Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Got Problems


  • Please log in to reply
9 replies to this topic

#1 gmaness

gmaness

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 17 February 2008 - 08:39 AM

To make a long story short, my winzip expired and I took a product code from online, screwed up and got infected once I opened winzip. Have gone through all the steps to get to this point of posting a hijack this log. Hope I can get some help (in this 30 hour process. I get constant fake security pop ups and the system is slow, plus uncensored porn and DM galleries icons on my desktp which even when moved to recycle and deleted come back up on desktop.Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:51 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\sysrest32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news-record.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [dmkjc.exe] C:\WINDOWS\system32\dmkjc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvzoc.dll,startup
O4 - HKLM\..\Run: [InfeStop] C:\Program Files\InfeStop\InfeStopRemover.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvjan.dll,startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.co.rockingham.nc.us/mochahtml/matn5250.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...231/mcfscan.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O21 - SSODL: UnknownSetup - {cfed8964-7419-4e27-9926-445c115cd683} - C:\WINDOWS\Installer\{cfed8964-7419-4e27-9926-445c115cd683}\UnknownSetup.dll
O21 - SSODL: zip - {f548d62f-608b-4f6d-8b6f-21288d98cbc0} - C:\WINDOWS\Installer\{f548d62f-608b-4f6d-8b6f-21288d98cbc0}\zip.dll
O21 - SSODL: ChkChk - {fa4d00f9-443f-43a8-9018-6d1734400aa1} - C:\WINDOWS\Installer\{fa4d00f9-443f-43a8-9018-6d1734400aa1}\ChkChk.dll
O21 - SSODL: AlrtAvp - {284929b2-47d7-436f-aa38-8c951b936a63} - C:\WINDOWS\Installer\{284929b2-47d7-436f-aa38-8c951b936a63}\AlrtAvp.dll
O21 - SSODL: ComponentRom - {ab8cd888-7bc9-4a8d-b316-d7bbc60d5bcb} - C:\WINDOWS\Installer\{ab8cd888-7bc9-4a8d-b316-d7bbc60d5bcb}\ComponentRom.dll
O21 - SSODL: ServiceUnknown - {acd98893-0682-4f26-8157-6d1dc12a9b48} - C:\WINDOWS\Installer\{acd98893-0682-4f26-8157-6d1dc12a9b48}\ServiceUnknown.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14101 bytes

BC AdBot (Login to Remove)

 


m

#2 gmaness

gmaness
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 17 February 2008 - 02:23 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:42 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\sysrest32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news-record.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [dmkjc.exe] C:\WINDOWS\system32\dmkjc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvzoc.dll,startup
O4 - HKLM\..\Run: [InfeStop] C:\Program Files\InfeStop\InfeStopRemover.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvjan.dll,startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - http://www.co.rockingham.nc.us/mochahtml/matn5250.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...231/mcfscan.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O21 - SSODL: UnknownSetup - {cfed8964-7419-4e27-9926-445c115cd683} - C:\WINDOWS\Installer\{cfed8964-7419-4e27-9926-445c115cd683}\UnknownSetup.dll
O21 - SSODL: zip - {f548d62f-608b-4f6d-8b6f-21288d98cbc0} - C:\WINDOWS\Installer\{f548d62f-608b-4f6d-8b6f-21288d98cbc0}\zip.dll
O21 - SSODL: ChkChk - {fa4d00f9-443f-43a8-9018-6d1734400aa1} - C:\WINDOWS\Installer\{fa4d00f9-443f-43a8-9018-6d1734400aa1}\ChkChk.dll
O21 - SSODL: AlrtAvp - {284929b2-47d7-436f-aa38-8c951b936a63} - C:\WINDOWS\Installer\{284929b2-47d7-436f-aa38-8c951b936a63}\AlrtAvp.dll
O21 - SSODL: ComponentRom - {ab8cd888-7bc9-4a8d-b316-d7bbc60d5bcb} - C:\WINDOWS\Installer\{ab8cd888-7bc9-4a8d-b316-d7bbc60d5bcb}\ComponentRom.dll
O21 - SSODL: ServiceUnknown - {acd98893-0682-4f26-8157-6d1dc12a9b48} - C:\WINDOWS\Installer\{acd98893-0682-4f26-8157-6d1dc12a9b48}\ServiceUnknown.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14035 bytes

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:52 AM

Posted 23 February 2008 - 04:53 PM

Hello gmaness and welcome to the BC HijackThis forum. It looks like there is alot of fun things in there. Let's see what else we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 gmaness

gmaness
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 23 February 2008 - 05:23 PM

WinPFind35 logfile created on: 2/23/2008 5:14:44 PM

WinPFind35U Version 1.0.0.1	 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind35u

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

894.48 Mb Total Physical Memory | 305.84 Mb Available Physical Memory | 34.19% Memory free

2.12 Gb Paging File | 1.14 Gb Available in Paging File | 53.93% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 224.87 Gb Total Space | 198.37 Gb Free Space | 88.22% Space Free | Partition Type: NTFS

Drive D: | 8.00 Gb Total Space | 1.39 Gb Free Space | 17.39% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: GARY

Current User Name: HP_Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 4:49:06 PM | Attr =	]

smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 4:49:06 PM | Attr =	]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 12:42:14 PM | Attr =	]

lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 12:41:24 PM | Attr =	]

lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.27.1 | Size = 53248 bytes | Modified Date = 5/8/2005 10:04:06 PM | Attr =	]

hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 2:14:36 PM | Attr =	]

sfctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 693512 bytes | Modified Date = 1/21/2008 12:16:34 PM | Attr =	]

viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]

tmbmsrv.exe -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr =	]

ufseagnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 1393928 bytes | Modified Date = 1/21/2008 12:16:36 PM | Attr =	]

atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/17/2005 11:05:00 PM | Attr =	]

lsburnwatcher.exe -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 8:54:32 AM | Attr =	]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 1:03:52 PM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr =	]

lxczbmgr.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/13/2006 12:22:50 AM | Attr =	]

hphmon06.exe -> %SystemRoot%\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 6:42:30 AM | Attr =	]

lxczbmon.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 7/13/2006 12:33:14 AM | Attr =	]

qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 2:57:48 PM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr =	]

desktopweather.exe -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 3/16/2007 6:51:26 AM | Attr =	]

mssysmgr.exe -> %ProgramFiles%\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.5.0.0 | Size = 237568 bytes | Modified Date = 4/20/2006 1:35:00 AM | Attr =	]

easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]

updates from hp.exe -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]

viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr =	]

tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.1.0.1004 | Size = 480520 bytes | Modified Date = 12/16/2007 6:26:38 PM | Attr =	]

tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.0.0.1138 | Size = 648456 bytes | Modified Date = 9/18/2007 12:30:00 AM | Attr =	]

kbd.exe -> %SystemDrive%\hp\KBD\KBD.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 10:44:24 AM | Attr =	]

alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 8:47:52 AM | Attr =	]

agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 AM | Attr =	]

hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 4:04:38 AM | Attr =	]

realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 5/26/2005 5:27:49 AM | Attr =	]

winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 4:49:06 PM | Attr =	]

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]

(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr =	]

(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 12:42:14 PM | Attr =	]

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.27.1 | Size = 53248 bytes | Modified Date = 5/8/2005 10:04:06 PM | Attr =	]

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 2:14:36 PM | Attr =	]

(SfCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 693512 bytes | Modified Date = 1/21/2008 12:16:34 PM | Attr =	]

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]

(TMBMServer) Trend Micro Unauthorized Change Prevention Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr =	]

(TmPfw) Trend Micro Personal Firewall [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.1.0.1004 | Size = 480520 bytes | Modified Date = 12/16/2007 6:26:38 PM | Attr =	]

(tmproxy) Trend Micro Proxy Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.0.0.1138 | Size = 648456 bytes | Modified Date = 9/18/2007 12:30:00 AM | Attr =	]

(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 6/29/2004 5:07:18 AM | Attr =	]

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/1/2004 5:24:02 AM | Attr =	]

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 9:53:00 AM | Attr =	]

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6525 | Size = 1032192 bytes | Modified Date = 3/14/2005 4:54:04 PM | Attr =	]

(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -> File not found

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(fasttx2k) fasttx2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Fasttx2k.sys -> Promise Technology, Inc. [Ver =  1.00.0030.11 | Size = 142336 bytes | Modified Date = 12/2/2003 1:23:20 PM | Attr =	]

(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 12/14/2004 11:07:44 AM | Attr = R  ]

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 12/14/2004 11:07:44 AM | Attr = R  ]

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 12/14/2004 11:07:44 AM | Attr = R  ]

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(intelppm) Intel Processor Driver [Kernel | System | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.05 | Size = 8224 bytes | Modified Date = 6/21/2002 5:42:50 PM | Attr =	]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(ntload) ntload v0.1 [Kernel | On_Demand | Stopped] ->  -> File not found

(PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PcdrNdisuio.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 12416 bytes | Modified Date = 1/19/2005 12:21:56 PM | Attr =	]

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 14112 bytes | Modified Date = 6/4/2001 1:00:00 AM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/29/2007 2:00:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.618.1015.2004 built by: WinDDK | Size = 71168 bytes | Modified Date = 10/15/2004 9:52:48 AM | Attr =	]

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 4:31:34 PM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(sysrest.sys) sysrest.sys [Kernel | On_Demand | Stopped] ->  -> File not found

(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]

(tmactmon) tmactmon [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]

(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 5.0.0.1131 | Size = 333328 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]

(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]

(tmevtmgr) tmevtmgr [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]

(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 36112 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]

(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> trend_company_name [Ver = trend_file_version built by: WinDDK | Size = 65936 bytes | Modified Date = 9/18/2007 12:29:54 AM | Attr =	]

(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 203024 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]

(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]

(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]

(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]

(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]

(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/17/2005 11:05:00 PM | Attr =	]

AutoTBar -> %ProgramFiles%\HP\Digital Imaging\bin\AUTOTBAR.EXE -> File not found

dmkjc.exe -> %SystemRoot%\system32\dmkjc.exe -> File not found

HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe -> Hewlett-Packard Company [Ver = 2, 0, 5, 0 | Size = 245760 bytes | Modified Date = 2/25/2005 5:34:02 PM | Attr =	]

HPHmon06 -> %SystemRoot%\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 6:42:30 AM | Attr =	]

InfeStop -> %ProgramFiles%\InfeStop\InfeStopRemover.exe -> File not found

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr =	]

KernelFaultCheck ->  -> File not found

Lexmark 1200 Series -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/13/2006 12:22:50 AM | Attr =	]

LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 8:54:32 AM | Attr =	]

MSDisp32 -> %SystemRoot%\system32\drvjan.dll ->  [Ver =  | Size = 17408 bytes | Modified Date = 2/17/2008 2:10:16 AM | Attr =	]

MSDrive -> %SystemRoot%\system32\drvzoc.DLL -> File not found

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 2:57:48 PM | Attr =	]

regcmdcons -> %SystemDrive%\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd -> File not found

SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 1:03:52 PM | Attr =	]

sysrest32.exe -> %SystemRoot%\system32\sysrest32.exe -> File not found

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 5/26/2005 5:27:49 AM | Attr =	]

TrojanScanner -> %ProgramFiles%\Trojan Remover\Trjscan.exe -> Simply Super Software [Ver = 6.6.5.1245 | Size = 744528 bytes | Modified Date = 2/9/2008 2:05:00 PM | Attr =	]

UfSeAgnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 1393928 bytes | Modified Date = 1/21/2008 12:16:36 PM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

DW4 -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 3/16/2007 6:51:26 AM | Attr =	]

msiconf.exe -> %SystemRoot%\system32\msiconf.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 2/16/2008 9:34:42 AM | Attr =	]

updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R  ]

Walgreens PhotoShow Media Manager -> %ProgramFiles%\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.5.0.0 | Size = 237568 bytes | Modified Date = 4/20/2006 1:35:00 AM | Attr =	]

XP Antivirus -> %ProgramFiles%\XP Antivirus\xpa.exe -> File not found

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]

%AllUsersProfile%\Start Menu\Programs\Startup\Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]

< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 

< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 

{182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll [] ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:20:50 AM | Attr =	]

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 61440 bytes | Modified Date = 3/14/2005 4:49:58 PM | Attr =	]

iifgefe -> %SystemRoot%\system32\iifgefe.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:20:50 AM | Attr =	]

winzjc32 -> %SystemRoot%\system32\winzjc32.dll ->  [Ver =  | Size = 26624 bytes | Modified Date = 2/15/2008 8:21:14 AM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> 

< HOSTS File > (3695 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop -> 

HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.news-record.com/ -> 

HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr =	]

{182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:20:50 AM | Attr =	]

{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]

{CE6000C4-B68B-4BA3-AC78-47776B89D683} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\compatU.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 106240 bytes | Modified Date = 2/23/2008 1:09:50 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 7, 14, 1 | Size = 342600 bytes | Modified Date = 7/19/2005 12:49:10 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 7, 14, 1 | Size = 342600 bytes | Modified Date = 7/19/2005 12:49:10 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]

{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found

{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found

{94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2007, 3, 6, 1 | Size = 3601992 bytes | Modified Date = 3/6/2007 12:57:40 PM | Attr =	]

{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]

{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Connection Help] -> File not found

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\MenuText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Script [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ToolTip [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found

CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] ->  [Connection Help] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 9:07:16 AM | Attr =	]

Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 9:07:16 AM | Attr =	]

Lookup on Merriam Webster ->  -> File not found

Lookup on Wikipedia ->  -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{9843D587-937D-4BA2-BBAC-F07AAE01CD7C} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 

{9A897C07-266F-42A9-AF07-6D21C176E893} ->	(1394 Net Adapter) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/director/cabs/sw.cab[Shockwave ActiveX Control] -> 

{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 

{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] -> 

{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{A6A216EB-4F7C-11D5-8438-0000B456BA3D}[HKEY_LOCAL_MACHINE] -> http://www.co.rockingham.nc.us/mochahtml/matn5250.cab[Matn5250 Control] -> 

{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX Control] -> 

{BCBC9371-595D-11D4-A96D-00105A1CEF6C}[HKEY_LOCAL_MACHINE] -> http://onlinedesigner.hgtv.com/images/app/view22rte.cab[View22RTE Class] -> 

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 

{CB50428B-657F-47DF-9B32-671F82AA73F7}[HKEY_LOCAL_MACHINE] -> http://www.photodex.com/pxplay.cab[Photodex Presenter AX control] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5231/mcfscan.cab[McFreeScan Class] -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\DisableMonitoring -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 900 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12036 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe -> iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe:*:Enabled:AOL Services] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\printer.exe -> C:\Documents and Settings\HP_Administrator\Application Data\printer.exe [C:\Documents and Settings\HP_Administrator\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe -> C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe [C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion] -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 14144000 bytes | Modified Date = 2/23/2006 3:31:58 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe:*:Enabled:AOL Services] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] ->  [Ver =  | Size = 159744 bytes | Modified Date = 8/22/2006 10:45:55 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:38 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/27/2006 3:16:48 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win969.exe -> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win969.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win969.exe:*:Enabled:win969] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 6:01:25 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1D.exe -> C:\WINDOWS\TEMP\win1D.exe [C:\WINDOWS\TEMP\win1D.exe:*:Enabled:win1D] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\printer.exe -> C:\Documents and Settings\HP_Administrator\Application Data\printer.exe [C:\Documents and Settings\HP_Administrator\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe -> C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe [C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1F.exe -> C:\WINDOWS\TEMP\win1F.exe [C:\WINDOWS\TEMP\win1F.exe:*:Enabled:win1F] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt17.tmp -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt17.tmp [C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt17.tmp:*:Enabled:enable] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win2C.exe -> C:\WINDOWS\TEMP\win2C.exe [C:\WINDOWS\TEMP\win2C.exe:*:Enabled:win2C] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win97.exe -> C:\WINDOWS\TEMP\win97.exe [C:\WINDOWS\TEMP\win97.exe:*:Enabled:win97] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win8E.exe -> C:\WINDOWS\TEMP\win8E.exe [C:\WINDOWS\TEMP\win8E.exe:*:Enabled:win8E] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sysrest32.exe -> C:\WINDOWS\system32\sysrest32.exe [C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

