Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep Getting Windows Installer Popup


  • This topic is locked This topic is locked
7 replies to this topic

#1 bprasana

bprasana

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 14 May 2007 - 11:16 AM

I have a whole load of viruses in this system i think. Just go it from old user.
I am running w2k professional edition. when i try to open a word doc..and when i start my PC i keep getting the same error. Also once in a while i get "a.exe applicaiton error ".

Please help. the hijack this log is attached below
Logfile of HijackThis v1.99.1
Scan saved at 5:00:55 PM, on 5/14/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
?????????????????????A???c?????
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\AgentController\bin\RAService.exe
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\nastel\mqcx\bin\nsqcm.exe
C:\WINNT\Explorer.EXE
C:\Program Files\nastel\mqcx\bin\nsqsvr.exe
C:\Notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\WINNT\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\nutsrv4.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
C:\SQLLIB\BIN\db2licd.exe
C:\SQLLIB\BIN\db2sec.exe
C:\WINNT\System32\Drivers\ldlcserv.exe
C:\Program Files\Rational\ClearCase\bin\clearexplorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.emea.ibm.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP.EXE
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www-1.ibm.com/sametime/MSJavX86.exe
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,uk.ibm.com,portsmouth.uk.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com,uk.ibm.com,portsmouth.uk.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,uk.ibm.com,portsmouth.uk.ibm.com
O20 - Winlogon Notify: ccnotify - C:\Program Files\Rational\bin\ccnotify.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: tphotkey - C:\WINNT\SYSTEM32\tphklock.dll
O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 - DB2CTLSV-0 (DB2CTLSV-0) - International Business Machines Corporation - C:\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rational Agent Controller - Eclipse.org - C:\Program Files\IBM\AgentController\bin\RAService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINNT\System32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Rational ClearQuest Mail Service (MailService) - Unknown owner - C:\Program Files\Rational\ClearQuest\mailservice.exe
O23 - Service: MQControl Express Connection Manager (MQCExpressConnectionManager) - Unknown owner - C:\Program Files\nastel\mqcx\bin\nsqcm.exe
O23 - Service: MQControl Express Server (MQCExpressServer) - Unknown owner - C:\Program Files\nastel\mqcx\bin\nsqsvr.exe
O23 - Service: IBM WebSphere Message Broker component WBRK6_DEFAULT_BROKER (MQSeriesBrokerWBRK6_DEFAULT_BROKER) - Unknown owner - C:\Program Files\IBM\MQSI\6.0\bin/bipservice.exe
O23 - Service: IBM WebSphere Message Broker component WBRK6_DEFAULT_CONFIGURATION_MANAGER (MQSeriesBrokerWBRK6_DEFAULT_CONFIGURATION_MANAGER) - Unknown owner - C:\Program Files\IBM\MQSI\6.0\bin/bipservice.exe
O23 - Service: IBM MQSeries (MQSeriesServices) - IBM Corporation - C:\Program Files\IBM\WebSphere MQ\bin\amqsvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINNT\system32\nutsrv4.exe
O23 - Service: ProxyServer Service (ProxyServerService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpxsr.exe
O23 - Service: Rational Test Agent Service (RationalTestAgentService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

BC AdBot (Login to Remove)

 


#2 bprasana

bprasana
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 15 May 2007 - 10:55 AM

I was on win 2k SP3.Upgraded to SP4. I still get the same windows installer popup..for sguard.msi and sometimes for visio.msi.

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:40 AM

Posted 19 May 2007 - 08:16 AM

Hello bprasana and welcome to the BC HijackThis forum.

The installer messages simply mean that that the applications or a component of them are not installed and need to be to properly run the program. The sguard.msi message is probably from a CD burning application (like Sonic) and the visio.msi message is from Visio. You will need to have the installation CD's for these applications and insert them when requested to properly install the programs.

There is 1 process that looks like it is corrupted. I'm not sure what it is to or even if we can find it but let's try a different scanner and see if we can find out.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Processes group select All
  • In the Win32 Services group select All
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 bprasana

bprasana
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 21 May 2007 - 07:21 AM

Hi,
here is the log
WinPFind3 logfile created on: 5/21/2007 1:09:59 PM
WinPFind3U by OldTimer - Version 1.0.37 Folder = C:\Documents and Settings\gb074642\Desktop\WinPFind3u\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)

1022.98 Mb Total Physical Memory | 612.32 Mb Available Physical Memory | 59.86% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 2.04 Gb Free Space | 5.49% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: BOOTS
Current User Name: gb074642
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - All]
smss.exe -> %System32%\SMSS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 45840 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
csrss.exe -> %System32%\CSRSS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 5392 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
winlogon.exe -> %System32%\WINLOGON.EXE -> Microsoft Corporation [Ver = 5.00.2195.6970 | Size = 182544 bytes | Modified Date = 8/24/2004 11:59:10 PM | Attr = ]
services.exe -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
lsass.exe -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 33552 bytes | Modified Date = 2/26/2004 12:59:08 AM | Attr = ]
ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 10/22/2003 11:37:42 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
-> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.00.2195.7059 | Size = 212240 bytes | Modified Date = 9/5/2005 9:18:46 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
-> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2000.2.3529.0 | Size = 242448 bytes | Modified Date = 9/5/2005 9:18:46 AM | Attr = ]
-> %System32%\irmon.dll [Irmon] -> Microsoft Corporation [Ver = 5.00.2195.6707 | Size = 73488 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
-> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.00.2195.6660 | Size = 95504 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
-> %System32%\NtmsSvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.00.2195.6655 | Size = 401168 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
-> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.00.2195.6604 | Size = 77584 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
-> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.00.2195.7099 | Size = 161040 bytes | Modified Date = 6/21/2006 5:47:18 PM | Attr = ]
-> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 47376 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
-> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.00.2195.6627 | Size = 38160 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
-> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 442640 bytes | Modified Date = 3/24/2004 3:17:02 AM | Attr = ]
-> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.00.2195.7057 | Size = 175888 bytes | Modified Date = 7/2/2005 4:30:14 AM | Attr = ]
-> %System32%\mspmsnsv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 9.0.1.56 | Size = 52224 bytes | Modified Date = 11/26/2002 7:03:32 PM | Attr = ]
-> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.00.2195.6604 | Size = 195856 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 7/19/2006 7:26:12 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 7/19/2006 7:26:06 PM | Attr = ]
ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 202400 bytes | Modified Date = 7/19/2006 7:26:10 PM | Attr = ]
issvc.exe -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 87728 bytes | Modified Date = 9/27/2006 2:14:44 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ]
spoolsv.exe -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.00.2195.7059 | Size = 47376 bytes | Modified Date = 7/11/2005 9:59:12 PM | Attr = ]
trcboot.exe -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/19/2002 10:19:16 PM | Attr = ]
pcs_agnt.exe -> %ProgramFiles%\IBM\Personal Communications\PCS_AGNT.EXE -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 40960 bytes | Modified Date = 8/19/2002 10:03:38 PM | Attr = ]
db2dasrrm.exe -> %SystemDrive%\SQLLIB\BIN\db2dasrrm.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 286785 bytes | Modified Date = 8/15/2004 8:32:22 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 9/27/2006 8:33:22 PM | Attr = ]
raservice.exe -> %ProgramFiles%\IBM\AgentController\bin\RAService.exe -> Eclipse.org [Ver = 3.3.0.0 | Size = 86016 bytes | Modified Date = 6/24/2005 2:18:12 AM | Attr = ]
c4ebreg.exe -> %ProgramFiles%\C4ebreg\c4ebreg.exe -> IBM Global Services [Ver = 6.20 | Size = 344064 bytes | Modified Date = 12/14/2006 9:17:14 PM | Attr = ]
issimsvc.exe -> %SystemDrive%\Sdwork\issimsvc.exe -> IBM Global Services [Ver = 2.13 | Size = 203264 bytes | Modified Date = 12/5/2006 5:05:00 PM | Attr = ]
nsqcm.exe -> %ProgramFiles%\nastel\mqcx\bin\nsqcm.exe -> [Ver = | Size = 61440 bytes | Modified Date = 8/30/2002 5:15:12 PM | Attr = ]
nsqsvr.exe -> %ProgramFiles%\nastel\mqcx\bin\nsqsvr.exe -> [Ver = | Size = 315392 bytes | Modified Date = 8/29/2002 2:28:30 PM | Attr = ]
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
ntmulti.exe -> %SystemDrive%\Notes\ntmulti.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 53248 bytes | Modified Date = 8/15/2005 5:40:28 AM | Attr = ]
netcfgsv.exe -> %ProgramFiles%\AT&T Network Client\NetCfgSv.EXE -> AT&T [Ver = 5.09.2 | Size = 94208 bytes | Modified Date = 3/1/2004 8:00:00 AM | Attr = ]
nutsrv4.exe -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 4/25/2002 3:27:06 PM | Attr = R ]
regsvc.exe -> %System32%\regsvc.exe -> Microsoft Corporation [Ver = 5.00.2195.6701 | Size = 68368 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
savroam.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 9/27/2006 8:33:38 PM | Attr = ]
mstask.exe -> %System32%\mstask.exe -> Microsoft Corporation [Ver = 4.71.2195.6704 | Size = 119568 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 9/27/2006 8:33:32 PM | Attr = ]
ltmsg.exe -> %System32%\ltmsg.exe -> LUCENT TECHNOLOGIES [Ver = 3, 0, 0, 2 | Size = 38912 bytes | Modified Date = 10/22/2003 11:34:52 AM | Attr = ]
s3tray2.exe -> %System32%\S3Tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.14-1105 | Size = 69632 bytes | Modified Date = 10/22/2003 11:34:20 AM | Attr = ]
symsport.exe -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 173744 bytes | Modified Date = 9/27/2006 2:15:56 PM | Attr = ]
tp4serv.exe -> %System32%\tp4serv.exe -> IBM Corporation [Ver = 3.09 | Size = 87552 bytes | Modified Date = 10/22/2003 11:37:36 AM | Attr = ]
tphkmgr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/22/2003 11:33:32 AM | Attr = ]
prpcui.exe -> %System32%\prpcui.exe -> Intel Corporation [Ver = 2.1.0.0 | Size = 41984 bytes | Modified Date = 4/24/2001 10:00:00 AM | Attr = ]
winmgmt.exe -> %System32%\wbem\WinMgmt.exe -> Microsoft Corporation [Ver = 1.50.1085.0100 | Size = 196706 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
tponscr.exe -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe -> [Ver = | Size = 77824 bytes | Modified Date = 10/22/2003 11:33:32 AM | Attr = ]
mspmspsv.exe -> %System32%\MsPMSPSv.exe -> Microsoft Corporation [Ver = 7.10.00.3068 | Size = 57344 bytes | Modified Date = 5/17/2002 12:24:48 AM | Attr = ]
svchost.exe -> %System32%\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K WUGROUP] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
-> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3630.2554 built by: lab04_n | Size = 9216 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
cccredmgr.exe -> %ProgramFiles%\Rational\ClearCase\bin\cccredmgr.exe -> [Ver = | Size = 10160 bytes | Modified Date = 9/26/2003 10:27:58 AM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 7/19/2006 7:26:04 PM | Attr = ]
isamtray.exe -> %ProgramFiles%\C4ebreg\isamtray.exe -> IBM Global Services [Ver = 6.20 | Size = 237568 bytes | Modified Date = 12/14/2006 9:17:26 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 9/27/2006 8:33:44 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 4/24/2007 4:50:26 PM | Attr = ]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 10:22:02 PM | Attr = ]
db2licd.exe -> %SystemDrive%\SQLLIB\BIN\db2licd.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 86079 bytes | Modified Date = 8/15/2004 8:29:44 PM | Attr = ]
db2sec.exe -> %SystemDrive%\SQLLIB\BIN\db2sec.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 24638 bytes | Modified Date = 8/15/2004 8:33:16 PM | Attr = ]
db2rcmd.exe -> %SystemDrive%\SQLLIB\BIN\db2rcmd.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 32831 bytes | Modified Date = 8/15/2004 8:33:14 PM | Attr = ]
ldlcserv.exe -> %System32%\drivers\ldlcserv.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/19/2002 10:19:14 PM | Attr = ]
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.37.0 | Size = 319488 bytes | Modified Date = 5/16/2007 9:40:18 PM | Attr = ]
msiexec.exe -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr = ]

