Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
WinPFind by OldTimer - v2.0.2 Folder = I:\WinPFind\
»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Service Pack 1 | Version: 5.1.2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»
130528 Kb Total Physical Memory | 33428 Kb Available Physical Memory | 25.61% Memory free
315456 Kb Paging File | 85432 Kb Available in Paging File | 27.08% Paging File free
Paging file location: F:\pagefile.sys 192 384
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 521808 Kb Total Space | 395728 Kb Free Space | 75.84% Space Free
Drive D: | 2036220 Kb Total Space | 2031532 Kb Free Space | 99.77% Space Free
Drive E: | 4080508 Kb Total Space | 2747380 Kb Free Space | 67.33% Space Free
Drive F: | 5106660 Kb Total Space | 225692 Kb Free Space | 4.42% Space Free
»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»
F:\Documents and Settings\Kelly\Local Settings\Temp\Temporary Directory 1 for gmer.zip\gmer.exe ()
F:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
F:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe ()
F:\QUICKENW\QWDLLS.EXE (Intuit)
F:\WINDOWS\system32\NILaunch.exe ()
I:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
I:\Program Files\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
I:\Program Files\hijackthis\HijackThis.exe (Soeperman Enterprises Ltd.)
I:\WinPFind\WinPFind.exe (OldTimer Tools)
»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running]
= I:\Program Files\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= F:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped]
= F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
»»»»»»»»»»»»»»»»»»»» Driver Services (Non-Microsoft) »»»»»»»»»»
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped]
= (File not found)
(abp480n5) abp480n5 [Kernel | Disabled | Stopped]
= (File not found)
(adpu160m) adpu160m [Kernel | Disabled | Stopped]
= (File not found)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.0.1 [Kernel | Auto | Running]
= F:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
(Aha154x) Aha154x [Kernel | Disabled | Stopped]
= (File not found)
(aic78u2) aic78u2 [Kernel | Disabled | Stopped]
= (File not found)
(aic78xx) aic78xx [Kernel | Disabled | Stopped]
= (File not found)
(AliIde) AliIde [Kernel | Disabled | Stopped]
= (File not found)
(amsint) amsint [Kernel | Disabled | Stopped]
= (File not found)
(asc) asc [Kernel | Disabled | Stopped]
= (File not found)
(asc3350p) asc3350p [Kernel | Disabled | Stopped]
= (File not found)
(asc3550) asc3550 [Kernel | Disabled | Stopped]
= (File not found)
(Aspi32) Aspi32 [Kernel | Auto | Running]
= F:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
(Atdisk) Atdisk [Kernel | Disabled | Stopped]
= (File not found)
(atirage3) atirage3 [Kernel | On_Demand | Running]
= F:\WINDOWS\system32\drivers\atimpae.sys (ATI Technologies Inc.)
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running]
= I:\Program Files\AVG Anti-Spyware 7.5\guard.sys ()
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running]
= F:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped]
= (File not found)
(Changer) Changer [Kernel | System | Stopped]
= (File not found)
(CmdIde) CmdIde [Kernel | Disabled | Stopped]
= (File not found)
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped]
= (File not found)
(dac960nt) dac960nt [Kernel | Disabled | Stopped]
= (File not found)
(dmboot) dmboot [Kernel | Disabled | Stopped]
= F:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running]
= F:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
(dmload) dmload [Kernel | Boot | Running]
= F:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
(dpti2o) dpti2o [Kernel | Disabled | Stopped]
= (File not found)
(Edspport) EDSP Port Driver [Kernel | On_Demand | Running]
= F:\WINDOWS\system32\drivers\es56tpi.sys (ESS Technology, Inc.)
(es1371) Creative AudioPCI (ES1371,ES1373) (WDM) [Kernel | On_Demand | Running]
= F:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
(hpn) hpn [Kernel | Disabled | Stopped]
= (File not found)
(hpt3xx) hpt3xx [Kernel | Disabled | Stopped]
= (File not found)
(i2omgmt) i2omgmt [Kernel | System | Stopped]
= (File not found)
(i2omp) i2omp [Kernel | Disabled | Stopped]
= (File not found)
(ini910u) ini910u [Kernel | Disabled | Stopped]
= (File not found)
(IntelIde) IntelIde [Kernel | Disabled | Stopped]
= (File not found)
(Jukebox) Jukebox [Kernel | On_Demand | Stopped]
= F:\WINDOWS\system32\drivers\ctpdusb2.sys (Creative Technology Ltd.)