AuResult.ini -> %SystemDrive%\AuResult.ini ->  [Ver =  | Size = 11 bytes | Modified Date = 2/15/2008 8:35:36 PM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 2/22/2008 12:48:16 PM | Attr =  HS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2/19/2008 9:38:38 AM | Attr =	]

big5.nls -> %SystemRoot%\System32\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

prc.nls -> %SystemRoot%\System32\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]

tmactmon.sys -> %SystemRoot%\System32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]

tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]

tmevtmgr.sys -> %SystemRoot%\System32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]

wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]

wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]

wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]

wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]

wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]

a15.tbl -> %SystemRoot%\System32\a15.tbl ->  [Ver =  | Size = 1460 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

a234.tbl -> %SystemRoot%\System32\a234.tbl ->  [Ver =  | Size = 44370 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

acode.tbl -> %SystemRoot%\System32\acode.tbl ->  [Ver =  | Size = 44370 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

aexkrrxx.dll -> %SystemRoot%\System32\aexkrrxx.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/17/2008 10:55:03 AM | Attr =	]

arphr.tbl -> %SystemRoot%\System32\arphr.tbl ->  [Ver =  | Size = 110566 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

arptr.tbl -> %SystemRoot%\System32\arptr.tbl ->  [Ver =  | Size = 16312 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

array30.tab -> %SystemRoot%\System32\array30.tab ->  [Ver =  | Size = 146126 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

arrayhw.tab -> %SystemRoot%\System32\arrayhw.tab ->  [Ver =  | Size = 18600 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

atcnedkb.bmp -> %SystemRoot%\System32\atcnedkb.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 9:32:49 AM | Attr =	]

bcbeg.ini.vir -> %SystemRoot%\System32\bcbeg.ini.vir ->  [Ver =  | Size = 233234 bytes | Modified Date = 2/19/2008 12:33:09 AM | Attr =	]

bcbeg.ini2.vir -> %SystemRoot%\System32\bcbeg.ini2.vir ->  [Ver =  | Size = 239408 bytes | Modified Date = 2/19/2008 11:04:12 AM | Attr =  HS]

big5.nls -> %SystemRoot%\System32\big5.nls ->  [Ver =  | Size = 66728 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

bopomofo.nls -> %SystemRoot%\System32\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

byscybta.dll -> %SystemRoot%\System32\byscybta.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/18/2008 6:10:03 AM | Attr =	]

byxxwut.dll -> %SystemRoot%\System32\byxxwut.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 11:30:35 AM | Attr =	]

compatU.1~ -> %SystemRoot%\System32\compatU.1~ ->  [Ver =  | Size = 84992 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

compatU.dll -> %SystemRoot%\System32\compatU.dll ->  [Ver =  | Size = 106240 bytes | Modified Date = 2/23/2008 1:09:50 PM | Attr =	]

c_10001.nls -> %SystemRoot%\System32\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10002.nls -> %SystemRoot%\System32\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10003.nls -> %SystemRoot%\System32\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_10008.nls -> %SystemRoot%\System32\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_1361.nls -> %SystemRoot%\System32\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20000.nls -> %SystemRoot%\System32\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20290.nls -> %SystemRoot%\System32\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20932.nls -> %SystemRoot%\System32\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20936.nls -> %SystemRoot%\System32\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_20949.nls -> %SystemRoot%\System32\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

c_21027.nls -> %SystemRoot%\System32\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

dayiphr.tbl -> %SystemRoot%\System32\dayiphr.tbl ->  [Ver =  | Size = 520 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

dayiptr.tbl -> %SystemRoot%\System32\dayiptr.tbl ->  [Ver =  | Size = 700 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

ddcaxxx.dll -> %SystemRoot%\System32\ddcaxxx.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:21:18 AM | Attr =	]

dgjet.bmp -> %SystemRoot%\System32\dgjet.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 7:14:25 AM | Attr =	]

drvjan.dll -> %SystemRoot%\System32\drvjan.dll ->  [Ver =  | Size = 17408 bytes | Modified Date = 2/17/2008 2:10:16 AM | Attr =	]

epgjqhsn.bmp -> %SystemRoot%\System32\epgjqhsn.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 7:32:50 AM | Attr =	]

epobmhof.bmp -> %SystemRoot%\System32\epobmhof.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 1:37:22 PM | Attr =	]

eponmhgrmtsn.bmp -> %SystemRoot%\System32\eponmhgrmtsn.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 4:07:04 PM | Attr =	]

gebcb.dll.vir -> %SystemRoot%\System32\gebcb.dll.vir ->  [Ver =  | Size = 321024 bytes | Modified Date = 2/15/2008 8:25:57 AM | Attr =	]

gufafcoe.dll -> %SystemRoot%\System32\gufafcoe.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/15/2008 11:26:31 PM | Attr =	]

gwefknog.dll -> %SystemRoot%\System32\gwefknog.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/19/2008 12:29:44 AM | Attr =	]

hrimfndw.dll -> %SystemRoot%\System32\hrimfndw.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/19/2008 12:30:07 AM | Attr =	]

iifffgd.dll -> %SystemRoot%\System32\iifffgd.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/17/2008 2:09:35 AM | Attr =	]

iifgefe.dll -> %SystemRoot%\System32\iifgefe.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:20:50 AM | Attr =	]

iifgefe.dll.vir -> %SystemRoot%\System32\iifgefe.dll.vir ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/19/2008 10:58:52 AM | Attr =	]

ilgjalcnilkb.bmp -> %SystemRoot%\System32\ilgjalcnilkb.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 8:05:09 PM | Attr =	]

jeudbwjr.dll -> %SystemRoot%\System32\jeudbwjr.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/18/2008 6:15:11 AM | Attr =	]

jrhyikyq.dll -> %SystemRoot%\System32\jrhyikyq.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/15/2008 11:23:27 PM | Attr =	]

korwbrkr.lex -> %SystemRoot%\System32\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

ksc.nls -> %SystemRoot%\System32\ksc.nls ->  [Ver =  | Size = 47066 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

lcphrase.tbl -> %SystemRoot%\System32\lcphrase.tbl ->  [Ver =  | Size = 211938 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

lcptr.tbl -> %SystemRoot%\System32\lcptr.tbl ->  [Ver =  | Size = 24114 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

ldupuknk.dll -> %SystemRoot%\System32\ldupuknk.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/18/2008 6:12:11 AM | Attr =	]

lhktimtu.dll -> %SystemRoot%\System32\lhktimtu.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/19/2008 12:31:50 AM | Attr =	]

lmsblsom.dll -> %SystemRoot%\System32\lmsblsom.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/17/2008 2:23:16 AM | Attr =	]

mpgbmd.bmp -> %SystemRoot%\System32\mpgbmd.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 3:27:38 AM | Attr =	]

msdayi.tbl -> %SystemRoot%\System32\msdayi.tbl ->  [Ver =  | Size = 116285 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

msiconf.exe -> %SystemRoot%\System32\msiconf.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 2/16/2008 9:34:42 AM | Attr =	]

mwspkdgc.dll -> %SystemRoot%\System32\mwspkdgc.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/17/2008 10:55:07 AM | Attr =	]

noise.jpn -> %SystemRoot%\System32\noise.jpn ->  [Ver =  | Size = 2060 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

noise.kor -> %SystemRoot%\System32\noise.kor ->  [Ver =  | Size = 1486 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

ojidcjihcfql.bmp -> %SystemRoot%\System32\ojidcjihcfql.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 11:28:53 AM | Attr =	]

phon.tbl -> %SystemRoot%\System32\phon.tbl ->  [Ver =  | Size = 4071 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

phoncode.tbl -> %SystemRoot%\System32\phoncode.tbl ->  [Ver =  | Size = 43242 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

phonptr.tbl -> %SystemRoot%\System32\phonptr.tbl ->  [Ver =  | Size = 2714 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

PINTLPAD.HLP -> %SystemRoot%\System32\PINTLPAD.HLP ->  [Ver =  | Size = 14821 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

PINTLPAE.HLP -> %SystemRoot%\System32\PINTLPAE.HLP ->  [Ver =  | Size = 16254 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

pmnnlmn.dll -> %SystemRoot%\System32\pmnnlmn.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 3:29:37 AM | Attr =	]

prc.nls -> %SystemRoot%\System32\prc.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

prcp.nls -> %SystemRoot%\System32\prcp.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

rbejfemi.dll -> %SystemRoot%\System32\rbejfemi.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/15/2008 11:29:28 PM | Attr =	]

sarehjsp.dll -> %SystemRoot%\System32\sarehjsp.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/17/2008 2:23:08 AM | Attr =	]

sex1.ico -> %SystemRoot%\System32\sex1.ico ->  [Ver =  | Size = 3262 bytes | Modified Date = 2/16/2008 3:27:45 AM | Attr =	]

sex2.ico -> %SystemRoot%\System32\sex2.ico ->  [Ver =  | Size = 3262 bytes | Modified Date = 2/16/2008 3:28:25 AM | Attr =	]

snitkfed.bmp -> %SystemRoot%\System32\snitkfed.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 9:41:24 AM | Attr =	]

ssqqrop.dll -> %SystemRoot%\System32\ssqqrop.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:21:05 AM | Attr =	]

SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Modified Date = 10/15/2004 6:32:10 PM | Attr =	]

tgmpxevd.dll -> %SystemRoot%\System32\tgmpxevd.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/17/2008 6:22:01 AM | Attr =	]

tgnmdcfedonmd.bmp -> %SystemRoot%\System32\tgnmdcfedonmd.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 3:37:20 AM | Attr =	]

ujrkerew.dll -> %SystemRoot%\System32\ujrkerew.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/17/2008 6:20:00 AM | Attr =	]

unacev2.dll -> %SystemRoot%\System32\unacev2.dll ->  [Ver =  | Size = 75264 bytes | Modified Date = 3/6/2002 | Attr =	]

UNRAR3.dll -> %SystemRoot%\System32\UNRAR3.dll ->  [Ver =  | Size = 153088 bytes | Modified Date = 2/2/2003 7:06:02 PM | Attr =	]

vtuuvts.dll -> %SystemRoot%\System32\vtuuvts.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 2:38:28 AM | Attr =	]

whxfblqv.dll -> %SystemRoot%\System32\whxfblqv.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/17/2008 6:19:56 AM | Attr =	]

WINPY.MB -> %SystemRoot%\System32\WINPY.MB ->  [Ver =  | Size = 1783864 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

WINSP.MB -> %SystemRoot%\System32\WINSP.MB ->  [Ver =  | Size = 1564868 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

winzjc32.dll -> %SystemRoot%\System32\winzjc32.dll ->  [Ver =  | Size = 26624 bytes | Modified Date = 2/15/2008 8:21:14 AM | Attr =	]

WINZM.MB -> %SystemRoot%\System32\WINZM.MB ->  [Ver =  | Size = 1223500 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

wvustro.dll -> %SystemRoot%\System32\wvustro.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 8:07:05 PM | Attr =	]

xjis.nls -> %SystemRoot%\System32\xjis.nls ->  [Ver =  | Size = 28288 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]

ztvunace26.dll -> %SystemRoot%\System32\ztvunace26.dll ->  [Ver =  | Size = 77312 bytes | Modified Date = 8/26/2005 12:50:00 AM | Attr =	]

ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll ->  [Ver =  | Size = 162304 bytes | Modified Date = 5/25/2006 2:52:46 PM | Attr =	]

DCEBoot.exe -> %SystemRoot%\DCEBoot.exe ->  [Ver =  | Size = 10752 bytes | Modified Date = 2/16/2008 10:42:13 PM | Attr =	]

McAfee.com -> %SystemRoot%\McAfee.com ->  [Folder | Created Date = 2/15/2008 6:29:09 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2/16/2008 1:36:04 PM | Attr =	]

PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 2/15/2008 8:22:09 PM | Attr =  H ]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 529 bytes | Modified Date = 2/16/2008 7:26:01 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/16/2008 10:01:19 AM | Attr =	]

Simply Super Software -> %AllUsersProfile%\Application Data\Simply Super Software ->  [Folder | Created Date = 2/16/2008 8:06:46 AM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/16/2008 4:27:34 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/16/2008 8:07:34 AM | Attr =	]

@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9

Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Created Date = 2/15/2008 9:03:45 PM | Attr =	]

Anti-Virus-Pro.com -> %AppData%\Anti-Virus-Pro.com ->  [Folder | Created Date = 2/16/2008 3:29:13 AM | Attr =	]

EasySpywareCleaner.com -> %AppData%\EasySpywareCleaner.com ->  [Folder | Created Date = 2/16/2008 3:29:13 AM | Attr =	]

InfeStop.com -> %AppData%\InfeStop.com ->  [Folder | Created Date = 2/16/2008 7:35:55 AM | Attr =	]

Simply Super Software -> %AppData%\Simply Super Software ->  [Folder | Created Date = 2/16/2008 8:06:46 AM | Attr =	]

spy-rid.com -> %AppData%\spy-rid.com ->  [Folder | Created Date = 2/16/2008 3:41:20 AM | Attr =	]

WinRAR -> %AppData%\WinRAR ->  [Folder | Created Date = 2/15/2008 8:19:20 AM | Attr =	]

index.dat -> %UserProfile%\Local Settings\Application Data\index.dat ->  [Ver =  | Size = 116 bytes | Modified Date = 2/16/2008 9:56:31 AM | Attr =  H ]

2008 Grow Out List.wps -> %UserProfile%\My Documents\2008 Grow Out List.wps ->  [Ver =  | Size = 25088 bytes | Modified Date = 2/22/2008 3:17:39 PM | Attr =	]

aaw2007.exe -> %UserProfile%\My Documents\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/16/2008 9:59:28 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\aaw2007.exe:Zone.Identifier

CGN Tomato Passport.xls -> %UserProfile%\My Documents\CGN Tomato Passport.xls ->  [Ver =  | Size = 542208 bytes | Modified Date = 2/7/2008 12:55:20 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CGN Tomato Passport.xls:Zone.Identifier

chris's seeds 2-15-0-08.wps -> %UserProfile%\My Documents\chris's seeds 2-15-0-08.wps ->  [Ver =  | Size = 9728 bytes | Modified Date = 2/15/2008 10:41:23 AM | Attr =	]

Cnr37Passport.zip -> %UserProfile%\My Documents\Cnr37Passport.zip ->  [Ver =  | Size = 140332 bytes | Modified Date = 2/21/2008 10:16:23 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Cnr37Passport.zip:Zone.Identifier

Eggplant Collection List.xlsx -> %UserProfile%\My Documents\Eggplant Collection List.xlsx ->  [Ver =  | Size = 13144 bytes | Modified Date = 2/13/2008 7:33:14 PM | Attr =	]

Evelope BIG Labels.wps -> %UserProfile%\My Documents\Evelope BIG Labels.wps ->  [Ver =  | Size = 8704 bytes | Modified Date = 2/15/2008 6:07:03 AM | Attr =	]

HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/16/2008 8:21:40 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HJTInstall.exe:Zone.Identifier

Pepper Collection List.xlsx -> %UserProfile%\My Documents\Pepper Collection List.xlsx ->  [Ver =  | Size = 18198 bytes | Modified Date = 2/22/2008 3:10:02 PM | Attr =	]

Peppers @ CGN Cnr38Passport.zip -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip ->  [Ver =  | Size = 115650 bytes | Modified Date = 1/26/2008 2:55:51 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip:Zone.Identifier

Peppers from Chris.wps -> %UserProfile%\My Documents\Peppers from Chris.wps ->  [Ver =  | Size = 39936 bytes | Modified Date = 1/26/2008 7:57:03 AM | Attr =	]

Rob's order.wps -> %UserProfile%\My Documents\Rob's order.wps ->  [Ver =  | Size = 10240 bytes | Modified Date = 2/21/2008 7:39:48 PM | Attr =	]

Simply Super Software -> %UserProfile%\My Documents\Simply Super Software ->  [Folder | Created Date = 2/16/2008 8:06:46 AM | Attr =	]

SMTA.pdf -> %UserProfile%\My Documents\SMTA.pdf ->  [Ver =  | Size = 633905 bytes | Modified Date = 1/28/2008 12:56:31 AM | Attr =	]

spf.msi -> %UserProfile%\My Documents\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 2/17/2008 8:04:28 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spf.msi:Zone.Identifier

spybotsd152.exe -> %UserProfile%\My Documents\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/16/2008 4:25:35 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spybotsd152.exe:Zone.Identifier

stinger.exe -> %UserProfile%\My Documents\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 2:29:00 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\stinger.exe:Zone.Identifier

stinger.opt -> %UserProfile%\My Documents\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 7:46:18 AM | Attr =	]

T.W. Wood and Sons 1911 1912 Corn Varieties.wps -> %UserProfile%\My Documents\T.W. Wood and Sons 1911 1912 Corn Varieties.wps ->  [Ver =  | Size = 15360 bytes | Modified Date = 2/11/2008 1:54:11 PM | Attr =	]

tatiana's seeds.doc -> %UserProfile%\My Documents\tatiana's seeds.doc ->  [Ver =  | Size = 304128 bytes | Modified Date = 1/28/2008 12:55:42 AM | Attr =	]

Tomatoes to add to collection list.wps -> %UserProfile%\My Documents\Tomatoes to add to collection list.wps ->  [Ver =  | Size = 9216 bytes | Modified Date = 2/23/2008 4:21:38 AM | Attr =	]

VundoFix.exe -> %UserProfile%\My Documents\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/19/2008 9:38:33 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\VundoFix.exe:Zone.Identifier

www.seeds-by-size.co.uk -> %UserProfile%\My Documents\www.seeds-by-size.co.uk ->  [Folder | Created Date = 2/11/2008 3:14:21 AM | Attr =	]

xx Liste de variétés.wps -> %UserProfile%\My Documents\xx Liste de variétés.wps ->  [Ver =  | Size = 78848 bytes | Modified Date = 1/25/2008 4:48:10 PM | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]

Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]

Trend Micro Internet Security.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security.lnk ->  [Ver =  | Size = 810 bytes | Modified Date = 2/15/2008 9:04:26 PM | Attr =	]

Trojan Remover.lnk -> %AllUsersProfile%\Desktop\Trojan Remover.lnk ->  [Ver =  | Size = 795 bytes | Modified Date = 2/16/2008 8:06:48 AM | Attr =	]

BDSM galleries.URL -> %UserProfile%\Desktop\BDSM galleries.URL ->  [Ver =  | Size = 111 bytes | Modified Date = 2/16/2008 3:28:25 AM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 2/16/2008 8:21:45 AM | Attr =	]

Spybot - Search & Destroy (for blind users).lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy (for blind users).lnk ->  [Ver =  | Size = 966 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 944 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]

Uncensored porn.URL -> %UserProfile%\Desktop\Uncensored porn.URL ->  [Ver =  | Size = 111 bytes | Modified Date = 2/16/2008 3:27:45 AM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/23/2008 5:12:32 PM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/23/2008 5:12:16 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/16/2008 9:59:34 AM | Attr =	]



[Files/Folders - Modified Within 30 days]

AuResult.ini -> %SystemDrive%\AuResult.ini ->  [Ver =  | Size = 11 bytes | Modified Date = 2/15/2008 8:35:36 PM | Attr =	]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/17/2008 8:05:31 AM | Attr =  H ]

Downloads -> %SystemDrive%\Downloads ->  [Folder | Modified Date = 2/16/2008 12:00:51 AM | Attr =	]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 2/22/2008 12:48:16 PM | Attr =  HS]

logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 257228 bytes | Modified Date = 2/22/2008 12:50:03 PM | Attr =	]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/19/2008 9:01:14 AM | Attr =	]

RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/19/2008 10:55:28 AM | Attr =  HS]

VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/19/2008 10:04:14 AM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/22/2008 12:48:41 PM | Attr =	]

etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/19/2008 12:02:02 PM | Attr =	]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 3695 bytes | Modified Date = 2/16/2008 10:47:10 AM | Attr =	]

aexkrrxx.dll -> %SystemRoot%\System32\aexkrrxx.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/17/2008 10:55:03 AM | Attr =	]

atcnedkb.bmp -> %SystemRoot%\System32\atcnedkb.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 9:32:49 AM | Attr =	]

bcbeg.ini.vir -> %SystemRoot%\System32\bcbeg.ini.vir ->  [Ver =  | Size = 233234 bytes | Modified Date = 2/19/2008 12:33:09 AM | Attr =	]

bcbeg.ini2.vir -> %SystemRoot%\System32\bcbeg.ini2.vir ->  [Ver =  | Size = 239408 bytes | Modified Date = 2/19/2008 11:04:12 AM | Attr =  HS]

byscybta.dll -> %SystemRoot%\System32\byscybta.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/18/2008 6:10:03 AM | Attr =	]

byxxwut.dll -> %SystemRoot%\System32\byxxwut.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 11:30:35 AM | Attr =	]

CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/16/2008 4:18:14 PM | Attr =	]

3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/22/2008 12:49:59 PM | Attr =	]

compatU.dll -> %SystemRoot%\System32\compatU.dll ->  [Ver =  | Size = 106240 bytes | Modified Date = 2/23/2008 1:09:50 PM | Attr =	]

config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2/19/2008 12:38:22 PM | Attr =	]

ddcaxxx.dll -> %SystemRoot%\System32\ddcaxxx.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:21:18 AM | Attr =	]

dgjet.bmp -> %SystemRoot%\System32\dgjet.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 7:14:25 AM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/17/2008 2:11:32 AM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/17/2008 8:05:47 AM | Attr =	]

drvjan.dll -> %SystemRoot%\System32\drvjan.dll ->  [Ver =  | Size = 17408 bytes | Modified Date = 2/17/2008 2:10:16 AM | Attr =	]

epgjqhsn.bmp -> %SystemRoot%\System32\epgjqhsn.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 7:32:50 AM | Attr =	]

epobmhof.bmp -> %SystemRoot%\System32\epobmhof.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 1:37:22 PM | Attr =	]

eponmhgrmtsn.bmp -> %SystemRoot%\System32\eponmhgrmtsn.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 4:07:04 PM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 316360 bytes | Modified Date = 2/16/2008 1:35:57 PM | Attr =	]

FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 2/23/2008 3:03:06 AM | Attr =	]

gebcb.dll.vir -> %SystemRoot%\System32\gebcb.dll.vir ->  [Ver =  | Size = 321024 bytes | Modified Date = 2/15/2008 8:25:57 AM | Attr =	]

gufafcoe.dll -> %SystemRoot%\System32\gufafcoe.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/15/2008 11:26:31 PM | Attr =	]

gwefknog.dll -> %SystemRoot%\System32\gwefknog.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/19/2008 12:29:44 AM | Attr =	]

hrimfndw.dll -> %SystemRoot%\System32\hrimfndw.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/19/2008 12:30:07 AM | Attr =	]

iifffgd.dll -> %SystemRoot%\System32\iifffgd.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/17/2008 2:09:35 AM | Attr =	]

iifgefe.dll -> %SystemRoot%\System32\iifgefe.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:20:50 AM | Attr =	]

iifgefe.dll.vir -> %SystemRoot%\System32\iifgefe.dll.vir ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/19/2008 10:58:52 AM | Attr =	]

ilgjalcnilkb.bmp -> %SystemRoot%\System32\ilgjalcnilkb.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 8:05:09 PM | Attr =	]

jeudbwjr.dll -> %SystemRoot%\System32\jeudbwjr.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/18/2008 6:15:11 AM | Attr =	]

jrhyikyq.dll -> %SystemRoot%\System32\jrhyikyq.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/15/2008 11:23:27 PM | Attr =	]

ldupuknk.dll -> %SystemRoot%\System32\ldupuknk.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/18/2008 6:12:11 AM | Attr =	]

lhktimtu.dll -> %SystemRoot%\System32\lhktimtu.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/19/2008 12:31:50 AM | Attr =	]

lmsblsom.dll -> %SystemRoot%\System32\lmsblsom.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/17/2008 2:23:16 AM | Attr =	]

mpgbmd.bmp -> %SystemRoot%\System32\mpgbmd.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 3:27:38 AM | Attr =	]

msiconf.exe -> %SystemRoot%\System32\msiconf.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 2/16/2008 9:34:42 AM | Attr =	]

mwspkdgc.dll -> %SystemRoot%\System32\mwspkdgc.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/17/2008 10:55:07 AM | Attr =	]

ojidcjihcfql.bmp -> %SystemRoot%\System32\ojidcjihcfql.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 11:28:53 AM | Attr =	]

pmnnlmn.dll -> %SystemRoot%\System32\pmnnlmn.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 3:29:37 AM | Attr =	]

rbejfemi.dll -> %SystemRoot%\System32\rbejfemi.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/15/2008 11:29:28 PM | Attr =	]

Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/19/2008 12:25:06 PM | Attr =	]

sarehjsp.dll -> %SystemRoot%\System32\sarehjsp.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/17/2008 2:23:08 AM | Attr =	]

sex1.ico -> %SystemRoot%\System32\sex1.ico ->  [Ver =  | Size = 3262 bytes | Modified Date = 2/16/2008 3:27:45 AM | Attr =	]

sex2.ico -> %SystemRoot%\System32\sex2.ico ->  [Ver =  | Size = 3262 bytes | Modified Date = 2/16/2008 3:28:25 AM | Attr =	]

snitkfed.bmp -> %SystemRoot%\System32\snitkfed.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 9:41:24 AM | Attr =	]

ssqqrop.dll -> %SystemRoot%\System32\ssqqrop.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/15/2008 8:21:05 AM | Attr =	]

tgmpxevd.dll -> %SystemRoot%\System32\tgmpxevd.dll ->  [Ver =  | Size = 6677 bytes | Modified Date = 2/17/2008 6:22:01 AM | Attr =	]

tgnmdcfedonmd.bmp -> %SystemRoot%\System32\tgnmdcfedonmd.bmp ->  [Ver =  | Size = 269334 bytes | Modified Date = 2/16/2008 3:37:20 AM | Attr =	]

ujrkerew.dll -> %SystemRoot%\System32\ujrkerew.dll ->  [Ver =  | Size = 6663 bytes | Modified Date = 2/17/2008 6:20:00 AM | Attr =	]

vtuuvts.dll -> %SystemRoot%\System32\vtuuvts.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 2:38:28 AM | Attr =	]

wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/19/2008 12:38:01 PM | Attr =	]

whxfblqv.dll -> %SystemRoot%\System32\whxfblqv.dll ->  [Ver =  | Size = 6661 bytes | Modified Date = 2/17/2008 6:19:56 AM | Attr =	]

winzjc32.dll -> %SystemRoot%\System32\winzjc32.dll ->  [Ver =  | Size = 26624 bytes | Modified Date = 2/15/2008 8:21:14 AM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 2/22/2008 12:49:00 PM | Attr =	]

wvustro.dll -> %SystemRoot%\System32\wvustro.dll ->  [Ver =  | Size = 39936 bytes | Modified Date = 2/16/2008 8:07:05 PM | Attr =	]

$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/16/2008 4:16:18 PM | Attr =  H ]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/22/2008 12:48:20 PM | Attr =   S]

cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 2837 bytes | Modified Date = 1/25/2008 7:04:26 PM | Attr =	]

DCEBoot.exe -> %SystemRoot%\DCEBoot.exe ->  [Ver =  | Size = 10752 bytes | Modified Date = 2/16/2008 10:42:13 PM | Attr =	]

dellstat.ini -> %SystemRoot%\dellstat.ini ->  [Ver =  | Size = 100 bytes | Modified Date = 1/25/2008 8:17:14 PM | Attr =	]

Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/22/2008 9:33:27 AM | Attr =   S]

Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/16/2008 1:23:15 PM | Attr =   S]

Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/16/2008 1:23:26 PM | Attr =	]

I386 -> %SystemRoot%\I386 ->  [Folder | Modified Date = 2/15/2008 1:56:37 PM | Attr =	]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/14/2008 3:01:19 AM | Attr =	]

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/19/2008 10:42:40 AM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/19/2008 12:34:55 PM | Attr =  HS]

lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 465 bytes | Modified Date = 2/22/2008 3:13:57 PM | Attr =	]

McAfee.com -> %SystemRoot%\McAfee.com ->  [Folder | Modified Date = 2/15/2008 6:29:09 PM | Attr =	]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/16/2008 1:36:04 PM | Attr =	]

network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2/19/2008 12:19:14 PM | Attr =	]

PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 2/15/2008 8:22:09 PM | Attr =  H ]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/23/2008 5:12:45 PM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/14/2008 9:29:30 AM | Attr =  H ]

Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/22/2008 12:48:42 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/23/2008 1:09:50 PM | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/15/2008 7:51:28 PM | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/23/2008 5:09:18 PM | Attr =	]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 638 bytes | Modified Date = 2/19/2008 10:42:07 AM | Attr =	]

wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 529 bytes | Modified Date = 2/16/2008 7:26:01 PM | Attr =	]

EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 458 bytes | Modified Date = 2/23/2008 4:54:01 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/22/2008 12:48:28 PM | Attr =  H ]

eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 1:04:04 PM | Attr =  H ]

eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 1:11:58 PM | Attr =  H ]

eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/22/2008 2:21:36 AM | Attr =  H ]

eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/22/2008 6:24:52 AM | Attr =  H ]

eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/22/2008 12:48:56 PM | Attr =  H ]

eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 6:14:37 AM | Attr =  H ]

eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 8:11:24 AM | Attr =  H ]

eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 8:12:24 AM | Attr =  H ]

eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 1:43:55 PM | Attr =  H ]

eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 1:44:46 PM | Attr =  H ]

eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 7:57:26 PM | Attr =  H ]

eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 7:58:11 PM | Attr =  H ]

eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 1:10:25 AM | Attr =  H ]

eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 4:42:20 AM | Attr =  H ]

eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 6:03:03 AM | Attr =  H ]

eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 6:03:51 AM | Attr =  H ]

eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 11:43:39 AM | Attr =  H ]

eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:02:35 PM | Attr =  H ]

eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:03:27 PM | Attr =  H ]

eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:40:58 PM | Attr =  H ]

eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:41:59 PM | Attr =  H ]

eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:51:47 PM | Attr =  H ]

eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:52:32 PM | Attr =  H ]

eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 5:31:49 AM | Attr =  H ]

eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:11:00 AM | Attr =  H ]

eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 8:55:40 AM | Attr =  H ]

eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 9:04:43 AM | Attr =  H ]

eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 9:05:35 AM | Attr =  H ]

eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:14:15 AM | Attr =  H ]

eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:15:02 AM | Attr =  H ]

eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:23:11 AM | Attr =  H ]

eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:23:59 AM | Attr =  H ]

eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 11:07:16 AM | Attr =  H ]

eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 11:10:05 AM | Attr =  H ]

eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 3:38:24 PM | Attr =  H ]

eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 11:24:00 AM | Attr =  H ]

eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:27:25 PM | Attr =  H ]

eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:30:24 PM | Attr =  H ]

eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:33:28 PM | Attr =  H ]

eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:36:28 PM | Attr =  H ]

eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:40:10 PM | Attr =  H ]

eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:41:21 PM | Attr =  H ]

eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:50:25 PM | Attr =  H ]

eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 8:03:04 PM | Attr =  H ]

eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 7:53:54 AM | Attr =  H ]

eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 2:39:17 PM | Attr =  H ]

eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 6:16:00 PM | Attr =  H ]

eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 8:26:36 PM | Attr =  H ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/17/2008 8:23:52 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/17/2008 8:23:52 AM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11160 bytes | Modified Date = 1/23/2008 5:15:17 PM | Attr =	]

opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/24/2008 9:33:59 AM | Attr =	]

CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 5/24/2007 2:15:35 PM | Attr =	]

wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/14/2005 8:41:24 AM | Attr =	]

wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 11/14/2005 10:54:29 AM | Attr =	]

red[1].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,5,6,0,20766,20469,14658,15336,518&iid=142083&bid=292214&dat=;ord=24399130 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CP6F416F\red[1].com ->  [Ver =  | Size = 648 bytes | Modified Date = 8/1/2006 8:00:10 PM | Attr =	]

red[1].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,5,6,0,20766,20469,14658,15336,518&iid=139164&bid=299451&dat=;ord=98557368 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\URA7M16V\red[1].com ->  [Ver =  | Size = 5068 bytes | Modified Date = 8/1/2006 8:04:47 PM | Attr =	]

red[1].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,0,0,0,0,0,0,0,0&iid=155505&bid=325806&dat=;ord=73274562 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5WDYRWD\red[1].com ->  [Ver =  | Size = 4684 bytes | Modified Date = 10/31/2006 11:11:16 AM | Attr =	]

ose00000.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 1/21/2008 11:29:28 AM | Attr = R  ]

The_Weather_Channel_Application.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\The_Weather_Channel_Application.exe ->  [Ver =  | Size = 234278 bytes | Modified Date = 4/19/2007 4:36:42 PM | Attr =	]

106 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 

Walgreens PhotoShow Express CD.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Walgreens PhotoShow Express CD.exe -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 79076 bytes | Modified Date = 5/12/2006 5:57:51 PM | Attr =	]

basic_clipart.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\basic_clipart.exe -> Igor Pavlov [Ver = 4, 23, 0, 0 | Size = 907815 bytes | Modified Date = 12/11/2007 6:05:49 PM | Attr =	]

photoshow_express_setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\photoshow_express_setup.exe -> Simple Star, Inc. [Ver = 4.5.1.55 | Size = 4308236 bytes | Modified Date = 7/24/2006 1:12:47 PM | Attr =	]

wpsd4-5_0055_LANG_ENGLISH.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\wpsd4-5_0055_LANG_ENGLISH.exe -> Igor Pavlov [Ver = 4, 23, 0, 0 | Size = 3785024 bytes | Modified Date = 12/11/2007 6:05:49 PM | Attr =	]

wpse4-5_intl_0055.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\wpse4-5_intl_0055.exe -> Igor Pavlov [Ver = 4, 23, 0, 0 | Size = 21572731 bytes | Modified Date = 12/11/2007 6:05:49 PM | Attr =	]

Walgreens PhotoShow Express CD.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\boot_strap\Walgreens PhotoShow Express CD.exe -> Simple Star, Inc. [Ver = 4.0.0.88 | Size = 139264 bytes | Modified Date = 10/11/2006 2:08:18 PM | Attr =	]

IadHide5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]

TmDbg32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TmDbg32.dll -> Trend Micro Inc. [Ver = 16.0.0.1412 | Size = 124168 bytes | Modified Date = 9/18/2007 12:29:54 AM | Attr =	]

unicows.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 8/2/2005 2:33:04 PM | Attr =	]

Xprt3.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Xprt3.dll -> America Online, Inc. [Ver = 3.7.2.2600 | Size = 172032 bytes | Modified Date = 8/2/2005 2:34:00 PM | Attr =	]

xprt4.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\xprt4.dll -> America Online, Inc. [Ver = 4.3.3.4334 | Size = 81920 bytes | Modified Date = 8/2/2005 2:34:17 PM | Attr =	]

xprt5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\xprt5.dll -> America Online, Inc. [Ver = 5.0.0.4426 | Size = 217088 bytes | Modified Date = 8/2/2005 2:33:04 PM | Attr =	]

106 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 

4fac762.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\4fac762.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 7:05:48 PM | Attr =	]

4fac771.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\4fac771.DLL ->  [Ver =  | Size = 16896 bytes | Modified Date = 3/30/1998 9:23:54 AM | Attr =	]

simple_jpeg.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\boot_strap\simple_jpeg.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 5/12/2006 6:45:11 PM | Attr =	]

Dirapi.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Xtras\Dirapi.dll -> Macromedia, Inc. [Ver = 8.5.1r104 | Size = 1097728 bytes | Modified Date = 7/18/2006 2:10:51 PM | Attr =	]

Iml32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Xtras\Iml32.dll -> Macromedia, Inc. [Ver = 8.5.1r104 | Size = 561152 bytes | Modified Date = 7/18/2006 2:10:51 PM | Attr =	]

Proj.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Xtras\Proj.dll -> Macromedia, Inc. [Ver = 9.0r371 | Size = 159744 bytes | Modified Date = 7/18/2006 2:10:51 PM | Attr =	]

index.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 6914048 bytes | Modified Date = 2/16/2008 1:35:02 PM | Attr =	]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CB3ZMGPH\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:16:24 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CP6F416F\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHUNC5Y7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MDOBUDQX\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OBNFASH5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\RU4V7LKL\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SBZN64PH\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\URA7M16V\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:16:24 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VZD3JD0W\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5WDYRWD\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\WHUFS96N\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\XG8BX9KT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y9BKT8FY\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]

desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\YIWO1RNR\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/16/2008 10:02:10 AM | Attr =	]

Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 1/25/2008 8:07:52 AM | Attr =	]

Simply Super Software -> %AllUsersProfile%\Application Data\Simply Super Software ->  [Folder | Modified Date = 2/16/2008 8:06:46 AM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/16/2008 6:37:04 PM | Attr =	]

Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2/15/2008 7:55:22 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/19/2008 1:13:46 PM | Attr =	]

@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9

Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Modified Date = 2/15/2008 9:04:18 PM | Attr =	]

WinZip -> %AllUsersProfile%\Application Data\WinZip ->  [Folder | Modified Date = 2/15/2008 8:28:56 AM | Attr =	]

Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 2/12/2008 9:01:18 AM | Attr =	]

Anti-Virus-Pro.com -> %AppData%\Anti-Virus-Pro.com ->  [Folder | Modified Date = 2/16/2008 3:29:13 AM | Attr =	]

EasySpywareCleaner.com -> %AppData%\EasySpywareCleaner.com ->  [Folder | Modified Date = 2/16/2008 3:29:13 AM | Attr =	]

InfeStop.com -> %AppData%\InfeStop.com ->  [Folder | Modified Date = 2/16/2008 7:35:55 AM | Attr =	]

Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 1/28/2008 8:25:17 PM | Attr =   S]

Simply Super Software -> %AppData%\Simply Super Software ->  [Folder | Modified Date = 2/16/2008 8:06:46 AM | Attr =	]

spy-rid.com -> %AppData%\spy-rid.com ->  [Folder | Modified Date = 2/16/2008 3:41:20 AM | Attr =	]

WinRAR -> %AppData%\WinRAR ->  [Folder | Modified Date = 2/15/2008 8:19:20 AM | Attr =	]

wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 20080 bytes | Modified Date = 2/23/2008 4:21:38 AM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 88144 bytes | Modified Date = 2/16/2008 2:56:47 AM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3744302 bytes | Modified Date = 2/18/2008 6:55:43 AM | Attr =  H ]

index.dat -> %UserProfile%\Local Settings\Application Data\index.dat ->  [Ver =  | Size = 116 bytes | Modified Date = 2/16/2008 9:56:31 AM | Attr =  H ]

2008 Grow Out List.wps -> %UserProfile%\My Documents\2008 Grow Out List.wps ->  [Ver =  | Size = 25088 bytes | Modified Date = 2/22/2008 3:17:39 PM | Attr =	]

aaw2007.exe -> %UserProfile%\My Documents\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/16/2008 9:59:28 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\aaw2007.exe:Zone.Identifier

CGN Pepper Passport.xls -> %UserProfile%\My Documents\CGN Pepper Passport.xls ->  [Ver =  | Size = 434176 bytes | Modified Date = 2/14/2008 5:07:20 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CGN Pepper Passport.xls:Zone.Identifier

CGN Tomato Passport.xls -> %UserProfile%\My Documents\CGN Tomato Passport.xls ->  [Ver =  | Size = 542208 bytes | Modified Date = 2/7/2008 12:55:20 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CGN Tomato Passport.xls:Zone.Identifier

chris's seeds 2-15-0-08.wps -> %UserProfile%\My Documents\chris's seeds 2-15-0-08.wps ->  [Ver =  | Size = 9728 bytes | Modified Date = 2/15/2008 10:41:23 AM | Attr =	]

Cnr37Passport.zip -> %UserProfile%\My Documents\Cnr37Passport.zip ->  [Ver =  | Size = 140332 bytes | Modified Date = 2/21/2008 10:16:23 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Cnr37Passport.zip:Zone.Identifier

Eggplant Collection List.xlsx -> %UserProfile%\My Documents\Eggplant Collection List.xlsx ->  [Ver =  | Size = 13144 bytes | Modified Date = 2/13/2008 7:33:14 PM | Attr =	]

Envelope.wps -> %UserProfile%\My Documents\Envelope.wps ->  [Ver =  | Size = 10752 bytes | Modified Date = 1/28/2008 9:02:07 AM | Attr =	]