[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | On_Demand | Stopped] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(cccredmgr) Rational Cred Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Rational\ClearCase\bin\cccredmgr.exe -> [Ver = | Size = 10160 bytes | Modified Date = 9/26/2003 10:27:58 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 192160 bytes | Modified Date = 7/19/2006 7:26:06 PM | Attr = ]
(ccProxy) Symantec Network Proxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccProxy.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 202400 bytes | Modified Date = 7/19/2006 7:26:10 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.2.008 | Size = 87664 bytes | Modified Date = 12/10/2004 6:02:32 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 169632 bytes | Modified Date = 7/19/2006 7:26:12 PM | Attr = ]
(cisvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %System32%\cisvc.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 5392 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(ClipSrv) ClipBook [Win32_Own | On_Demand | Stopped] -> %System32%\clipsrv.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 31504 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(DB2-0) DB2 - DB2-0 [Win32_Own | Auto | Stopped] -> %SystemDrive%\SQLLIB\BIN\db2syscs.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 102464 bytes | Modified Date = 8/15/2004 8:33:22 PM | Attr = ]
(DB2CTLSV-0) DB2 - DB2CTLSV-0 [Win32_Own | Auto | Stopped] -> %SystemDrive%\SQLLIB\BIN\db2syscs.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 102464 bytes | Modified Date = 8/15/2004 8:33:22 PM | Attr = ]
(DB2DAS00) DB2DAS - DB2DAS00 [Win32_Own | Auto | Running] -> %SystemDrive%\SQLLIB\BIN\db2dasrrm.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 286785 bytes | Modified Date = 8/15/2004 8:32:22 PM | Attr = ]
(DB2GOVERNOR) DB2 Governor [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\SQLLIB\BIN\db2govds.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 24641 bytes | Modified Date = 8/15/2004 8:32:58 PM | Attr = ]
(DB2JDS) DB2 JDBC Applet Server [Win32_Own | Auto | Stopped] -> %SystemDrive%\SQLLIB\BIN\db2jds.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 192581 bytes | Modified Date = 8/15/2004 8:33:02 PM | Attr = ]
(DB2LICD) DB2 License Server [Win32_Own | Auto | Running] -> %SystemDrive%\SQLLIB\BIN\db2licd.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 86079 bytes | Modified Date = 8/15/2004 8:29:44 PM | Attr = ]
(DB2NTSECSERVER) DB2 Security Server [Win32_Own | Auto | Running] -> %SystemDrive%\SQLLIB\BIN\db2sec.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 24638 bytes | Modified Date = 8/15/2004 8:33:16 PM | Attr = ]
(DB2REMOTECMD) DB2 Remote Command Server [Win32_Own | Auto | Running] -> %SystemDrive%\SQLLIB\BIN\db2rcmd.exe -> International Business Machines Corporation [Ver = 8.1.7.447 | Size = 32831 bytes | Modified Date = 8/15/2004 8:33:14 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 31472 bytes | Modified Date = 9/27/2006 8:33:22 PM | Attr = ]
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(Fax) Fax Service [Win32_Own | On_Demand | Stopped] -> %System32%\FAXSVC.EXE -> Microsoft Corporation [Ver = 5.00.2195.6612 | Size = 94992 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 4/24/2007 4:50:04 PM | Attr = ]
(IBM Rational Agent Controller) IBM Rational Agent Controller [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM\AgentController\bin\RAService.exe -> Eclipse.org [Ver = 3.3.0.0 | Size = 86016 bytes | Modified Date = 6/24/2005 2:18:12 AM | Attr = ]
(IBMPMSVC) IBM PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 57344 bytes | Modified Date = 10/22/2003 11:37:42 AM | Attr = ]
(Irmon) Infrared Monitor [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(ISAMSvc) IBM Standard Asset Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\C4ebreg\c4ebreg.exe -> IBM Global Services [Ver = 6.20 | Size = 344064 bytes | Modified Date = 12/14/2006 9:17:14 PM | Attr = ]
(ISSIMon) ISSI EZUpdate [Win32_Own | Auto | Running] -> %SystemDrive%\Sdwork\issimsvc.exe -> IBM Global Services [Ver = 2.13 | Size = 203264 bytes | Modified Date = 12/5/2006 5:05:00 PM | Attr = ]
(ISSVC) IS Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 87728 bytes | Modified Date = 9/27/2006 2:14:44 PM | Attr = ]
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(ldlcserv) ldlcserv [Win32_Own | Auto | Running] -> %System32%\drivers\ldlcserv.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/19/2002 10:19:14 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:04 AM | Attr = ]
(LmHosts) TCP/IP NetBIOS Helper Service [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(MailService) Rational ClearQuest Mail Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rational\ClearQuest\mailservice.exe -> [Ver = | Size = 66144 bytes | Modified Date = 3/28/2003 10:21:00 AM | Attr = ]
(Messenger) Messenger [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc.exe -> Microsoft Corporation [Ver = 4.4.3385 | Size = 21776 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(MQCExpressConnectionManager) MQControl Express Connection Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\nastel\mqcx\bin\nsqcm.exe -> [Ver = | Size = 61440 bytes | Modified Date = 8/30/2002 5:15:12 PM | Attr = ]
(MQCExpressServer) MQControl Express Server [Win32_Own | Auto | Running] -> %ProgramFiles%\nastel\mqcx\bin\nsqsvr.exe -> [Ver = | Size = 315392 bytes | Modified Date = 8/29/2002 2:28:30 PM | Attr = ]
(MQSeriesBrokerBROKER009680) IBM MQSeries Broker BROKER009680 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\IBM\WebSphere MQ Integrator 2.1\bin\bipservice.exe -> [Ver = | Size = 110678 bytes | Modified Date = 6/5/2003 10:42:34 PM | Attr = ]
(MQSeriesBrokerConfigMgr) IBM MQSeries Broker ConfigMgr [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\IBM\WebSphere MQ Integrator 2.1\bin\bipservice.exe -> [Ver = | Size = 110678 bytes | Modified Date = 6/5/2003 10:42:34 PM | Attr = ]
(MQSeriesBrokerWBRK6_DEFAULT_BROKER) IBM WebSphere Message Broker component WBRK6_DEFAULT_BROKER [Win32_Own | Auto | Stopped] -> %ProgramFiles%\IBM\MQSI\6.0\bin\bipservice.exe -> [Ver = | Size = 28672 bytes | Modified Date = 3/24/2006 3:11:08 AM | Attr = ]
(MQSeriesBrokerWBRK6_DEFAULT_CONFIGURATION_MANAGER) IBM WebSphere Message Broker component WBRK6_DEFAULT_CONFIGURATION_MANAGER [Win32_Own | Auto | Stopped] -> %ProgramFiles%\IBM\MQSI\6.0\bin\bipservice.exe -> [Ver = | Size = 28672 bytes | Modified Date = 3/24/2006 3:11:08 AM | Attr = ]
(MQSeriesBrokerWS009680) IBM MQSeries Broker WS009680 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\IBM\WebSphere MQ Integrator 2.1\bin\bipservice.exe -> [Ver = | Size = 110678 bytes | Modified Date = 6/5/2003 10:42:34 PM | Attr = ]
(MQSeriesServices) IBM MQSeries [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\IBM\WebSphere MQ\bin\amqsvc.exe -> IBM Corporation [Ver = 5,300,0800,04265 | Size = 65536 bytes | Modified Date = 9/21/2004 1:00:00 AM | Attr = ]
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc.exe -> Microsoft Corporation [Ver = 1999.9.3421.3 | Size = 6928 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Running] -> %System32%\msiexec.exe -> Microsoft Corporation [Ver = 3.1.4000.1823 | Size = 78848 bytes | Modified Date = 5/4/2005 2:45:36 PM | Attr = ]
(Multi-user Cleanup Service) Multi-user Cleanup Service [Win32_Own | Auto | Running] -> %SystemDrive%\Notes\ntmulti.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 53248 bytes | Modified Date = 8/15/2005 5:40:28 AM | Attr = ]
(MyHelp) My Help [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe -> [Ver = | Size = 155737 bytes | Modified Date = 12/14/2005 12:05:42 AM | Attr = ]
(NetCfgSvr) Network Configuration Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AT&T Network Client\NetCfgSv.EXE -> AT&T [Ver = 5.09.2 | Size = 94208 bytes | Modified Date = 3/1/2004 8:00:00 AM | Attr = ]
(NetDDE) Network DDE [Win32_Shared | On_Demand | Stopped] -> %System32%\NETDDE.EXE -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 108816 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | On_Demand | Stopped] -> %System32%\NETDDE.EXE -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 108816 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 33552 bytes | Modified Date = 2/26/2004 12:59:08 AM | Attr = ]
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 33552 bytes | Modified Date = 2/26/2004 12:59:08 AM | Attr = ]
(NtmsSvc) Removable Storage [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(NuTCRACKERService) NuTCRACKERService [Win32_Own | Auto | Running] -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 4/25/2002 3:27:06 PM | Attr = R ]
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(PolicyAgent) IPSEC Policy Agent [Win32_Shared | Disabled | Stopped] -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 33552 bytes | Modified Date = 2/26/2004 12:59:08 AM | Attr = ]
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(ProxyServerService) ProxyServer Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rational\Rational Test\rtpxsr.exe -> Rational Software [Ver = 9.5.0.643 | Size = 45328 bytes | Modified Date = 3/28/2003 6:37:14 PM | Attr = ]
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(RasMan) Remote Access Connection Manager [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(RationalTestAgentService) Rational Test Agent Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Rational\Rational Test\rtpsvc.exe -> Rational Software [Ver = 9.5.0.643 | Size = 69904 bytes | Modified Date = 3/28/2003 6:37:14 PM | Attr = ]
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(RemoteRegistry) Remote Registry Service [Win32_Own | Auto | Running] -> %System32%\regsvc.exe -> Microsoft Corporation [Ver = 5.00.2195.6701 | Size = 68368 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\LOCATOR.EXE -> Microsoft Corporation [Ver = 5.00.2195.6619 | Size = 72464 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp.exe -> Microsoft Corporation [Ver = 5.00.2195.6663 | Size = 176912 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 33552 bytes | Modified Date = 2/26/2004 12:59:08 AM | Attr = ]
(SavRoam) SavRoam [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.5.5000 | Size = 116464 bytes | Modified Date = 9/27/2006 8:33:38 PM | Attr = ]
(SCardDrv) Smart Card Helper [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.00.2195.6609 | Size = 100112 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr.exe -> Microsoft Corporation [Ver = 5.00.2195.6609 | Size = 100112 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\mstask.exe -> Microsoft Corporation [Ver = 4.71.2195.6704 | Size = 119568 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(seclogon) RunAs Service [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(SharedAccess) Internet Connection Sharing [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 4/11/2006 5:13:38 PM | Attr = ]