(lbrtfdc) lbrtfdc [Kernel | System | Stopped]
= (File not found)
(mraid35x) mraid35x [Kernel | Disabled | Stopped]
= (File not found)
(PCIDump) PCIDump [Kernel | System | Stopped]
= (File not found)
(PCIIde) PCIIde [Kernel | Disabled | Stopped]
= (File not found)
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped]
= (File not found)
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped]
= (File not found)
(PDRELI) PDRELI [Kernel | On_Demand | Stopped]
= (File not found)
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped]
= (File not found)
(perc2) perc2 [Kernel | Disabled | Stopped]
= (File not found)
(perc2hib) perc2hib [Kernel | Disabled | Stopped]
= (File not found)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running]
= F:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running]
= F:\WINDOWS\system32\drivers\PxHelp20.sys (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped]
= (File not found)
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped]
= (File not found)
(ql12160) ql12160 [Kernel | Disabled | Stopped]
= (File not found)
(ql1240) ql1240 [Kernel | Disabled | Stopped]
= (File not found)
(ql1280) ql1280 [Kernel | Disabled | Stopped]
= (File not found)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running]
= F:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation )
(Secdrv) Secdrv [Kernel | On_Demand | Stopped]
= F:\WINDOWS\system32\drivers\secdrv.sys ()
(Simbad) Simbad [Kernel | Disabled | Stopped]
= (File not found)
(Sparrow) Sparrow [Kernel | Disabled | Stopped]
= (File not found)
(symc810) symc810 [Kernel | Disabled | Stopped]
= (File not found)
(symc8xx) symc8xx [Kernel | Disabled | Stopped]
= (File not found)
(sym_hi) sym_hi [Kernel | Disabled | Stopped]
= (File not found)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped]
= (File not found)
(TosIde) TosIde [Kernel | Disabled | Stopped]
= (File not found)
(ultra) ultra [Kernel | Disabled | Stopped]
= (File not found)
(USB-100) Linksys EtherFast 10/100 Compact USB Network Adapter [Kernel | On_Demand | Stopped]
= F:\WINDOWS\system32\drivers\USB100M.SYS (Linksys)
(WDICA) WDICA [Kernel | On_Demand | Stopped]
= (File not found)
(WUSB54GPV4SRV) Linksys Home Wireless-G USB Adaptor Driver [Kernel | On_Demand | Running]
= F:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)
»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»
>>>>> Run Keys and Auto-Start Folders <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!AVG Anti-Spyware = I:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
mmtask = F:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe ()
MMTray = F:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe ()
Net-It Launcher = F:\WINDOWS\system32\NILaunch.exe ()
QuickTime Task = F:\Program Files\QuickTime\qttask.exe ()
SunJavaUpdateSched = F:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
TkBellExe = F:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr = F:\Program Files\MSN Messenger\msnmsgr.exe (File not found)
swg = F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1
< Common Startup Folder = F:\Documents and Settings\All Users\Start Menu\Programs\Startup >
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
= F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
= F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
= F:\QUICKENW\QWDLLS.EXE (Intuit)
< User Startup Folder = F:\Documents and Settings\Kelly\Start Menu\Programs\Startup >
F:\Documents and Settings\Kelly\Start Menu\Programs\Startup\desktop.ini ()
>>>>> MsConfig Disabled Items <<<<<
>>>>> Disabled Startup Folder Items <<<<<
>>>>> File Associations <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found
>>>>> Registry Shell Spawning <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -> "%1" %* (File not found)
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL %1,%* (Microsoft Corporation)
exefile [open] -> "%1" %* (File not found)
htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (File not found)
htmlfile [edit] -> "F:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "F:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -> "F:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -> Reg Data - Key not found
https [open] -> "F:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -> rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -> "%1" %* (File not found)
regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)
txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -> "F:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "F:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
>>>>> ActiveX StubPath settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\wmp.inf,PerUserStub
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = %SystemRoot%\system32\ie4uinit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = F:\WINDOWS\INF\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
>>>>> WOW Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
>>>>> Session Manager Settings <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =
PendingFileRenameOperations = \??\F:\DOCUME~1\Kelly\LOCALS~1\Temp\A~NSISu_.exe;
>>>>> Items Started Through Miscellaneous Registry Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = I:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )
>>>>> Security Providers <<<<<
>>>>> Winlogon Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
>>>>> Policy Keys <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0
>>>>> Desktop Components <<<<<
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home
>>>>> HOSTS File <<<<<
HOSTS file found at: F:\WINDOWS\System32\drivers\etc\Hosts (Size: 686 bytes | Modified Date: 3/17/2007 2:30:14 PM)
127.0.0.1 localhost
>>>>> Internet Explorer Settings <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.microsoft...p...&ar=msnhome
Default_Search_URL = http://www.google.com/ie
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.msn.com/
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
Default_Search_URL = http://www.google.com/ie
SearchAssistant = http://www.google.com/ie
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = F:\WINDOWS\System32\blank.htm
Search Bar = http://www.google.com/ie
Search Page = http://www.google.com
Start Page = http://www.msn.com/
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant = http://www.google.com/ie
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com]
*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com]
*
>>>>> Browser Helper Objects <<<<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = F:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) )
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
- Google Toolbar Helper ( HKLM = f:\program files\Google\googletoolbar3.dll (Google Inc.) )
>>>>> Bars, Toolbars and Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = f:\program files\Google\googletoolbar3.dll (Google Inc.) )
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio ( HKLM = F:\WINDOWS\system32\msdxm.ocx () )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = f:\program files\Google\googletoolbar3.dll (Google Inc.) )
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = f:\program files\Google\googletoolbar3.dll (Google Inc.) )
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8194 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8195
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - Java Plug-in 1.6.0 ( HKLM F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - Java Plug-in 1.6.0 ( HKCU F:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) )
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)
>>>>> Approved Shell Extensions <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) )
{4EC26602-4807-40FE-A40F-1A41E4D40C78} = Dell DJ Explorer ( HKLM = F:\Program Files\Dell\Dell DJ Explorer\CTOJBNS.dll (Creative Technology Ltd) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = F:\WINDOWS\System32\hticons.dll (File not found) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = F:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )
>>>>> Context Menu Handlers / Column Handlers <<<<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = I:\Program Files\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = I:\Program Files\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )
>>>>> User Agent Post Platform <<<<<
>>>>> TCP/IP Configuration <<<<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2238733F-1223-419A-A7AD-4DE848694076}] ( Linksys Wireless-G USB Network Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.101
DhcpNameServer = 216.144.187.71 204.186.0.201 207.44.96.129
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4F55EBDB-117E-41D1-BF31-0B89F716D5FE}] ( Realtek RTL8139 Family PCI Fast Ethernet NIC )
DefaultGateway =
DhcpIPAddress = 169.254.91.134
DhcpServer = 255.255.255.255
DhcpSubnetMask = 255.255.0.0
DisableDynamicUpdate = 0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 169.254.91.134
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C56B263-3328-4C76-945F-28F524AEC730}] ( Linksys Wireless-G USB Network Adapter )
DefaultGateway =
DhcpIPAddress = 169.254.81.233
DhcpServer = 255.255.255.255
DhcpSubnetMask = 255.255.0.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 169.254.81.233
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FCBBE35-FCDD-498B-B092-3F306F68E46E}] ( Linksys Wireless-G USB Network Adapter )
DefaultGateway =
DhcpServer = 255.255.255.255
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A480D802-76BA-4198-B221-77DEE53A4A27}] ( Linksys Wireless-G USB Network Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.102
DhcpNameServer = 216.144.187.71 204.186.0.201 207.44.96.129
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 216.144.187.71,204.186.0.201
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BCC92B4C-7AF1-4297-A4E2-AA7C48053118}] ( Linksys Wireless-G USB Network Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E410FA5B-7372-45D0-9D7F-E9CDA8ACE678}] ( Linksys EtherFast 10/100 Compact USB Network Adapter )
DefaultGateway =
DhcpServer = 255.255.255.255
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF765080-64E2-4E47-B8D3-1675322A6CC2}] ( Linksys Wireless-G USB Network Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;
>>>>> WinSock2 Parameters <<<<<
>>>>> Protocol Handlers <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio]
CLSID = {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - ( HKLM F:\WINDOWS\system32\msdxm.ocx () )
>>>>> Protocol Filters <<<<<
>>>>> Downloaded Program Files <<<<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\DownloadInformation]
CODEBASE = http://codecs.micros...i386/voxacm.CAB
INF = F:\WINDOWS\Downloaded Program Files\voxacm.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000161-0000-0010-8000-00AA00389B71}\DownloadInformation]
CODEBASE = http://codecs.micros...386/msaudio.cab
INF = F:\WINDOWS\Downloaded Program Files\msaudio.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\DownloadInformation]
CODEBASE = http://www.kaspersky...can_unicode.cab
INF = F:\WINDOWS\Downloaded Program Files\kavwebscan.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload.ma...director/sw.cab
INF = F:\WINDOWS\Downloaded Program Files\erma.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\DownloadInformation]
CODEBASE = http://download.micr...922/wmv9VCM.CAB
INF = F:\WINDOWS\Downloaded Program Files\WMV9VCM.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\DownloadInformation]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab
INF = F:\WINDOWS\Downloaded Program Files\wmv9dmo.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\DownloadInformation]
CODEBASE = http://v4.windowsupd...7845.3552662037
INF = F:\WINDOWS\Downloaded Program Files\iuctl.inf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =
»»»»»»»»»»»»»»»»»»»» Files Created Within 60 Days »»»»»»»»»»»»»
F:\hiberfil.sys [Ver = | Size = 133730304 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
F:\Documents and Settings\Kelly\My Documents\savings.xls [Ver = | Size = 14336 bytes | Created Date = 3/3/2007 5:32:55 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\James Madison Report.doc [Ver = | Size = 22528 bytes | Created Date = 2/7/2007 6:17:14 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\budget worksheet v2-10-07.xls [Ver = | Size = 24576 bytes | Created Date = 2/10/2007 7:47:45 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Growing concern labels.xls [Ver = | Size = 16896 bytes | Created Date = 2/13/2007 7:22:05 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Annual Income 2006.xls [Ver = | Size = 71680 bytes | Created Date = 3/2/2007 7:27:42 AM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\newsletter_aspx.htm [Ver = | Size = 70329 bytes | Created Date = 2/15/2007 3:35:34 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Untitled.htm [Ver = | Size = 13658 bytes | Created Date = 2/17/2007 9:53:41 AM | Attr = ]
F:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 535 bytes | Created Date = 3/17/2007 6:19:41 PM | Attr = ]
F:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [Ver = | Size = 1638 bytes | Created Date = 3/18/2007 4:26:39 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\sfp.zip [Ver = | Size = 264875 bytes | Created Date = 3/17/2007 4:35:32 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\VundoFix.exe Atribune.org [Ver = 6.03.0016 | Size = 95232 bytes | Created Date = 3/17/2007 10:56:25 AM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\FindAWF.exe noahdfear [Ver = 1 .33. . | Size = 162382 bytes | Created Date = 3/17/2007 1:52:24 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\SDFix.exe [Ver = | Size = 697975 bytes | Created Date = 3/17/2007 2:09:04 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\WRE0612753.doc [Ver = | Size = 20992 bytes | Created Date = 2/17/2007 9:54:50 AM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\00977-00 Status Report 121406 to 010707.doc [Ver = | Size = 108032 bytes | Created Date = 1/19/2007 4:04:48 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\00977-00 Status Report 012207 to 020407.doc [Ver = | Size = 120320 bytes | Created Date = 2/15/2007 7:30:27 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\00977-00 Status Report 010906 to 012107.doc [Ver = | Size = 354304 bytes | Created Date = 1/21/2007 7:38:29 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\JulianSo-resume[2].doc [Ver = | Size = 47104 bytes | Created Date = 2/7/2007 6:48:39 AM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\00977-00 Status Report 020507 to 021807.doc [Ver = | Size = 374272 bytes | Created Date = 2/15/2007 7:53:44 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\LimeWire 4.12.11.lnk [Ver = | Size = 598 bytes | Created Date = 2/18/2007 1:42:11 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\Daniel James Jr.doc [Ver = | Size = 19968 bytes | Created Date = 2/26/2007 9:20:47 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\summer 2006 020.JPG [Ver = | Size = 349113 bytes | Created Date = 3/8/2007 5:31:13 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\Fixwareout.exe [Ver = 1.0.0.5 | Size = 494582 bytes | Created Date = 3/15/2007 6:53:52 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\cleanup.bat [Ver = | Size = 1959 bytes | Created Date = 3/17/2007 4:45:31 PM | Attr = ]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1655 bytes | Created Date = 3/18/2007 4:26:39 PM | Attr = ]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [Ver = | Size = 1697 bytes | Created Date = 3/18/2007 4:26:39 PM | Attr = ]
F:\WINDOWS\gmer.exe [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Created Date = 3/18/2007 5:05:52 PM | Attr = R ]
F:\WINDOWS\gmer.dll [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Created Date = 3/18/2007 5:05:52 PM | Attr = ]
F:\WINDOWS\ddeeeg.ini [Ver = | Size = 1176534 bytes | Created Date = 3/15/2007 7:59:26 PM | Attr = HS]
F:\WINDOWS\gmer_uninstall.cmd [Ver = | Size = 80 bytes | Created Date = 3/18/2007 5:05:52 PM | Attr = ]
F:\WINDOWS\gmer.ini [Ver = | Size = 250 bytes | Created Date = 3/18/2007 5:05:55 PM | Attr = ]
F:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/18/2007 9:29:57 AM | Attr = ]
F:\WINDOWS\System32\cbaayww.dll [Ver = | Size = 8171 bytes | Created Date = 3/14/2007 5:05:19 PM | Attr = ]
F:\WINDOWS\System32\ljhfg.exe [Ver = | Size = 27222 bytes | Created Date = 3/14/2007 5:10:21 PM | Attr = ]
F:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 3/18/2007 9:29:57 AM | Attr = ]
F:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 3/18/2007 9:29:57 AM | Attr = ]
F:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 3/18/2007 9:29:57 AM | Attr = ]
F:\WINDOWS\System32\drivers\gmer.sys GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Created Date = 3/18/2007 5:05:52 PM | Attr = ]
F:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 3/17/2007 6:19:35 PM | Attr = ]
»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»
F:\hiberfil.sys [Ver = | Size = 133730304 bytes | Modified Date = 3/18/2007 4:03:10 PM | Attr = HS]
F:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 100352 bytes | Modified Date = 3/17/2007 8:27:56 AM | Attr = ]
F:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db [Ver = | Size = 5001526 bytes | Modified Date = 3/18/2007 4:01:54 PM | Attr = H ]
F:\Documents and Settings\Kelly\My Documents\address.xls [Ver = | Size = 48640 bytes | Modified Date = 2/21/2007 6:51:36 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Annual Income.xls [Ver = | Size = 81408 bytes | Modified Date = 3/12/2007 9:24:42 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\savings.xls [Ver = | Size = 14336 bytes | Modified Date = 3/3/2007 5:46:14 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Fax cover protocol link.doc [Ver = | Size = 39936 bytes | Modified Date = 3/3/2007 10:38:14 AM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\James Madison Report.doc [Ver = | Size = 22528 bytes | Modified Date = 2/19/2007 4:20:58 PM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Annual Income 2006.xls [Ver = | Size = 71680 bytes | Modified Date = 3/12/2007 5:34:02 AM | Attr = ]
F:\Documents and Settings\Kelly\My Documents\Untitled.htm [Ver = | Size = 13658 bytes | Modified Date = 2/17/2007 9:53:44 AM | Attr = ]
F:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 535 bytes | Modified Date = 3/17/2007 6:19:42 PM | Attr = ]
F:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [Ver = | Size = 1638 bytes | Modified Date = 3/18/2007 4:26:40 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\sfp.zip [Ver = | Size = 264875 bytes | Modified Date = 3/17/2007 4:35:40 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\VundoFix.exe Atribune.org [Ver = 6.03.0016 | Size = 95232 bytes | Modified Date = 3/17/2007 10:56:26 AM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\FindAWF.exe noahdfear [Ver = 1 .33. . | Size = 162382 bytes | Modified Date = 3/17/2007 1:52:26 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\SDFix.exe [Ver = | Size = 697975 bytes | Modified Date = 3/17/2007 2:09:08 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\WRE0612753.doc [Ver = | Size = 20992 bytes | Modified Date = 2/18/2007 9:38:40 AM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\LimeWire 4.12.11.lnk [Ver = | Size = 598 bytes | Modified Date = 2/18/2007 1:42:12 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\Daniel James Jr.doc [Ver = | Size = 19968 bytes | Modified Date = 2/26/2007 9:20:50 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\summer 2006 020.JPG [Ver = | Size = 349113 bytes | Modified Date = 3/8/2007 5:31:14 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\Fixwareout.exe [Ver = 1.0.0.5 | Size = 494582 bytes | Modified Date = 3/15/2007 6:54:00 PM | Attr = ]
F:\Documents and Settings\Kelly\Desktop\cleanup.bat [Ver = | Size = 1959 bytes | Modified Date = 3/17/2007 4:45:32 PM | Attr = ]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1655 bytes | Modified Date = 3/18/2007 4:26:40 PM | Attr = ]
F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [Ver = | Size = 1697 bytes | Modified Date = 3/18/2007 4:26:40 PM | Attr = ]
F:\WINDOWS\QUICKEN.INI [Ver = | Size = 1125 bytes | Modified Date = 3/16/2007 4:10:36 PM | Attr = ]
F:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 3/18/2007 4:03:16 PM | Attr = S]
F:\WINDOWS\gmer.exe [Ver = 1, 0, 12, 12086 | Size = 573440 bytes | Modified Date = 3/7/2007 3:52:36 PM | Attr = R ]
F:\WINDOWS\gmer.dll [Ver = 1, 0, 12, 12086 | Size = 565311 bytes | Modified Date = 3/18/2007 5:05:54 PM | Attr = ]
F:\WINDOWS\ddeeeg.ini [Ver = | Size = 1176534 bytes | Modified Date = 3/17/2007 4:38:10 PM | Attr = HS]
F:\WINDOWS\gmer_uninstall.cmd [Ver = | Size = 80 bytes | Modified Date = 3/18/2007 5:05:54 PM | Attr = ]
F:\WINDOWS\gmer.ini [Ver = | Size = 250 bytes | Modified Date = 3/18/2007 5:05:56 PM | Attr = ]
F:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/18/2007 9:29:04 AM | Attr = ]
F:\WINDOWS\System32\wpa.dbl [Ver = | Size = 12664 bytes | Modified Date = 3/12/2007 5:16:50 PM | Attr = ]
F:\WINDOWS\System32\cbaayww.dll [Ver = | Size = 8171 bytes | Modified Date = 3/14/2007 5:05:20 PM | Attr = ]
F:\WINDOWS\System32\ljhfg.exe [Ver = | Size = 27222 bytes | Modified Date = 3/14/2007 5:10:22 PM | Attr = ]
F:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 3/18/2007 9:29:04 AM | Attr = ]
F:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 3/18/2007 9:29:04 AM | Attr = ]
F:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 3/18/2007 9:29:04 AM | Attr = ]
F:\WINDOWS\System32\drivers\gmer.sys GMER [Ver = 1, 0, 12, 3816 | Size = 68993 bytes | Modified Date = 3/18/2007 5:05:54 PM | Attr = ]
»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[FSG! , ]F:\Documents and Settings\Kelly\My Documents\415.rm ()
[UPX! , ]F:\Documents and Settings\Kelly\My Documents\sysclean.com ()
File scan skipped for file F:\Documents and Settings\Kelly\My Documents\videocd.bin. File size too big (127734768 bytes)
[PEC2 , ]F:\Documents and Settings\Kelly\Desktop\msgid_1853853_Ice_Age__The_Meltdown_(2006).nzb ()
[PEC2 , PECompact2 , ]F:\Documents and Settings\Kelly\Desktop\VundoFix.exe (Atribune.org)
[PECompact2 , qoologic , SAHAgent , ]F:\WINDOWS\VPTNFILE.939 ()
[aspack , UPX! , ]F:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
[UPX! , UPX0 , ]F:\WINDOWS\tsc.exe (Trend Micro Inc.)
[PECompact2 , qoologic , SAHAgent , ]F:\WINDOWS\LPT$VPN.939 ()
[MZKERNEL32.DLL , UpackByDwing , ]F:\WINDOWS\System32\cbaayww.dll ()
[MZKERNEL32.DLL , ]F:\WINDOWS\System32\ljhfg.exe ()
[PEC2 , ]F:\WINDOWS\System32\dfrg.msc ()
[winsync , ]F:\WINDOWS\System32\wbdbase.deu ()
[PEC2 , PECompact2 , ]F:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
[UPX0 , WSUD , ]F:\WINDOWS\System32\dllcache\hwxjpn.dll ()
< End of report >