Evelope BIG Labels.wps -> %UserProfile%\My Documents\Evelope BIG Labels.wps ->  [Ver =  | Size = 8704 bytes | Modified Date = 2/15/2008 6:07:03 AM | Attr =	]

Hastings and  T.W. Wood seeds.wps -> %UserProfile%\My Documents\Hastings and  T.W. Wood seeds.wps ->  [Ver =  | Size = 26112 bytes | Modified Date = 2/11/2008 5:49:58 AM | Attr =	]

HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/16/2008 8:21:40 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HJTInstall.exe:Zone.Identifier

My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/9/2008 7:29:17 AM | Attr = R  ]

Pepper Collection List.xlsx -> %UserProfile%\My Documents\Pepper Collection List.xlsx ->  [Ver =  | Size = 18198 bytes | Modified Date = 2/22/2008 3:10:02 PM | Attr =	]

Peppers @ CGN Cnr38Passport.zip -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip ->  [Ver =  | Size = 115650 bytes | Modified Date = 1/26/2008 2:55:51 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip:Zone.Identifier

Peppers from Chris.wps -> %UserProfile%\My Documents\Peppers from Chris.wps ->  [Ver =  | Size = 39936 bytes | Modified Date = 1/26/2008 7:57:03 AM | Attr =	]

Rob's order.wps -> %UserProfile%\My Documents\Rob's order.wps ->  [Ver =  | Size = 10240 bytes | Modified Date = 2/21/2008 7:39:48 PM | Attr =	]

Seed Inventory w Sources  TOMATO.wps -> %UserProfile%\My Documents\Seed Inventory w Sources  TOMATO.wps ->  [Ver =  | Size = 194048 bytes | Modified Date = 2/22/2008 3:37:43 AM | Attr =	]

Seed Inventory w Sources Eggplant.wps -> %UserProfile%\My Documents\Seed Inventory w Sources Eggplant.wps ->  [Ver =  | Size = 45056 bytes | Modified Date = 2/15/2008 10:40:23 AM | Attr =	]

Seed Inventory w Sources Pepper.wps -> %UserProfile%\My Documents\Seed Inventory w Sources Pepper.wps ->  [Ver =  | Size = 94208 bytes | Modified Date = 2/22/2008 3:18:01 PM | Attr =	]

Seed Inventory w Sources Vegetables.wps -> %UserProfile%\My Documents\Seed Inventory w Sources Vegetables.wps ->  [Ver =  | Size = 16896 bytes | Modified Date = 2/11/2008 5:49:52 AM | Attr =	]

Seed Labels.wps -> %UserProfile%\My Documents\Seed Labels.wps ->  [Ver =  | Size = 27136 bytes | Modified Date = 1/26/2008 9:06:04 PM | Attr =	]

Simply Super Software -> %UserProfile%\My Documents\Simply Super Software ->  [Folder | Modified Date = 2/16/2008 8:06:46 AM | Attr =	]

SMTA.pdf -> %UserProfile%\My Documents\SMTA.pdf ->  [Ver =  | Size = 633905 bytes | Modified Date = 1/28/2008 12:56:31 AM | Attr =	]

spf.msi -> %UserProfile%\My Documents\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 2/17/2008 8:04:28 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spf.msi:Zone.Identifier

spybotsd152.exe -> %UserProfile%\My Documents\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/16/2008 4:25:35 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spybotsd152.exe:Zone.Identifier

stinger.exe -> %UserProfile%\My Documents\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 2:29:00 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\stinger.exe:Zone.Identifier

stinger.opt -> %UserProfile%\My Documents\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 7:46:18 AM | Attr =	]

T.W. Wood and Sons 1911 1912 Corn Varieties.wps -> %UserProfile%\My Documents\T.W. Wood and Sons 1911 1912 Corn Varieties.wps ->  [Ver =  | Size = 15360 bytes | Modified Date = 2/11/2008 1:54:11 PM | Attr =	]

tatiana's seeds.doc -> %UserProfile%\My Documents\tatiana's seeds.doc ->  [Ver =  | Size = 304128 bytes | Modified Date = 1/28/2008 12:55:42 AM | Attr =	]

Tomato Collection List.xls -> %UserProfile%\My Documents\Tomato Collection List.xls ->  [Ver =  | Size = 171008 bytes | Modified Date = 2/23/2008 4:25:14 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Tomato Collection List.xls:Zone.Identifier

Tomatoes to add to collection list.wps -> %UserProfile%\My Documents\Tomatoes to add to collection list.wps ->  [Ver =  | Size = 9216 bytes | Modified Date = 2/23/2008 4:21:38 AM | Attr =	]

Unzipped -> %UserProfile%\My Documents\Unzipped ->  [Folder | Modified Date = 2/21/2008 10:15:40 AM | Attr =	]

VundoFix.exe -> %UserProfile%\My Documents\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/19/2008 9:38:33 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\VundoFix.exe:Zone.Identifier

www.seeds-by-size.co.uk -> %UserProfile%\My Documents\www.seeds-by-size.co.uk ->  [Folder | Modified Date = 2/11/2008 3:14:22 AM | Attr =	]

xx Liste de variétés.wps -> %UserProfile%\My Documents\xx Liste de variétés.wps ->  [Ver =  | Size = 78848 bytes | Modified Date = 1/25/2008 4:48:10 PM | Attr =	]

Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]

Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]

Trend Micro Internet Security.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security.lnk ->  [Ver =  | Size = 810 bytes | Modified Date = 2/15/2008 9:04:26 PM | Attr =	]

Trojan Remover.lnk -> %AllUsersProfile%\Desktop\Trojan Remover.lnk ->  [Ver =  | Size = 795 bytes | Modified Date = 2/16/2008 8:06:48 AM | Attr =	]

BDSM galleries.URL -> %UserProfile%\Desktop\BDSM galleries.URL ->  [Ver =  | Size = 111 bytes | Modified Date = 2/16/2008 3:28:25 AM | Attr =	]

HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 2/16/2008 8:21:45 AM | Attr =	]

Spybot - Search & Destroy (for blind users).lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy (for blind users).lnk ->  [Ver =  | Size = 966 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]

Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 944 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]

The Weather Channel Desktop.lnk -> %UserProfile%\Desktop\The Weather Channel Desktop.lnk ->  [Ver =  | Size = 979 bytes | Modified Date = 2/21/2008 7:00:41 PM | Attr =	]

Uncensored porn.URL -> %UserProfile%\Desktop\Uncensored porn.URL ->  [Ver =  | Size = 111 bytes | Modified Date = 2/16/2008 3:27:45 AM | Attr =	]

WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/23/2008 5:12:32 PM | Attr =	]

WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/23/2008 5:12:16 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier

Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2/15/2008 7:55:23 PM | Attr =	]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/16/2008 9:59:34 AM | Attr =	]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\AgMoon.scr:SummaryInformation 88 bytes

C:\WINDOWS\AgMoon.scr:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 12

< Document and Settings folder & sub folders >

scanning hidden files ...

C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 124 bytes

C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-11-03\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2007-11-22\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\New Album\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\Proximity\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\eHome\mcl_images\ehthumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Amy Hereford - Nonprofit Resources.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Archaeology - Office of Cultural & Historical Programs.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Biographical Dictionary of American ... - Google Book Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Catalog of Frderal Domestic Assitance.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Cemetery Images.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search how to coyright a name.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search how to form a non profit.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search how to start a preservation group.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search proximity cemetery.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search tax exempt status.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search unicorperated partnerships.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Moses Cone The Denim King.url:favicon 3262 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Museum Studies and Historic Preservation, Museum Studies and Historic Preservation, UNCG.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\My Property is Important to America's Heritage What Does That Mean Answers to Questions for Owners of Historic Properties.url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\N.C. Center for Nonprofits  Homepage.url:favicon 3774 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\National Register of Historic Places Bulletins and Brochure Page.url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Obtaining an Application for Tax-Exempt Status.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\proximity cemetery - Google Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Proximity Cemetery freepages.genealogyrootsweb.com.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Proximity Cemetery.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\History & Culture National Park Service Preservation.url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Greensboro's Treasured Places.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.irs.gov-pub-irs-pdf-p4220.pdf.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Live Search cemetery preservation.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Non-profit organization - Wikipedia, the free encyclopedia.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Tax Information for Charitable Organizations.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\UNIFORM UNINCORPORATED NONPROFIT Association act  1996.url:favicon 2550 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Couple hopes to preserve riches of city's textile past  News-Record.com  Greensboro, North Carolina.url:favicon 376 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Cyndi's List - U.S. - North Carolina.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Day of the Dead Mexican holiday honors loved ones  News-Record.com  Greensboro, North Carolina.url:favicon 376 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Death of a cemetery  News-Record.com  Greensboro, North Carolina.url:favicon 376 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Digital Voice Recorder, Portable Audio Video, Apple iPod, MP3 Players items on eBay.com.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.irs.gov-pub-irs-pdf-p557.pdf.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.nps.gov-history-nr-publications-bulletins-nrb41-nrb41_11.htm.url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.nps.gov-history-nr-publications-bulletins-nrb41-nrb41_8.htm.url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.nps.gov-nr-publications-bulletins-nrb16a-.url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.referenceforbusiness.com-history2-39-Cone-Mills-Corporation.html.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\ncsavinggraves  ncsavinggraves.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\News032907.url:favicon 3262 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\red man lodge - Google Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Resurrecting an old cemetery  News-Record.com  Greensboro, North Carolina.url:favicon 376 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\RootsWeb.com Home Page.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Suggested Language for Trusts (per Publication 557).url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Tax Information for Charities & Other Non-Profits.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\The NonProfit Times - The Leading Business Publication For Nonprofit Management.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Guidelines for Evaluating and Registering Cemeteries and Burial Places, National Register of Historic Places Bulletin (Nrb 41).url:favicon 2494 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Guilford County, North Carolina World War II Casualties Army and Air Force.url:favicon 5222 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Home - NCPTT - National Center for Preservation Technology and Training - National Park Service.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Chapter 131F Solicitaion of Contributions.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Chapter 59B Uniform Unincorporated Association Act of North Carolina.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Color Multifunction and All-in-One At a glance - HP Small & Medium Business products.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Complete Fundraiser Program  ICL Strengthening Organizations that Protect Our Earth.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Cone Mills LLC -- Company History.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Cone Mills LLC Definition and Much More from Answers.com.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Linkpendium  Genealogy  USA  North Carolina  Guilford County  Vital Records.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Linkpendium  Genealogy  USA  North Carolina  Guilford County.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Unincorporated associations  Business Link.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\USPS - Post Office™ Box Fees and Sizes.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Yahoo! Groups  Directory  Preservation.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\nonprofit Definition and Much More from Answers.com.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Nonprofits can submit needs for wish list  News-Record.com  Greensboro, North Carolina.url:favicon 376 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\North Carolina Collection-Textile Mills.url:favicon 11134 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\North Carolina Conservation Network.url:favicon 2295 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\North Carolina Miscellany » About the Headers.url:favicon 2238 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\North Carolina Secretary of State.url:favicon 1078 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Download Free Clipart, Graphics and Animations.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Downtown hotel sells for $1.2 million  News-Record.com  Greensboro, North Carolina.url:favicon 376 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Driving Directions from 716 Mobile St, Greensboro, NC to 1859 E Lexington Ave, High Point, NC.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Exemption Requirements.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Find A Grave - Millions of Cemetery Records.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Find A Grave Proximity Cemetery.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\Greensboro Beautiful.url:favicon 2550 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--freepages.genealogy.rootsweb.com-~jentaylor-Watkins.htm.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--srdc.msstate.edu-nonprofit-module15.pdf.url:favicon 3574 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.amazon.com-exec-obidos-ASIN-0761991301-thepoliticalg-20.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\a procimity cemetery\http--www.amazon.com-gp-product-0875461298-ref=cap_pdp_dp_2-105-9060194-1938013.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\Microsoft Excel Computer Course Contents Page.url:favicon 0 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\A farm worth preserving  News-Record.com  Greensboro, North Carolina.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\HUMAN NATURE; A Keeper of Seeds, Exotic and Antique - New York Times.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\Order Upland Cress (Winter Cress), Barbarea verna, Herb Seeds.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\Report of the Commissioner of ... - Google Book Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\State Employees' Credit Union.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\The Original Farmer's Almanac since 1792 - The Old Farmer's Almanac.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\USS Growler SS-215 Patch.url:favicon 2238 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aa neat stuff\USS Submarine Squalus SS-192 Patch.url:favicon 2238 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aaa new\exchange-tomates.net the award for tomato seeds on the internet!.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aaa new\He captured Greensboro in pictures  News-Record.com  Greensboro, North Carolina.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aaa new\My tomato cultivation.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\aaa new\Using Excel - Tomatoville® Gardening Forum Index.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\AltaVista - Babel Fish Translation.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\Authentic Italian Soups Recipes - Authentic Italian Recipes - All Recipes.url:favicon 1078 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\Authentic Recipes, Food, Drinks, and Cooking Techniques.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\Cooks.com - Recipe - Spicy Hot Chili Sauce, Canned.url:favicon 2550 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\Food Network  Cooking, Recipe Collections, Party Ideas, Quick & Easy Recipes, Cooking Videos.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\how to make hot sauce - Yahoo! Search Results.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\How to Make Hot Sauces.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\Lowes Foods #188 in Jamestown.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\Saveur.com - Find Recipes, Drinks, Cooking Techniques.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Food\The Professional Chef Discovery Series Free Online Courses.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\Cornerstone Garlic Farm Homepage.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\herbs List by Common Names.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\Herbs.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\Order Upland Cress (Winter Cress), Barbarea verna, Herb Seeds.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\Richters Herbs - Medicinal, Culinary, Aromatic - Plants & Seeds.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\Spices and Herbs Lore and Cookery - Google Book Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Herbs\Welcome to Hortus Botanicus.url:favicon 6598 bytes

C:\Documents and Settings\HP_Administrator\Favorites\GAME Rooms Dominoes, Backgammon, Gin Rummy, Pool, Cribbage, Canasta, Solitaire, Poker-Rush. Mahjong, Darts, etc..url:favicon 3262 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\North Carolina Department of Agriculture & Consumer Services.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Order Upland Cress (Winter Cress), Barbarea verna, Herb Seeds.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Plant Fact Sheets.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\The Victory Garden  PBS.url:favicon 4710 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\GRIN Plant Collections.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Growing Potatoes in the Home Vegetable Garden.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Harris Seeds - Product Detail.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\He captured Greensboro in pictures  News-Record.com  Greensboro, North Carolina.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Heritage Harvest Festival.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Home Vegetable Gardening.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Horticulture on the Internet.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\rarepalmseeds.com - palm seeds, cycad seeds, banana seeds.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Repository Home Page - National Plant Germplasm System, GRIN.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Request Germplasm - National Plant Germplasm System, GRIN.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Seed Catalogs from Smithsonian Institution Libraries.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Cornerstone Garlic Farm Homepage.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Cosmic Garden.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Daily Agriculture Vegetable News.url:favicon 7406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Fedco - Co-op Seeds, Gardening Supplies, Trees, Potatoes, Bulbs.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Southern Exposure Seed Exchange, organic heirloom seeds, open pollinated, a worker owned cooperative.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Southern Exposure Seed Exchange,.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Southern Exposure Seed Exchange.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Southern Seed Legacy (SSL) Project Official Website.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\T.W. Wood & Sons .url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\Gardening  DIY Network.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\GBIS-I.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Gardening\http--www.dripirrigation.com-.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Glass bottles wholesale bottle warehouse.url:favicon 6598 bytes

C:\Documents and Settings\HP_Administrator\Favorites\GlassBottleSoda.org - Home Page.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\Build a Greenhouse - PVC Greenhouse Plans - Backyard Greenhouse.url:favicon 2358 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\Drip Irrigation System Design Guidelines.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\eBay - Solar Panels, Electrical Solar eBay.com.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\Griffin Greenhouse & Nursery Supplies, Inc. - The Griffin Gazette - Winter 2006.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\http--www.dripirrigation.com-drip_tutorial.phppage_view=layout.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\make your own solar panels - Yahoo! Search Results.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\Orbit Automatic Yard Watering Kit Valve, Model 62035 (usahardware.com).url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\Rain Bird - Drip Irrigation Products Xeri-Bug Emitters.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\The Drip Store PC Drip Emitters, 2 GPH (green), 100 Pack.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Greenhouse Horticulture Equipment\wholesale greenhouse supplies - Google Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\Gallery  Government Peppers.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\AVGRIS.url:favicon 3354 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\Capsicum baccatum.url:favicon 2550 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\ChilePlants.com - Chile Chart.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\ChilePlants.com Search Results.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\cmpman1974-2007 Pepper Pictures - Photobucket - Video and Image Hosting.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\Fatalii's Growing Guide.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\Species detail - Solanaceae Source.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\The Chilewoman.com - Specializing in Organically Grown Chile Plants#search.url:favicon 0 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\The Chilewoman.com - Specializing in Organically Grown Chile Plants.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\Hot Pepper Workshop.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\John Fiedler's Photo Galleries at pbase.com.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\jstor Brittonia Vol. 35, No. 1 (Jan. - Mar., 1983), pp. 55-60.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\nmsu The Chile Pepper Institute.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Peppers\Pepper Varieties & Species - the many different kinds of hot peppers!.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Pop The Soda Shop Index.url:favicon 6598 bytes

C:\Documents and Settings\HP_Administrator\Favorites\music mp3s\how to download mp3 - Google Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\music mp3s\intitleindex.of(mp3) zz top - Google Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\My eBay Buying Items I'm Watching.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Baking\King Arthur Flour  Home Page.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\AlternativePhotography.com  the polaroid emulsion lift process.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Digital cameras, all other cameras and everything photographic from Adorama Camera.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Equipment [Archive] - APUG.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Murphy's Camera - Products  Canon ef 75-300mm .url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Open Directory - Arts Photography Education Workshops and Tours.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\photo.net Forums.url:favicon 1078 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Redimat - Poly bags, mat board, matting supply, custom matting, matting for photography.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Save on Wholesale Picture Frame Supplies.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Schneider Optics - Home.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\GManess - Photobucket - Video and Image Hosting.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\graflex.org Speed Graphics, Large Format Photography, and More.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\KODAK EASYSHARE Z712 IS Zoom Digital Camera.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Mat Board - Crescent - Strathmore - Canson.url:favicon 2238 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\mat board - Yahoo! Search Results.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Mat Cutting Advice by Logan Graphic Products.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Welcome to Polaroid.com - Please select your country.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\WHOIS JOHNDESQ.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Zone System.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Camera Framing Mat Boards\Filters.url:favicon 1078 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Home remodel\Bathroom Design and Remodeling  DoItYourself.com.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Home remodel\Kitchen Cabinets & Equip in Greensboro North Carolina (NC) - Yellow Pages - Switchboard.com.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\http--dealnews.com-.url:favicon 5430 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Computer stuff\10 ways to wireless security - ZDNet UK.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\American Range 60in Heavy Duty 6 Gas Burner Restaurant Range AR6B-24G  ACityDiscount Restaurant Equipment.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\ebay kitchen cabinets (item 160067744420 end time Dec-30-06 173924 PST).url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\Home & Garden Television.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\Kitchen Design  Inspiration and design ideas for a functional and beautiful kitchen.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\new\Live Search hickory king corn.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\Southbend 60in S-s 6 Burners Gas Range w- 24in Griddle 360DD-2GR  ACityDiscount Restaurant Equipment.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Design\True Manufacturing Freezer Refrigerator True S-s 2 Door Reach-in T-49DT  ACityDiscount Restaurant Equipment.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\ECHL - Into the Boards.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Eggplants\Black Eggplant Seeds at GardenWaves.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Eggplants\Eggplant  High Mowing Seeds.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Eggplants\http--www.seeds.ca-hpd-cvlist.phpspecies=Eggplant&limit=500.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Eggplants\Master Gardeners - 2004 McClellan Ranch Eggplant Project - Plant Info.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\175 Deer Island Road, Swansboro, NC - Google Maps.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\eBay - gill net, Maritime, Advertising items on eBay.com.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\Gulp! Saltwater Baits.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\http--www.ncdmf.net-download-NCDMFrulebook2005.pdf.url:favicon 2102 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\http--www.ncfisheries.net-download-RCGL2005.pdf.url:favicon 2102 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\NCDMF - North Carolina Division of Marine Fisheries.url:favicon 2102 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\North Carolina Angler Fishing.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Fishing\North Carolina Waterman.url:favicon 3262 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Flowers\cRaZyDahliaLady.com - Over 500 Varieties of Dahlias.url:favicon 22486 bytes