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv.exe -> Microsoft Corporation [Ver = 5.00.2195.7059 | Size = 47376 bytes | Modified Date = 7/11/2005 9:59:12 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 1813232 bytes | Modified Date = 9/27/2006 8:33:32 PM | Attr = ]
(SymSecurePort) Symantec SecurePort [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -> Symantec Corporation [Ver = 8.7.4.97 | Size = 173744 bytes | Modified Date = 9/27/2006 2:15:56 PM | Attr = ]
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc.exe -> Microsoft Corporation [Ver = 5.00.2195.6608 | Size = 85776 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(TlntSvr) Telnet [Win32_Own | On_Demand | Stopped] -> %System32%\tlntsvr.exe -> Microsoft Corporation [Ver = 5.00.99206.1 | Size = 186128 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(TrcBoot) TrcBoot [Win32_Own | Auto | Running] -> %System32%\drivers\trcboot.exe -> IBM Corporation [Ver = 5060.0.2226.456 | Size = 28672 bytes | Modified Date = 8/19/2002 10:19:16 PM | Attr = ]
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups.exe -> Microsoft Corporation [Ver = 5.00.2158.1 | Size = 17680 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(UtilMan) Utility Manager [Win32_Own | On_Demand | Stopped] -> %System32%\utilman.exe -> Microsoft Corporation [Ver = 1, 0, 0, 3 | Size = 22800 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(W32Time) Windows Time [Win32_Shared | On_Demand | Stopped] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(WinMgmt) Windows Management Instrumentation [Win32_Own | Auto | Running] -> %System32%\wbem\WinMgmt.exe -> Microsoft Corporation [Ver = 1.50.1085.0100 | Size = 196706 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(WinVNC4) VNC Server Version 4 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\RealVNC\VNC4\winvnc4.exe -> RealVNC Ltd. [Ver = 4.1.2 | Size = 439248 bytes | Modified Date = 5/12/2006 4:04:08 PM | Attr = ]
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %System32%\MsPMSPSv.exe -> Microsoft Corporation [Ver = 7.10.00.3068 | Size = 57344 bytes | Modified Date = 5/17/2002 12:24:48 AM | Attr = ]
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Running] -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.00.2195.6700 | Size = 89360 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
(WZCSVC) Wireless Configuration [Win32_Shared | On_Demand | Running] -> %System32%\svchost.exe -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 10/22/2003 11:33:50 AM | Attr = ]
C4EBReg -> %ProgramFiles%\C4ebreg\c4ebreg.exe -> IBM Global Services [Ver = 6.20 | Size = 344064 bytes | Modified Date = 12/14/2006 9:17:14 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.11.1 | Size = 52896 bytes | Modified Date = 7/19/2006 7:26:04 PM | Attr = ]
CCDoctorLogonTesting -> %ProgramFiles%\Rational\ClearCase\bin\ccdoctor.exe -> Rational Software Corporation [Ver = 6.10.0.87 | Size = 126976 bytes | Modified Date = 9/26/2003 10:28:04 AM | Attr = ]
ConfigSafe -> %SystemDrive%\CFGSAFE\ntfsclup.exe -> imagine LAN, Inc. [Ver = 1.0.0.2 | Size = 40960 bytes | Modified Date = 5/18/2001 9:17:52 PM | Attr = ]
CSScheduleCheck -> %SystemDrive%\CFGSAFE\SCHWIZEX.EXE -> imagine LAN, Inc. [Ver = 4.00.18 | Size = 65536 bytes | Modified Date = 5/3/2001 10:03:08 PM | Attr = ]
ipmcmu -> -> File not found
ISAMTray -> %ProgramFiles%\C4ebreg\isamtray.exe -> IBM Global Services [Ver = 6.20 | Size = 237568 bytes | Modified Date = 12/14/2006 9:17:26 PM | Attr = ]
ISSI EZUpdate Service -> %SystemDrive%\Sdwork\issimsvc.exe -> IBM Global Services [Ver = 2.13 | Size = 203264 bytes | Modified Date = 12/5/2006 5:05:00 PM | Attr = ]
LTWinModem1 -> %System32%\ltmsg.exe -> LUCENT TECHNOLOGIES [Ver = 3, 0, 0, 2 | Size = 38912 bytes | Modified Date = 10/22/2003 11:34:52 AM | Attr = ]
NuTCSetupEnviron -> %ProgramFiles%\Rational\Rational Test\nutcroot\bin\ncoeenv.exe -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2002 3:13:22 PM | Attr = R ]
PRPCMonitor -> %System32%\prpcui.exe -> Intel Corporation [Ver = 2.1.0.0 | Size = 41984 bytes | Modified Date = 4/24/2001 10:00:00 AM | Attr = ]
S3TRAY2 -> %System32%\S3Tray2.exe -> S3 Graphics, Inc. [Ver = 1.00.14-1105 | Size = 69632 bytes | Modified Date = 10/22/2003 11:34:20 AM | Attr = ]
stgclean -> %SystemDrive%\Sdwork\W32MAIN2.EXE -> IBM Global Services [Ver = 3.61 | Size = 260608 bytes | Modified Date = 12/13/2006 7:16:00 PM | Attr = ]
StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 2:01:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
TP4EX -> %System32%\TP4EX.exe -> IBM Corporation [Ver = 1.05.00 | Size = 53248 bytes | Modified Date = 9/4/2002 1:05:00 AM | Attr = ]
TPHOTKEY -> %ProgramFiles%\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/22/2003 11:33:32 AM | Attr = ]
TrackPointSrv -> %System32%\tp4serv.exe -> IBM Corporation [Ver = 3.09 | Size = 87552 bytes | Modified Date = 10/22/2003 11:37:36 AM | Attr = ]
vptray -> %ProgramFiles%\Symantec Client Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 125168 bytes | Modified Date = 9/27/2006 8:33:44 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 10:22:02 PM | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 4/24/2007 4:50:26 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 10/23/2006 1:48:20 AM | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 10/23/2006 12:01:50 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{1DD7CBED-2F05-11D3-A521-00400514C916} [HKLM] -> %SystemDrive%\CFGSAFE\CSHOOK.DLL [] -> imagine LAN, Inc. [Ver = 3.07.09 | Size = 114688 bytes | Modified Date = 6/7/2002 7:14:22 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
ccnotify -> %ProgramFiles%\Rational\bin\ccnotify.dll -> File not found
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 43760 bytes | Modified Date = 9/27/2006 8:33:54 PM | Attr = ]
tphotkey -> %System32%\tphklock.dll -> [Ver = | Size = 20480 bytes | Modified Date = 10/22/2003 11:33:32 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDevMgrUpdate -> 1 ->
< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb script:1|vb script:1|acrobat:2|file:2|mailto:2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\System\DNSclient\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\System\DNSclient\\UserNameString -> User Name: ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\System\DNSclient\\PasswordString -> Password: ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\System\DNSclient\\DomainString -> Domain: ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\System\DNSclient\\CredentialsString -> The credentials used for Dynamic DNS registration: ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\NetCache\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
< HOSTS File > (734 bytes) -> C:\WINNT\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Page_URL -> http://www.skybroadband.com ->
HKCU: Local Page -> C:\WINNT\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> about:blank ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ]
{08E730A4-FB02-45BD-A900-01E4AD8016F6} -> http:\www.skybroadband.com [ButtonText: Sky] -> File not found
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> %SystemRoot%\Web\RELATED.HTM [ButtonText: @shdoclc.dll,-866] -> [Ver = | Size = 654 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 11:05:42 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Sky Broadband -> yes ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{DFD4A170-6073-420F-BD93-A6F9CF270059} -> () ->
{E5A72E3A-C97C-4184-81BD-52086DC334BC} -> (IBM Turbo 16/4 Token-Ring PC Card) ->
{FC7E3CCE-4A2F-44C8-9270-0055FDB04845} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000003 [Hummingbird Socks 5 (Proxy Name)] -> %System32%\Hummingbird\Connectivity\8.00\Socks\hclsock5.dll -> Hummingbird Ltd. [Ver = 8.0.0.1 | Size = 110592 bytes | Modified Date = 9/25/2002 9:41:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\Hummingbird\Connectivity\8.00\Socks\hclsock5.dll -> Hummingbird Ltd. [Ver = 8.0.0.1 | Size = 110592 bytes | Modified Date = 9/25/2002 9:41:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\Hummingbird\Connectivity\8.00\Socks\hclsock5.dll -> Hummingbird Ltd. [Ver = 8.0.0.1 | Size = 110592 bytes | Modified Date = 9/25/2002 9:41:44 AM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000023 -> %System32%\Hummingbird\Connectivity\8.00\Socks\hclsock5.dll -> Hummingbird Ltd. [Ver = 8.0.0.1 | Size = 110592 bytes | Modified Date = 9/25/2002 9:41:44 AM | Attr = ]
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} -> Microsoft VM - CodeBase = https://www-1.ibm.com/sametime/MSJavX86.exe ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} -> gpwsx.plugin - CodeBase = http://w3.ibm.com/tools/print/plugin/gpwsx.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINNT\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{6A5110B5-E14B-4268-A065-EF89FF33C325} -> regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub ->
{73fa19d0-2d75-11d2-995d-00c04f98bbc9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\System32\ie4uinit.exe ->
{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} -> %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINNT\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE ->
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> %SystemDrive%\JSTEMP\System\shellext.dll [TextPad] -> File not found
{4DBE8D51-F5EA-11cf-9F20-00A0241E7227} [HKLM] -> ccshelxd.dll [ClearCase Shell Extension Dispatcher for Context Menus] -> File not found
{4DBE8D52-F5EA-11cf-9F20-00A0241E7227} [HKLM] -> ccshelxd.dll [ClearCase Shell Extension Dispatcher for Property Pages] -> File not found
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio10\VisShe.dll [{506F4668-F13E-4AA1-BB04-B43203AB3CC0}] -> [Ver = | Size = 506496 bytes | Modified Date = 4/16/2001 6:50:56 PM | Attr = ]
{B1A89BD1-F149-11cf-9DFE-00A0241E7227} [HKLM] -> ccshelxb.dll [ClearCase Shell Extension Base for Context Menus] -> File not found
{B1A89BD2-F149-11cf-9DFE-00A0241E7227} [HKLM] -> ccshelxb.dll [ClearCase Shell Extension Base for Property Pages] -> File not found
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVP Shell Extensions] -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 47344 bytes | Modified Date = 9/27/2006 8:34:18 PM | Attr = ]
{d1539480-f6cc-11ce-b60e-0000c04f79ba} [HKLM] -> mksicon.dll [MKS Icon Handler] -> File not found
{D66DC78C-4F61-447F-942B-3FB6980118CF} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio10\VisShe.dll [{D66DC78C-4F61-447F-942B-3FB6980118CF}] -> [Ver = | Size = 506496 bytes | Modified Date = 4/16/2001 6:50:56 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
