Patty
@echo off regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies" regedit /e peek2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies" type peek1.txt >> look.txt type peek2.txt >> look.txt del peek*.txt start notepad look.txt exit
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v NoDevMgrPage /t REG_DWORD /d 0 /f
OTScanIt logfile created on: 8/16/2008 3:40:53 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\PATRICIA PRESCOTT\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.49 Mb Total Physical Memory | 547.15 Mb Available Physical Memory | 53.46% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4050 4096; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 27.84 Gb Free Space | 37.35% Space Free | Partition Type: NTFS Drive D: | 7.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XMAS2003 Current User Name: PATRICIA PRESCOTT Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 10:42:14 AM | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 174592 bytes | Modified Date = 4/17/2006 10:41:24 AM | Attr = ] dit.exe -> %SystemRoot%\Dit.exe -> [Ver = | Size = 69632 bytes | Modified Date = 9/5/2002 6:14:46 PM | Attr = ] lxczbmgr.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/12/2006 10:22:50 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] lxczbmon.exe -> %ProgramFiles%\Lexmark 1200 Series\lxczbmon.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 7/12/2006 10:33:14 PM | Attr = ] backweb-8876480.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe -> [Ver = | Size = 16384 bytes | Modified Date = 6/21/2008 3:03:58 AM | Attr = ] belkinwcui.exe -> %ProgramFiles%\Belkin\F5D8053\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 35 | Size = 1728512 bytes | Modified Date = 7/2/2007 7:45:04 PM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.1.116 | Size = 671744 bytes | Modified Date = 9/1/2006 11:01:42 AM | Attr = ] raui.exe -> %ProgramFiles%\RALINK\Common\RaUI.exe -> Ralink Technology, Corp. [Ver = 2, 0, 2, 0 | Size = 2101248 bytes | Modified Date = 5/15/2007 6:29:20 PM | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logitech\khalshared\KHALMNPR.exe -> Logitech Inc. [Ver = 3.1.82 | Size = 94208 bytes | Modified Date = 7/19/2006 12:03:56 PM | Attr = ] ditexp.exe -> %SystemRoot%\DitExp.exe -> [Ver = | Size = 65536 bytes | Modified Date = 7/12/2002 10:29:24 AM | Attr = ] hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 520192 bytes | Modified Date = 5/28/2004 11:08:52 PM | Attr = ] ioloservicemanager.exe -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr = ] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] slserv.exe -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 1/17/2003 3:02:38 AM | Attr = ] wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ] wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ] wusb54gc.exe -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe -> Linksys [Ver = 1.1.0.2 | Size = 5527040 bytes | Modified Date = 8/29/2006 12:23:44 AM | Attr = ] wusb54gsc.exe -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe -> Linksys [Ver = 1.0.2.4 | Size = 5358592 bytes | Modified Date = 4/21/2006 12:26:38 PM | Attr = ] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 10:33:14 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 12/25/2007 1:42:26 PM | Attr = ] (ioloFileInfoList) iolo FileInfoList Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr = ] (ioloProductUpdate) iolo Product Update Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr = ] (ioloSystemService) iolo System Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 6/19/2008 4:59:12 PM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.47 | Size = 311296 bytes | Modified Date = 4/17/2006 10:42:14 AM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ] (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 1/17/2003 3:02:38 AM | Attr = ] (WUSB54GCSVC) WUSB54GCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ] (WUSB54GSCSVC) WUSB54GSCSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.5.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.5.3.0 | Size = 21419 bytes | Modified Date = 12/19/2007 7:38:00 AM | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6270 built by: WinDDK | Size = 4124352 bytes | Modified Date = 10/26/2007 11:20:40 AM | Attr = R ] (BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys -> [Ver = | Size = 3840 bytes | Modified Date = 4/7/2005 5:18:34 PM | Attr = ] (BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> Broadcom Corporation [Ver = 3.90.30.0 (BROADCOM INTERNAL DRIVER) | Size = 17992 bytes | Modified Date = 2/1/2005 6:18:38 PM | Attr = ] (BOCDRIVE) BOClean Kernel Monitor. [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Comodo\CBOClean\BOCDRIVE.sys -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:17 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ] (FileDisk) FileDisk [Kernel | System | Running] -> %SystemRoot%\System32\drivers\filedisk.sys -> iolo technologies, LLC (based on original work by Bo Brantén) [Ver = 2.0 | Size = 9341 bytes | Modified Date = 7/24/2006 6:51:34 PM | Attr = ] (FreshIO) FreshIO [Kernel | On_Demand | Stopped] -> %ProgramFiles%\FreshDevices\FreshDiagnose\FreshIO.sys -> File not found (GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 8, 0, 0, 0 | Size = 51088 bytes | Modified Date = 6/22/2004 8:05:12 AM | Attr = ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 16496 bytes | Modified Date = 6/22/2004 8:05:12 AM | Attr = ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 21744 bytes | Modified Date = 6/22/2004 8:05:12 AM | Attr = ] (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Kbd.SYS -> Logitech Inc. [Ver = 3.1.82.00 | Size = 13568 bytes | Modified Date = 7/19/2006 12:27:26 PM | Attr = ] (L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042MOU.SYS -> Logitech Inc. [Ver = 3.1.82.00 | Size = 55936 bytes | Modified Date = 7/19/2006 12:27:46 PM | Attr = ] (L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042pr2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr = ] (LBeepKE) LBeepKE [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\LBeepKE.sys -> Logitech Inc. [Ver = 3.1.116.00 | Size = 3712 bytes | Modified Date = 9/1/2006 12:32:50 PM | Attr = ] (LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.300.0 | Size = 14095 bytes | Modified Date = 3/3/2004 9:50:00 AM | Attr = ] (LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.40.53.00 | Size = 35088 bytes | Modified Date = 11/29/2007 2:17:48 AM | Attr = ] (LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr = ] (LHidKe) SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> Logitech Inc. [Ver = 3.1.82.00 | Size = 27136 bytes | Modified Date = 7/19/2006 12:29:08 PM | Attr = ] (LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37884 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr = ] (LHidUsbK) SetPoint USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidUsbK.sys -> Logitech Inc. [Ver = 3.1.82.00 | Size = 36736 bytes | Modified Date = 7/19/2006 12:28:04 PM | Attr = ] (LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.40.53.00 | Size = 36368 bytes | Modified Date = 11/29/2007 2:17:56 AM | Attr = ] (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 11/7/2003 2:50:00 AM | Attr = ] (LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> Logitech Inc. [Ver = 3.1.82.00 | Size = 71936 bytes | Modified Date = 7/19/2006 12:28:56 PM | Attr = ] (LUsbFilt) Logitech SetPoint KMDF USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LUsbFilt.sys -> Logitech, Inc. [Ver = 4.40.53.00 | Size = 28432 bytes | Modified Date = 11/29/2007 2:18:12 AM | Attr = ] (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 79304 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr = ] (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 35240 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr = ] (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 201320 bytes | Modified Date = 11/22/2007 6:44:08 AM | Attr = ] (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 33832 bytes | Modified Date = 11/22/2007 6:44:04 AM | Attr = ] (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 12/2/2007 12:51:42 PM | Attr = ] (MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 9:20:24 AM | Attr = ] (Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlmnt5.sys -> [Ver = 3.20.04 | Size = 210128 bytes | Modified Date = 2/16/2003 5:08:18 PM | Attr = ] (Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlstrm.sys -> [Ver = 3.20.04 | Size = 1293192 bytes | Modified Date = 2/16/2003 6:33:46 PM | Attr = ] (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.115 | Size = 28256 bytes | Modified Date = 6/21/2008 3:03:00 AM | Attr = ] (NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ntmtlfax.sys -> [Ver = 3.20.03 | Size = 162136 bytes | Modified Date = 2/5/2003 6:25:56 PM | Attr = ] (pcwe) pcwe [Kernel | On_Demand | Stopped] -> %SystemDrive%\ATI\PC Wizard 2007\pcw86-32.sys -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 5:00:00 AM | Attr = ] (rt2870) Ralink 802.11n USB Wireless LAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt2870.sys -> Ralink Technology, Corp. [Ver = 1.00.03.0000 | Size = 503680 bytes | Modified Date = 5/9/2007 5:03:38 PM | Attr = ] (RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rt73.sys -> Ralink Technology, Corp. [Ver = 1.00.02.0000 | Size = 245248 bytes | Modified Date = 11/24/2005 7:51:38 PM | Attr = ] (RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.681.1120.2007 built by: WinDDK | Size = 104320 bytes | Modified Date = 11/20/2007 12:09:22 PM | Attr = ] (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.505.1004.2002 built by: WinDDK | Size = 