C:\Documents and Settings\HP_Administrator\Favorites\T.W. Wood & Sons AND   H.G. Hastings\http--docsouth.unc.edu-fpn-macon-macon.xml.url:favicon 11134 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\AVGRIS.url:favicon 3354 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\from greensboro to 7407 Harmony Church Rd, Efland, NC 27243 - Google Maps.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Lycopersicon (Genus).url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\NCSU Tomato Culviars and Breeding Lines.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Opportunities with Tomatoes and Organics 2007 Field Tour at Mountain Research Station.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Pruning and Supporting Tomatoes.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Reinhards tomatoes 900 varieties of tomatoes, tomato photo gallery, tomato-growing tips.url:favicon 2238 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\REINHARDS TOMATOES Photo Gallery.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Results of your search NE9 Lycopersicon esculentum.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\TomatoFest Organic Heirloom Tomato Seeds - Legendary Organic Heirloom Tomatoes.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\TomatoSite - Database Alphabetical_List.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Tomatoville®  Index.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Victory Heirloom Seeds - Heirloom seed, Open-pollinated Seeds, Non-hybrid Seed, No GMOs.url:favicon 10134 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Tomato - Wikipedia, the free encyclopedia.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Tomato List from Seeds of Diversity.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\http--www.seeds.ca-hpd-cvlist.phpspecies=Tomato&limit=500.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\It's time to start the great tomato race.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Tomatoes\Growing Tomatoes for Home Use.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\US stamps - the complete pictorial and price guide - US Stamp Prices.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\USATODAY.com - News & Information Homepage.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\z Birds\Bird Picture display list.url:favicon 6006 bytes

C:\Documents and Settings\HP_Administrator\Favorites\z Birds\DEF image Sizes.url:favicon 25214 bytes

C:\Documents and Settings\HP_Administrator\Favorites\z Birds\http--jjaudubongallery.com-Audubon%20Prints%20Identifying%20Marks.htm.url:favicon 25214 bytes

C:\Documents and Settings\HP_Administrator\Favorites\z Birds\Patuxent-Migratory Bird Research.url:favicon 6006 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\Mpeg Hunter.com - Free Mature porn movie galleries.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\AMATEUR  CUMSHOTS.url:favicon 1718 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\Daily The Best Amateur Moviez.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\http--www.zoig.com-.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\Masterwanker.com - Oh Yes, There Will Be Daily Free Porn....url:favicon 7934 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\MegaPornDump - The dirtiest dump on the net!.url:favicon 2550 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\The Amateur Daily - Free amateur porn every day!.url:favicon 23656 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\Tonys Movies - Thousands of XXX Movie Galleries.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\XXX.Party-Party.nl  Free Sex Movies and Pictures.url:favicon 824 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Links\YourFileHost.com - Free hosting for ALL your files.url:favicon 894 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Linksys Router\Linksys.com - Support-Technical Support-Choose a Product-Routers and Access Points-Wireless Routers-WRT54G-Downloads.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\Linksys Router\Linksys.com - Support-Technical Support-Choose a Product-Routers and Access Points-Wireless Routers-WRT54G.url:favicon 3638 bytes

C:\Documents and Settings\HP_Administrator\Favorites\maness\Linkpendium  Genealogy  USA  North Carolina  Guilford County.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\maness\Live Search North Carolina US Gen Web Archives.url:favicon 1150 bytes

C:\Documents and Settings\HP_Administrator\Favorites\maness\Maness Family Surname Genealogy, Family History, Family Tree, Family Crest.url:favicon 318 bytes

C:\Documents and Settings\HP_Administrator\Favorites\maness\proximity cemetery - Google Search.url:favicon 1406 bytes

C:\Documents and Settings\HP_Administrator\Favorites\maness\RootsWeb.com Home Page.url:favicon 766 bytes

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\Image.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\Video.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\lastwords.zip:SummaryInformation 88 bytes

C:\Documents and Settings\HP_Administrator\My Documents\lastwords.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Music\Funeral for a Friend\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Music\Nickel Creek\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Music\Nonpoint\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Music\Panic! At the Disco\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\100_FUJI\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\12-11-2007\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Peppers\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Picture\ehthumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Picture\New Folder\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Scans\2005-07 (Jul)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Scans\2005-08 (Aug)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Scans\2006-02 (Feb)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\My Videos\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\Winzip_11.1.rar:SummaryInformation 88 bytes

C:\Documents and Settings\HP_Administrator\My Documents\Unzipped\Winzip_11.1.rar:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes

C:\Documents and Settings\HP_Administrator\My Documents\A	Proximity Cemetery\c  Pictures\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 359



< End of report >


#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:52 AM

Posted 23 February 2008 - 07:12 PM

Hi gmaness. Let's get started.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%AllUsersProfile%\Desktop\Trojan Remover.lnk
%AppData%\wklnhst.dat
%ProgramFiles%\UltimateBet\UltimateBet.exe 
%ProgramFiles%\XP Antivirus\xpa.exe
%SystemRoot%\DCEBoot.exe
%SystemRoot%\System32\aexkrrxx.dll
%SystemRoot%\System32\atcnedkb.bmp
%SystemRoot%\System32\bcbeg.ini.vir
%SystemRoot%\System32\bcbeg.ini2.vir
%SystemRoot%\System32\byscybta.dll
%SystemRoot%\System32\byxxwut.dll
%SystemRoot%\System32\compatU.1~
%SystemRoot%\System32\compatU.dll
%SystemRoot%\system32\compatU.dll 
%SystemRoot%\System32\ddcaxxx.dll
%SystemRoot%\System32\dgjet.bmp
%SystemRoot%\system32\dmkjc.exe
%SystemRoot%\system32\drvjan.dll
%SystemRoot%\system32\drvzoc.DLL
%SystemRoot%\System32\epgjqhsn.bmp
%SystemRoot%\System32\epobmhof.bmp
%SystemRoot%\System32\eponmhgrmtsn.bmp
%SystemRoot%\System32\gebcb.dll.vir
%SystemRoot%\System32\gufafcoe.dll
%SystemRoot%\System32\gwefknog.dll
%SystemRoot%\System32\hrimfndw.dll
%SystemRoot%\System32\iifffgd.dll
%SystemRoot%\system32\iifgefe.dll
%SystemRoot%\system32\iifgefe.dll 
%SystemRoot%\System32\iifgefe.dll.vir
%SystemRoot%\System32\ilgjalcnilkb.bmp
%SystemRoot%\System32\jeudbwjr.dll
%SystemRoot%\System32\jrhyikyq.dll
%SystemRoot%\System32\ldupuknk.dll
%SystemRoot%\System32\lhktimtu.dll
%SystemRoot%\System32\lmsblsom.dll
%SystemRoot%\System32\mpgbmd.bmp
%SystemRoot%\system32\msiconf.exe
%SystemRoot%\System32\mwspkdgc.dll
%SystemRoot%\System32\ojidcjihcfql.bmp
%SystemRoot%\System32\pmnnlmn.dll
%SystemRoot%\System32\rbejfemi.dll
%SystemRoot%\System32\sarehjsp.dll
%SystemRoot%\System32\sex1.ico
%SystemRoot%\System32\sex2.ico
%SystemRoot%\System32\snitkfed.bmp
%SystemRoot%\System32\ssqqrop.dll
%SystemRoot%\system32\sysrest32.exe
%SystemRoot%\System32\tgmpxevd.dll
%SystemRoot%\System32\tgnmdcfedonmd.bmp
%SystemRoot%\System32\ujrkerew.dll
%SystemRoot%\System32\vtuuvts.dll
%SystemRoot%\System32\whxfblqv.dll
%SystemRoot%\system32\winzjc32.dll
%SystemRoot%\System32\wvustro.dll
%UserProfile%\Desktop\Uncensored porn.URL
%UserProfile%\Local Settings\Application Data\index.dat
Folders to delete:
%AppData%\Anti-Virus-Pro.com
%AppData%\EasySpywareCleaner.com
%AppData%\InfeStop.com
%AppData%\spy-rid.com

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> AutoTBar -> %ProgramFiles%\HP\Digital Imaging\bin\AUTOTBAR.EXE
NY -> dmkjc.exe -> %SystemRoot%\system32\dmkjc.exe
YY -> MSDisp32 -> %SystemRoot%\system32\drvjan.dll
YY -> MSDrive -> %SystemRoot%\system32\drvzoc.DLL
YN -> regcmdcons -> %SystemDrive%\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
YY -> sysrest32.exe -> %SystemRoot%\system32\sysrest32.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> msiconf.exe -> %SystemRoot%\system32\msiconf.exe
YY -> XP Antivirus -> %ProgramFiles%\XP Antivirus\xpa.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> iifgefe -> %SystemRoot%\system32\iifgefe.dll
YY -> winzjc32 -> %SystemRoot%\system32\winzjc32.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {CE6000C4-B68B-4BA3-AC78-47776B89D683} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\compatU.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YY -> {94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe -> iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe:*:Enabled:AOL Services]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\printer.exe -> C:\Documents and Settings\HP_Administrator\Application Data\printer.exe [C:\Documents and Settings\HP_Administrator\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe -> C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe [C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1150246507\ee\AOLServiceHost.exe:*:Enabled:AOL Services]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win969.exe -> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win969.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\win969.exe:*:Enabled:win969]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1D.exe -> C:\WINDOWS\TEMP\win1D.exe [C:\WINDOWS\TEMP\win1D.exe:*:Enabled:win1D]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\printer.exe -> C:\Documents and Settings\HP_Administrator\Application Data\printer.exe [C:\Documents and Settings\HP_Administrator\Application Data\printer.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\winav.exe -> C:\WINDOWS\system32\winav.exe [%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe -> C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe [C:\Documents and Settings\HP_Administrator\Application Data\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win1F.exe -> C:\WINDOWS\TEMP\win1F.exe [C:\WINDOWS\TEMP\win1F.exe:*:Enabled:win1F]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt17.tmp -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt17.tmp [C:\Documents and Settings\HP_Administrator\Local Settings\Temp\.tt17.tmp:*:Enabled:enable]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win2C.exe -> C:\WINDOWS\TEMP\win2C.exe [C:\WINDOWS\TEMP\win2C.exe:*:Enabled:win2C]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win97.exe -> C:\WINDOWS\TEMP\win97.exe [C:\WINDOWS\TEMP\win97.exe:*:Enabled:win97]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\win8E.exe -> C:\WINDOWS\TEMP\win8E.exe [C:\WINDOWS\TEMP\win8E.exe:*:Enabled:win8E]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sysrest32.exe -> C:\WINDOWS\system32\sysrest32.exe [C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable]
[Files/Folders - Created Within 30 days]
NY -> aexkrrxx.dll -> %SystemRoot%\System32\aexkrrxx.dll
NY -> atcnedkb.bmp -> %SystemRoot%\System32\atcnedkb.bmp
NY -> bcbeg.ini.vir -> %SystemRoot%\System32\bcbeg.ini.vir
NY -> bcbeg.ini2.vir -> %SystemRoot%\System32\bcbeg.ini2.vir
NY -> byscybta.dll -> %SystemRoot%\System32\byscybta.dll
NY -> byxxwut.dll -> %SystemRoot%\System32\byxxwut.dll
NY -> compatU.1~ -> %SystemRoot%\System32\compatU.1~
NY -> compatU.dll -> %SystemRoot%\System32\compatU.dll
NY -> ddcaxxx.dll -> %SystemRoot%\System32\ddcaxxx.dll
NY -> dgjet.bmp -> %SystemRoot%\System32\dgjet.bmp
NY -> drvjan.dll -> %SystemRoot%\System32\drvjan.dll
NY -> epgjqhsn.bmp -> %SystemRoot%\System32\epgjqhsn.bmp
NY -> epobmhof.bmp -> %SystemRoot%\System32\epobmhof.bmp
NY -> eponmhgrmtsn.bmp -> %SystemRoot%\System32\eponmhgrmtsn.bmp
NY -> gebcb.dll.vir -> %SystemRoot%\System32\gebcb.dll.vir
NY -> gufafcoe.dll -> %SystemRoot%\System32\gufafcoe.dll
NY -> gwefknog.dll -> %SystemRoot%\System32\gwefknog.dll
NY -> hrimfndw.dll -> %SystemRoot%\System32\hrimfndw.dll
NY -> iifffgd.dll -> %SystemRoot%\System32\iifffgd.dll
NY -> iifgefe.dll -> %SystemRoot%\System32\iifgefe.dll
NY -> iifgefe.dll.vir -> %SystemRoot%\System32\iifgefe.dll.vir
NY -> ilgjalcnilkb.bmp -> %SystemRoot%\System32\ilgjalcnilkb.bmp
NY -> jeudbwjr.dll -> %SystemRoot%\System32\jeudbwjr.dll
NY -> jrhyikyq.dll -> %SystemRoot%\System32\jrhyikyq.dll
NY -> ldupuknk.dll -> %SystemRoot%\System32\ldupuknk.dll
NY -> lhktimtu.dll -> %SystemRoot%\System32\lhktimtu.dll
NY -> lmsblsom.dll -> %SystemRoot%\System32\lmsblsom.dll
NY -> mpgbmd.bmp -> %SystemRoot%\System32\mpgbmd.bmp
NY -> msiconf.exe -> %SystemRoot%\System32\msiconf.exe
NY -> mwspkdgc.dll -> %SystemRoot%\System32\mwspkdgc.dll
NY -> ojidcjihcfql.bmp -> %SystemRoot%\System32\ojidcjihcfql.bmp
NY -> pmnnlmn.dll -> %SystemRoot%\System32\pmnnlmn.dll
NY -> rbejfemi.dll -> %SystemRoot%\System32\rbejfemi.dll
NY -> sarehjsp.dll -> %SystemRoot%\System32\sarehjsp.dll
NY -> sex1.ico -> %SystemRoot%\System32\sex1.ico
NY -> sex2.ico -> %SystemRoot%\System32\sex2.ico
NY -> snitkfed.bmp -> %SystemRoot%\System32\snitkfed.bmp
NY -> ssqqrop.dll -> %SystemRoot%\System32\ssqqrop.dll
NY -> tgmpxevd.dll -> %SystemRoot%\System32\tgmpxevd.dll
NY -> tgnmdcfedonmd.bmp -> %SystemRoot%\System32\tgnmdcfedonmd.bmp
NY -> ujrkerew.dll -> %SystemRoot%\System32\ujrkerew.dll
NY -> vtuuvts.dll -> %SystemRoot%\System32\vtuuvts.dll
NY -> whxfblqv.dll -> %SystemRoot%\System32\whxfblqv.dll
NY -> winzjc32.dll -> %SystemRoot%\System32\winzjc32.dll
NY -> wvustro.dll -> %SystemRoot%\System32\wvustro.dll
NY -> DCEBoot.exe -> %SystemRoot%\DCEBoot.exe
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> Anti-Virus-Pro.com -> %AppData%\Anti-Virus-Pro.com
NY -> EasySpywareCleaner.com -> %AppData%\EasySpywareCleaner.com
NY -> InfeStop.com -> %AppData%\InfeStop.com
NY -> spy-rid.com -> %AppData%\spy-rid.com
NY -> index.dat -> %UserProfile%\Local Settings\Application Data\index.dat
NY -> Trojan Remover.lnk -> %AllUsersProfile%\Desktop\Trojan Remover.lnk
NY -> Uncensored porn.URL -> %UserProfile%\Desktop\Uncensored porn.URL
[Files/Folders - Modified Within 30 days]
NY -> aexkrrxx.dll -> %SystemRoot%\System32\aexkrrxx.dll
NY -> atcnedkb.bmp -> %SystemRoot%\System32\atcnedkb.bmp
NY -> bcbeg.ini.vir -> %SystemRoot%\System32\bcbeg.ini.vir
NY -> bcbeg.ini2.vir -> %SystemRoot%\System32\bcbeg.ini2.vir
NY -> byscybta.dll -> %SystemRoot%\System32\byscybta.dll
NY -> byxxwut.dll -> %SystemRoot%\System32\byxxwut.dll
NY -> compatU.dll -> %SystemRoot%\System32\compatU.dll
NY -> ddcaxxx.dll -> %SystemRoot%\System32\ddcaxxx.dll
NY -> dgjet.bmp -> %SystemRoot%\System32\dgjet.bmp
NY -> drvjan.dll -> %SystemRoot%\System32\drvjan.dll
NY -> epgjqhsn.bmp -> %SystemRoot%\System32\epgjqhsn.bmp
NY -> epobmhof.bmp -> %SystemRoot%\System32\epobmhof.bmp
NY -> eponmhgrmtsn.bmp -> %SystemRoot%\System32\eponmhgrmtsn.bmp
NY -> gebcb.dll.vir -> %SystemRoot%\System32\gebcb.dll.vir
NY -> gufafcoe.dll -> %SystemRoot%\System32\gufafcoe.dll
NY -> gwefknog.dll -> %SystemRoot%\System32\gwefknog.dll
NY -> hrimfndw.dll -> %SystemRoot%\System32\hrimfndw.dll
NY -> iifffgd.dll -> %SystemRoot%\System32\iifffgd.dll
NY -> iifgefe.dll -> %SystemRoot%\System32\iifgefe.dll
NY -> iifgefe.dll.vir -> %SystemRoot%\System32\iifgefe.dll.vir
NY -> ilgjalcnilkb.bmp -> %SystemRoot%\System32\ilgjalcnilkb.bmp
NY -> jeudbwjr.dll -> %SystemRoot%\System32\jeudbwjr.dll
NY -> jrhyikyq.dll -> %SystemRoot%\System32\jrhyikyq.dll
NY -> ldupuknk.dll -> %SystemRoot%\System32\ldupuknk.dll
NY -> lhktimtu.dll -> %SystemRoot%\System32\lhktimtu.dll
NY -> lmsblsom.dll -> %SystemRoot%\System32\lmsblsom.dll
NY -> mpgbmd.bmp -> %SystemRoot%\System32\mpgbmd.bmp
NY -> msiconf.exe -> %SystemRoot%\System32\msiconf.exe
NY -> mwspkdgc.dll -> %SystemRoot%\System32\mwspkdgc.dll
NY -> ojidcjihcfql.bmp -> %SystemRoot%\System32\ojidcjihcfql.bmp
NY -> pmnnlmn.dll -> %SystemRoot%\System32\pmnnlmn.dll
NY -> rbejfemi.dll -> %SystemRoot%\System32\rbejfemi.dll
NY -> sarehjsp.dll -> %SystemRoot%\System32\sarehjsp.dll
NY -> sex1.ico -> %SystemRoot%\System32\sex1.ico
NY -> sex2.ico -> %SystemRoot%\System32\sex2.ico
NY -> snitkfed.bmp -> %SystemRoot%\System32\snitkfed.bmp
NY -> ssqqrop.dll -> %SystemRoot%\System32\ssqqrop.dll
NY -> tgmpxevd.dll -> %SystemRoot%\System32\tgmpxevd.dll
NY -> tgnmdcfedonmd.bmp -> %SystemRoot%\System32\tgnmdcfedonmd.bmp
NY -> ujrkerew.dll -> %SystemRoot%\System32\ujrkerew.dll
NY -> vtuuvts.dll -> %SystemRoot%\System32\vtuuvts.dll
NY -> whxfblqv.dll -> %SystemRoot%\System32\whxfblqv.dll
NY -> winzjc32.dll -> %SystemRoot%\System32\winzjc32.dll
NY -> wvustro.dll -> %SystemRoot%\System32\wvustro.dll
NY -> DCEBoot.exe -> %SystemRoot%\DCEBoot.exe
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> Anti-Virus-Pro.com -> %AppData%\Anti-Virus-Pro.com
NY -> EasySpywareCleaner.com -> %AppData%\EasySpywareCleaner.com
NY -> InfeStop.com -> %AppData%\InfeStop.com
NY -> spy-rid.com -> %AppData%\spy-rid.com
NY -> wklnhst.dat -> %AppData%\wklnhst.dat
NY -> index.dat -> %UserProfile%\Local Settings\Application Data\index.dat
NY -> Trojan Remover.lnk -> %AllUsersProfile%\Desktop\Trojan Remover.lnk
NY -> Uncensored porn.URL -> %UserProfile%\Desktop\Uncensored porn.URL
[Extra Files]
%ProgramFiles%\InfeStop\
%ProgramFiles%\XP Antivirus\
%ProgramFiles%\UltimateBet\
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • DO NOT CHANGE ANY OTHER SETTINGS.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 gmaness