< BotCheck > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultAccessPermission -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\antivirusoverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\firewalloverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 248 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> LYTkX&=&~e283cd19
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> m|yX ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> o ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> %8e& ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 6wA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 288 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedConnection -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupIPAddress -> 0.0.0.0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupSubnetMask -> 0.0.0.0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupDefaultGateway -> 0.0.0.0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupEnableDHCP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedPrivateLan -> {dfd4a170-6073-420f-bd93-a6f9cf270059} ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k wugroup ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINNT\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Allows remote registry manipulation. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\regsvc.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RpcSs;TcpIp; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Allows a remote user to log on to the system and run console programs using the command line. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial ->
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.0.0.0 | Size = 372736 bytes | Modified Date = 10/22/2006 11:28:04 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{B1A89BD1-F149-11cf-9DFE-00A0241E7227} [HKLM] -> ccshelxb.dll [ClearCaseMenu] -> File not found
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVPMenu] -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 47344 bytes | Modified Date = 9/27/2006 8:34:18 PM | Attr = ]
{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 6/5/2006 2:06:22 PM | Attr = ]
{2F25CF20-C569-11D1-B94C-00608CB45480} [HKLM] -> %SystemDrive%\JSTEMP\System\shellext.dll [TextPad] -> File not found
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B1A89BD1-F149-11cf-9DFE-00A0241E7227} [HKLM] -> ccshelxb.dll [ClearCaseMenu] -> File not found
{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 6/5/2006 2:06:22 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{B1A89BD1-F149-11cf-9DFE-00A0241E7227} [HKLM] -> ccshelxb.dll [ClearCaseMenu] -> File not found
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> %CommonProgramFiles%\Symantec Shared\SSC\vpshell2.dll [LDVPMenu] -> Symantec Corporation [Ver = 10.1.5.5000 | Size = 47344 bytes | Modified Date = 9/27/2006 8:34:18 PM | Attr = ]
{DB85C504-C730-49DD-BEC1-7B39C6103B7A} [HKLM] -> %ProgramFiles%\MagicISO\misosh.dll [MagicISO] -> MagicISO, Inc. [Ver = 5, 3, 0, 198 | Size = 20992 bytes | Modified Date = 6/5/2006 2:06:22 PM | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Modified Date = 11/27/2001 9:10:00 AM | Attr = ]
< ControlSets > ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
WinVNC4 -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infoprint Select Notification.lnk -> %ProgramFiles%\IBM\Infoprint Select\ipnotify.exe -> [Ver = 1, 0, 0, 1 | Size = 135168 bytes | Modified Date = 10/9/2003 2:02:14 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 10:22:02 PM | Attr = ]
MCAgentExe -> %SystemDrive%\PROGRA~1\mcafee.com\agent\mcagent.exe -> File not found
MCUpdateExe -> %SystemDrive%\PROGRA~1\mcafee.com\agent\mcupdate.exe -> File not found
MPFExe -> %SystemDrive%\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe -> File not found
MPSExe -> %SystemDrive%\PROGRA~1\mcafee.com\mps\mscifapp.exe -> File not found
MSKAGENTEXE -> %SystemDrive%\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe -> File not found
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 4:16:44 PM | Attr = ]
OASClnt -> %ProgramFiles%\McAfee.com\VSO\oasclnt.exe -> File not found
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> File not found
VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> File not found
VSOCheckTask -> %SystemDrive%\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.chm [@ = chm.file] -> PersistentHandler = Reg Data - Key not found ->
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.cpl [@ = cplfile] -> PersistentHandler = Reg Data - Key not found ->
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb} ->
.hlp [@ = hlpfile] -> PersistentHandler = Reg Data - Key not found ->
.hta [@ = htafile] -> PersistentHandler = Reg Data - Key not found ->
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20} ->
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.url [@ = InternetShortcut] -> PersistentHandler = Reg Data - Key not found ->
.js [@ = JSFile] -> PersistentHandler = Reg Data - Key not found ->
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found ->
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found ->
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found ->
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found ->
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb} ->
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found ->
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found ->
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8195 - Sun Java Console ->
{08E730A4-FB02-45BD-A900-01E4AD8016F6} -> 8193 - Reg Data - Value does not exist ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8194 - Reg Data - Key not found ->
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> 8192 - @shdoclc.dll,-864 ->
NextId -> 8196 ->
< Security Settings > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\antivirusoverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\firewalloverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k BITSgroup ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> LanmanWorkstation;Rpcss;SENS;Wmi; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is disabled, then any functions that depend on BITS, such as Windows Update or MSN Explorer will be unable to automatically download programs and other information. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINNT\system32\qmgr.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 288 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedConnection -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupIPAddress -> 0.0.0.0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupSubnetMask -> 0.0.0.0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupDefaultGateway -> 0.0.0.0; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\BackupEnableDHCP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedPrivateLan -> {dfd4a170-6073-420f-bd93-a6f9cf270059} ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k wugroup ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINNT\system32\wuauserv.dll ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< Session Manager Environment Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec -> C:\WINNT\system32\CMD.EXE -> Microsoft Corporation [Ver = 5.00.2195.6824 | Size = 236304 bytes | Modified Date = 9/21/2003 1:45:06 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP ->
TMP -> %SystemRoot%\TEMP ->
windir -> %SystemRoot% ->
*Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files\IBM\WebSphere MQ\Java\lib -> ->
C:\Program Files\IBM\Infoprint Select -> ->
C:\WebSphereAdapters\bin\classic -> ->
C:\WebSphereAdapters\bin -> ->
C:\WebSphereAdapters\connectors -> ->
C:\Program Files\IBM\WebSphere MQ Integrator 2.1\nnsy\gui -> ->
C:\Program Files\IBM\WebSphere MQ Integrator 2.1\nnsy\bin -> ->
C:\PROGRAM FILES\THINKPAD\UTILITIES -> ->
%SystemRoot%\system32 -> ->
%SystemRoot% -> ->
%SystemRoot%\System32\Wbem -> ->
C:\Notes -> ->
C:\Utilities -> ->
C:\Program Files\IBM\Trace Facility\ -> ->
C:\Program Files\IBM\Personal Communications\ -> ->
C:\Program Files\IBM\WebSphere MQ Integrator 2.1\bin -> ->
C:\IBM\IMNNQ -> ->
C:\Program Files\nastel\mqcx\bin -> ->
C:\Program Files\Rational\ClearCase\bin -> ->
C:\Program Files\Rational\common -> ->
C:\SQLLIB\BIN -> ->
C:\SQLLIB\FUNCTION -> ->
C:\SQLLIB\SAMPLES\REPL -> ->
C:\Program Files\IBM\WebSphere MQ\bin -> ->
C:\Program Files\IBM\WebSphere MQ\tools\c\samples\bin -> ->
*PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT ->
.COM -> ->
.EXE -> ->
.BAT -> ->
.CMD -> ->
.VBS -> ->
.VBE -> ->
.JS -> ->
.JSE -> ->
.WSF -> ->
.WSH -> ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
batfile [open] -> "%1" %* ->
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
chm.file [open] -> "%SystemRoot%\hh.exe" %1 -> Microsoft Corporation [Ver = 5.2.3790.309 (srv03_gdr.050413-1540) | Size = 10752 bytes | Modified Date = 4/14/2005 6:08:24 PM | Attr = ]
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
cmdfile [open] -> "%1" %* ->
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL %1,%* -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 12:39:24 PM | Attr = ]
exefile [open] -> "%1" %* ->
helpfile [open] -> winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 270608 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
hlpfile [open] -> %SystemRoot%\System32\winhlp32.exe %1 -> Microsoft Corporation [Ver = 5.00.2195.3649 | Size = 8976 bytes | Modified Date = 7/22/2002 5:05:04 PM | Attr = ]
htafile [open] -> %System32%\mshta.exe "%1" %* -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 24576 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
htmlfile [edit] -> "%ProgramFiles%\Microsoft Office\Office\msohtmed.exe" %1 -> Microsoft Corporation [Ver = 9.0.3508 | Size = 41011 bytes | Modified Date = 11/11/1999 9:39:16 PM | Attr = ]
htmlfile [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
htmlfile [opennew] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
htmlfile [print] -> "%ProgramFiles%\Microsoft Office\Office\msohtmed.exe" /p %1 -> Microsoft Corporation [Ver = 9.0.3508 | Size = 41011 bytes | Modified Date = 11/11/1999 9:39:16 PM | Attr = ]
http [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
https [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 10000 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l -> Microsoft Corporation [Ver = 6.00.2800.1902 (xpsp2.070102-0900) | Size = 1340416 bytes | Modified Date = 1/2/2007 9:33:28 AM | Attr = ]
InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" -> Microsoft Corporation [Ver = 6.00.2800.1589 | Size = 2704896 bytes | Modified Date = 1/2/2007 10:16:34 AM | Attr = ]
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 6/26/2001 11:53:50 PM | Attr = ]
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 6/26/2001 11:53:50 PM | Attr = ]
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