46976 bytes | Modified Date = 10/3/2002 7:04:10 PM | Attr = ] (S3Psddr) S3Psddr [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0025-13.94.25 | Size = 167040 bytes | Modified Date = 3/2/2004 2:02:30 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ] (Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slntamr.sys -> [Ver = 3.20.04 | Size = 516616 bytes | Modified Date = 2/16/2003 5:11:56 PM | Attr = ] (SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slnthal.sys -> [Ver = 3.20.04 | Size = 85520 bytes | Modified Date = 2/16/2003 5:12:46 PM | Attr = ] (SlWdmSup) SlWdmSup [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slwdmsup.sys -> Vireo Software [Ver = 1.00 | Size = 39348 bytes | Modified Date = 1/17/2003 2:19:32 AM | Attr = ] (TVICHW32) TVICHW32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TVICHW32.SYS -> EnTech Taiwan [Ver = 6.0 | Size = 23600 bytes | Modified Date = 12/10/2007 2:55:42 AM | Attr = ] (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 7/1/2003 9:42:00 PM | Attr = ] (viafilter) VIA USB Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\viausb1.sys -> VIA Technologies, Inc. [Ver = 1.08 | Size = 9728 bytes | Modified Date = 9/19/2001 6:28:50 AM | Attr = ] (VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4180 built by: WinDDK | Size = 203648 bytes | Modified Date = 10/9/2006 1:58:48 PM | Attr = ] (videX32) videX32 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\videX32.sys -> VIA Technologies, Inc. [Ver = 6.0.3790.170 | Size = 9216 bytes | Modified Date = 3/29/2007 4:36:00 AM | Attr = ] (vulfnths) VIA USB Host Controller Lower Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vulfnth.sys -> VIA Technologies, Inc. [Ver = 2.57 | Size = 6912 bytes | Modified Date = 8/3/2003 4:29:08 PM | Attr = ] (vulfntrs) VIA USB Roothub Lower Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vulfntr.sys -> VIA Technologies, Inc. [Ver = 2.61 | Size = 11392 bytes | Modified Date = 8/3/2003 4:29:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found Dit -> %SystemRoot%\Dit.exe [Dit.exe] -> [Ver = | Size = 69632 bytes | Modified Date = 9/5/2002 6:14:46 PM | Attr = ] DriverMagicLogon -> %ProgramFiles%\SymplisIT\DriverMagic\dmschedule.exe ["C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot] -> SymplisIT Corporation [Ver = 1.00.0001 | Size = 69632 bytes | Modified Date = 4/16/2008 1:54:46 AM | Attr = ] EPSON Stylus CX6400 -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"] -> File not found HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] hpqSRMon -> %ProgramFiles%\HP\Digital Imaging\bin\HpqSRmon.exe [C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe] -> Hewlett-Packard [Ver = 11.0.0.142 | Size = 81920 bytes | Modified Date = 3/13/2008 9:34:28 AM | Attr = ] Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech Inc. [Ver = 3.1.82 | Size = 94208 bytes | Modified Date = 7/19/2006 12:03:56 PM | Attr = ] KernelFaultCheck -> [C:\WINDOWS\system32\dumprep 0 -k] -> File not found Lexmark 1200 Series -> %ProgramFiles%\Lexmark 1200 Series\lxczbmgr.exe ["C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"] -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 7/12/2006 10:22:50 PM | Attr = ] Logitech Hardware Abstraction Layer -> %CommonProgramFiles%\Logitech\khalshared\KHALMNPR.exe ["C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"] -> Logitech Inc. [Ver = 3.1.82 | Size = 94208 bytes | Modified Date = 7/19/2006 12:03:56 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr = ] VTPreset -> %SystemRoot%\system32\VTPreset.exe [VTPreset.exe] -> S3 Graphics, Inc. [Ver = 1.01.00.0102 | Size = 45056 bytes | Modified Date = 2/24/2004 8:17:18 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe] -> [Ver = | Size = 16384 bytes | Modified Date = 6/21/2008 3:03:58 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk -> %ProgramFiles%\Belkin\F5D8053\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 35 | Size = 1728512 bytes | Modified Date = 7/2/2007 7:45:04 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 53248 bytes | Modified Date = 5/28/2004 11:06:36 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 1.4.19 | Size = 169472 bytes | Modified Date = 6/21/2008 3:04:00 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 3.1.116 | Size = 671744 bytes | Modified Date = 9/1/2006 11:01:42 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Photags AutoDetect.lnk -> %ProgramFiles%\PhoTags Express\Photags AutoDetect.exe -> [Ver = 1, 0, 0, 1 | Size = 368640 bytes | Modified Date = 4/25/2006 7:32:10 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk -> %ProgramFiles%\RALINK\Common\RaUI.exe -> Ralink Technology, Corp. [Ver = 2, 0, 2, 0 | Size = 2101248 bytes | Modified Date = 5/15/2007 6:29:20 PM | Attr = ] < PATRICIA PRESCOTT Startup Folder > -> C:\Documents and Settings\PATRICIA PRESCOTT\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %UserProfile%\Desktop\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 8:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDevMgrPage -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_RW/DVD_GCC-4480B_______________1.01____\5&2d5130a6&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 7/15/2003 8:01:09 PM | Attr = ] < HOSTS File > (0 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> localhost -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6 domain(s) found. -> //@mail.mar@ .