gmaness
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 February 2008 - 03:19 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dfgreobw

*******************

Script file located at: \??\C:\WINDOWS\ganyrvgj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk deleted successfully.
File C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat deleted successfully.
File C:\Program Files\UltimateBet\UltimateBet.exe deleted successfully.


Could not open file C:\Program Files\XP Antivirus\xpa.exe for deletion
Deletion of file C:\Program Files\XP Antivirus\xpa.exe failed!

Could not process line:
C:\Program Files\XP Antivirus\xpa.exe
Status: 0xc000003a




< End of fix log >
WinPFind35U Version 1.0.0.1 fix logfile created on 02242008_013057




WinPFind35 logfile created on: 2/24/2008 3:06:27 AM
WinPFind35U Version 1.0.0.1	 Folder = C:\Documents and Settings\HP_Administrator\Desktop\WinPFind35u
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.48 Mb Total Physical Memory | 336.16 Mb Available Physical Memory | 37.58% Memory free
2.12 Gb Paging File | 1.71 Gb Available in Paging File | 80.75% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 198.22 Gb Free Space | 88.15% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.39 Gb Free Space | 17.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GARY
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 4:49:06 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 4:49:06 PM | Attr =	]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 12:42:14 PM | Attr =	]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 12:41:24 PM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.27.1 | Size = 53248 bytes | Modified Date = 5/8/2005 10:04:06 PM | Attr =	]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 2:14:36 PM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/17/2005 11:05:00 PM | Attr =	]
lsburnwatcher.exe -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 8:54:32 AM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 5/26/2005 5:27:49 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 1:03:52 PM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr =	]
lxczbmgr.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/13/2006 12:22:50 AM | Attr =	]
hphmon06.exe -> %SystemRoot%\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 6:42:30 AM | Attr =	]
lxczbmon.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 7/13/2006 12:33:14 AM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr =	]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 2:57:48 PM | Attr =	]
desktopweather.exe -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 3/16/2007 6:51:26 AM | Attr =	]
mssysmgr.exe -> %ProgramFiles%\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.5.0.0 | Size = 237568 bytes | Modified Date = 4/20/2006 1:35:00 AM | Attr =	]
easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
updates from hp.exe -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr =	]
kbd.exe -> %SystemDrive%\hp\KBD\KBD.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Modified Date = 2/2/2005 10:44:24 AM | Attr =	]
alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 8:47:52 AM | Attr =	]
wkswp.exe -> %ProgramFiles%\Microsoft Works\WksWP.exe -> Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 114688 bytes | Modified Date = 6/23/2004 12:10:06 PM | Attr =	]
wkdstore.exe -> %ProgramFiles%\Microsoft Works\WkDStore.exe -> Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 90112 bytes | Modified Date = 6/23/2004 12:16:08 PM | Attr =	]
wkgdcach.exe -> %ProgramFiles%\Microsoft Works\wkgdcach.exe -> Microsoft® Corporation [Ver = 8.04.0623.0 | Size = 69632 bytes | Modified Date = 6/23/2004 12:09:14 PM | Attr =	]
agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 6/29/2004 5:06:38 AM | Attr =	]
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 5/7/1998 4:04:38 AM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 352256 bytes | Modified Date = 3/14/2005 4:49:06 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr =	]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 2:45:06 PM | Attr =	]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 12:42:14 PM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.27.1 | Size = 53248 bytes | Modified Date = 5/8/2005 10:04:06 PM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 2:14:36 PM | Attr =	]
(SfCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 693512 bytes | Modified Date = 1/21/2008 12:16:34 PM | Attr =	]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
(TMBMServer) Trend Micro Unauthorized Change Prevention Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr =	]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.1.0.1004 | Size = 480520 bytes | Modified Date = 12/16/2007 6:26:38 PM | Attr =	]
(tmproxy) Trend Micro Proxy Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.0.0.1138 | Size = 648456 bytes | Modified Date = 9/18/2007 12:30:00 AM | Attr =	]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:07:15 | Size = 1268204 bytes | Modified Date = 6/29/2004 5:07:18 AM | Attr =	]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5730 built by: WinDDK | Size = 2279424 bytes | Modified Date = 10/1/2004 5:24:02 AM | Attr =	]
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 9:53:00 AM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6525 | Size = 1032192 bytes | Modified Date = 3/14/2005 4:54:04 PM | Attr =	]
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(fasttx2k) fasttx2k [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Fasttx2k.sys -> Promise Technology, Inc. [Ver =  1.00.0030.11 | Size = 142336 bytes | Modified Date = 12/2/2003 1:23:20 PM | Attr =	]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.4.3 | Size = 14408 bytes | Modified Date = 2/2/2005 12:21:04 AM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 12/14/2004 11:07:44 AM | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 12/14/2004 11:07:44 AM | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 12/14/2004 11:07:44 AM | Attr = R  ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(intelppm) Intel Processor Driver [Kernel | System | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.05 | Size = 8224 bytes | Modified Date = 6/21/2002 5:42:50 PM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(ntload) ntload v0.1 [Kernel | On_Demand | Stopped] ->  -> File not found
(PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PcdrNdisuio.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 12416 bytes | Modified Date = 1/19/2005 12:21:56 PM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 14112 bytes | Modified Date = 6/4/2001 1:00:00 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/29/2007 2:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.618.1015.2004 built by: WinDDK | Size = 71168 bytes | Modified Date = 10/15/2004 9:52:48 AM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 4:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(sysrest.sys) sysrest.sys [Kernel | On_Demand | Stopped] ->  -> File not found
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]
(tmactmon) tmactmon [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 5.0.0.1131 | Size = 333328 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]
(tmevtmgr) tmevtmgr [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]
(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 36112 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> trend_company_name [Ver = trend_file_version built by: WinDDK | Size = 65936 bytes | Modified Date = 9/18/2007 12:29:54 AM | Attr =	]
(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.500.0.1002 | Size = 203024 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1126328 bytes | Modified Date = 9/18/2007 12:29:52 AM | Attr =	]
(vsdatant) vsdatant [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]
(wg4n) SyGate for NT, wg4n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]
(wg5n) SyGate for NT, wg5n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]
(wg6n) SyGate for NT, wg6n [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5145 | Size = 339968 bytes | Modified Date = 3/17/2005 11:05:00 PM | Attr =	]
AutoTBar -> %ProgramFiles%\HP\Digital Imaging\bin\AUTOTBAR.EXE -> File not found
dmkjc.exe -> %SystemRoot%\system32\dmkjc.exe -> File not found
HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe -> Hewlett-Packard Company [Ver = 2, 0, 5, 0 | Size = 245760 bytes | Modified Date = 2/25/2005 5:34:02 PM | Attr =	]
HPHmon06 -> %SystemRoot%\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Modified Date = 6/7/2004 6:42:30 AM | Attr =	]
InfeStop -> %ProgramFiles%\InfeStop\InfeStopRemover.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 2:45:20 PM | Attr =	]
KernelFaultCheck ->  -> File not found
Lexmark 1200 Series -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/13/2006 12:22:50 AM | Attr =	]
LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 10/14/2004 8:54:32 AM | Attr =	]
MSDisp32 -> %SystemRoot%\system32\drvjan.DLL -> File not found
MSDrive -> %SystemRoot%\system32\drvzoc.DLL -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 2:57:48 PM | Attr =	]
regcmdcons -> %SystemDrive%\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd -> File not found
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 10/15/2004 7:40:56 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 11/10/2005 1:03:52 PM | Attr =	]
sysrest32.exe -> %SystemRoot%\system32\sysrest32.exe -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 5/26/2005 5:27:49 AM | Attr =	]
TrojanScanner -> %ProgramFiles%\Trojan Remover\Trjscan.exe -> Simply Super Software [Ver = 6.6.5.1245 | Size = 744528 bytes | Modified Date = 2/9/2008 2:05:00 PM | Attr =	]
UfSeAgnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe -> Trend Micro Inc. [Ver = 16.05.0.1022 | Size = 1393928 bytes | Modified Date = 1/21/2008 12:16:36 PM | Attr =	]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DW4 -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 3/16/2007 6:51:26 AM | Attr =	]
msiconf.exe -> msiconf.exe -> File not found
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R  ]
Walgreens PhotoShow Media Manager -> %ProgramFiles%\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 4.5.0.0 | Size = 237568 bytes | Modified Date = 4/20/2006 1:35:00 AM | Attr =	]
XP Antivirus -> %ProgramFiles%\XP Antivirus\xpa.exe -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 3:33:46 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Updates from HP.lnk -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4114 | Size = 61440 bytes | Modified Date = 3/14/2005 4:49:58 PM | Attr =	]
iifgefe -> iifgefe.dll -> File not found
winzjc32 -> winzjc32.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> 
< HOSTS File > (3695 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.news-record.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr =	]
{182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]
{CE6000C4-B68B-4BA3-AC78-47776B89D683} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\compatU.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 7, 14, 1 | Size = 342600 bytes | Modified Date = 7/19/2005 12:49:10 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 7, 14, 1 | Size = 342600 bytes | Modified Date = 7/19/2005 12:49:10 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
{94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> File not found
{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr =	]
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ButtonText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\CLSID [HKEY_LOCAL_MACHINE] ->  [{0000031A-0000-0000-C000-000000000046}] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Default Visible [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\HotIcon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Icon [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\MenuText [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\Script [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
{E2D4D26B-0180-43a4-B05F-462D6D54C789}\\ToolTip [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr =	]
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] ->  [Connection Help] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 9:07:16 AM | Attr =	]
Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 5, 1, 106 | Size = 262144 bytes | Modified Date = 10/31/2006 9:07:16 AM | Attr =	]
Lookup on Merriam Webster ->  -> File not found
Lookup on Wikipedia ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9843D587-937D-4BA2-BBAC-F07AAE01CD7C} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{9A897C07-266F-42A9-AF07-6D21C176E893} ->	(1394 Net Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://active.macromedia.com/director/cabs/sw.cab[Shockwave ActiveX Control] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A}[HKEY_LOCAL_MACHINE] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab[Trend Micro ActiveX Scan Agent 6.6] -> 
{6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{A6A216EB-4F7C-11D5-8438-0000B456BA3D}[HKEY_LOCAL_MACHINE] -> http://www.co.rockingham.nc.us/mochahtml/matn5250.cab[Matn5250 Control] -> 
{B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX Control] -> 
{BCBC9371-595D-11D4-A96D-00105A1CEF6C}[HKEY_LOCAL_MACHINE] -> http://onlinedesigner.hgtv.com/images/app/view22rte.cab[View22RTE Class] -> 
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> 
{CB50428B-657F-47DF-9B32-671F82AA73F7}[HKEY_LOCAL_MACHINE] -> http://www.photodex.com/pxplay.cab[Photodex Presenter AX control] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5231/mcfscan.cab[McFreeScan Class] -> 