piffile [open] -> "%1" %* ->
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
regfile [open] -> regedit.exe "%1" -> Microsoft Corporation [Ver = 5.00.2195.6707 | Size = 73488 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
regfile [merge] -> Reg Data - Key not found ->
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
scrfile [config] -> %1 ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> Microsoft Corporation [Ver = 5.00.2195.6601 | Size = 237328 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
scrfile [open] -> "%1" /S ->
txtfile [edit] -> Reg Data - Key not found ->
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 6/26/2001 11:53:50 PM | Attr = ]
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 6/26/2001 11:53:50 PM | Attr = ]
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 6/26/2001 11:53:50 PM | Attr = ]
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 -> Microsoft Corporation [Ver = 5.00.2140.1 | Size = 50960 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* -> Microsoft Corporation [Ver = 5.6.0.6626 | Size = 118834 bytes | Modified Date = 6/26/2001 11:53:50 PM | Attr = ]
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Microsoft Corporation [Ver = 5.00.3900.7105 | Size = 2362640 bytes | Modified Date = 7/13/2006 12:39:24 PM | Attr = ]
Directory [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
Drive [find] -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 5.00.3700.6690 | Size = 243472 bytes | Modified Date = 6/19/2003 8:05:04 PM | Attr = ]
Applications\iexplore.exe [open] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%ProgramFiles%\Internet Explorer\iexplore.exe" -> Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 91136 bytes | Modified Date = 8/29/2002 1:14:40 PM | Attr = ]
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
{00010409-78E1-11D2-B60F-006097C998E7} -> Microsoft Office 2000 SR-1 Professional ->
{0698CECB-9072-47B1-AEA1-94CA350989B8} -> Symantec Client Security ->
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} -> Sonic Update Manager ->
{113EECD6-9A04-11D4-811D-00805F923B86} -> Lotus NotesSQL 3.01 driver ->
{11B569C2-4BF6-4ED0-9D17-A4273943CB24} -> Adobe Photoshop Album 2.0 Starter Edition ->
{121634B0-2F4B-11D3-ADA3-00C04F52DD52} -> Windows Installer Clean Up ->
{14C35072-D7D0-4B29-B5BF-C94E426D77E9} -> Sky Broadband ->
{1558C891-12F0-46E2-8B36-EFCE905DD7B8} -> MQControl Express ->
{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk -> Google Talk (remove only) ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer ->
{2C82A426-15DA-11D4-AC4E-000629F40F93} -> Personal System Configuration ->
{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D} -> Microsoft Project 2000 ->
{3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java™ SE Runtime Environment 6 Update 1 ->
{3DB1384C-C746-4EA5-8C32-8710479D6497} -> Rational ClearCase ->
{3E713D52-C967-41FB-AA24-3A92CC1025A4} -> Remote Desktop Connection ->
{3FFC2A8F-16B1-11D4-AC4E-000629F40F93} -> Mobile IP Address SetUp ->
{43DCF766-6838-4F9A-8C91-D92DA586DFA7} -> Microsoft Windows Journal Viewer ->
{536D6172-7453-7569-7465-392E37300409} -> Lotus SmartSuite - English ->
{53A93780-6073-4207-A729-A99A30AFDE40} -> AFP Workbench for Windows ->
{582CFC80-0235-D611-8FBB-00C04F72EE80} -> Rational TestManager ->
{628789DC-75F8-4302-A268-27EF628E6906} -> Lotus Notes 7.0 ->
{6F716D8C-398F-11D3-85E1-005004838609} -> WebFldrs ->
{7C4973E7-44A5-4E2D-B89D-09F1F6C8A51E} -> DocumentFactory ->
{8214CC02-6271-4DC8-B8DD-779933450264} -> IBM RecordNow ->
{90120409-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Standard ->
{90510409-6D54-11D4-BEE3-00C04F990354} -> Microsoft Visio Professional 2002 SR-1 [English] ->
{94F9723E-900A-43C5-8F4E-AD2D2ED09273} -> Microsoft Visio Viewer 2002 ->
{97B1A01B-3971-40B2-A2BE-1AEEFBECCD84} -> IBM WebSphere MQ ->
{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1} -> IBM 32-bit SDK for Java 2, v1.4.0 ->
{AA36483F-5D79-4EFD-ACA7-161EE2474E17} -> IBM Infoprint Select ->
{AB246327-D9BA-4D93-A620-A149D0260D05} -> IBM System Migration Assistant 3.1 ->
{AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8 ->
{AD6AC08C-1B89-474C-8429-C9D80743A247} -> CypressLogic XML Parser ->
{B43357AA-3A6D-4D94-B56E-43C44D09E548} -> Microsoft .NET Framework (English) ->
{BB65C393-C76E-4F06-9B0C-2124AA8AF97B} -> Adobe Flash Player 9 ActiveX ->
{C1A350C0-9EDC-4F21-A75C-5609BF9523ED} -> Lotus Notes 6.0.2 ->
{C26FC7AE-2A5E-11D6-982D-006094EB6655} -> IBM Personal Communications ->
{C7E821C4-E909-4525-927C-4F7CDDD9F705} -> IBM Community Tools ->
{CA96F3A1-F350-11D3-B354-002035C150E4} -> ILC ->
{D111D725-97AB-4654-B866-21700C703E86} -> HHD Software Hex Editor ->
{D3376CBF-75B2-4AA7-8D17-95587AA56055} -> DocumentFactory ->
{D4ECEEB4-CF09-4F43-A376-B885C0BC2EA5} -> IBM WebSphere Eclipse Platform V3.0 ->
{D57E9A87-BBF6-4D1E-AE07-9D63B86C5042} -> Tivoli Storage Manager Client ->
{D8F53726-C7AD-11D4-9155-00203586D551} -> DB2 Enterprise Server Edition ->
{DFF415AC-3883-4338-9365-DDCB74A0CFBA} -> My Help (IBM Corp.) ->
{E7738533-1651-4AC2-8428-95729B23FEDA} -> Hummingbird SOCKS V8.0 ->
{EA664480-3844-11D5-8C25-444553540000} -> IBM TrackPoint Accessibility Features ->
44bf77bc8d73812939de0905967f886b -> IBM WebSphere Business Integration Adapters ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
AdobeESD -> Adobe Download Manager 1.2 (Remove Only) ->
AT&T Network Client {C:,PROGRA~1,AT&TNE~1,} -> AT&T Network Client ->
CBPRstor -> IBM Migration Restore Assistant for ISCI ->
Citrix ICA Client -> Citrix ICA Client ->
ConfigSafe -> ConfigSafe ->
DVD Express A/V Pak -> DVDExpress ->
FTP Explorer -> FTP Explorer ->
HijackThis -> HijackThis 1.99.1 ->
hyadesdc_product -> IBM Rational Agent Controller ->
IBM Ayudame -> IBM Ayudame ->
IBM Global Network Dialer -> IBM Global Network Dialer ->
InstallShield_{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1} -> IBM 32-bit SDK for Java 2, v1.4.0 ->
Intel SpeedStep technology Applet -> Intel SpeedStep technology Applet ->
IPM Client Migration Utility -> IPM Client Migration Utility ->
ISCI25dc -> ISCI Documentation ->
KB823559 -> Windows 2000 Hotfix - KB823559 ->
KB823980 -> Windows 2000 Hotfix - KB823980 ->
KB824105 -> Windows 2000 Hotfix - KB824105 ->
KB824146 -> Windows 2000 Hotfix - KB824146 ->
KB828028 -> Windows 2000 Hotfix - KB828028 ->
KB828035 -> Windows 2000 Hotfix - KB828035 ->
KB828741 -> Windows 2000 Hotfix - KB828741 ->
KB828749 -> Windows 2000 Hotfix - KB828749 ->
KB835732 -> Windows 2000 Hotfix - KB835732 ->
KB840987 -> Windows 2000 Hotfix - KB840987 ->
KB841356 -> Windows 2000 Hotfix - KB841356 ->
KB873333 -> Windows 2000 Hotfix - KB873333 ->
KB885250 -> Windows 2000 Hotfix - KB885250 ->
KB885492 -> Windows Media Player 9 Hotfix [See KB885492 for more information] ->
KB885836 -> Windows 2000 Hotfix - KB885836 ->
KB888113 -> Windows 2000 Hotfix - KB888113 ->
KB890047 -> Windows 2000 Hotfix - KB890047 ->
KB890175 -> Windows 2000 Hotfix - KB890175 ->
KB891711 -> Windows 2000 Hotfix - KB891711 ->
KB891781 -> Windows 2000 Hotfix - KB891781 ->
KB893066 -> Windows 2000 Hotfix - KB893066 ->
KB893756 -> Windows 2000 Hotfix - KB893756 ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB894320 -> Windows 2000 Hotfix - KB894320 ->
KB896358 -> Windows 2000 Hotfix - KB896358 ->
KB896422 -> Windows 2000 Hotfix - KB896422 ->
KB896423 -> Windows 2000 Hotfix - KB896423 ->
KB896424 -> Windows 2000 Hotfix - KB896424 ->
KB900725 -> Windows 2000 Hotfix - KB900725 ->
KB901214 -> Windows 2000 Hotfix - KB901214 ->
KB902400 -> Windows 2000 Hotfix - KB902400 ->
KB904706 -> Security Update for Windows 2000 (KB904706) ->
KB905749 -> Windows 2000 Hotfix - KB905749 ->
KB908519 -> Windows 2000 Hotfix - KB908519 ->
KB908531 -> Windows 2000 Hotfix - KB908531 ->
KB911280 -> Windows 2000 Hotfix - KB911280 ->
KB911564 -> Security Update for Windows Media Player (KB911564) ->
KB912919 -> Windows 2000 Hotfix - KB912919 ->
KB914388 -> Windows 2000 Hotfix - KB914388 ->
KB917008 -> Windows 2000 Hotfix - KB917008 ->
KB917159 -> Windows 2000 Hotfix - KB917159 ->
KB917422 -> Windows 2000 Hotfix - KB917422 ->
KB917734_WMP9 -> Security Update for Windows Media Player 9 (KB917734) ->
KB920213 -> Windows 2000 Hotfix - KB920213 ->
KB920670 -> Windows 2000 Hotfix - KB920670 ->
KB920683 -> Windows 2000 Hotfix - KB920683 ->
KB921398 -> Windows 2000 Hotfix - KB921398 ->
KB923191 -> Windows 2000 Hotfix - KB923191 ->
KB923689 -> Security Update for Windows 2000 (KB923689) ->
KB923694-OE6SP1-20061106.120000 -> Windows 2000 Hotfix - KB923694 ->
KB924270 -> Windows 2000 Hotfix - KB924270 ->
KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) ->
KB925902 -> Windows 2000 Hotfix - KB925902 ->
KB928090-IE6SP1-20070125.120000 -> Windows 2000 Hotfix - KB928090 ->
KB928843 -> Windows 2000 Hotfix - KB928843 ->
KB929969-IE6SP1-20061220.120000 -> Windows 2000 Hotfix - KB929969 ->
KB930178 -> Windows 2000 Hotfix - KB930178 ->
KB931836 -> Windows 2000 Hotfix - KB931836 ->
KB932168 -> Windows 2000 Hotfix - KB932168 ->
LiveAdvisor -> LiveAdvisor (Symantec Corporation) ->
LiveUpdate -> LiveUpdate 3.0 (Symantec Corporation) ->
LTWinModem -> Lucent Win Modem ->
Magic ISO Maker v5.4 (build 0239) -> Magic ISO Maker v5.4 (build 0239) ->
Microsoft .NET Framework Full v1.0.3705 (1033) -> Microsoft .NET Framework (English) v1.0.3705 ->
MQJExplorer -> MQJExplorer ->
mqsi60 -> IBM WebSphere Message Broker 6.0 ->
nnsycomps -> New Era of Networks - NNSY Component Installer ->
Power Features -> IBM ThinkPad Battery MaxiMiser and Power Management Features ->
PPTView97 -> Microsoft PowerPoint Viewer 97 ->
PQEdit -> PQEdit ->
PROSet -> Intel® PRO Ethernet Adapter and Software ->
RealVNC_is1 -> VNC Free Edition 4.1.2 ->
S3Display -> S3Display ->
S3Gamma2 -> S3Gamma2 ->
S3Info2 -> S3Info2 ->
Sametime Client v3.1 -> Sametime Client v3.1 ->
SequoiaView -> SequoiaView ->
Snapshot Viewer 9.0 -> Snapshot Viewer 9.0 ->
ST6UNST #1 -> ZapNotes v3 ->
Synergy -> Synergy ->
ThinkPad Configuration -> IBM ThinkPad Configuration ->
Tomb Raider - The Last Revelation -> Tomb Raider - The Last Revelation ->
Tomb Raider - The Lost Artifact -> Tomb Raider - The Lost Artifact ->
TrackPoint -> IBM TrackPoint Support ->
TVUPlayer -> TVUPlayer 2.3.0.0 ->
WebSphere MQ Integrator V2.1 -> IBM WebSphere MQ Integrator V2.1 ->
Windows 2000 Service Pack -> Windows 2000 Service Pack 4 ->
WinRAR archiver -> WinRAR archiver ->
WinZip -> WinZip ->
WMBT60 -> IBM WebSphere Message Broker Toolkit Version 6.0 ->
WMP7 -> Windows Media Player system update (9 Series) ->
Workstation Security Tool_is1 -> Workstation Security Tool 2.0 ->
XLViewer97 -> Microsoft Excel Viewer 97 ->
Yahoo! SiteBuilder -> Yahoo! SiteBuilder ->
< WOW Settings [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
cmdline -> %SystemRoot%\system32\ntvdm.exe ->
wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 ->