[msn] -> Local intranet -> //@mail.mar@/ .[msn] -> Local intranet -> //@signup.mar@ .[msn] -> My Computer -> //@signup.mar@/ .[msn] -> My Computer -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 1:33:52 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 5:51:28 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/25/2007 1:42:24 PM | Attr = R ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/25/2007 1:42:24 PM | Attr = R ] {719D74AB-1AF9-43a1-8C62-D8750628D93E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Live Search Club Toolbar\Toolbar.dll [Live Search Club Toolbar] -> [Ver = 1, 2, 1, 2001 | Size = 1908736 bytes | Modified Date = 8/10/2007 3:00:48 AM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 12/25/2007 1:42:24 PM | Attr = R ] ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 2:48:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 1:33:52 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 1:33:52 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {4C1EC1F6-01A1-49A0-BADB-26173C109C78} -> (Compact Wireless-G USB Adapter) -> {53FA28D8-1325-405A-96A4-BE07D182462E} -> (Compact Wireless-G USB Adapter) -> {5F7E19EC-BCD2-4D04-B860-1C29C510C6B4} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {836E4E01-00BA-47FB-AA34-F66C2634278E} -> (Belkin F5D8053 N Wireless USB Adapter) -> {B342B8D5-F249-4028-AF2B-CE6823480C4A} -> (Compact Wireless-G USB Network Adapter with SpeedBooster) -> {B9AB17F5-9CBA-4796-AA1F-18410679D74D} -> (Compact Wireless-G USB Adapter) -> {DF089B02-E595-4DD1-B3FE-DB6187713F7F} -> (Belkin F5D8053 N Wireless USB Adapter) -> {E415420A-F0F5-494C-ADEC-3F35278944E4} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2t | Size = 106496 bytes | Modified Date = 6/4/2007 5:41:12 PM | Attr = ] cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] -> {6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {FFD85DC8-5261-4D11-B728-F7C59D911691}[HKEY_LOCAL_MACHINE] -> https://secure.iolo.com/app/ocx/UpgradeVerify.ocx[iolo.ProductDetector] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\.Owner -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\\.Owner -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\\{6F15128C-E66A-490C-B848-5000B5ABEEAC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\\.Owner -> {A91FB93D-7561-4524-8484-5C27C8FA8D42} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\\.Owner -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UpgradeVerify.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UpgradeVerify.ocx\\.Owner -> {FFD85DC8-5261-4D11-B728-F7C59D911691} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UpgradeVerify.ocx\\{FFD85DC8-5261-4D11-B728-F7C59D911691} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> [Files/Folders - Created Within 30 days] Belkin F5D8053 N Wireless USB Adapter Utility.lnk -> %SystemDrive%\Belkin F5D8053 N Wireless USB Adapter Utility.lnk -> [Ver = | Size = 790 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/5/2008 2:25:54 AM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 8/12/2008 5:27:48 AM | Attr = ] epson -> %SystemDrive%\epson -> [Folder | Created Date = 8/3/2008 12:03:31 AM | Attr = ] Logitech Desktop Messenger.lnk -> %SystemDrive%\Logitech Desktop Messenger.lnk -> [Ver = | Size = 1885 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr = ] Logitech SetPoint.lnk -> %SystemDrive%\Logitech SetPoint.lnk -> [Ver = | Size = 1501 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr = ] Photags AutoDetect.lnk -> %SystemDrive%\Photags AutoDetect.lnk -> [Ver = | Size = 1711 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr = ] Ralink Wireless Utility.lnk -> %SystemDrive%\Ralink Wireless Utility.lnk -> [Ver = | Size = 685 bytes | Created Date = 7/30/2008 8:14:50 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/11/2008 2:36:00 AM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/11/2008 2:35:59 AM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 8/12/2008 12:36:51 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 6312 bytes | Created Date = 8/1/2008 12:05:16 AM | Attr = ] EBPMON24.DLL -> %SystemRoot%\System32\EBPMON24.DLL -> SEIKO EPSON CORPORATION [Ver = 5, 4, 0, 0 | Size = 79622 bytes | Created Date = 8/3/2008 12:05:58 AM | Attr = ] E_SAGSET.DLL -> %SystemRoot%\System32\E_SAGSET.DLL -> SEIKO