[Files/Folders - Created Within 30 days]
AuResult.ini -> %SystemDrive%\AuResult.ini ->  [Ver =  | Size = 11 bytes | Modified Date = 2/15/2008 8:35:36 PM | Attr =	]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 2/24/2008 1:27:46 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 2/24/2008 1:26:13 AM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 2/19/2008 9:38:38 AM | Attr =	]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
prc.nls -> %SystemRoot%\System32\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
Teefer.sys -> %SystemRoot%\System32\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Modified Date = 10/15/2004 6:17:02 PM | Attr =	]
tmactmon.sys -> %SystemRoot%\System32\drivers\tmactmon.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52496 bytes | Modified Date = 12/24/2007 5:37:20 PM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 138384 bytes | Modified Date = 12/24/2007 5:37:00 PM | Attr =	]
tmevtmgr.sys -> %SystemRoot%\System32\drivers\tmevtmgr.sys -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 52240 bytes | Modified Date = 12/24/2007 5:37:12 PM | Attr =	]
wg3n.sys -> %SystemRoot%\System32\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:38 PM | Attr =	]
wg4n.sys -> %SystemRoot%\System32\drivers\wg4n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:40 PM | Attr =	]
wg5n.sys -> %SystemRoot%\System32\drivers\wg5n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:42 PM | Attr =	]
wg6n.sys -> %SystemRoot%\System32\drivers\wg6n.sys -> Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Modified Date = 10/15/2004 6:32:44 PM | Attr =	]
wpsdrvnt.sys -> %SystemRoot%\System32\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Modified Date = 10/15/2004 6:18:46 PM | Attr =	]
a15.tbl -> %SystemRoot%\System32\a15.tbl ->  [Ver =  | Size = 1460 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
a234.tbl -> %SystemRoot%\System32\a234.tbl ->  [Ver =  | Size = 44370 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
acode.tbl -> %SystemRoot%\System32\acode.tbl ->  [Ver =  | Size = 44370 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
arphr.tbl -> %SystemRoot%\System32\arphr.tbl ->  [Ver =  | Size = 110566 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
arptr.tbl -> %SystemRoot%\System32\arptr.tbl ->  [Ver =  | Size = 16312 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
array30.tab -> %SystemRoot%\System32\array30.tab ->  [Ver =  | Size = 146126 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
arrayhw.tab -> %SystemRoot%\System32\arrayhw.tab ->  [Ver =  | Size = 18600 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
big5.nls -> %SystemRoot%\System32\big5.nls ->  [Ver =  | Size = 66728 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
bopomofo.nls -> %SystemRoot%\System32\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10001.nls -> %SystemRoot%\System32\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10002.nls -> %SystemRoot%\System32\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10003.nls -> %SystemRoot%\System32\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_10008.nls -> %SystemRoot%\System32\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_1361.nls -> %SystemRoot%\System32\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20000.nls -> %SystemRoot%\System32\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20290.nls -> %SystemRoot%\System32\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20932.nls -> %SystemRoot%\System32\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20936.nls -> %SystemRoot%\System32\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_20949.nls -> %SystemRoot%\System32\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
c_21027.nls -> %SystemRoot%\System32\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
dayiphr.tbl -> %SystemRoot%\System32\dayiphr.tbl ->  [Ver =  | Size = 520 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
dayiptr.tbl -> %SystemRoot%\System32\dayiptr.tbl ->  [Ver =  | Size = 700 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
korwbrkr.lex -> %SystemRoot%\System32\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
ksc.nls -> %SystemRoot%\System32\ksc.nls ->  [Ver =  | Size = 47066 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
lcphrase.tbl -> %SystemRoot%\System32\lcphrase.tbl ->  [Ver =  | Size = 211938 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
lcptr.tbl -> %SystemRoot%\System32\lcptr.tbl ->  [Ver =  | Size = 24114 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
msdayi.tbl -> %SystemRoot%\System32\msdayi.tbl ->  [Ver =  | Size = 116285 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
noise.jpn -> %SystemRoot%\System32\noise.jpn ->  [Ver =  | Size = 2060 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
noise.kor -> %SystemRoot%\System32\noise.kor ->  [Ver =  | Size = 1486 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
phon.tbl -> %SystemRoot%\System32\phon.tbl ->  [Ver =  | Size = 4071 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
phoncode.tbl -> %SystemRoot%\System32\phoncode.tbl ->  [Ver =  | Size = 43242 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
phonptr.tbl -> %SystemRoot%\System32\phonptr.tbl ->  [Ver =  | Size = 2714 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
PINTLPAD.HLP -> %SystemRoot%\System32\PINTLPAD.HLP ->  [Ver =  | Size = 14821 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
PINTLPAE.HLP -> %SystemRoot%\System32\PINTLPAE.HLP ->  [Ver =  | Size = 16254 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
prc.nls -> %SystemRoot%\System32\prc.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
prcp.nls -> %SystemRoot%\System32\prcp.nls ->  [Ver =  | Size = 83748 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
SSSensor.dll -> %SystemRoot%\System32\SSSensor.dll -> Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Modified Date = 10/15/2004 6:32:10 PM | Attr =	]
unacev2.dll -> %SystemRoot%\System32\unacev2.dll ->  [Ver =  | Size = 75264 bytes | Modified Date = 3/6/2002 | Attr =	]
UNRAR3.dll -> %SystemRoot%\System32\UNRAR3.dll ->  [Ver =  | Size = 153088 bytes | Modified Date = 2/2/2003 7:06:02 PM | Attr =	]
WINPY.MB -> %SystemRoot%\System32\WINPY.MB ->  [Ver =  | Size = 1783864 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
WINSP.MB -> %SystemRoot%\System32\WINSP.MB ->  [Ver =  | Size = 1564868 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
WINZM.MB -> %SystemRoot%\System32\WINZM.MB ->  [Ver =  | Size = 1223500 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
xjis.nls -> %SystemRoot%\System32\xjis.nls ->  [Ver =  | Size = 28288 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr =	]
ztvunace26.dll -> %SystemRoot%\System32\ztvunace26.dll ->  [Ver =  | Size = 77312 bytes | Modified Date = 8/26/2005 12:50:00 AM | Attr =	]
ztvunrar36.dll -> %SystemRoot%\System32\ztvunrar36.dll ->  [Ver =  | Size = 162304 bytes | Modified Date = 5/25/2006 2:52:46 PM | Attr =	]
McAfee.com -> %SystemRoot%\McAfee.com ->  [Folder | Created Date = 2/15/2008 6:29:09 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2/16/2008 1:36:04 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Created Date = 2/15/2008 8:22:09 PM | Attr =  H ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 529 bytes | Modified Date = 2/16/2008 7:26:01 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/16/2008 10:01:19 AM | Attr =	]
Simply Super Software -> %AllUsersProfile%\Application Data\Simply Super Software ->  [Folder | Created Date = 2/16/2008 8:06:46 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/16/2008 4:27:34 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2/16/2008 8:07:34 AM | Attr =	]
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Created Date = 2/15/2008 9:03:45 PM | Attr =	]
Simply Super Software -> %AppData%\Simply Super Software ->  [Folder | Created Date = 2/16/2008 8:06:46 AM | Attr =	]
WinRAR -> %AppData%\WinRAR ->  [Folder | Created Date = 2/15/2008 8:19:20 AM | Attr =	]
wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 328 bytes | Modified Date = 2/24/2008 1:49:54 AM | Attr =	]
2008 Grow Out List.wps -> %UserProfile%\My Documents\2008 Grow Out List.wps ->  [Ver =  | Size = 25088 bytes | Modified Date = 2/22/2008 3:17:39 PM | Attr =	]
aaw2007.exe -> %UserProfile%\My Documents\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/16/2008 9:59:28 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\aaw2007.exe:Zone.Identifier
CGN Tomato Passport.xls -> %UserProfile%\My Documents\CGN Tomato Passport.xls ->  [Ver =  | Size = 542208 bytes | Modified Date = 2/7/2008 12:55:20 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CGN Tomato Passport.xls:Zone.Identifier
chris's seeds 2-15-0-08.wps -> %UserProfile%\My Documents\chris's seeds 2-15-0-08.wps ->  [Ver =  | Size = 9728 bytes | Modified Date = 2/15/2008 10:41:23 AM | Attr =	]
Cnr37Passport.zip -> %UserProfile%\My Documents\Cnr37Passport.zip ->  [Ver =  | Size = 140332 bytes | Modified Date = 2/21/2008 10:16:23 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Cnr37Passport.zip:Zone.Identifier
Eggplant Collection List.xlsx -> %UserProfile%\My Documents\Eggplant Collection List.xlsx ->  [Ver =  | Size = 13144 bytes | Modified Date = 2/13/2008 7:33:14 PM | Attr =	]
Evelope BIG Labels.wps -> %UserProfile%\My Documents\Evelope BIG Labels.wps ->  [Ver =  | Size = 8704 bytes | Modified Date = 2/15/2008 6:07:03 AM | Attr =	]
HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/16/2008 8:21:40 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HJTInstall.exe:Zone.Identifier
Pepper Collection List.xlsx -> %UserProfile%\My Documents\Pepper Collection List.xlsx ->  [Ver =  | Size = 19370 bytes | Modified Date = 2/23/2008 7:40:23 PM | Attr =	]
Peppers @ CGN Cnr38Passport.zip -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip ->  [Ver =  | Size = 115650 bytes | Modified Date = 1/26/2008 2:55:51 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip:Zone.Identifier
Peppers from Chris.wps -> %UserProfile%\My Documents\Peppers from Chris.wps ->  [Ver =  | Size = 39936 bytes | Modified Date = 1/26/2008 7:57:03 AM | Attr =	]
Rob's order.wps -> %UserProfile%\My Documents\Rob's order.wps ->  [Ver =  | Size = 10240 bytes | Modified Date = 2/21/2008 7:39:48 PM | Attr =	]
Simply Super Software -> %UserProfile%\My Documents\Simply Super Software ->  [Folder | Created Date = 2/16/2008 8:06:46 AM | Attr =	]
SMTA.pdf -> %UserProfile%\My Documents\SMTA.pdf ->  [Ver =  | Size = 633905 bytes | Modified Date = 1/28/2008 12:56:31 AM | Attr =	]
spf.msi -> %UserProfile%\My Documents\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 2/17/2008 8:04:28 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spf.msi:Zone.Identifier
spybotsd152.exe -> %UserProfile%\My Documents\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/16/2008 4:25:35 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spybotsd152.exe:Zone.Identifier
stinger.exe -> %UserProfile%\My Documents\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 2:29:00 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\stinger.exe:Zone.Identifier
stinger.opt -> %UserProfile%\My Documents\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 7:46:18 AM | Attr =	]
T.W. Wood and Sons 1911 1912 Corn Varieties.wps -> %UserProfile%\My Documents\T.W. Wood and Sons 1911 1912 Corn Varieties.wps ->  [Ver =  | Size = 15360 bytes | Modified Date = 2/11/2008 1:54:11 PM | Attr =	]
tatiana's seeds.doc -> %UserProfile%\My Documents\tatiana's seeds.doc ->  [Ver =  | Size = 304128 bytes | Modified Date = 1/28/2008 12:55:42 AM | Attr =	]
Tomatoes to add to collection list.wps -> %UserProfile%\My Documents\Tomatoes to add to collection list.wps ->  [Ver =  | Size = 9216 bytes | Modified Date = 2/23/2008 4:21:38 AM | Attr =	]
VundoFix.exe -> %UserProfile%\My Documents\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/19/2008 9:38:33 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\VundoFix.exe:Zone.Identifier
www.seeds-by-size.co.uk -> %UserProfile%\My Documents\www.seeds-by-size.co.uk ->  [Folder | Created Date = 2/11/2008 3:14:21 AM | Attr =	]
xx Liste de variétés.wps -> %UserProfile%\My Documents\xx Liste de variétés.wps ->  [Ver =  | Size = 78848 bytes | Modified Date = 1/25/2008 4:48:10 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]
Trend Micro Internet Security.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security.lnk ->  [Ver =  | Size = 810 bytes | Modified Date = 2/15/2008 9:04:26 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/23/2008 8:06:10 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
BDSM galleries.URL -> %UserProfile%\Desktop\BDSM galleries.URL ->  [Ver =  | Size = 111 bytes | Modified Date = 2/16/2008 3:28:25 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 2/16/2008 8:21:45 AM | Attr =	]
Spybot - Search & Destroy (for blind users).lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy (for blind users).lnk ->  [Ver =  | Size = 966 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 944 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 2/23/2008 5:12:32 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/23/2008 5:12:16 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
xxxx.wps -> %UserProfile%\Desktop\xxxx.wps ->  [Ver =  | Size = 57344 bytes | Modified Date = 2/24/2008 1:24:27 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/16/2008 9:59:34 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
AuResult.ini -> %SystemDrive%\AuResult.ini ->  [Ver =  | Size = 11 bytes | Modified Date = 2/15/2008 8:35:36 PM | Attr =	]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 2/24/2008 1:27:46 AM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2/17/2008 8:05:31 AM | Attr =  H ]
Downloads -> %SystemDrive%\Downloads ->  [Folder | Modified Date = 2/16/2008 12:00:51 AM | Attr =	]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 938004480 bytes | Modified Date = 2/24/2008 1:26:13 AM | Attr =  HS]
logfile -> %SystemDrive%\logfile ->  [Ver =  | Size = 257532 bytes | Modified Date = 2/24/2008 1:28:18 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2/24/2008 2:59:37 AM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2/19/2008 10:55:28 AM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 2/19/2008 10:04:14 AM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/24/2008 1:26:53 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/19/2008 12:02:02 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 3695 bytes | Modified Date = 2/16/2008 10:47:10 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/16/2008 4:18:14 PM | Attr =	]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2/24/2008 1:27:54 AM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 2/19/2008 12:38:22 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/17/2008 2:11:32 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/24/2008 1:27:51 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 316360 bytes | Modified Date = 2/16/2008 1:35:57 PM | Attr =	]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 2/24/2008 1:28:56 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/19/2008 12:25:06 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/19/2008 12:38:01 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 2/24/2008 1:26:56 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/16/2008 4:16:18 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2/24/2008 1:26:16 AM | Attr =   S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini ->  [Ver =  | Size = 2837 bytes | Modified Date = 1/25/2008 7:04:26 PM | Attr =	]
dellstat.ini -> %SystemRoot%\dellstat.ini ->  [Ver =  | Size = 100 bytes | Modified Date = 1/25/2008 8:17:14 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/24/2008 1:37:21 AM | Attr =   S]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2/16/2008 1:23:15 PM | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/16/2008 1:23:26 PM | Attr =	]
I386 -> %SystemRoot%\I386 ->  [Folder | Modified Date = 2/15/2008 1:56:37 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/14/2008 3:01:19 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/19/2008 10:42:40 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/19/2008 12:34:55 PM | Attr =  HS]
lexstat.ini -> %SystemRoot%\lexstat.ini ->  [Ver =  | Size = 465 bytes | Modified Date = 2/22/2008 3:13:57 PM | Attr =	]
McAfee.com -> %SystemRoot%\McAfee.com ->  [Folder | Modified Date = 2/15/2008 6:29:09 PM | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2/16/2008 1:36:04 PM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 2/19/2008 12:19:14 PM | Attr =	]
PIF -> %SystemRoot%\PIF ->  [Folder | Modified Date = 2/15/2008 8:22:09 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/24/2008 1:49:35 AM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2/14/2008 9:29:30 AM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/24/2008 1:26:38 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 439 bytes | Modified Date = 2/24/2008 1:18:36 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2/24/2008 1:25:56 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/15/2008 7:51:28 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2/24/2008 1:26:50 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 638 bytes | Modified Date = 2/19/2008 10:42:07 AM | Attr =	]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 529 bytes | Modified Date = 2/16/2008 7:26:01 PM | Attr =	]
EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job ->  [Ver =  | Size = 458 bytes | Modified Date = 2/23/2008 4:54:01 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2/24/2008 1:26:23 AM | Attr =  H ]
eHomeLog-0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 1:04:04 PM | Attr =  H ]
eHomeLog-1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 1:11:58 PM | Attr =  H ]
eHomeLog-10.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/22/2008 2:21:36 AM | Attr =  H ]
eHomeLog-11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/22/2008 6:24:52 AM | Attr =  H ]
eHomeLog-12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/22/2008 12:48:56 PM | Attr =  H ]
eHomeLog-13.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/23/2008 7:42:55 PM | Attr =  H ]
eHomeLog-14.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/23/2008 7:43:22 PM | Attr =  H ]
eHomeLog-15.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/24/2008 1:26:50 AM | Attr =  H ]
eHomeLog-16.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/24/2008 1:27:10 AM | Attr =  H ]
eHomeLog-17.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 1:44:46 PM | Attr =  H ]
eHomeLog-18.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 7:57:26 PM | Attr =  H ]
eHomeLog-19.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/17/2008 7:58:11 PM | Attr =  H ]
eHomeLog-2.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 1:10:25 AM | Attr =  H ]
eHomeLog-20.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 4:42:20 AM | Attr =  H ]
eHomeLog-21.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 6:03:03 AM | Attr =  H ]
eHomeLog-22.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 6:03:51 AM | Attr =  H ]
eHomeLog-23.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 11:43:39 AM | Attr =  H ]
eHomeLog-24.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:02:35 PM | Attr =  H ]
eHomeLog-25.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:03:27 PM | Attr =  H ]
eHomeLog-26.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:40:58 PM | Attr =  H ]
eHomeLog-27.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:41:59 PM | Attr =  H ]
eHomeLog-28.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:51:47 PM | Attr =  H ]
eHomeLog-29.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/18/2008 12:52:32 PM | Attr =  H ]
eHomeLog-3.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 5:31:49 AM | Attr =  H ]
eHomeLog-30.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:11:00 AM | Attr =  H ]
eHomeLog-31.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 8:55:40 AM | Attr =  H ]
eHomeLog-32.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 9:04:43 AM | Attr =  H ]
eHomeLog-33.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 9:05:35 AM | Attr =  H ]
eHomeLog-34.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:14:15 AM | Attr =  H ]
eHomeLog-35.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:15:02 AM | Attr =  H ]
eHomeLog-36.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:23:11 AM | Attr =  H ]
eHomeLog-37.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 10:23:59 AM | Attr =  H ]
eHomeLog-38.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 11:07:16 AM | Attr =  H ]
eHomeLog-39.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 11:10:05 AM | Attr =  H ]
eHomeLog-4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 3:38:24 PM | Attr =  H ]
eHomeLog-40.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 11:24:00 AM | Attr =  H ]
eHomeLog-41.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:27:25 PM | Attr =  H ]
eHomeLog-42.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:30:24 PM | Attr =  H ]
eHomeLog-43.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:33:28 PM | Attr =  H ]
eHomeLog-44.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:36:28 PM | Attr =  H ]
eHomeLog-45.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:40:10 PM | Attr =  H ]
eHomeLog-46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:41:21 PM | Attr =  H ]
eHomeLog-47.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/19/2008 12:50:25 PM | Attr =  H ]
eHomeLog-5.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/20/2008 8:03:04 PM | Attr =  H ]
eHomeLog-6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 7:53:54 AM | Attr =  H ]
eHomeLog-7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 2:39:17 PM | Attr =  H ]
eHomeLog-8.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 6:16:00 PM | Attr =  H ]
eHomeLog-9.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat ->  [Ver =  | Size = 268 bytes | Modified Date = 2/21/2008 8:26:36 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 2/17/2008 8:23:52 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/17/2008 8:23:52 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11160 bytes | Modified Date = 1/23/2008 5:15:17 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/24/2008 9:33:59 AM | Attr =	]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 5/24/2007 2:15:35 PM | Attr =	]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/14/2005 8:41:24 AM | Attr =	]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 11/14/2005 10:54:29 AM | Attr =	]
red[1].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,5,6,0,20766,20469,14658,15336,518&iid=142083&bid=292214&dat=;ord=24399130 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CP6F416F\red[1].com ->  [Ver =  | Size = 648 bytes | Modified Date = 8/1/2006 8:00:10 PM | Attr =	]
red[1].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,5,6,0,20766,20469,14658,15336,518&iid=139164&bid=299451&dat=;ord=98557368 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\URA7M16V\red[1].com ->  [Ver =  | Size = 5068 bytes | Modified Date = 8/1/2006 8:04:47 PM | Attr =	]
red[1].com&scx=1024&scy=768&scc=32&sta=,,,1,,,,,,,0,0,0,0,0,0,0,0&iid=155505&bid=325806&dat=;ord=73274562 -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5WDYRWD\red[1].com ->  [Ver =  | Size = 4684 bytes | Modified Date = 10/31/2006 11:11:16 AM | Attr =	]
ose00000.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 1/21/2008 11:29:28 AM | Attr = R  ]
rtdrvmon.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/24/2008 2:03:53 AM | Attr =	]
The_Weather_Channel_Application.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\The_Weather_Channel_Application.exe ->  [Ver =  | Size = 234278 bytes | Modified Date = 4/19/2007 4:36:42 PM | Attr =	]
109 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
fsgk32.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 368640 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
fssm32.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 446464 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
Walgreens PhotoShow Express CD.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Walgreens PhotoShow Express CD.exe -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 79076 bytes | Modified Date = 5/12/2006 5:57:51 PM | Attr =	]
basic_clipart.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\basic_clipart.exe -> Igor Pavlov [Ver = 4, 23, 0, 0 | Size = 907815 bytes | Modified Date = 12/11/2007 6:05:49 PM | Attr =	]
photoshow_express_setup.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\photoshow_express_setup.exe -> Simple Star, Inc. [Ver = 4.5.1.55 | Size = 4308236 bytes | Modified Date = 7/24/2006 1:12:47 PM | Attr =	]
wpsd4-5_0055_LANG_ENGLISH.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\wpsd4-5_0055_LANG_ENGLISH.exe -> Igor Pavlov [Ver = 4, 23, 0, 0 | Size = 3785024 bytes | Modified Date = 12/11/2007 6:05:49 PM | Attr =	]
wpse4-5_intl_0055.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\app\shared\data\wpse4-5_intl_0055.exe -> Igor Pavlov [Ver = 4, 23, 0, 0 | Size = 21572731 bytes | Modified Date = 12/11/2007 6:05:49 PM | Attr =	]
Walgreens PhotoShow Express CD.exe -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\boot_strap\Walgreens PhotoShow Express CD.exe -> Simple Star, Inc. [Ver = 4.0.0.88 | Size = 139264 bytes | Modified Date = 10/11/2006 2:08:18 PM | Attr =	]
IadHide5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll -> BackWeb [Ver = Version 6.3.2 (Build 62R) | Size = 24613 bytes | Modified Date = 5/26/2005 5:40:25 AM | Attr =	]
TmDbg32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TmDbg32.dll -> Trend Micro Inc. [Ver = 16.0.0.1412 | Size = 124168 bytes | Modified Date = 9/18/2007 12:29:54 AM | Attr =	]
unicows.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 8/2/2005 2:33:04 PM | Attr =	]
Xprt3.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Xprt3.dll -> America Online, Inc. [Ver = 3.7.2.2600 | Size = 172032 bytes | Modified Date = 8/2/2005 2:34:00 PM | Attr =	]
xprt4.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\xprt4.dll -> America Online, Inc. [Ver = 4.3.3.4334 | Size = 81920 bytes | Modified Date = 8/2/2005 2:34:17 PM | Attr =	]
xprt5.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\xprt5.dll -> America Online, Inc. [Ver = 5.0.0.4426 | Size = 217088 bytes | Modified Date = 8/2/2005 2:33:04 PM | Attr =	]
109 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
4fac762.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\4fac762.DLL -> InstallShield Software Corporation [Ver = 5, 50, 131, 0 | Size = 129536 bytes | Modified Date = 9/22/1998 7:05:48 PM | Attr =	]
4fac771.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\4fac771.DLL ->  [Ver =  | Size = 16896 bytes | Modified Date = 3/30/1998 9:23:54 AM | Attr =	]
lsse.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Spyware\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
daas_s.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.12471 | Size = 500120 bytes | Modified Date = 5/7/2007 4:38:46 PM | Attr =	]
DFFPI.DLL -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\DFFPI.DLL -> F-Secure Corporation [Ver = 1.02.37 | Size = 151552 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
fm4av.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 486912 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
fpinor.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13100 | Size = 113664 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
fsbl.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
fsbld.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2/24/2008 1:37:20 AM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.50.13330.18100 | Size = 68096 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
FSHKE.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FSHKE.dll -> F-Secure Corporation [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
FSLFPI.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FSLFPI.dll -> F-Secure Corporation [Ver = 2.04.02 | Size = 237664 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
lsse.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 2/24/2008 1:36:52 AM | Attr =	]
simple_jpeg.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\boot_strap\simple_jpeg.dll ->  [Ver =  | Size = 126976 bytes | Modified Date = 5/12/2006 6:45:11 PM | Attr =	]
Dirapi.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Xtras\Dirapi.dll -> Macromedia, Inc. [Ver = 8.5.1r104 | Size = 1097728 bytes | Modified Date = 7/18/2006 2:10:51 PM | Attr =	]
Iml32.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Xtras\Iml32.dll -> Macromedia, Inc. [Ver = 8.5.1r104 | Size = 561152 bytes | Modified Date = 7/18/2006 2:10:51 PM | Attr =	]
Proj.dll -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Walgreens PhotoShow Express CD 4_0_0 0088\Xtras\Proj.dll -> Macromedia, Inc. [Ver = 9.0r371 | Size = 159744 bytes | Modified Date = 7/18/2006 2:10:51 PM | Attr =	]
segrules.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\segrules.dat ->  [Ver =  | Size = 707 bytes | Modified Date = 2/24/2008 1:34:36 AM | Attr =	]
ext.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 2/24/2008 1:37:12 AM | Attr =	]
fshke.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\fshke.dat ->  [Ver =  | Size = 84 bytes | Modified Date = 2/24/2008 1:37:18 AM | Attr =	]
orion.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\orion.dat ->  [Ver =  | Size = 748857 bytes | Modified Date = 2/24/2008 1:36:18 AM | Attr =	]
orioneng.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\orioneng.dat ->  [Ver =  | Size = 1325 bytes | Modified Date = 2/24/2008 1:36:18 AM | Attr =	]
orionfin.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\orionfin.dat ->  [Ver =  | Size = 1599 bytes | Modified Date = 2/24/2008 1:36:18 AM | Attr =	]
perf.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat ->  [Ver =  | Size = 128 bytes | Modified Date = 2/24/2008 3:04:42 AM | Attr =	]
sae.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 2/24/2008 1:37:12 AM | Attr =	]
sai.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 2/24/2008 1:37:12 AM | Attr =	]
index.dat -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 6914048 bytes | Modified Date = 2/16/2008 1:35:02 PM | Attr =	]
FS@swdb.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Spyware\FS@swdb.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2/24/2008 1:37:03 AM | Attr =	]
FS@av.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 2/24/2008 1:37:12 AM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 2/24/2008 1:35:44 AM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 2/24/2008 1:37:20 AM | Attr =	]
FS@hkeng.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hkeng.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/24/2008 1:37:18 AM | Attr =	]
FS@libra.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@libra.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/24/2008 1:36:22 AM | Attr =	]
FS@ols3bin.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols3bin.ini ->  [Ver =  | Size = 175 bytes | Modified Date = 2/24/2008 1:37:08 AM | Attr =	]
FS@orion.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@orion.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 2/24/2008 1:36:18 AM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 2/24/2008 1:36:52 AM | Attr =	]
verdicts.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 2/24/2008 1:35:44 AM | Attr =	]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CB3ZMGPH\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:16:24 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CP6F416F\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KHUNC5Y7\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\MDOBUDQX\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OBNFASH5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\RU4V7LKL\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\SBZN64PH\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\URA7M16V\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:16:24 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VZD3JD0W\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\W5WDYRWD\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 8:52:12 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\WHUFS96N\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\XG8BX9KT\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y9BKT8FY\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:48:04 AM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\YIWO1RNR\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 10/17/2005 7:24:23 AM | Attr =  HS]
rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 2/24/2008 1:26:32 AM | Attr =	]
5 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
UpdateInfo.dll -> C:\WINDOWS\Temp\vmgr9ba.tmp\UpdateInfo.dll ->  [Ver = 2, 0, 0, 19 | Size = 24651 bytes | Modified Date = 2/23/2008 7:38:45 PM | Attr =	]
options.ini -> C:\WINDOWS\Temp\vmgr9ba.tmp\options.ini ->  [Ver =  | Size = 79 bytes | Modified Date = 2/23/2008 7:38:45 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/16/2008 10:02:10 AM | Attr =	]
Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help ->  [Folder | Modified Date = 1/25/2008 8:07:52 AM | Attr =	]
Simply Super Software -> %AllUsersProfile%\Application Data\Simply Super Software ->  [Folder | Modified Date = 2/16/2008 8:06:46 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/16/2008 6:37:04 PM | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2/15/2008 7:55:22 PM | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2/19/2008 1:13:46 PM | Attr =	]
@Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9
Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro ->  [Folder | Modified Date = 2/15/2008 9:04:18 PM | Attr =	]
WinZip -> %AllUsersProfile%\Application Data\WinZip ->  [Folder | Modified Date = 2/15/2008 8:28:56 AM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 2/22/2008 12:49:15 PM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 1/28/2008 8:25:17 PM | Attr =   S]
Simply Super Software -> %AppData%\Simply Super Software ->  [Folder | Modified Date = 2/16/2008 8:06:46 AM | Attr =	]
WinRAR -> %AppData%\WinRAR ->  [Folder | Modified Date = 2/15/2008 8:19:20 AM | Attr =	]
wklnhst.dat -> %AppData%\wklnhst.dat ->  [Ver =  | Size = 328 bytes | Modified Date = 2/24/2008 1:49:54 AM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 94720 bytes | Modified Date = 2/23/2008 7:32:46 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3744302 bytes | Modified Date = 2/18/2008 6:55:43 AM | Attr =  H ]
2008 Grow Out List.wps -> %UserProfile%\My Documents\2008 Grow Out List.wps ->  [Ver =  | Size = 25088 bytes | Modified Date = 2/22/2008 3:17:39 PM | Attr =	]
aaw2007.exe -> %UserProfile%\My Documents\aaw2007.exe ->  [Ver =  | Size = 21364592 bytes | Modified Date = 2/16/2008 9:59:28 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\aaw2007.exe:Zone.Identifier
CGN Pepper Passport.xls -> %UserProfile%\My Documents\CGN Pepper Passport.xls ->  [Ver =  | Size = 434176 bytes | Modified Date = 2/14/2008 5:07:20 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CGN Pepper Passport.xls:Zone.Identifier
CGN Tomato Passport.xls -> %UserProfile%\My Documents\CGN Tomato Passport.xls ->  [Ver =  | Size = 542208 bytes | Modified Date = 2/7/2008 12:55:20 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CGN Tomato Passport.xls:Zone.Identifier
chris's seeds 2-15-0-08.wps -> %UserProfile%\My Documents\chris's seeds 2-15-0-08.wps ->  [Ver =  | Size = 9728 bytes | Modified Date = 2/15/2008 10:41:23 AM | Attr =	]
Cnr37Passport.zip -> %UserProfile%\My Documents\Cnr37Passport.zip ->  [Ver =  | Size = 140332 bytes | Modified Date = 2/21/2008 10:16:23 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Cnr37Passport.zip:Zone.Identifier
Eggplant Collection List.xlsx -> %UserProfile%\My Documents\Eggplant Collection List.xlsx ->  [Ver =  | Size = 13144 bytes | Modified Date = 2/13/2008 7:33:14 PM | Attr =	]
Envelope.wps -> %UserProfile%\My Documents\Envelope.wps ->  [Ver =  | Size = 10752 bytes | Modified Date = 1/28/2008 9:02:07 AM | Attr =	]
Evelope BIG Labels.wps -> %UserProfile%\My Documents\Evelope BIG Labels.wps ->  [Ver =  | Size = 8704 bytes | Modified Date = 2/15/2008 6:07:03 AM | Attr =	]
Hastings and  T.W. Wood seeds.wps -> %UserProfile%\My Documents\Hastings and  T.W. Wood seeds.wps ->  [Ver =  | Size = 26112 bytes | Modified Date = 2/11/2008 5:49:58 AM | Attr =	]
HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/16/2008 8:21:40 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HJTInstall.exe:Zone.Identifier
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/9/2008 7:29:17 AM | Attr = R  ]
Pepper Collection List.xlsx -> %UserProfile%\My Documents\Pepper Collection List.xlsx ->  [Ver =  | Size = 19370 bytes | Modified Date = 2/23/2008 7:40:23 PM | Attr =	]
Peppers @ CGN Cnr38Passport.zip -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip ->  [Ver =  | Size = 115650 bytes | Modified Date = 1/26/2008 2:55:51 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Peppers @ CGN Cnr38Passport.zip:Zone.Identifier
Peppers from Chris.wps -> %UserProfile%\My Documents\Peppers from Chris.wps ->  [Ver =  | Size = 39936 bytes | Modified Date = 1/26/2008 7:57:03 AM | Attr =	]
Rob's order.wps -> %UserProfile%\My Documents\Rob's order.wps ->  [Ver =  | Size = 10240 bytes | Modified Date = 2/21/2008 7:39:48 PM | Attr =	]
Seed Inventory w Sources  TOMATO.wps -> %UserProfile%\My Documents\Seed Inventory w Sources  TOMATO.wps ->  [Ver =  | Size = 194048 bytes | Modified Date = 2/22/2008 3:37:43 AM | Attr =	]
Seed Inventory w Sources Eggplant.wps -> %UserProfile%\My Documents\Seed Inventory w Sources Eggplant.wps ->  [Ver =  | Size = 45056 bytes | Modified Date = 2/15/2008 10:40:23 AM | Attr =	]
Seed Inventory w Sources Pepper.wps -> %UserProfile%\My Documents\Seed Inventory w Sources Pepper.wps ->  [Ver =  | Size = 99328 bytes | Modified Date = 2/23/2008 7:40:11 PM | Attr =	]
Seed Inventory w Sources Vegetables.wps -> %UserProfile%\My Documents\Seed Inventory w Sources Vegetables.wps ->  [Ver =  | Size = 16896 bytes | Modified Date = 2/11/2008 5:49:52 AM | Attr =	]
Seed Labels.wps -> %UserProfile%\My Documents\Seed Labels.wps ->  [Ver =  | Size = 27136 bytes | Modified Date = 1/26/2008 9:06:04 PM | Attr =	]
Simply Super Software -> %UserProfile%\My Documents\Simply Super Software ->  [Folder | Modified Date = 2/16/2008 8:06:46 AM | Attr =	]
SMTA.pdf -> %UserProfile%\My Documents\SMTA.pdf ->  [Ver =  | Size = 633905 bytes | Modified Date = 1/28/2008 12:56:31 AM | Attr =	]
spf.msi -> %UserProfile%\My Documents\spf.msi ->  [Ver =  | Size = 5659648 bytes | Modified Date = 2/17/2008 8:04:28 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spf.msi:Zone.Identifier
spybotsd152.exe -> %UserProfile%\My Documents\spybotsd152.exe -> Safer Networking Limited									 [Ver = 1.5.2				| Size = 9722720 bytes | Modified Date = 2/16/2008 4:25:35 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\spybotsd152.exe:Zone.Identifier
stinger.exe -> %UserProfile%\My Documents\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/17/2008 2:29:00 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\stinger.exe:Zone.Identifier
stinger.opt -> %UserProfile%\My Documents\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 2/17/2008 7:46:18 AM | Attr =	]
T.W. Wood and Sons 1911 1912 Corn Varieties.wps -> %UserProfile%\My Documents\T.W. Wood and Sons 1911 1912 Corn Varieties.wps ->  [Ver =  | Size = 15360 bytes | Modified Date = 2/11/2008 1:54:11 PM | Attr =	]
tatiana's seeds.doc -> %UserProfile%\My Documents\tatiana's seeds.doc ->  [Ver =  | Size = 304128 bytes | Modified Date = 1/28/2008 12:55:42 AM | Attr =	]
Tomato Collection List.xls -> %UserProfile%\My Documents\Tomato Collection List.xls ->  [Ver =  | Size = 171008 bytes | Modified Date = 2/23/2008 4:25:14 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Tomato Collection List.xls:Zone.Identifier
Tomatoes to add to collection list.wps -> %UserProfile%\My Documents\Tomatoes to add to collection list.wps ->  [Ver =  | Size = 9216 bytes | Modified Date = 2/23/2008 4:21:38 AM | Attr =	]
Unzipped -> %UserProfile%\My Documents\Unzipped ->  [Folder | Modified Date = 2/23/2008 8:09:18 PM | Attr =	]
VundoFix.exe -> %UserProfile%\My Documents\VundoFix.exe -> Atribune.org [Ver = 6.07.0008 | Size = 132608 bytes | Modified Date = 2/19/2008 9:38:33 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\VundoFix.exe:Zone.Identifier
www.seeds-by-size.co.uk -> %UserProfile%\My Documents\www.seeds-by-size.co.uk ->  [Folder | Modified Date = 2/11/2008 3:14:22 AM | Attr =	]
xx Liste de variétés.wps -> %UserProfile%\My Documents\xx Liste de variétés.wps ->  [Ver =  | Size = 78848 bytes | Modified Date = 1/25/2008 4:48:10 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1801 bytes | Modified Date = 2/16/2008 10:01:32 AM | Attr =	]
Trend Micro Internet Security.lnk -> %AllUsersProfile%\Desktop\Trend Micro Internet Security.lnk ->  [Ver =  | Size = 810 bytes | Modified Date = 2/15/2008 9:04:26 PM | Attr =	]
avenger.zip -> %UserProfile%\Desktop\avenger.zip ->  [Ver =  | Size = 127378 bytes | Modified Date = 2/23/2008 8:06:10 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
BDSM galleries.URL -> %UserProfile%\Desktop\BDSM galleries.URL ->  [Ver =  | Size = 111 bytes | Modified Date = 2/16/2008 3:28:25 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1745 bytes | Modified Date = 2/16/2008 8:21:45 AM | Attr =	]
Spybot - Search & Destroy (for blind users).lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy (for blind users).lnk ->  [Ver =  | Size = 966 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 944 bytes | Modified Date = 2/16/2008 4:27:37 PM | Attr =	]
The Weather Channel Desktop.lnk -> %UserProfile%\Desktop\The Weather Channel Desktop.lnk ->  [Ver =  | Size = 979 bytes | Modified Date = 2/21/2008 7:00:41 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 2/24/2008 1:30:57 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 480883 bytes | Modified Date = 2/23/2008 5:12:16 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
xxxx.wps -> %UserProfile%\Desktop\xxxx.wps ->  [Ver =  | Size = 57344 bytes | Modified Date = 2/24/2008 1:24:27 AM | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2/15/2008 7:55:23 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/16/2008 9:59:34 AM | Attr =	]