[Files/Folders - Created Within 30 days]
01. Receive IFS -> %SystemDrive%\01. Receive IFS -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
02. Create Work Order -> %SystemDrive%\02. Create Work Order -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
03. Book-in IFS & Assign Work -> %SystemDrive%\03. Book-in IFS & Assign Work -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
04. Create ITS -> %SystemDrive%\04. Create ITS -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
05. Project Planning & Coordination -> %SystemDrive%\05. Project Planning & Coordination -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
06. Spot Check ITS -> %SystemDrive%\06. Spot Check ITS -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
Backbone_Environment -> %SystemDrive%\Backbone_Environment -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
Backbone_Issues -> %SystemDrive%\Backbone_Issues -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
Backbone_Principles_Policies_Guidelines -> %SystemDrive%\Backbone_Principles_Policies_Guidelines -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
backup -> %SystemDrive%\backup -> [Folder | Created Date = 4/24/2007 3:40:08 PM | Attr = ]
bin -> %SystemDrive%\bin -> [Folder | Created Date = 4/24/2007 4:40:42 PM | Attr = ]
BRI_Notes_Project_config_files -> %SystemDrive%\BRI_Notes_Project_config_files -> [Folder | Created Date = 4/24/2007 4:41:19 PM | Attr = ]
busobj -> %SystemDrive%\busobj -> [Folder | Created Date = 4/24/2007 4:40:32 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 5/20/2007 3:23:01 PM | Attr = HS]
Conformity of output data -> %SystemDrive%\Conformity of output data -> [Folder | Created Date = 5/4/2007 12:35:02 PM | Attr = ]
connectors -> %SystemDrive%\connectors -> [Folder | Created Date = 4/24/2007 4:40:32 PM | Attr = ]
CROSSWORLDSTEMP -> %SystemDrive%\CROSSWORLDSTEMP -> [Folder | Created Date = 4/24/2007 4:41:32 PM | Attr = ]
data_handler_ref_guide -> %SystemDrive%\data_handler_ref_guide -> [Folder | Created Date = 4/24/2007 4:40:32 PM | Attr = ]
DevelopmentKits -> %SystemDrive%\DevelopmentKits -> [Folder | Created Date = 4/24/2007 4:41:07 PM | Attr = ]
documentation -> %SystemDrive%\documentation -> [Folder | Created Date = 4/24/2007 4:40:51 PM | Attr = ]
Java Adapters -> %SystemDrive%\Java Adapters -> [Folder | Created Date = 4/24/2007 4:41:31 PM | Attr = ]
Keith Temp -> %SystemDrive%\Keith Temp -> [Folder | Created Date = 4/24/2007 4:41:31 PM | Attr = ]
notes6bkp -> %SystemDrive%\notes6bkp -> [Folder | Created Date = 5/14/2007 11:12:03 AM | Attr = ]
notes7bkp -> %SystemDrive%\notes7bkp -> [Folder | Created Date = 5/11/2007 11:39:01 AM | Attr = ]
ProjectDocumentation -> %SystemDrive%\ProjectDocumentation -> [Folder | Created Date = 4/24/2007 4:41:30 PM | Attr = ]
tardir -> %SystemDrive%\tardir -> [Folder | Created Date = 4/24/2007 4:41:30 PM | Attr = ]
util -> %SystemDrive%\util -> [Folder | Created Date = 5/20/2007 1:27:11 PM | Attr = ]
windows -> %SystemDrive%\windows -> [Folder | Created Date = 5/19/2007 8:11:13 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 5/15/2007 12:40:13 PM | Attr = H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 5/15/2007 10:16:24 AM | Attr = H ]
$NtUninstallKB885492$ -> %SystemRoot%\$NtUninstallKB885492$ -> [Folder | Created Date = 5/10/2007 10:03:18 AM | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 5/15/2007 12:43:02 PM | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 5/15/2007 12:16:16 PM | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 5/15/2007 12:45:35 PM | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 5/15/2007 12:44:22 PM | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 5/15/2007 12:29:02 PM | Attr = H ]
$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 5/15/2007 12:17:02 PM | Attr = H ]
$NtUninstallKB904706$ -> %SystemRoot%\$NtUninstallKB904706$ -> [Folder | Created Date = 5/15/2007 12:43:41 PM | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 5/15/2007 12:45:00 PM | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 5/15/2007 12:18:13 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 5/15/2007 12:45:59 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 5/15/2007 12:25:36 PM | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Created Date = 5/15/2007 12:18:31 PM | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 5/15/2007 12:17:41 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 5/15/2007 12:26:19 PM | Attr = H ]
$NtUninstallKB917008$ -> %SystemRoot%\$NtUninstallKB917008$ -> [Folder | Created Date = 5/15/2007 12:47:52 PM | Attr = H ]
$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Created Date = 5/15/2007 12:25:59 PM | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 5/15/2007 12:49:28 PM | Attr = H ]
$NtUninstallKB917734_WMP9$ -> %SystemRoot%\$NtUninstallKB917734_WMP9$ -> [Folder | Created Date = 5/15/2007 12:46:28 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 5/15/2007 12:51:03 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 5/15/2007 12:49:05 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 5/15/2007 12:47:11 PM | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 5/15/2007 12:48:26 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 5/15/2007 12:50:22 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 5/15/2007 12:52:42 PM | Attr = H ]
$NtUninstallKB923694-OE6SP1-20061106.120000$ -> %SystemRoot%\$NtUninstallKB923694-OE6SP1-20061106.120000$ -> [Folder | Created Date = 5/15/2007 12:51:42 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 5/15/2007 12:26:54 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 5/15/2007 12:52:16 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 5/15/2007 12:27:54 PM | Attr = H ]
$NtUninstallKB928090-IE6SP1-20070125.120000$ -> %SystemRoot%\$NtUninstallKB928090-IE6SP1-20070125.120000$ -> [Folder | Created Date = 5/15/2007 12:53:40 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 5/15/2007 12:53:05 PM | Attr = H ]
$NtUninstallKB929969-IE6SP1-20061220.120000$ -> %SystemRoot%\$NtUninstallKB929969-IE6SP1-20061220.120000$ -> [Folder | Created Date = 5/15/2007 12:27:21 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 5/15/2007 12:28:42 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 5/15/2007 12:15:50 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 5/15/2007 12:28:16 PM | Attr = H ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 5/15/2007 10:18:48 AM | Attr = ]
setup.inf -> %SystemRoot%\setup.inf -> [Ver = | Size = 957 bytes | Created Date = 5/15/2007 12:48:00 PM | Attr = ]
setup.rpt -> %SystemRoot%\setup.rpt -> [Ver = | Size = 283 bytes | Created Date = 5/15/2007 12:48:00 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 5/4/2007 11:37:51 AM | Attr = ]
uneng.exe -> %SystemRoot%\uneng.exe -> Roxio [Ver = 5.3.0.6 | Size = 57344 bytes | Created Date = 5/10/2007 7:29:25 AM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Created Date = 5/15/2007 12:42:02 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 5/10/2007 7:28:59 AM | Attr = ]
atmfd.dll -> %System32%\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.0 Build 225 | Size = 291888 bytes | Created Date = 5/15/2007 10:12:24 AM | Attr = ]
atmlib.dll -> %System32%\atmlib.dll -> Adobe Systems [Ver = 5.0 Build 225 | Size = 31504 bytes | Created Date = 5/15/2007 10:12:24 AM | Attr = ]
binkw32.dll -> %System32%\binkw32.dll -> [Ver = | Size = 172032 bytes | Created Date = 5/20/2007 3:17:55 PM | Attr = ]
dfrgfat.exe -> %System32%\dfrgfat.exe -> Executive Software International, Inc. [Ver = 5.00.2195.6605 | Size = 62224 bytes | Created Date = 5/15/2007 10:12:44 AM | Attr = ]
dfrgntfs.exe -> %System32%\dfrgntfs.exe -> Executive Software International, Inc. [Ver = 5.00.2195.6605 | Size = 76048 bytes | Created Date = 5/15/2007 10:12:44 AM | Attr = ]
dfrgsnap.dll -> %System32%\dfrgsnap.dll -> Executive Software International, Inc. [Ver = 5.00.2195.6605 | Size = 42768 bytes | Created Date = 5/15/2007 10:12:44 AM | Attr = ]
dmadmin.exe -> %System32%\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Created Date = 5/15/2007 10:12:46 AM | Attr = ]
dmconfig.dll -> %System32%\dmconfig.dll -> VERITAS Software Corp. [Ver = 2195.6605.297.3 | Size = 316176 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmdlgs.dll -> %System32%\dmdlgs.dll -> Microsoft Corp., VERITAS Software [Ver = 2195.6605.297.3 | Size = 174864 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmdskmgr.dll -> %System32%\dmdskmgr.dll -> Microsoft Corp., VERITAS Software [Ver = 2195.6605.297.3 | Size = 163600 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmdskres.dll -> %System32%\dmdskres.dll -> Microsoft Corp., VERITAS Software [Ver = 2195.6605.297.3 | Size = 122368 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmintf.dll -> %System32%\dmintf.dll -> VERITAS Software Corp. [Ver = 2195.6605.297.3 | Size = 13072 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmremote.exe -> %System32%\dmremote.exe -> VERITAS Software Corp. [Ver = 2195.6605.297.3 | Size = 10512 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmserver.dll -> %System32%\dmserver.dll -> VERITAS Software Corp. [Ver = 2195.6605.297.3 | Size = 12048 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmutil.dll -> %System32%\dmutil.dll -> VERITAS Software Corp. [Ver = 2195.6605.297.3 | Size = 43280 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dmview.ocx -> %System32%\dmview.ocx -> Microsoft Corp., VERITAS Software [Ver = 2195.6605.297.3 | Size = 61712 bytes | Created Date = 5/15/2007 10:12:47 AM | Attr = ]
dxmasf.dll -> %System32%\dxmasf.dll -> [Ver = | Size = 498742 bytes | Created Date = 5/15/2007 10:12:57 AM | Attr = ]
HTICONS.DLL -> %System32%\HTICONS.DLL -> Hilgraeve, Inc. [Ver = 5.00.2195.6684 | Size = 21776 bytes | Created Date = 5/15/2007 10:13:08 AM | Attr = ]
Hummingbird -> %System32%\Hummingbird -> [Folder | Created Date = 5/9/2007 8:43:20 AM | Attr = ]
IBMMenu.dll -> %System32%\IBMMenu.dll -> [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Created Date = 5/4/2007 1:23:55 PM | Attr = ]
ie_de -> %System32%\ie_de -> [Folder | Created Date = 5/15/2007 10:18:47 AM | Attr = ]
imgedit.ocx -> %System32%\imgedit.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2195.6601 | Size = 306448 bytes | Created Date = 5/15/2007 10:13:12 AM | Attr = ]
instcat.sql -> %System32%\instcat.sql -> [Ver = | Size = 618889 bytes | Created Date = 5/15/2007 10:13:14 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 5/20/2007 3:24:06 PM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 5/4/2007 11:37:30 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 5/20/2007 3:24:06 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 5/20/2007 3:24:06 PM | Attr = ]
korwbrkr.lex -> %System32%\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 5/15/2007 10:13:29 AM | Attr = ]
logo.jpg -> %System32%\logo.jpg -> [Ver = | Size = 225 bytes | Created Date = 5/4/2007 1:22:27 PM | Attr = ]
msdxm.ocx -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Created Date = 5/15/2007 10:13:50 AM | Attr = ]
msdxmlc.dll -> %System32%\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 5/15/2007 10:13:51 AM | Attr = ]
msswch.dll -> %System32%\msswch.dll -> Madenta Applications Inc. [Ver = 1, 0, 0, 1 | Size = 14608 bytes | Created Date = 5/15/2007 10:14:15 AM | Attr = ]
msswchx.exe -> %System32%\msswchx.exe -> Madenta Applications Inc. [Ver = 1, 0, 0, 1 | Size = 7440 bytes | Created Date = 5/15/2007 10:14:15 AM | Attr = ]
odbcconf.rsp -> %System32%\odbcconf.rsp -> [Ver = | Size = 4296 bytes | Created Date = 5/15/2007 10:14:44 AM | Attr = ]
oieng400.dll -> %System32%\oieng400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2195.6601 | Size = 444176 bytes | Created Date = 5/15/2007 10:14:46 AM | Attr = ]
pdclntif.dll -> %System32%\pdclntif.dll -> [Ver = | Size = 548864 bytes | Created Date = 5/4/2007 1:23:55 PM | Attr = ]
pdprDlg.dll -> %System32%\pdprDlg.dll -> [Ver = | Size = 139264 bytes | Created Date = 5/4/2007 1:23:55 PM | Attr = ]
pdresrc.dll -> %System32%\pdresrc.dll -> [Ver = | Size = 36864 bytes | Created Date = 5/4/2007 1:23:59 PM | Attr = ]
Perflib_Perfdata_15c.dat -> %System32%\Perflib_Perfdata_15c.dat -> [Ver = | Size = 16384 bytes | Created Date = 5/21/2007 8:32:45 AM | Attr = ]
profile.dat -> %System32%\profile.dat -> [Ver = | Size = 40 bytes | Created Date = 5/4/2007 10:26:57 AM | Attr = ]
rsm.exe -> %System32%\rsm.exe -> Microsoft Corp [Ver = 5, 0, 2074, 0 | Size = 44816 bytes | Created Date = 5/15/2007 10:15:00 AM | Attr = ]
rto.bat -> %System32%\rto.bat -> [Ver = | Size = 52 bytes | Created Date = 5/15/2007 12:28:50 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.1.2.1 | Size = 48816 bytes | Created Date = 5/4/2007 10:24:44 AM | Attr = ]
