63% Space Free | Partition Type: NTFS Drive R: | 1632.80 Gb Total Space | 222.68 Gb Free Space | 13.64% Space Free | Partition Type: NTFS Drive T: | 1632.80 Gb Total Space | 222.68 Gb Free Space | 13.64% Space Free | Partition Type: NTFS Drive V: | 1632.80 Gb Total Space | 222.68 Gb Free Space | 13.64% Space Free | Partition Type: NTFS Computer Name: CWWIN1HFKL Current User Name: ppierzch NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days [Processes - Safe List] aclient.exe -> %ProgramFiles%\Altiris\Aclient\ACLIENT.EXE -> [2007/07/20 20:31:56 | 05,316,684 | ---- | M] (Altiris, Inc.) aclntusr.exe -> %ProgramFiles%\Altiris\Aclient\AClntUsr.EXE -> [2008/12/15 12:49:56 | 00,184,320 | ---- | M] () aexnsagent.exe -> %ProgramFiles%\Altiris\Altiris Agent\AeXNSAgent.exe -> [2007/03/27 20:02:50 | 01,277,952 | ---- | M] (Altiris, Inc.) ccsrvc.exe -> %SystemRoot%\system32\CCSRVC.exe -> [2007/05/29 18:52:10 | 00,049,152 | ---- | M] (Altiris) client.exe -> %ProgramFiles%\Altiris\Carbon Copy\Client.exe -> [2007/05/29 19:13:16 | 01,437,696 | ---- | M] (Altiris) dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> [2005/03/07 13:15:06 | 00,602,220 | ---- | M] (Executive Software International, Inc.) frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> [2008/07/17 14:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) hasplms.exe -> %SystemRoot%\system32\hasplms.exe -> [2008/07/18 06:58:46 | 02,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) logi_mwx.exe -> %SystemRoot%\LOGI_MWX.EXE -> [2003/12/17 08:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> [2008/09/26 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> [2008/07/17 14:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> [2008/07/17 14:06:00 | 00,136,512 | ---- | M] (McAfee, Inc.) ntmulti.exe -> %ProgramFiles%\notes\ntmulti.exe -> [2007/03/07 06:38:58 | 00,057,393 | ---- | M] (IBM Corp) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2007/12/13 12:58:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools) shellker.exe -> %ProgramFiles%\Altiris\Carbon Copy\ShellKer.exe -> [2007/05/29 19:13:16 | 00,724,992 | ---- | M] (Altiris) shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> [2008/05/12 14:30:14 | 00,111,952 | ---- | M] (McAfee, Inc.) smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> [2007/08/01 13:52:42 | 01,036,288 | ---- | M] (Analog Devices, Inc.) udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> [2008/07/17 14:06:00 | 00,136,512 | ---- | M] (McAfee, Inc.) vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> [2008/05/12 14:30:10 | 00,054,608 | ---- | M] (McAfee, Inc.) wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (AClient) Altiris Client Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Altiris\Aclient\ACLIENT.EXE -> [2007/07/20 20:31:56 | 05,316,684 | ---- | M] (Altiris, Inc.) (AeXNSClient) Altiris Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Altiris\Altiris Agent\AeXNSAgent.exe -> [2007/03/27 20:02:50 | 01,277,952 | ---- | M] (Altiris, Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (CarbonCopy32) Altiris Carbon Copy [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CCSRVC.exe -> [2007/05/29 18:52:10 | 00,049,152 | ---- | M] (Altiris) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> [2005/03/07 13:15:06 | 00,602,220 | ---- | M] (Executive Software International, Inc.) (hasplms) HASP License Manager [Win32_Own | Auto | Running] -> %SystemRoot%\system32\hasplms.exe -> [2008/07/18 06:58:46 | 02,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) (helpsvc) Help and Support [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/04 07:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (McAfeeFramework) McAfee Framework Service [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> [2008/07/17 14:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) (McShield) McAfee McShield [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mcshield.exe -> [2008/09/26 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) (McTaskManager) McAfee Task Manager [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> [2008/05/12 14:30:10 | 00,054,608 | ---- | M] (McAfee, Inc.) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (Multi-user Cleanup Service) Multi-user Cleanup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\notes\ntmulti.exe -> [2007/03/07 06:38:58 | 00,057,393 | ---- | M] (IBM Corp) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2007/12/13 12:58:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> [2007/08/03 14:29:12 | 00,307,712 | ---- | M] (Analog Devices, Inc.) (aksfridge) HASP Fridge [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\aksfridge.sys -> [2008/03/18 15:45:34 | 00,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) (akshasp) Aladdin HASP Key [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\akshasp.sys -> [2007/09/11 14:40:30 | 00,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) (akshhl) Aladdin HASP HL Key [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\akshhl.sys -> [2007/09/11 14:40:30 | 00,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) (aksusb) Aladdin USB Key [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aksusb.sys -> [2007/09/11 14:40:30 | 00,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) (AlKernel) Altiris Kernel Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AlKernel.sys -> [2008/12/15 12:49:57 | 00,002,401 | ---- | M] () (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> [2007/06/06 11:51:04 | 00,161,792 | ---- | M] (Broadcom Corporation) (CCDevice) CCDevice [Kernel | System | Running] -> %SystemRoot%\System32\drivers\CCDevice.sys -> [2007/05/29 18:55:50 | 00,009,216 | ---- | M] (Altiris) (GKUPRO2D) GKUPRO2D [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\GKUPRO2D.sys -> [2004/07/15 13:21:00 | 00,062,048 | R--- | M] (Gemplus) (hardlock) hardlock [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\hardlock.sys -> [2008/02/12 11:14:50 | 00,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) (iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) (LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHIDFLT2.SYS -> [2003/12/17 08:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) (LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHIDUSB.SYS -> [2003/12/17 08:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lmouflt2.sys -> [2003/12/17 08:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) (mfeapfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeapfk.sys -> [2008/05/12 14:30:08 | 00,064,232 | ---- | M] (McAfee, Inc.) (mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2008/05/12 14:30:08 | 00,072,936 | ---- | M] (McAfee, Inc.) (mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2008/05/12 14:30:10 | 00,033,960 | ---- | M] (McAfee, Inc.) (mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2008/05/12 14:30:10 | 00,174,952 | ---- | M] (McAfee, Inc.) (mferkdk) VSCore mferkdk [Kernel | System | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mferkdk.sys -> [2008/05/12 14:30:20 | 00,031,816 | ---- | M] (McAfee, Inc.) (mfetdik) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfetdik.sys -> [2008/05/12 14:30:12 | 00,052,104 | ---- | M] (McAfee, Inc.) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2007/12/13 12:58:00 | 07,441,376 | ---- | M] (NVIDIA Corporation) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> [2006/03/17 17:18:58 | 00,392,960 | ---- | M] (Sensaura) (symmpi) symmpi [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\symmpi.sys -> [2007/02/09 23:06:00 | 00,100,096 | ---- | M] (LSI Logic) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://iww.alstom.com -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://iww.alstom.com -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/keyword/%s -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://iww.alstom.com/altair -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://iww.alstom.com/altair -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://iww.alstom.com/altair -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-19\: "ProxyOverride" -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://iww.alstom.com/altair -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-20\: "ProxyOverride" -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\] > -> -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: Main\\"Search Page" -> http://www.google.com -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: Main\\"Start Page" -> http://iww.alstom.com -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: SearchURL\\"" -> http://www.google.com/keyword/%s -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: SearchURL\\"provider" -> gogl -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\: "ProxyOverride" -> -> < FireFox Settings [Default Profile] > -> D:\Documents and Settings\e_ppierz\Application Data\Mozilla\FireFox\Profiles\1rfq0xe1.default\prefs.js -> browser.startup.homepage_override.mstone -> "rv:1.9.0.4" -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 -> < HOSTS File > (698 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated) {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> [2008/05/12 14:30:16 | 00,058,688 | ---- | M] (McAfee, Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AClntUsr" -> %ProgramFiles%\Altiris\Aclient\AClntUsr.EXE [C:\Program Files\Altiris\AClient\AClntUsr.EXE] -> [2008/12/15 12:49:56 | 00,184,320 | ---- | M] () "AeXAgentLogon" -> %ProgramFiles%\Altiris\Altiris Agent\AeXAgentActivate.exe [C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon] -> [2007/03/27 19:58:34 | 00,143,360 | ---- | M] (Altiris, Inc.) "DiskeeperSystray" -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe ["C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"] -> [2005/03/07 13:16:06 | 00,184,408 | ---- | M] (Executive Software International, Inc.) "explore" -> %SystemRoot%\system32\explore.exe [C:\WINDOWS\system32\explore.exe] -> File not found "Logitech Utility" -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> [2003/12/17 08:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) "McAfeeUpdaterUI" -> ["C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey] -> File not found "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007/12/13 12:58:00 | 08,523,776 | ---- | M] (NVIDIA Corporation) "ShStatEXE" -> ["C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE] -> File not found "SoundMAXPnP" -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2007/08/01 13:52:42 | 01,036,288 | ---- | M] (Analog Devices, Inc.) < Administrator Startup Folder > -> D:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> D:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < e_bhagge Startup Folder > -> D:\Documents and Settings\e_bhagge\Start Menu\Programs\Startup -> < e_gbride Startup Folder > -> D:\Documents and Settings\e_gbride\Start Menu\Programs\Startup -> < e_ppierz Startup Folder > -> D:\Documents and Settings\e_ppierz\Start Menu\Programs\Startup -> < jminer Startup Folder > -> D:\Documents and Settings\jminer\Start Menu\Programs\Startup -> < s_win1_image.usabb1a Startup Folder > -> D:\Documents and Settings\s_win1_image.usabb1a\Start Menu\Programs\Startup -> < s_wnd_desktopid.dom3 Startup Folder > -> D:\Documents and Settings\s_wnd_desktopid.dom3\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions \Infodelivery\Restrictions\\"NoJITSetup" -> [1] -> File not found \Infodelivery\Restrictions\\"NoUpdateCheck" -> [1] -> File not found < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel \Control Panel\\"FormSuggest Passwords" -> [1] -> File not found \Control Panel\\"Check_If_Default" -> [1] -> File not found \Control Panel\\"Autoconfig" -> [1] -> File not found HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions \Restrictions\\"NoTheaterMode" -> [1] -> File not found \Restrictions\\"NoHelpItemNetscapeHelp" -> [1] -> File not found \Restrictions\\"NoHelpItemSendFeedback" -> [1] -> File not found \Restrictions\\"NoExternalBranding" -> [1] -> File not found < Software Policy Settings [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Policies\Microsoft\Internet Explorer -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\Software\Policies\Microsoft\Internet Explorer\Control Panel \Control Panel\\"FormSuggest Passwords" -> [1] -> File not found \Control Panel\\"Check_If_Default" -> [1] -> File not found \Control Panel\\"Autoconfig" -> [1] -> File not found HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\Software\Policies\Microsoft\Internet Explorer\Restrictions \Restrictions\\"NoTheaterMode" -> [1] -> File not found \Restrictions\\"NoHelpItemNetscapeHelp" -> [1] -> File not found \Restrictions\\"NoHelpItemSendFeedback" -> [1] -> File