EPSON CORPORATION [Ver = 1.10 | Size = 98304 bytes | Created Date = 8/3/2008 12:05:58 AM | Attr = ] HPZidr12.dll -> %SystemRoot%\System32\HPZidr12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 278584 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr = ] HPZinw12.exe -> %SystemRoot%\System32\HPZinw12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 61440 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr = ] HPZipm12.exe -> %SystemRoot%\System32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr = ] HPZipr12.dll -> %SystemRoot%\System32\HPZipr12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 204800 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr = ] HPZipt12.dll -> %SystemRoot%\System32\HPZipt12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 94208 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr = ] HPZisn12.dll -> %SystemRoot%\System32\HPZisn12.dll -> HP [Ver = 8, 0, 0, 0 | Size = 57344 bytes | Created Date = 8/5/2008 2:28:31 AM | Attr = ] tmp68EDE.FOT -> %SystemRoot%\System32\tmp68EDE.FOT -> [Ver = | Size = 1409 bytes | Created Date = 8/12/2008 7:56:15 AM | Attr = ] tmp9FDDE.FOT -> %SystemRoot%\System32\tmp9FDDE.FOT -> [Ver = | Size = 1409 bytes | Created Date = 8/12/2008 7:56:15 AM | Attr = ] tmpE3DDE.FOT -> %SystemRoot%\System32\tmpE3DDE.FOT -> [Ver = | Size = 1409 bytes | Created Date = 8/12/2008 7:56:15 AM | Attr = ] DisableDrWatson[1].reg -> %SystemRoot%\DisableDrWatson[1].reg -> [Ver = | Size = 256 bytes | Created Date = 7/23/2008 2:34:00 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 8/5/2008 1:57:35 AM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 8/12/2008 5:28:24 AM | Attr = ] hpoins04.dat -> %SystemRoot%\hpoins04.dat -> [Ver = | Size = 104182 bytes | Created Date = 8/6/2008 3:56:23 AM | Attr = ] hpomdl04.dat -> %SystemRoot%\hpomdl04.dat -> [Ver = | Size = 17176 bytes | Created Date = 8/6/2008 3:56:23 AM | Attr = ] hpqins13.dat -> %SystemRoot%\hpqins13.dat -> [Ver = | Size = 107370 bytes | Created Date = 8/7/2008 1:45:44 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 8/10/2008 5:40:19 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 8/10/2008 5:40:19 AM | Attr = H ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 7/31/2008 7:03:37 AM | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Created Date = 8/13/2008 3:46:20 AM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/13/2008 12:37:29 PM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 8/12/2008 5:27:48 AM | Attr = ] epson -> %SystemDrive%\epson -> [Folder | Modified Date = 8/3/2008 12:07:03 AM | Attr = ] My Download Files -> %SystemDrive%\My Download Files -> [Folder | Modified Date = 7/30/2008 10:32:49 PM | Attr = ] My Games -> %SystemDrive%\My Games -> [Folder | Modified Date = 8/15/2008 5:38:48 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/14/2008 8:52:43 AM | Attr = R ] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 8/5/2008 2:22:42 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/16/2008 2:36:49 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/30/2008 8:07:52 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/30/2008 8:07:56 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/14/2008 6:32:07 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/14/2008 6:32:06 AM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 8/14/2008 6:32:07 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 6312 bytes | Modified Date = 8/16/2008 2:41:22 PM | Attr = ] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 8/13/2008 7:18:03 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/13/2008 12:37:52 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/16/2008 2:36:54 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 7/30/2008 10:46:04 PM | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 8/14/2008 3:58:41 AM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 7/30/2008 10:32:41 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 7/30/2008 10:37:26 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2768 bytes | Modified Date = 8/11/2008 2:16:15 AM | Attr = ] tmp68EDE.FOT -> %SystemRoot%\System32\tmp68EDE.FOT -> [Ver = | Size = 1409 bytes | Modified Date = 8/12/2008 7:56:15 AM | Attr = ] tmp9FDDE.FOT -> %SystemRoot%\System32\tmp9FDDE.FOT -> [Ver = | Size = 1409 bytes | Modified Date = 8/12/2008 7:56:15 AM | Attr = ] tmpE3DDE.FOT -> %SystemRoot%\System32\tmpE3DDE.FOT -> [Ver = | Size = 1409 bytes | Modified Date = 8/12/2008 7:56:15 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/16/2008 2:37:51 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/13/2008 12:37:40 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 8BALL.INI -> %SystemRoot%\8BALL.INI -> [Ver = | Size = 974 bytes | Modified Date = 8/14/2008 9:15:01 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 8/6/2008 4:06:56 