selnt.dll -> %System32%\selnt.dll -> [Ver = | Size = 118784 bytes | Created Date = 5/4/2007 1:23:55 PM | Attr = ]
socks.cnf -> %System32%\socks.cnf -> [Ver = | Size = 19089 bytes | Created Date = 5/21/2007 8:37:03 AM | Attr = ]
webfldrs.msi -> %System32%\webfldrs.msi -> [Ver = | Size = 1337344 bytes | Created Date = 5/15/2007 10:15:40 AM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.1.2.1 | Size = 109744 bytes | Created Date = 5/4/2007 10:24:44 AM | Attr = ]
ACDInTouch -> %UserAppData%\ACDInTouch -> [Folder | Created Date = 4/24/2007 5:12:56 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Created Date = 5/4/2007 11:37:51 AM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Created Date = 5/10/2007 7:28:51 PM | Attr = ]
vlc -> %UserAppData%\vlc -> [Folder | Created Date = 5/7/2007 9:08:33 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 52856 bytes | Created Date = 5/10/2007 7:30:06 AM | Attr = ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Created Date = 5/10/2007 7:32:08 PM | Attr = ]
My Movies -> %UserDocuments%\My Movies -> [Folder | Created Date = 5/9/2007 1:02:55 PM | Attr = ]
Updater5 -> %UserDocuments%\Updater5 -> [Folder | Created Date = 5/16/2007 8:18:29 AM | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1544 bytes | Created Date = 5/15/2007 12:42:09 PM | Attr = ]
Lotus Notes 7.lnk -> %AllUsersDesktop%\Lotus Notes 7.lnk -> [Ver = | Size = 1397 bytes | Created Date = 5/15/2007 4:29:30 PM | Attr = ]
CURRICULUM VITAE.doc -> %UserDesktop%\CURRICULUM VITAE.doc -> [Ver = | Size = 26624 bytes | Created Date = 5/15/2007 9:38:57 AM | Attr = ]
EAI_Key_Lines_Data_Mapping_v0.5.xls -> %UserDesktop%\EAI_Key_Lines_Data_Mapping_v0.5.xls -> [Ver = | Size = 317952 bytes | Created Date = 5/15/2007 2:11:15 PM | Attr = R ]
Google Talk.lnk -> %UserDesktop%\Google Talk.lnk -> [Ver = | Size = 767 bytes | Created Date = 5/10/2007 8:19:46 PM | Attr = ]
MagicISO.lnk -> %UserDesktop%\MagicISO.lnk -> [Ver = | Size = 1368 bytes | Created Date = 5/20/2007 3:08:39 PM | Attr = ]
Old Machine Backups -> %UserDesktop%\Old Machine Backups -> [Folder | Created Date = 4/24/2007 3:29:55 PM | Attr = ]
PJ014_SSL_KEY_LINES_TO_BOOTS.vsd -> %UserDesktop%\PJ014_SSL_KEY_LINES_TO_BOOTS.vsd -> [Ver = | Size = 87552 bytes | Created Date = 5/15/2007 2:11:15 PM | Attr = R ]
PJ014_SSL_KEY_LINES_TO_BOOTS_ITS_.doc -> %UserDesktop%\PJ014_SSL_KEY_LINES_TO_BOOTS_ITS_.doc -> [Ver = | Size = 389632 bytes | Created Date = 5/15/2007 2:11:15 PM | Attr = R ]
Remote Desktop Connection.lnk -> %UserDesktop%\Remote Desktop Connection.lnk -> [Ver = | Size = 1498 bytes | Created Date = 5/9/2007 8:58:06 AM | Attr = ]
socks.cfg -> %UserDesktop%\socks.cfg -> [Ver = | Size = 896 bytes | Created Date = 5/9/2007 8:41:54 AM | Attr = ]
socks.cfg1 -> %UserDesktop%\socks.cfg1 -> [Ver = | Size = 18222 bytes | Created Date = 5/9/2007 8:41:54 AM | Attr = ]
socks_old.cfg -> %UserDesktop%\socks_old.cfg -> [Ver = | Size = 21178 bytes | Created Date = 5/9/2007 8:41:54 AM | Attr = ]
Synergy.lnk -> %UserDesktop%\Synergy.lnk -> [Ver = | Size = 1430 bytes | Created Date = 4/24/2007 3:52:41 PM | Attr = ]
SynergyInstaller-1.3.1.exe -> %UserDesktop%\SynergyInstaller-1.3.1.exe -> [Ver = | Size = 923647 bytes | Created Date = 4/24/2007 3:52:21 PM | Attr = ]
TACACSClient.exe -> %UserDesktop%\TACACSClient.exe -> [Ver = | Size = 685568 bytes | Created Date = 5/11/2007 2:43:53 PM | Attr = ]
TVUPlayer.lnk -> %UserDesktop%\TVUPlayer.lnk -> [Ver = | Size = 594 bytes | Created Date = 5/10/2007 7:30:01 AM | Attr = ]
virtual cd rom -> %UserDesktop%\virtual cd rom -> [Folder | Created Date = 5/20/2007 9:21:52 PM | Attr = ]
vlc.exe.lnk -> %UserDesktop%\vlc.exe.lnk -> [Ver = | Size = 583 bytes | Created Date = 5/12/2007 10:35:01 AM | Attr = ]
Windows Media Player.lnk -> %UserDesktop%\Windows Media Player.lnk -> [Ver = | Size = 718 bytes | Created Date = 5/10/2007 7:29:48 AM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 5/21/2007 12:01:56 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353421 bytes | Created Date = 5/21/2007 12:00:20 PM | Attr = ]
wrar351.exe -> %UserDesktop%\wrar351.exe -> [Ver = | Size = 1014477 bytes | Created Date = 5/19/2007 7:58:41 PM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1572 bytes | Created Date = 5/15/2007 12:42:09 PM | Attr = ]
Adobe Reader Synchronizer.lnk -> %AllUsersStartup%\Adobe Reader Synchronizer.lnk -> [Ver = | Size = 1608 bytes | Created Date = 5/15/2007 12:42:09 PM | Attr = ]
Adaptec Shared -> %CommonProgramFiles%\Adaptec Shared -> [Folder | Created Date = 5/10/2007 7:29:25 AM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 5/4/2007 11:18:35 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
01. Receive IFS -> %SystemDrive%\01. Receive IFS -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
02. Create Work Order -> %SystemDrive%\02. Create Work Order -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
03. Book-in IFS & Assign Work -> %SystemDrive%\03. Book-in IFS & Assign Work -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
04. Create ITS -> %SystemDrive%\04. Create ITS -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
05. Project Planning & Coordination -> %SystemDrive%\05. Project Planning & Coordination -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
06. Spot Check ITS -> %SystemDrive%\06. Spot Check ITS -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
Backbone_Environment -> %SystemDrive%\Backbone_Environment -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
Backbone_Issues -> %SystemDrive%\Backbone_Issues -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
Backbone_Principles_Policies_Guidelines -> %SystemDrive%\Backbone_Principles_Policies_Guidelines -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
backup -> %SystemDrive%\backup -> [Folder | Modified Date = 4/24/2007 5:48:02 PM | Attr = ]
bin -> %SystemDrive%\bin -> [Folder | Modified Date = 4/24/2007 5:40:44 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 300 bytes | Modified Date = 5/15/2007 12:12:30 PM | Attr = RHS]
BRI_Notes_Project_config_files -> %SystemDrive%\BRI_Notes_Project_config_files -> [Folder | Modified Date = 4/24/2007 5:41:20 PM | Attr = ]
busobj -> %SystemDrive%\busobj -> [Folder | Modified Date = 4/24/2007 5:40:34 PM | Attr = ]
CFGSAFE -> %SystemDrive%\CFGSAFE -> [Folder | Modified Date = 5/21/2007 9:31:36 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/20/2007 9:30:50 PM | Attr = HS]
Conformity of output data -> %SystemDrive%\Conformity of output data -> [Folder | Modified Date = 5/4/2007 1:35:04 PM | Attr = ]
connectors -> %SystemDrive%\connectors -> [Folder | Modified Date = 4/24/2007 5:41:18 PM | Attr = ]
CROSSWORLDSTEMP -> %SystemDrive%\CROSSWORLDSTEMP -> [Folder | Modified Date = 4/24/2007 5:41:34 PM | Attr = ]
data_handler_ref_guide -> %SystemDrive%\data_handler_ref_guide -> [Folder | Modified Date = 4/24/2007 5:40:34 PM | Attr = ]
DevelopmentKits -> %SystemDrive%\DevelopmentKits -> [Folder | Modified Date = 4/24/2007 5:41:10 PM | Attr = ]
documentation -> %SystemDrive%\documentation -> [Folder | Modified Date = 4/24/2007 5:41:00 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 5/20/2007 10:42:38 PM | Attr = ]
i387 -> %SystemDrive%\i387 -> [Folder | Modified Date = 5/17/2007 2:16:04 PM | Attr = ]
Java Adapters -> %SystemDrive%\Java Adapters -> [Folder | Modified Date = 4/24/2007 5:41:34 PM | Attr = ]
JSTEMP -> %SystemDrive%\JSTEMP -> [Folder | Modified Date = 4/24/2007 6:07:10 PM | Attr = ]
Keith Temp -> %SystemDrive%\Keith Temp -> [Folder | Modified Date = 4/24/2007 5:41:32 PM | Attr = ]
mvfslogs -> %SystemDrive%\mvfslogs -> [Folder | Modified Date = 5/21/2007 9:29:54 AM | Attr = ]
Notes -> %SystemDrive%\Notes -> [Folder | Modified Date = 5/20/2007 2:08:24 PM | Attr = ]
notes6bkp -> %SystemDrive%\notes6bkp -> [Folder | Modified Date = 5/14/2007 12:12:04 PM | Attr = ]
notes7bkp -> %SystemDrive%\notes7bkp -> [Folder | Modified Date = 5/11/2007 12:39:02 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/20/2007 4:23:16 PM | Attr = R ]
ProjectDocumentation -> %SystemDrive%\ProjectDocumentation -> [Folder | Modified Date = 4/24/2007 5:41:32 PM | Attr = ]
Sdwork -> %SystemDrive%\Sdwork -> [Folder | Modified Date = 5/21/2007 9:47:40 AM | Attr = ]
swd -> %SystemDrive%\swd -> [Folder | Modified Date = 5/20/2007 1:53:20 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 5/14/2007 12:12:20 PM | Attr = HS]
tardir -> %SystemDrive%\tardir -> [Folder | Modified Date = 4/24/2007 5:41:32 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 4/24/2007 6:09:14 PM | Attr = ]
util -> %SystemDrive%\util -> [Folder | Modified Date = 5/20/2007 10:31:04 PM | Attr = ]
windows -> %SystemDrive%\windows -> [Folder | Modified Date = 5/19/2007 9:11:14 PM | Attr = ]
WINNT -> %SystemRoot% -> [Folder | Modified Date = 5/20/2007 10:38:30 PM | Attr = ]
witoansi.vbs -> %SystemDrive%\witoansi.vbs -> [Ver = | Size = 1989 bytes | Modified Date = 5/17/2007 2:15:30 PM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Modified Date = 5/11/2007 10:03:06 AM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 5/15/2007 1:40:14 PM | Attr = H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 5/15/2007 11:17:08 AM | Attr = H ]
$NtUninstallKB885492$ -> %SystemRoot%\$NtUninstallKB885492$ -> [Folder | Modified Date = 5/10/2007 11:03:20 AM | Attr = H ]
$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 5/15/2007 1:43:04 PM | Attr = H ]
$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 5/15/2007 1:16:18 PM | Attr = H ]
$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 5/15/2007 1:45:36 PM | Attr = H ]
$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 5/15/2007 1:44:24 PM | Attr = H ]
$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 5/15/2007 1:29:04 PM | Attr = H ]
$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Modified Date = 5/15/2007 1:17:04 PM | Attr = H ]
$NtUninstallKB904706$ -> %SystemRoot%\$NtUninstallKB904706$ -> [Folder | Modified Date = 5/15/2007 1:43:42 PM | Attr = H ]
$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 5/15/2007 1:45:02 PM | Attr = H ]
$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 5/15/2007 1:18:16 PM | Attr = H ]
$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 5/15/2007 1:46:02 PM | Attr = H ]
$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 5/15/2007 1:25:38 PM | Attr = H ]
$NtUninstallKB911564$ -> %SystemRoot%\$NtUninstallKB911564$ -> [Folder | Modified Date = 5/15/2007 1:18:32 PM | Attr = H ]
$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 5/15/2007 1:17:44 PM | Attr = H ]
$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 5/15/2007 1:26:22 PM | Attr = H ]
$NtUninstallKB917008$ -> %SystemRoot%\$NtUninstallKB917008$ -> [Folder | Modified Date = 5/15/2007 1:48:04 PM | Attr = H ]
$NtUninstallKB917159$ -> %SystemRoot%\$NtUninstallKB917159$ -> [Folder | Modified Date = 5/15/2007 1:26:00 PM | Attr = H ]
$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 5/15/2007 1:49:30 PM | Attr = H ]
$NtUninstallKB917734_WMP9$ -> %SystemRoot%\$NtUninstallKB917734_WMP9$ -> [Folder | Modified Date = 5/15/2007 1:46:30 PM | Attr = H ]
$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 5/15/2007 1:51:06 PM | Attr = H ]
$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 5/15/2007 1:49:06 PM | Attr = H ]
$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 5/15/2007 1:47:14 PM | Attr = H ]
$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 5/15/2007 1:48:28 PM | Attr = H ]
$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 5/15/2007 1:50:24 PM | Attr = H ]
$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Modified Date = 5/15/2007 1:52:44 PM | Attr = H ]
$NtUninstallKB923694-OE6SP1-20061106.120000$ -> %SystemRoot%\$NtUninstallKB923694-OE6SP1-20061106.120000$ -> [Folder | Modified Date = 5/15/2007 1:51:44 PM | Attr = H ]
$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 5/15/2007 1:26:56 PM | Attr = H ]
$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 5/15/2007 1:52:20 PM | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 5/15/2007 1:27:56 PM | Attr = H ]
$NtUninstallKB928090-IE6SP1-20070125.120000$ -> %SystemRoot%\$NtUninstallKB928090-IE6SP1-20070125.120000$ -> [Folder | Modified Date = 5/15/2007 1:53:48 PM | Attr = H ]
$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 5/15/2007 1:53:08 PM | Attr = H ]
$NtUninstallKB929969-IE6SP1-20061220.120000$ -> %SystemRoot%\$NtUninstallKB929969-IE6SP1-20061220.120000$ -> [Folder | Modified Date = 5/15/2007 1:27:24 PM | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 5/15/2007 1:28:44 PM | Attr = H ]