not found \Restrictions\\"NoExternalBranding" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoWelcomeScreen" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"disablecad" -> [0] -> File not found \\"VerboseStatus" -> [1] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"MaxGPOScriptWait" -> [300] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoLowDiskSpaceChecks" -> [1] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found \\"NoThemesTab" -> [1] -> File not found \\"NoPropertiesRecycleBin" -> [1] -> File not found \\"NoRecentDocsNetHood" -> [1] -> File not found \\"DisablePersonalDirChange" -> [1] -> File not found \\"NoDesktopCleanupWizard" -> [1] -> File not found \\"NoSMMyDocs" -> [1] -> File not found \\"NoRecentDocsMenu" -> [1] -> File not found \\"NoFavoritesMenu" -> [1] -> File not found \\"NoSMHelp" -> [1] -> File not found \\"NoSMMyPictures" -> [1] -> File not found \\"NoStartMenuMyMusic" -> [1] -> File not found \\"ForceStartMenuLogOff" -> [1] -> File not found \\"NoResolveSearch" -> [1] -> File not found \\"NoResolveTrack" -> [1] -> File not found \\"GreyMSIAds" -> [1] -> File not found \\"NoSimpleStartMenu" -> [1] -> File not found \\"NoSMBalloonTip" -> [1] -> File not found \\"NoSMConfigurePrograms" -> [1] -> File not found \\"NoWelcomeScreen" -> [1] -> File not found \\"LinkResolveIgnoreLinkInfo" -> [1] -> File not found \\"RecycleBinSize" -> [5] -> File not found \\"NoSharedDocuments" -> [1] -> File not found \\"NoStartMenuNetworkPlaces" -> [1] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"RunLogonScriptSync" -> [1] -> File not found \\"HideLogoffScripts" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoLowDiskSpaceChecks" -> [1] -> File not found \\"ForceClassicControlPanel" -> [1] -> File not found \\"NoThemesTab" -> [1] -> File not found \\"NoPropertiesRecycleBin" -> [1] -> File not found \\"NoRecentDocsNetHood" -> [1] -> File not found \\"DisablePersonalDirChange" -> [1] -> File not found \\"NoDesktopCleanupWizard" -> [1] -> File not found \\"NoSMMyDocs" -> [1] -> File not found \\"NoRecentDocsMenu" -> [1] -> File not found \\"NoFavoritesMenu" -> [1] -> File not found \\"NoSMHelp" -> [1] -> File not found \\"NoSMMyPictures" -> [1] -> File not found \\"NoStartMenuMyMusic" -> [1] -> File not found \\"ForceStartMenuLogOff" -> [1] -> File not found \\"NoResolveSearch" -> [1] -> File not found \\"NoResolveTrack" -> [1] -> File not found \\"GreyMSIAds" -> [1] -> File not found \\"NoSimpleStartMenu" -> [1] -> File not found \\"NoSMBalloonTip" -> [1] -> File not found \\"NoSMConfigurePrograms" -> [1] -> File not found \\"NoWelcomeScreen" -> [1] -> File not found \\"LinkResolveIgnoreLinkInfo" -> [1] -> File not found \\"RecycleBinSize" -> [5] -> File not found \\"NoSharedDocuments" -> [1] -> File not found \\"NoStartMenuNetworkPlaces" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"RunLogonScriptSync" -> [1] -> File not found \\"HideLogoffScripts" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 12:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 12:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 12:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2007/05/31 12:41:06 | 10,352,472 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Menu: Sun Java Console] -> [2005/08/26 17:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> [2005/08/26 17:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.5.0_05\bin\NPJPI150_05.dll [Sun Java Console] -> [2005/08/26 17:33:54 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> supplier.power_alstom.com [https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> supplier.power_alstom.com [https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\] > -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-4292865178-2125113703-1638570454-96847\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8CD70B24-F2B2-4383-94E1-013AFBBC22DD} [HKLM] -> http://www.projectview.power.alstom.com/codebase/VizStreamViewer3-10-4.cab[VizStreamViewer{8CD70B24-F2B2-4383-94E1-013AFBBC22DD}] -> {B0D5B117-49FC-45E5-9C06-A1F1DFA2CBFD} [HKLM] -> http://www.projectview.power.alstom.com/codebase/ConceptStation{B0D5B117-49FC-45E5-9C06-A1F1DFA2CBFD}.cab[VSCollaboration{B0D5B117-49FC-45E5-9C06-A1F1DFA2CBFD}] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {20A12837-F04A-43E4-B47B-7E0B04599B4E} -> (Broadcom