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/16/2008 2:36:39 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/12/2008 12:36:51 PM | Attr = ] DisableDrWatson[1].reg -> %SystemRoot%\DisableDrWatson[1].reg -> [Ver = | Size = 256 bytes | Modified Date = 7/23/2008 2:34:00 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 8/5/2008 1:57:35 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/12/2008 7:25:21 AM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 8/14/2008 11:06:33 PM | Attr = ] hpoins04.dat -> %SystemRoot%\hpoins04.dat -> [Ver = | Size = 104182 bytes | Modified Date = 8/6/2008 4:16:02 AM | Attr = ] hpqins13.dat -> %SystemRoot%\hpqins13.dat -> [Ver = | Size = 107370 bytes | Modified Date = 8/7/2008 1:47:54 AM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 7/30/2008 10:32:42 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/13/2008 12:37:45 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/14/2008 6:32:01 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/13/2008 12:37:28 PM | Attr = HS] iTouch.ini -> %SystemRoot%\iTouch.ini -> [Ver = | Size = 51 bytes | Modified Date = 7/30/2008 5:55:55 PM | Attr = ] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 1071 bytes | Modified Date = 7/26/2008 11:12:04 PM | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 7/30/2008 10:32:42 PM | Attr = ] PCHealth -> %SystemRoot%\PCHealth -> [Folder | Modified Date = 7/30/2008 10:32:42 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/16/2008 3:35:51 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 7/30/2008 10:32:37 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 8/10/2008 5:40:19 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/13/2008 7:10:55 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/16/2008 2:37:39 PM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 7/31/2008 7:03:37 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/13/2008 5:49:15 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/14/2008 8:52:43 AM | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/16/2008 3:26:03 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 8/13/2008 5:10:41 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 640 bytes | Modified Date = 8/6/2008 4:08:05 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 8/7/2008 3:02:08 AM | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 8/13/2008 3:46:20 AM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 364 bytes | Modified Date = 8/15/2008 1:31:05 AM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 356 bytes | Modified Date = 8/1/2008 1:00:08 AM | Attr = ] RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 450 bytes | Modified Date = 8/16/2008 3:30:00 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/16/2008 2:36:42 PM | Attr = H ] Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job -> [Ver = | Size = 294 bytes | Modified Date = 8/15/2008 9:05:00 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 11/26/2007 11:54:23 AM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1310 bytes | Modified Date = 11/26/2007 11:54:23 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\MSNIA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSNIA -> [Folder | Modified Date = 5/4/2007 5:13:44 AM | Attr = ] Settings.Dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSNIA\Settings.Dat -> [Ver = | Size = 452 bytes | Modified Date = 7/11/2008 5:41:44 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/16/2003 9:41:06 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 9660 bytes | Modified Date = 8/16/2008 2:38:17 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9660 bytes | Modified Date = 8/16/2008 2:38:17 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 5/4/2007 5:48:07 AM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 5/11/2007 11:22:10 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 7/30/2008 10:32:58 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/17/2008 6:50:06 AM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 419352 bytes | Modified Date = 7/15/2008 9:07:42 AM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 419352 bytes | Modified Date = 7/15/2008 9:07:42 AM | Attr = ] C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp -> [Folder | Modified Date = 8/16/2008 3:25:46 PM | Attr = ] rtdrvmon.exe -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 8/16/2008 3:29:22 PM | Attr = ] 73 C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries -> [Folder | Modified Date = 8/12/2008 2:45:21 PM | Attr = ] ScanningProcess.exe -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 8/12/2008 2:45:17 PM | Attr = ] C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp -> [Folder | Modified Date = 8/16/2008 3:25:46 PM | Attr = ] IadHide4.