$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 5/15/2007 1:15:52 PM | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 5/15/2007 1:28:18 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 5/15/2007 11:33:10 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/4/2007 2:22:28 PM | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/15/2007 11:18:32 AM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/15/2007 11:18:48 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1421 bytes | Modified Date = 5/15/2007 1:53:14 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/15/2007 1:53:58 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/20/2007 4:24:26 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/4/2007 11:16:48 AM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/15/2007 1:51:06 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 5/21/2007 9:26:22 AM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 5/15/2007 11:18:50 AM | Attr = ]
setup.inf -> %SystemRoot%\setup.inf -> [Ver = | Size = 957 bytes | Modified Date = 5/15/2007 1:48:04 PM | Attr = ]
setup.rpt -> %SystemRoot%\setup.rpt -> [Ver = | Size = 283 bytes | Modified Date = 5/15/2007 1:48:04 PM | Attr = ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1081197 bytes | Modified Date = 5/15/2007 11:21:14 AM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 5/4/2007 12:37:52 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 5/15/2007 11:18:32 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 5/15/2007 12:12:30 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 5/21/2007 1:02:34 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/21/2007 1:03:04 PM | Attr = ]
uneng.exe -> %SystemRoot%\uneng.exe -> Roxio [Ver = 5.3.0.6 | Size = 57344 bytes | Modified Date = 5/10/2007 8:29:26 AM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 5/15/2007 1:44:28 PM | Attr = S]
webica.ini -> %SystemRoot%\webica.ini -> [Ver = | Size = 84 bytes | Modified Date = 5/9/2007 9:42:48 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 383 bytes | Modified Date = 5/15/2007 12:12:30 PM | Attr = ]
winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 5/15/2007 1:42:04 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 5/10/2007 8:29:00 AM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 510 bytes | Modified Date = 5/21/2007 10:19:02 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/21/2007 9:30:10 AM | Attr = H ]
Scheduled Snapshot.job -> %SystemRoot%\tasks\Scheduled Snapshot.job -> [Ver = | Size = 268 bytes | Modified Date = 5/21/2007 9:35:48 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 4/24/2007 6:11:20 PM | Attr = ]
cdral.dll -> %System32%\cdral.dll -> Roxio [Ver = 5.3.2.31 | Size = 45056 bytes | Modified Date = 5/10/2007 8:29:26 AM | Attr = ]
cdrtc.dll -> %System32%\cdrtc.dll -> Roxio [Ver = 5.3.2.31 | Size = 49152 bytes | Modified Date = 5/10/2007 8:29:26 AM | Attr = ]
CertSrv -> %System32%\CertSrv -> [Folder | Modified Date = 5/15/2007 11:18:48 AM | Attr = ]
Com -> %System32%\Com -> [Folder | Modified Date = 5/15/2007 1:17:16 PM | Attr = ]
csafesos -> %System32%\csafesos -> [Folder | Modified Date = 5/21/2007 9:33:04 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 5/15/2007 1:56:52 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 5/20/2007 10:23:42 PM | Attr = ]
export -> %System32%\export -> [Folder | Modified Date = 5/15/2007 11:18:36 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 239144 bytes | Modified Date = 5/15/2007 1:31:00 PM | Attr = ]
Hummingbird -> %System32%\Hummingbird -> [Folder | Modified Date = 5/9/2007 9:43:22 AM | Attr = ]
ias -> %System32%\ias -> [Folder | Modified Date = 5/15/2007 11:18:32 AM | Attr = ]
ie_de -> %System32%\ie_de -> [Folder | Modified Date = 5/15/2007 11:18:48 AM | Attr = ]
inetsrv -> %System32%\inetsrv -> [Folder | Modified Date = 5/15/2007 11:18:48 AM | Attr = ]
logo.jpg -> %System32%\logo.jpg -> [Ver = | Size = 225 bytes | Modified Date = 5/4/2007 2:27:52 PM | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 1518 bytes | Modified Date = 5/15/2007 5:27:50 PM | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 5/21/2007 9:31:10 AM | Attr = ]
Perflib_Perfdata_15c.dat -> %System32%\Perflib_Perfdata_15c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/21/2007 9:32:46 AM | Attr = ]
profile.dat -> %System32%\profile.dat -> [Ver = | Size = 40 bytes | Modified Date = 5/20/2007 7:36:10 PM | Attr = ]
Setup -> %System32%\Setup -> [Folder | Modified Date = 5/15/2007 1:17:16 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 5/15/2007 11:33:10 AM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 5/4/2007 11:16:50 AM | Attr = ]
Adobe -> %AllUsersAppData%\Adobe -> [Folder | Modified Date = 5/15/2007 1:42:44 PM | Attr = ]
Microsoft -> %AllUsersAppData%\Microsoft -> [Folder | Modified Date = 5/10/2007 8:29:04 AM | Attr = ]
Symantec -> %AllUsersAppData%\Symantec -> [Folder | Modified Date = 5/4/2007 11:23:46 AM | Attr = ]
ACDInTouch -> %UserAppData%\ACDInTouch -> [Folder | Modified Date = 4/24/2007 6:12:58 PM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 5/16/2007 9:18:22 AM | Attr = ]
AdobeUM -> %UserAppData%\AdobeUM -> [Folder | Modified Date = 5/10/2007 9:22:50 PM | Attr = ]
Microsoft -> %UserAppData%\Microsoft -> [Folder | Modified Date = 5/7/2007 7:59:36 PM | Attr = ]
Sun -> %UserAppData%\Sun -> [Folder | Modified Date = 5/4/2007 12:37:52 PM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 5/18/2007 8:21:32 AM | Attr = ]
vlc -> %UserAppData%\vlc -> [Folder | Modified Date = 5/7/2007 10:08:34 PM | Attr = ]
Adobe -> %LocalAppData%\Adobe -> [Folder | Modified Date = 5/16/2007 9:18:30 AM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 52856 bytes | Modified Date = 5/10/2007 8:30:08 AM | Attr = ]
My Music -> %AllUsersDocuments%\My Music -> [Folder | Modified Date = 5/10/2007 8:29:08 AM | Attr = ]
Default.rdp -> %UserDocuments%\Default.rdp -> [Ver = | Size = 1156 bytes | Modified Date = 5/20/2007 7:21:08 PM | Attr = H ]
Downloads -> %UserDocuments%\Downloads -> [Folder | Modified Date = 5/20/2007 2:31:42 PM | Attr = ]
My Movies -> %UserDocuments%\My Movies -> [Folder | Modified Date = 5/20/2007 2:31:22 PM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 5/16/2007 9:00:22 AM | Attr = R ]
Updater5 -> %UserDocuments%\Updater5 -> [Folder | Modified Date = 5/16/2007 9:18:30 AM | Attr = ]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk -> [Ver = | Size = 1544 bytes | Modified Date = 5/15/2007 1:42:10 PM | Attr = ]
Intranet Labor Claiming.lnk -> %AllUsersDesktop%\Intranet Labor Claiming.lnk -> [Ver = | Size = 1454 bytes | Modified Date = 5/10/2007 10:00:48 AM | Attr = ]
ISSI EZUpdate.lnk -> %AllUsersDesktop%\ISSI EZUpdate.lnk -> [Ver = | Size = 409 bytes | Modified Date = 5/4/2007 10:33:28 AM | Attr = ]
Lotus Notes 7.lnk -> %AllUsersDesktop%\Lotus Notes 7.lnk -> [Ver = | Size = 1397 bytes | Modified Date = 5/15/2007 5:36:46 PM | Attr = ]
Rational ClearCase Explorer.lnk -> %AllUsersDesktop%\Rational ClearCase Explorer.lnk -> [Ver = | Size = 782 bytes | Modified Date = 5/4/2007 11:59:40 AM | Attr = ]
CURRICULUM VITAE.doc -> %UserDesktop%\CURRICULUM VITAE.doc -> [Ver = | Size = 26624 bytes | Modified Date = 5/15/2007 10:38:54 AM | Attr = ]
Google Talk.lnk -> %UserDesktop%\Google Talk.lnk -> [Ver = | Size = 767 bytes | Modified Date = 5/10/2007 9:19:48 PM | Attr = ]
MagicISO.lnk -> %UserDesktop%\MagicISO.lnk -> [Ver = | Size = 1368 bytes | Modified Date = 5/20/2007 4:08:40 PM | Attr = ]
Old Machine Backups -> %UserDesktop%\Old Machine Backups -> [Folder | Modified Date = 4/24/2007 4:45:36 PM | Attr = ]
Remote Desktop Connection.lnk -> %UserDesktop%\Remote Desktop Connection.lnk -> [Ver = | Size = 1498 bytes | Modified Date = 5/9/2007 9:58:08 AM | Attr = ]
SequoiaView.lnk -> %UserDesktop%\SequoiaView.lnk -> [Ver = | Size = 586 bytes | Modified Date = 4/24/2007 5:30:24 PM | Attr = ]
Shortcut to SetNetDrivePrinters.bat.lnk -> %UserDesktop%\Shortcut to SetNetDrivePrinters.bat.lnk -> [Ver = | Size = 485 bytes | Modified Date = 5/9/2007 5:52:20 PM | Attr = ]
Synergy.lnk -> %UserDesktop%\Synergy.lnk -> [Ver = | Size = 1430 bytes | Modified Date = 4/24/2007 4:52:42 PM | Attr = ]
SynergyInstaller-1.3.1.exe -> %UserDesktop%\SynergyInstaller-1.3.1.exe -> [Ver = | Size = 923647 bytes | Modified Date = 4/24/2007 4:52:24 PM | Attr = ]
TVUPlayer.lnk -> %UserDesktop%\TVUPlayer.lnk -> [Ver = | Size = 594 bytes | Modified Date = 5/10/2007 8:30:02 AM | Attr = ]
virtual cd rom -> %UserDesktop%\virtual cd rom -> [Folder | Modified Date = 5/21/2007 9:37:36 AM | Attr = ]
vlc.exe.lnk -> %UserDesktop%\vlc.exe.lnk -> [Ver = | Size = 583 bytes | Modified Date = 5/12/2007 11:35:02 AM | Attr = ]
Windows Media Player.lnk -> %UserDesktop%\Windows Media Player.lnk -> [Ver = | Size = 718 bytes | Modified Date = 5/10/2007 8:29:50 AM | Attr = ]
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 5/21/2007 1:09:46 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 353421 bytes | Modified Date = 5/21/2007 1:00:22 PM | Attr = ]
Adobe Reader Speed Launch.lnk -> %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1572 bytes | Modified Date = 5/15/2007 1:42:10 PM | Attr = ]
Adobe Reader Synchronizer.lnk -> %AllUsersStartup%\Adobe Reader Synchronizer.lnk -> [Ver = | Size = 1608 bytes | Modified Date = 5/15/2007 1:42:10 PM | Attr = ]
Adaptec Shared -> %CommonProgramFiles%\Adaptec Shared -> [Folder | Modified Date = 5/10/2007 8:29:26 AM | Attr = ]
Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 5/4/2007 12:18:36 PM | Attr = ]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 5/21/2007 9:34:22 AM | Attr = ]
System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 5/15/2007 1:51:52 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> %System32%\AS_Storage.dll -> Sonic Solutions [Ver = 3.0.84.500 | Size = 2336424 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
PEC2 , -> %System32%\nutcom4.pdb -> [Ver = | Size = 197632 bytes | Modified Date = 4/25/2002 3:25:38 PM | Attr = R ]
yourkey , -> %System32%\nutiface4.dll -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 184341 bytes | Modified Date = 4/25/2002 3:26:04 PM | Attr = R ]
yourkey , -> %System32%\nutiface4.pdb -> [Ver = | Size = 656384 bytes | Modified Date = 4/25/2002 3:26:06 PM | Attr = R ]
yourkey , -> %System32%\nutsrv4.exe -> DataFocus, Inc. [Ver = 4.50.0000 | Size = 277272 bytes | Modified Date = 4/25/2002 3:27:06 PM | Attr = R ]
yourkey , -> %System32%\nutsrv4.pdb -> [Ver = | Size = 1090560 bytes | Modified Date = 4/25/2002 3:27:10 PM | Attr = R ]
yourkey , -> %System32%\nutsys4.dll -> DataFocus, Inc. [Ver = 4.50.0100 | Size = 1017467 bytes | Modified Date = 6/4/2002 9:41:56 AM | Attr = R ]
yourkey , -> %System32%\nutsys4.pdb -> [Ver = | Size = 3818496 bytes | Modified Date = 6/4/2002 9:41:58 AM | Attr = R ]
Thawte Consulting , -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 63144 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
Thawte Consulting , -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.34a | Size = 114856 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
Thawte Consulting , -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.01.81a | Size = 464552 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
Thawte Consulting , -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 67240 bytes | Modified Date = 6/28/2006 12:23:24 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 62632 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.20a | Size = 115880 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
Thawte Consulting , -> %System32%\VXBLOCK.dll -> Sonic Solutions [Ver = 1.00.67a | Size = 34472 bytes | Modified Date = 6/28/2006 12:23:22 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 12/7/1999 5:00:00 PM | Attr = ]

< End of report >

#5 bprasana

bprasana
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 21 May 2007 - 10:38 AM

I am also getting "Application Error " Cannot "read" from the memory Error OR The exception Privileged instruciton.
when I try to install any new software.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:40 AM

Posted 21 May 2007 - 03:25 PM

Hi bprasana. I don't see any signs of viruses or malware in any of the logs. They are all clean.

The HijackThis forum deals exclusively with virus and malware issues. HijackThis cannot analyze performance, hardware or application issues. For non-malware related issues I would suggest posting to the The techs in that forum specialize in matters pertaining to the operating system, performance and applications. When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.

Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 bprasana

bprasana
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 23 May 2007 - 05:11 AM

okie..Thanks a lot for your help. I will post it in right forum.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:40 AM

Posted 23 May 2007 - 04:00 PM

You are welcome bprasana. I am glad we could rule out any infections.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users