NetXtreme 57xx Gigabit Controller) -> < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Altiris\Aclient\AClntUsr.EXE" -> C:\Program Files\Altiris\Aclient\AClntUsr.EXE [C:\Program Files\Altiris\Aclient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service] -> [2008/12/15 12:49:56 | 00,184,320 | ---- | M] () "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> [2008/07/17 14:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/04 07:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> [2008/07/17 14:06:00 | 00,103,744 | ---- | M] (McAfee, Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/04 07:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2008/05/16 13:52:26 | 00,000,000 | ---- | M] () H:\AUTOVUE [] -> H:\AUTOVUE [ NTFS ] -> [2007/12/26 11:55:50 | 00,000,000 | ---D | M] H:\AUTO45 [] -> H:\AUTO45 [ NTFS ] -> [2008/10/04 05:12:55 | 00,000,000 | ---D | M] < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 12/11/2008 5:48:10 PM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/11/2008 7:43:09 PM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/11/2008 9:18:09 PM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/11/2008 11:02:08 PM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/12/2008 12:43:07 AM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/12/2008 2:35:12 AM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/12/2008 4:18:14 AM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/12/2008 5:51:17 AM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/12/2008 7:45:19 AM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. Application [ Error ] 12/12/2008 9:33:22 AM Computer Name = CWWIN1HFKL | Source = Userenv | ID = 1030 -> Description = Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. System [ Error ] 7/7/2008 8:54:01 AM Computer Name = CWWIN1HFKL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} System [ Error ] 7/7/2008 11:23:00 AM Computer Name = CWWIN1HFKL | Source = Print | ID = 6161 -> Description = The document untitled owned by e_ppierz failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\CWWIN1HFKL. Win32 error code returned by the print processor: 6 (0x6). System [ Error ] 7/11/2008 12:39:34 PM Computer Name = CWWIN1HFKL | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. System [ Error ] 7/17/2008 12:57:18 PM Computer Name = CWWIN1HFKL | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. System [ Error ] 8/13/2008 11:29:40 AM Computer Name = CWWIN1HFKL | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{20A12837-F04A-43E4-B47B-7E0B04599B4E}. The backup browser is stopping. System [ Error ] 8/13/2008 2:19:55 PM Computer Name = CWWIN1HFKL | Source = BROWSER | ID = 8032 -> Description = The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{20A12837-F04A-43E4-B47B-7E0B04599B4E}. The backup browser is stopping. System [ Error ] 9/17/2008 1:16:18 PM Computer Name = CWWIN1HFKL | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. System [ Error ] 10/13/2008 12:46:32 PM Computer Name = CWWIN1HFKL | Source = W32Time | ID = 39452701 -> Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. System [ Error ] 10/23/2008 3:21:41 PM Computer Name = CWWIN1HFKL | Source = Print | ID = 6161 -> Description = The document A4_PO-00208 Layout1 (1) owned by ppierzch failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 5243816. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\CWWIN1HFKL. Win32 error code returned by the print processor: 6 (0x6). System [ Error ] 11/20/2008 1:33:43 PM Computer Name = CWWIN1HFKL | Source = Print | ID = 6161 -> Description = The document 1 Lucerne Drive Willington ... owned by ppierzch failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 2752512. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\CWWIN1HFKL. Win32 error code returned by the print processor: 6 (0x6). [Files/Folders - Created Within 30 Days] OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/15 13:00:42 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/15 12:58:10 | 00,647,677 | ---- | C] () HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip -> [2008/12/15 12:57:14 | 00,353,485 | ---- | C] () B01_Boiler_Unit_Foundation -> %UserProfile%\Desktop\B01_Boiler_Unit_Foundation -> [2008/12/15 09:37:10 | 00,000,000 | ---D | C] WinRAR -> %AppData%\WinRAR -> [2008/12/15 09:30:12 | 00,000,000 | ---D | C] WinRAR -> %ProgramFiles%\WinRAR -> [2008/12/15 09:29:34 | 00,000,000 | ---D | C] wedding_menu.doc -> %UserProfile%\My Documents\wedding_menu.doc -> [2008/12/10 10:45:50 | 00,025,088 | ---- | C] () Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [2008/12/08 11:16:19 | 00,000,000 | ---D | C] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/08 11:16:17 | 00,054,156 | -H-- | C] () QTFont.for -> %SystemRoot%\QTFont.for -> [2008/12/08 11:16:17 | 00,001,409 | ---- | C] () AISC Search Utility.lnk -> %UserProfile%\Desktop\AISC Search Utility.lnk -> [2008/11/26 13:33:34 | 00,000,583 | ---- | C] () dao360.dll -> %SystemRoot%\System32\dao360.dll -> [2008/11/26 13:33:33 | 00,561,179 | ---- | C] (Microsoft Corporation) MBLink.ocx -> %SystemRoot%\System32\MBLink.ocx -> [2008/11/26 13:33:33 | 00,090,112 | ---- | C] (Marco Bellinaso) AISC Search Utility v13 -> %ProgramFiles%\AISC Search Utility v13 -> [2008/11/26 13:33:33 | 00,000,000 | ---D | C] AISC Manual Companion v13.0.lnk -> %AllUsersProfile%\Desktop\AISC Manual Companion v13.0.lnk -> [2008/11/26 13:30:26 | 00,001,657 | ---- | C] () AISC -> %ProgramFiles%\AISC -> [2008/11/26 13:29:21 | 00,000,000 | ---D | C] jestertb.dll -> %SystemRoot%\jestertb.dll -> [2008/11/26 13:29:06 | 00,020,992 | ---- | C] () Tru.xls -> %UserProfile%\My Documents\Tru.xls -> [2008/11/25 15:19:00 | 00,020,480 | ---- | C] () Config.Msi -> %SystemDrive%\Config.Msi -> [2008/11/24 10:21:42 | 00,000,000 | -HSD | C] mtstack16.INI -> %SystemRoot%\mtstack16.INI -> [2008/11/20 08:34:11 | 00,000,000 | ---- | C] () [Files/Folders - Modified Within 30 Days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2008/05/20 10:25:22 | 00,000,000 | ---D | M] qmgr0.dat -> D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/11/10 08:18:20 | 00,004,232 | ---- | M] () qmgr1.dat -> D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/11/10 08:18:20 | 00,005,458 | ---- | M] () D:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> D:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008/06/24 12:32:14 | 00,000,000 | ---D | M] opa11.dat -> D:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2008/06/24 12:32:14 | 00,008,206 | ---- | M] () C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/15 13:02:00 | 00,000,000 | ---D | M] alsmb.exe -> C:\WINDOWS\Temp\alsmb.exe -> [2008/07/11 08:25:13 | 00,073,335 | ---- | M] () 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/15 13:02:00 | 00,000,000 | ---D | M] Inventory.dat -> C:\WINDOWS\Temp\Inventory.dat -> [2008/12/15 08:32:32 | 00,002,340 | ---- | M] () Perflib_Perfdata_5d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat -> [2008/06/06 12:46:40 | 00,016,384 | ---- | M] () Perflib_Perfdata_614.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_614.dat -> [2008/06/18 08:28:59 | 00,016,384 | ---- | M] () Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [2008/07/02 07:09:20 | 00,016,384 | ---- | M] () Perflib_Perfdata_624.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_624.dat -> [2008/06/27 07:12:46 | 00,016,384 | ---- | M] () Perflib_Perfdata_628.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_628.dat -> [2008/08/22 07:21:50 | 00,016,384 | ---- | M] () Perflib_Perfdata_62c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat -> [2008/10/02 07:15:00 | 00,016,384 | ---- | M] () Perflib_Perfdata_630.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_630.dat -> [2008/08/12 07:12:09 | 00,016,384 | ---- | M] () Perflib_Perfdata_634.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_634.dat -> [2008/09/05 07:20:57 | 00,016,384 | ---- | M] () Perflib_Perfdata_638.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_638.dat -> [2008/08/05 07:20:50 | 00,016,384 | ---- | M] () Perflib_Perfdata_63c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat -> [2008/07/14 07:25:27 | 00,016,384 | ---- | M] () Perflib_Perfdata_640.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_640.dat -> [2008/07/21 07:22:36 | 00,016,384 | ---- | M] () Perflib_Perfdata_644.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_644.dat -> [2008/07/16 07:46:03 | 00,016,384 | ---- | M] () Perflib_Perfdata_648.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_648.dat -> [2008/08/27 07:44:03 | 00,016,384 | ---- | M] () Perflib_Perfdata_64c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat -> [2008/08/06 07:21:39 | 00,016,384 | ---- | M] () Perflib_Perfdata_650.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_650.dat -> [2008/08/08 07:22:24 | 00,016,384 | ---- | M] () Perflib_Perfdata_654.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_654.dat -> [2008/08/13 16:41:53 | 00,016,384 | ---- | M] () Perflib_Perfdata_658.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_658.dat -> [2008/12/08 08:39:21 | 00,016,384 | ---- | M] () Perflib_Perfdata_65c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat -> [2008/11/24 08:18:28 | 00,016,384 | ---- | M] () Perflib_Perfdata_660.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_660.dat -> [2008/12/15 09:41:56 | 00,016,384 | ---- | M] () Perflib_Perfdata_668.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_668.dat -> [2008/06/24 07:16:27 | 00,016,384 | ---- | M] () Perflib_Perfdata_670.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_670.dat -> [2008/06/25 07:15:42 | 00,016,384 | ---- | M] () Perflib_Perfdata_674.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_674.dat -> [2008/06/30 07:05:02 | 00,016,384 | ---- | M] () Perflib_Perfdata_678.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_678.dat -> [2008/06/27 13:23:52 | 00,016,384 | ---- | M] () Perflib_Perfdata_67c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat -> [2008/06/26 07:15:40 | 00,016,384 | ---- | M] () Perflib_Perfdata_680.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_680.dat -> [2008/07/03 07:34:11 | 00,016,384 | ---- | M] () Perflib_Perfdata_698.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_698.dat -> [2008/06/13 08:23:18 | 00,016,384 | ---- | M] () Perflib_Perfdata_6a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat -> [2008/06/19 13:46:44 | 00,016,384 | ---- | M] () Perflib_Perfdata_6e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6e0.dat -> [2008/06/20 05:54:16 | 00,016,384 | ---- | M] () Perflib_Perfdata_6e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat -> [2008/07/01 07:10:19 | 00,016,384 | ---- | M] () Perflib_Perfdata_880.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_880.dat -> [2008/11/07 09:25:48 | 00,016,384 | ---- | M] () 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/15 12:59:31 | 00,647,677 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2008/12/15 12:58:00 | 00,000,781 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/12/15 12:57:43 | 00,000,698 | ---- | M] () HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip -> [2008/12/15 12:57:14 | 00,353,485 | ---- | M] () AlKernel.sys -> %SystemRoot%\System32\drivers\AlKernel.sys -> [2008/12/15 12:49:57 | 00,002,401 | ---- | M] () AClient.cfg -> %SystemDrive%\AClient.cfg -> [2008/12/15 12:49:55 | 00,001,364 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/15 12:49:27 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/15 12:49:26 | 00,002,048 | --S- | M] () dwgvault.cfg -> %SystemDrive%\dwgvault.cfg -> [2008/12/15 11:54:45 | 00,000,116 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/15 08:30:14 | 00,002,278 | ---- | M] () PlantVIEW Active Users.lnk -> %AllUsersProfile%\Desktop\PlantVIEW Active Users.lnk -> [2008/12/11 15:16:46 | 00,001,412 | ---- | M] () PASCE Plot Viewer.lnk -> %AllUsersProfile%\Desktop\PASCE Plot Viewer.lnk -> [2008/12/11 15:16:46 | 00,001,410 | ---- | M] () wedding_menu.doc -> %UserProfile%\My Documents\wedding_menu.doc -> [2008/12/10 10:45:51 | 00,025,088 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/12/08 11:16:17 | 00,054,156 | -H-- | M] () QTFont.for -> %SystemRoot%\QTFont.for -> [2008/12/08 11:16:17 | 00,001,409 | ---- | M] () avwin.ini -> %SystemRoot%\avwin.ini -> [2008/12/08 10:47:03 | 00,032,936 | ---- | M] () AISC Search Utility.lnk -> %UserProfile%\Desktop\AISC Search Utility.lnk -> [2008/11/26 13:33:34 | 00,000,583 | ---- | M] () AISC Manual Companion v13.0.lnk -> %AllUsersProfile%\Desktop\AISC Manual Companion v13.0.lnk -> [2008/11/26 13:30:26 | 00,001,657 | ---- | M] () jestertb.dll -> %SystemRoot%\jestertb.dll -> [2008/11/26 13:29:06 | 00,020,992 | ---- | M] () Tru.xls -> %UserProfile%\My Documents\Tru.xls -> [2008/11/25 15:20:55 | 00,020,480 | ---- | M] () hhhh_20081125154423.pdf -> %UserProfile%\My Documents\hhhh_20081125154423.pdf -> [2008/11/25 14:45:11 | 00,023,242 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/24 10:22:19 | 00,001,393 | ---- | M] () mtstack16.INI -> %SystemRoot%\mtstack16.INI -> [2008/11/20 08:34:11 | 00,000,000 | ---- | M] () avx.ini -> %SystemRoot%\avx.ini -> [2008/11/19 11:17:50 | 00,020,455 | ---- | M] () [File - Lop Check] Application Data -> D:\Documents and Settings\Administrator\Application Data -> [2008/06/06 12:43:55 | 00,000,000 | RH-D | M] ICAClient -> D:\Documents and Settings\Administrator\Application Data\ICAClient -> [2008/05/20 10:41:50 | 00,000,000 | ---D | M] Leadertech -> D:\Documents and Settings\Administrator\Application Data\Leadertech -> [2008/06/06 12:43:55 | 00,000,000 | ---D | M] OfficeUpdate12 -> D:\Documents and Settings\Administrator\Application Data\OfficeUpdate12 -> [2008/05/21 10:19:07 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\All Users\Application Data -> [2008/06/19 13:54:40 | 00,000,000 | RH-D | M] Autodesk -> D:\Documents and Settings\All Users\Application Data\Autodesk -> [2008/06/19 13:54:40 | 00,000,000 | ---D | M] Bentley -> D:\Documents and Settings\All Users\Application Data\Bentley -> [2008/05/21 12:41:37 | 00,000,000 | ---D | M] NetworkAssociates -> D:\Documents and Settings\All Users\Application Data\NetworkAssociates -> [2008/06/06 13:36:26 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\Default User\Application Data -> [2008/06/06 12:43:13 | 00,000,000 | RH-D | M] Bentley -> D:\Documents and Settings\Default User\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\Default User\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\e_bhagge\Application Data -> [2008/06/06 12:43:13 | 00,000,000 | RH-D | M] Bentley -> D:\Documents and Settings\e_bhagge\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\e_bhagge\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\e_gbride\Application Data -> [2008/06/06 12:43:13 | 00,000,000 | RH-D | M] Bentley -> D:\Documents and Settings\e_gbride\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\e_gbride\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\e_ppierz\Application Data -> [2008/12/15 09:30:12 | 00,000,000 | RH-D | M] Autodesk -> D:\Documents and Settings\e_ppierz\Application Data\Autodesk -> [2008/06/26 13:36:09 | 00,000,000 | ---D | M] Bentley -> D:\Documents and Settings\e_ppierz\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\e_ppierz\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\jminer\Application Data -> [2008/06/19 13:54:40 | 00,000,000 | RH-D | M] Autodesk -> D:\Documents and Settings\jminer\Application Data\Autodesk -> [2008/06/19 13:58:38 | 00,000,000 | ---D | M] Bentley -> D:\Documents and Settings\jminer\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\jminer\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\LocalService\Application Data -> [2008/05/16 13:55:48 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\NetworkService\Application Data -> [2008/05/16 13:55:45 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\s_win1_image.usabb1a\Application Data -> [2008/06/06 12:43:13 | 00,000,000 | RH-D | M] Bentley -> D:\Documents and Settings\s_win1_image.usabb1a\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\s_win1_image.usabb1a\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] Application Data -> D:\Documents and Settings\s_wnd_desktopid.dom3\Application Data -> [2008/06/06 12:43:13 | 00,000,000 | RH-D | M] Bentley -> D:\Documents and Settings\s_wnd_desktopid.dom3\Application Data\Bentley -> [2008/05/21 12:41:31 | 00,000,000 | ---D | M] ICAClient -> D:\Documents and Settings\s_wnd_desktopid.dom3\Application Data\ICAClient -> [2008/05/21 12:43:14 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/05/16 13:55:49 | 00,000,000 | --SD | M] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/15 12:49:27 | 00,000,006 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. scan completed successfully hidden files: 25 < End of report > [/code]