< End of report >


#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:52 AM

Posted 24 February 2008 - 10:24 AM

Hi gmaness. The logs from Avenger and WPF35 don't show anything as being done. Very strange. Even so, the files appear to be gone. Stranger still.

It also appears that both Trend and Sygate have been disabled. If you did not do this yourself then the infection has damaged them. They should both be uninstalled and then reinstalled.

Something else that should be updated is the java software. It is quite out of date. Older versions have vulnerabilities that malware can use to infect your system. Follow these steps to remove older version Java components and update.

Updating Java:
Note: If there is an Update XX in the name then the "XX" in the version will be whatever the latest version is.
  • Download the latest version of Java Runtime Environment (JRE) 6.0 Update XX (if present).
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_6_0_XX-windowsi586-p.exe to install the newest version.
There are a number of registry entries that are still left-over fromt he infection. Let's try and remove those also.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> AutoTBar -> %ProgramFiles%\HP\Digital Imaging\bin\AUTOTBAR.EXE
YN -> dmkjc.exe -> %SystemRoot%\system32\dmkjc.exe
YN -> InfeStop -> %ProgramFiles%\InfeStop\InfeStopRemover.exe
YN -> MSDisp32 -> %SystemRoot%\system32\drvjan.DLL
YN -> MSDrive -> %SystemRoot%\system32\drvzoc.DLL
YN -> regcmdcons -> %SystemDrive%\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
YN -> sysrest32.exe -> %SystemRoot%\system32\sysrest32.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> msiconf.exe -> msiconf.exe
YN -> XP Antivirus -> %ProgramFiles%\XP Antivirus\xpa.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> iifgefe -> iifgefe.dll
YN -> winzjc32 -> winzjc32.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {182C7ED7-E56D-4509-9D9B-AC49318D9895} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\iifgefe.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {CE6000C4-B68B-4BA3-AC78-47776B89D683} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\compatU.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 gmaness

gmaness
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 February 2008 - 02:25 PM

Trend and Spygate were disabled on the previous log because I had to take them down to download avenger. Sun would not let me download Ver. 6 perhaps 64 bit as opposed to 32? not sure?? Anyway, I downloaded jre-1_5_0_14-windows-i586-p and it seems to be ok, No real problems that I am aware of, things seem better. Only thing I've noticed is that Add/Remove Programs takes forever (if it does it at all) to generate a list. Also a couple of pop ups on reboot about missing files. I can get the names of those on my next reboot. Also, once everything is said and done, which programs can be removed (provided a list is generated from the control panel) Avenger? WinPFind35u? Spybot - Search & Destroy? Ad-Aware 2007? Ad-Watch 2007? HijackThis? Thanks for all of your time OT.


[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AutoTBar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dmkjc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\InfeStop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDisp32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSDrive deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\regcmdcons deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sysrest32.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msiconf.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\XP Antivirus deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{182C7ED7-E56D-4509-9D9B-AC49318D9895} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{182C7ED7-E56D-4509-9D9B-AC49318D9895}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifgefe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzjc32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{182C7ED7-E56D-4509-9D9B-AC49318D9895}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{182C7ED7-E56D-4509-9D9B-AC49318D9895}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE6000C4-B68B-4BA3-AC78-47776B89D683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE6000C4-B68B-4BA3-AC78-47776B89D683}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
< End of fix log >
WinPFind35U Version 1.0.0.1 fix logfile created on 02242008_140732

#9 gmaness

gmaness
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 February 2008 - 02:34 PM

Just rebooted again and no "missing files" popups and the Control Panel Add/Remove list is being generated now. Everything appears to be hunky dorry !

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:52 AM

Posted 24 February 2008 - 04:22 PM

Hi gmaness. No, there isn't a true 64-bit version of the JRE. Sun only has 32-bit support and lists the issues related with installation on 64-bit systems on their site.

The log looks good. If everything is running fine then run the system for a couple of days to see if it remains stable. Then get back to me and we'll do some final cleanup. Removing all of the tools we used is automatic. We'll do that at that time when we are finished.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users