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\IadHide4.dll -> BackWeb [Ver = Version 6.1.4 (Build 61R) | Size = 24576 bytes | Modified Date = 6/21/2008 3:03:58 AM | Attr = ] 73 C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\*.tmp -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries -> [Folder | Modified Date = 8/12/2008 2:45:21 PM | Attr = ] FSSync.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 8/12/2008 2:45:17 PM | Attr = ] ikave.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr = ] kave.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr = ] kosglue-7.0.25.0.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 8/12/2008 2:45:20 PM | Attr = ] msvcm80.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 8/12/2008 2:45:16 PM | Attr = ] msvcp80.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr = ] msvcr80.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 8/12/2008 2:45:19 PM | Attr = ] prLoader.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 8/12/2008 2:45:20 PM | Attr = ] prremote.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 8/12/2008 2:45:20 PM | Attr = ] C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\ -> [Folder | Modified Date = 8/12/2008 7:56:12 AM | Attr = ] dirapi.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\dirapi.dll -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 1097728 bytes | Modified Date = 8/12/2008 7:56:10 AM | Attr = ] iml32.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\iml32.dll -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 561152 bytes | Modified Date = 8/12/2008 7:56:10 AM | Attr = ] msvcrt.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\msvcrt.dll -> Microsoft Corporation [Ver = 6.00.8337.0 | Size = 266293 bytes | Modified Date = 8/12/2008 7:56:11 AM | Attr = ] proj.dll -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\TempFolder.aaa\proj.dll -> Macromedia, Inc. [Ver = 8.5.1r102 | Size = 151552 bytes | Modified Date = 8/12/2008 7:56:10 AM | Attr = ] C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases -> [Folder | Modified Date = 8/12/2008 2:52:36 PM | Attr = ] sfdb.dat -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\sfdb.dat -> [Ver = | Size = 84 bytes | Modified Date = 8/12/2008 2:52:36 PM | Attr = ] C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries -> [Folder | Modified Date = 8/12/2008 2:45:21 PM | Attr = ] _kave.ini -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\binaries\_kave.ini -> [Ver = | Size = 102 bytes | Modified Date = 8/12/2008 2:45:18 PM | Attr = ] C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\ -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases -> [Folder | Modified Date = 8/12/2008 2:52:36 PM | Attr = ] verdicts.ini -> C:\Documents and Settings\PATRICIA PRESCOTT\Local Settings\Temp\jkos-PATRICIA PRESCOTT\engine\bases\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 8/12/2008 2:52:28 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\temp -> [Folder | Modified Date = 8/16/2008 3:35:23 PM | Attr = ] rtdrvmon.exe -> C:\WINDOWS\temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 8/16/2008 2:37:03 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\temp -> [Folder | Modified Date = 8/16/2008 3:35:23 PM | Attr = ] Perflib_Perfdata_92c.dat -> C:\WINDOWS\temp\Perflib_Perfdata_92c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 11:11:59 PM | Attr = ] Perflib_Perfdata_9a0.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 6:59:33 PM | Attr = ] Perflib_Perfdata_9a4.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 10:05:28 PM | Attr = ] Perflib_Perfdata_9c4.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 2:25:51 AM | Attr = ] Perflib_Perfdata_9e4.dat -> C:\WINDOWS\temp\Perflib_Perfdata_9e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 6:19:15 AM | Attr = ] Perflib_Perfdata_a20.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a20.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/13/2008 5:50:13 PM | Attr = ] Perflib_Perfdata_a28.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a28.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/16/2008 3:14:10 AM | Attr = ] Perflib_Perfdata_a4c.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a4c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/13/2008 10:06:34 AM | Attr = ] Perflib_Perfdata_a7c.dat -> C:\WINDOWS\temp\Perflib_Perfdata_a7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/12/2008 11:51:53 AM | Attr = ] Perflib_Perfdata_ac8.dat -> C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/12/2008 1:00:36 PM | Attr = ] < End of report >
Missing drivers for an AGP video card that is installed and for some odd reason now is not found under hardware. It won't permit me to play some newer games and I get an error message "No compatible display devices found."
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 596 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware