GMER 2.1.19115 - http://www.gmer.net Rootkit scan 2013-03-04 08:14:41 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 SanDisk_SSD_P4_32GB rev.SSD_8.13 29.82GB Running: kvzvipf1.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyqpoc.sys ---- System - GMER 2.1 ---- Code \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DF7000, 0x253D97, 0xE8000020] ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys The system cannot find the path specified. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\MagicInfo-i Premium\Client\MpFileTransfer.exe[1560] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 00406620 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!GetScrollInfo 7E42DFE2 5 Bytes JMP 004064A0 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00406770 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00406500 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00406690 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 004065B0 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00406700 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe[1920] USER32.dll!EnableScrollBar 7E468005 5 Bytes JMP 00406460 C:\Program Files\MagicInfo-i Premium\Client\MpWatcher.exe .text C:\Program Files\MagicInfo-i Premium\Client\UltraVNC\winvnc.exe[2700] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\MagicInfo-i Premium\Client\MpAgent.exe[4072] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 EWF.sys (Enhanced Write Filter Driver/Microsoft Corporation) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 EWF.sys (Enhanced Write Filter Driver/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Services - GMER 2.1 ---- Service C:\WINDOWS\System32\drivers\afd.sys (*** hidden *** ) [AUTO] AFD <-- ROOTKIT !!! Service C:\WINDOWS\system32\alg.exe (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\asyncmac.sys (*** hidden *** ) [MANUAL] AsyncMac <-- ROOTKIT !!! Service C:\WINDOWS\system32\qmgr.dll (*** hidden *** ) [MANUAL] BITS <-- ROOTKIT !!! Service C:\WINDOWS\system32\cisvc.exe (*** hidden *** ) [DISABLED] cisvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\clipsrv.exe (*** hidden *** ) [DISABLED] ClipSrv <-- ROOTKIT !!! Service C:\WINDOWS\system32\dllhost.exe (*** hidden *** ) [MANUAL] COMSysApp <-- ROOTKIT !!! Service C:\WINDOWS\System32\cryptsvc.dll (*** hidden *** ) [AUTO] CryptSvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\imapi.exe (*** hidden *** ) [DISABLED] ImapiService <-- ROOTKIT !!! Service C:\WINDOWS\System32\DRIVERS\ipsec.sys (*** hidden *** ) [SYSTEM] IPSec <-- ROOTKIT !!! Service C:\WINDOWS\system32\msiexec.exe (*** hidden *** ) [MANUAL] MSIServer <-- ROOTKIT !!! Service C:\WINDOWS\system32\rpcss.dll (*** hidden *** ) [AUTO] RpcSs <-- ROOTKIT !!! Service C:\WINDOWS\System32\seclogon.dll (*** hidden *** ) [AUTO] seclogon <-- ROOTKIT !!! Service C:\WINDOWS\System32\ipnathlp.dll (*** hidden *** ) [AUTO] SharedAccess <-- ROOTKIT !!! Service C:\WINDOWS\system32\winspool.drv (*** hidden *** ) [DISABLED] Spooler <-- ROOTKIT !!! Service C:\WINDOWS\System32\Drivers\sr.sys (*** hidden *** ) [DISABLED] sr <-- ROOTKIT !!! Service C:\WINDOWS\system32\srsvc.dll (*** hidden *** ) [AUTO] srservice <-- ROOTKIT !!! Service C:\WINDOWS\system32\tlntsvr.exe (*** hidden *** ) [AUTO] TlntSvr <-- ROOTKIT !!! Service C:\WINDOWS\system32\wuauserv.dll (*** hidden *** ) [DISABLED] wuauserv <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\FileSystem@Win95TruncatedExtensions 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 768 Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm@ Service Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys@ Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr@ Service Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@SetupExecute regfltuser? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment@Path %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 2859 Reg HKLM\SYSTEM\CurrentControlSet\Services\AFD@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\AFD Reg HKLM\SYSTEM\CurrentControlSet\Services\ALG@ImagePath system32\alg.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\ALG Reg HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters@ServiceDllUnloadOnStop 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac@ImagePath system32\drivers\asyncmac.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@ImagePath system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@DisplayName Background Intelligent Transfer Service Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\cisvc@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\cisvc@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\cisvc@ImagePath C:\WINDOWS\system32\cisvc.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\cisvc Reg HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\ClipSrv Reg HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp@ImagePath C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Reg HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp Reg HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc@DisplayName Cryptographic Services Reg HKLM\SYSTEM\CurrentControlSet\Services\ImapiService@ImagePath C:\WINDOWS\system32\imapi.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\ImapiService Reg HKLM\SYSTEM\CurrentControlSet\Services\IPSec@ImagePath System32\DRIVERS\ipsec.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\IPSec Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIServer@ImagePath C:\WINDOWS\system32\msiexec.exe /V Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIServer Reg HKLM\SYSTEM\CurrentControlSet\Services\RpcSs@ImagePath %SystemRoot%\system32\svchost -k rpcss Reg HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters@ServiceDll %SystemRoot%\system32\rpcss.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RpcSs Reg HKLM\SYSTEM\CurrentControlSet\Services\seclogon@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\seclogon@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\seclogon Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 679 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\Samsung\MagicInfoPro\winvnc4.exe C:\Program Files\Samsung\MagicInfoPro\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\Samsung\MagicInfoPro\SignageScheduler.exe C:\Program Files\Samsung\MagicInfoPro\SignageScheduler.exe:*:Enabled:MagicInfoPro Scheduler Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\Samsung\MagicInfoPro\dispticker.exe C:\Program Files\Samsung\MagicInfoPro\dispticker.exe:*:Enabled:dispticker Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\Samsung\MagicInfoPro\mnUpdate.exe C:\Program Files\Samsung\MagicInfoPro\mnUpdate.exe:*:Enabled:mnUpdate Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\MagicInfo-i\WSRMAgent\MagicInfoRM.exe C:\Program Files\MagicInfo-i\WSRMAgent\MagicInfoRM.exe:*:Enabled:Launch MagicInfoRM Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\MagicInfo-i\Update\MagicInfoUpdate.exe C:\Program Files\MagicInfo-i\Update\MagicInfoUpdate.exe:*:Enabled:MagicInfoUpdate Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\MagicInfo-i\Update\MagicInfoUpdateN.exe C:\Program Files\MagicInfo-i\Update\MagicInfoUpdateN.exe:*:Enabled:MagicInfoUpdateN Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\MagicInfo-i\Client\MpMain.exe C:\Program Files\MagicInfo-i\Client\MpMain.exe:*:Enabled:MagicInfo-i Player Main Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\SEVnc\WinSEVnc.exe C:\Program Files\SEVnc\WinSEVnc.exe:*:Enabled:WinSEVnc Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@E:\NES.exe E:\NES.exe:*:Enabled:Product Quality Verification Tool Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\MagicInfo-i\Client\WinVNC\winvnc.exe C:\Program Files\MagicInfo-i\Client\WinVNC\winvnc.exe:*:Enabled:winvnc Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List@C:\Program Files\MagicInfo-i\Client\MpPlayer.exe C:\Program Files\MagicInfo-i\Client\MpPlayer.exe:*:Enabled:MagicInfo-i Player Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess Reg HKLM\SYSTEM\CurrentControlSet\Services\Spooler@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\Spooler Reg HKLM\SYSTEM\CurrentControlSet\Services\sr@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sr\Parameters@FirstRun 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sr Reg HKLM\SYSTEM\CurrentControlSet\Services\srservice@ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs Reg HKLM\SYSTEM\CurrentControlSet\Services\srservice Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@EnableICMPRedirect 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@EnableSecurityFilters 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 172.17.4.36 172.17.10.36 172.17.4.30 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@LeaseObtainedTime 1228129788 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@T1 1228145988 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@T2 1228158138 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@LeaseTerminatesTime 1228162188 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@DhcpNameServer 172.17.4.36 172.17.10.36 172.17.4.30 Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr Reg HKLM\SYSTEM\CurrentControlSet\Services\UPS@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters@ServiceDll C:\WINDOWS\system32\w32time.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv Reg HKLM\SYSTEM\CurrentControlSet\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@LeaseObtainedTime 1228129788 Reg HKLM\SYSTEM\CurrentControlSet\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@T1 1228145988 Reg HKLM\SYSTEM\CurrentControlSet\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@T2 1228158138 Reg HKLM\SYSTEM\CurrentControlSet\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@LeaseTerminatesTime 1228162188 Reg HKLM\SYSTEM\ControlSet002\Control\Lsa@LsaPid 772 Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 3796 Reg HKLM\SYSTEM\ControlSet002\Services\SharedAccess\Epoch@Epoch 622 Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters@Hostname OEM-PU2J7RV93CD Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters@NV Hostname OEM-PU2J7RV93CD Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters@DhcpNameServer 10.41.128.98 10.100.181.206 Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@LeaseObtainedTime 1228129788 Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@T1 1228145988 Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@T2 1228158138 Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@LeaseTerminatesTime 1228162188 Reg HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}@DhcpRetryTime 16197 Reg HKLM\SYSTEM\ControlSet002\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@LeaseObtainedTime 1228129788 Reg HKLM\SYSTEM\ControlSet002\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@T1 1228145988 Reg HKLM\SYSTEM\ControlSet002\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@T2 1228158138 Reg HKLM\SYSTEM\ControlSet002\Services\{48846A10-D298-4FE5-B1BB-A6A2B978FF0B}\Parameters\Tcpip@LeaseTerminatesTime 1228162188 Reg HKLM\SOFTWARE\Microsoft\Windows@ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HELPCTR.EXE@ %SystemRoot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MSCONFIG.EXE@ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden@Bitmap %SystemRoot%\system32\shell32.dll,4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders@CommonVideo Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1481489710 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1481489710 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-884467374-2951601646-1655779636-500\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1524145960 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-884467374-2951601646-1655779636-500\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-884467374-2951601646-1655779636-500\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1526645960 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-884467374-2951601646-1655779636-500\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform@.NET CLR 2.0.50727 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform@.NET CLR 3.0.04506.648 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform@.NET CLR 3.5.21022 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@1201 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@1804 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@1201 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@2500 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1201 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1201 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1208 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@2500 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1200 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1201 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1208 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1608 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@1804 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4@2500 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Alcmtr ALCMTR.EXE Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@StartTime 2008/12/01-11:09:49 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@ExitTime 2008/12/01-11:09:49 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeLow 1396958460 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@ProfileLoadTimeHigh 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19@RefCount 2 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow 1393364710 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-884467374-2951601646-1655779636-500@ProfileLoadTimeLow 1518989710 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-884467374-2951601646-1655779636-500@ProfileLoadTimeHigh 29971365 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-884467374-2951601646-1655779636-500@RefCount 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\setup\recoveryconsole@securitylevel 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\setup\recoveryconsole@setcommand 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI@LogSessionName stdout Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI@Active 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI@ControlFlags 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI\BTPANUI_TRACE_GUID Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI\BTPANUI_TRACE_GUID@Guid 199a5b43-0750-43b2-93b8-7b772f592413 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BTPANUI\BTPANUI_TRACE_GUID@BitNames ttidBtpanuiError ttidBtpanuiInfo Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec@DLLName %windir%\temp\sso\ssoexec.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec@Impersonate 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec@Lock SSOReset Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec@Unlock SSOExec Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec@Asynchronous 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec@Logoff SSOReset Reg HKLM\SOFTWARE\Classes\.com@ comfile Reg HKLM\SOFTWARE\Classes\Applications\iexplore.exe\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 Reg HKLM\SOFTWARE\Classes\chm.file\shell\open\command@ "C:\WINDOWS\hh.exe" %1 Reg HKLM\SOFTWARE\Classes\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{00000541-0000-0010-8000-00AA006D2EA4}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}\Implemented Categories Reg HKLM\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Reg HKLM\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}\Programmable Reg HKLM\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell@ none Reg HKLM\SOFTWARE\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32@ C:\WINDOWS\system32\stobject.dll Reg HKLM\SOFTWARE\Classes\CLSID\{46C166AA-3108-11D4-9348-00C04F8EEB71}\InProcServer32@ C:\WINDOWS\system32\hnetcfg.dll Reg HKLM\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32@ C:\WINDOWS\system32\wbem\fastprox.dll Reg HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\Implemented Categories Reg HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Reg HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\Programmable Reg HKLM\SOFTWARE\Classes\CLSID\{7998DC37-D3FE-487C-A60A-7701FCC70CC6}\InprocServer32@ C:\WINDOWS\system32\wbem\repdrvfs.dll Reg HKLM\SOFTWARE\Classes\CLSID\{7b8a2d95-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32@ C:\WINDOWS\system32\urlmon.dll Reg HKLM\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command@ "C:\Program Files\Internet Explorer\iexplore.exe" Reg HKLM\SOFTWARE\Classes\CLSID\{D1FE6762-FC48-11D0-883A-3C8B00C10000}\InprocServer32@ C:\WINDOWS\system32\Dxtrans.dll Reg HKLM\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}@LocalizedString @%SystemRoot%\system32\shell32.dll,-30520 Reg HKLM\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}@IntroText @%SystemRoot%\system32\shell32.dll,-31754 Reg HKLM\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\DefaultIcon@ %SystemRoot%\system32\shell32.dll,-134 Reg HKLM\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\InProcServer32@ %SystemRoot%\system32\shell32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32@ C:\WINDOWS\system32\webcheck.dll Reg HKLM\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32@ C:\WINDOWS\system32\wbem\wbemess.dll Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}\Implemented Categories Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}\Programmable Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}\Implemented Categories Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}\Programmable Reg HKLM\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32@ %SystemRoot%\system32\shell32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32@ C:\WINDOWS\system32\ieframe.dll Reg HKLM\SOFTWARE\Classes\cplfile\shell\cplopen\command@ rundll32.exe shell32.dll,Control_RunDLL %1,%* Reg HKLM\SOFTWARE\Classes\ftp\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 Reg HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\Application@ IExplore Reg HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\ifExec Reg HKLM\SOFTWARE\Classes\ftp\shell\open\ddeexec\ifExec@ * Reg HKLM\SOFTWARE\Classes\giffile\shell\open\command@ "C:\Program Files\Internet Explorer\iexplore.exe" -nohome Reg HKLM\SOFTWARE\Classes\giffile\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\giffile\shell\open\ddeexec@ "file:%1",,-1,,,,, Reg HKLM\SOFTWARE\Classes\giffile\shell\open\ddeexec\application Reg HKLM\SOFTWARE\Classes\giffile\shell\open\ddeexec\application@ IExplore Reg HKLM\SOFTWARE\Classes\giffile\shell\open\ddeexec\topic Reg HKLM\SOFTWARE\Classes\giffile\shell\open\ddeexec\topic@ WWW_OpenURL Reg HKLM\SOFTWARE\Classes\htmlfile\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome Reg HKLM\SOFTWARE\Classes\htmlfile\shell\opennew\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 Reg HKLM\SOFTWARE\Classes\htmlfile\shell\opennew\ddeexec\Application@ IExplore Reg HKLM\SOFTWARE\Classes\HTTP\shell\open\command@ "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome Reg HKLM\SOFTWARE\Classes\HTTP\shell\open\ddeexec\Application@ IExplore Reg HKLM\SOFTWARE\Classes\Interface\{00000503-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000600-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000503-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000504-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000600-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000504-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000505-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000505-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000506-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000506-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{0000050E-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{0000050E-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000512-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000600-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000512-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000513-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000600-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000513-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000534-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000534-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{0000054C-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{0000054C-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{0000054D-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{0000054D-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{0000054F-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{0000054F-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000555-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000555-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000556-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000556-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000564-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000564-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{00000569-0000-0010-8000-00AA006D2EA4}\TypeLib@ {00000300-0000-0010-8000-00AA006D2EA4} Reg HKLM\SOFTWARE\Classes\Interface\{00000569-0000-0010-8000-00AA006D2EA4}\TypeLib@Version 2.8 Reg HKLM\SOFTWARE\Classes\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{79EAC9C9-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32@ {79eac9f1-baf9-11ce-8c82-00aa004ba90b} Reg HKLM\SOFTWARE\Classes\Interface\{A39EE748-6A27-4817-A6F2-13914BEF5890}\NumMethods@ 29 Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\JSFile\Shell\Open\Command@ C:\WINDOWS\system32\WScript.exe "%1" %* Reg HKLM\SOFTWARE\Classes\scriptletfile\Shell\Generate Typelib\command@ "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\scrobj.dll,GenerateTypeLib "%1" Reg HKLM\SOFTWARE\Classes\VBEFile\Shell\Open\Command@ C:\WINDOWS\system32\WScript.exe "%1" %* Reg HKLM\SOFTWARE\Classes\VBSFile\Shell\Open\Command@ C:\WINDOWS\system32\WScript.exe "%1" %* Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU@MRUList dcba Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@a C:\WINDOWS\system32\ksuser.dll Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@MRUList cba Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@b C:\WINDOWS\system32\drivers\ks.sys Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*@c C:\Program Files\AMD\OverDrive\Profiles\C12A7EFAAC3D4BEC30EB1EC9693B1AA0\AODConfig.xml Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll@a C:\WINDOWS\system32\ksuser.dll Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll@MRUList a Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys@a C:\WINDOWS\system32\drivers\ks.sys Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys@MRUList a Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\xml Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\xml@a C:\Program Files\AMD\OverDrive\Profiles\C12A7EFAAC3D4BEC30EB1EC9693B1AA0\AODConfig.xml Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\xml@MRUList a Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a2cc2-4142-11df-9fe5-0012fb20412d} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a2cc2-4142-11df-9fe5-0012fb20412d}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826f17c1-40d3-11df-9fdb-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826f17c1-40d3-11df-9fdb-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826f17c2-40d3-11df-9fdb-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{826f17c2-40d3-11df-9fdb-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd0d430-9818-11df-a947-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd0d430-9818-11df-a947-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd0d431-9818-11df-a947-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd0d431-9818-11df-a947-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a30c0c64-0c3b-11dd-9ded-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a30c0c64-0c3b-11dd-9ded-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a30c0c65-0c3b-11dd-9ded-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a30c0c65-0c3b-11dd-9ded-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e4f92c-6764-11e0-9e0e-806d6172696f} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e4f92c-6764-11e0-9e0e-806d6172696f}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9cc6a4e-179d-11dd-9df4-81a6d61e2071} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9cc6a4e-179d-11dd-9df4-81a6d61e2071}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9cc6a4e-179d-11dd-9df4-81a6d61e2071}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd563cb2-4144-11df-9fdf-baa11d6ff6e3} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd563cb2-4144-11df-9fdf-baa11d6ff6e3}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd563cb2-4144-11df-9fdf-baa11d6ff6e3}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea8fdf4c-0926-11dd-9e14-ac97d200f8ad} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea8fdf4c-0926-11dd-9e14-ac97d200f8ad}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea8fdf4c-0926-11dd-9e14-ac97d200f8ad}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}@BaseClass Drive Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}@_AutorunStatus 0x01 0x00 0x01 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}\shell Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}\shell@ None Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}\shell\Autoplay Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}\shell\Autoplay@MUIVerb @shell32.dll,-8504 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}\shell\Autoplay\DropTarget Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efa281cc-42e7-11df-9df2-0012fb20412d}\shell\Autoplay\DropTarget@CLSID {f26a669a-bcbb-4e37-abf9-7325da15f931} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@a cmd\1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@MRUList a Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders@Recent %USERPROFILE%\Recent Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore@Count 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore@Count 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@WarnonZoneCrossing 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@WarnOnPostRedirect 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008120120081202 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008120120081202@CachePath %USERPROFILE%\Local Settings\History\History.IE5\MSHist012008120120081202 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008120120081202@CachePrefix :2008120120081202: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008120120081202@CacheLimit 8192 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008120120081202@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008120120081202@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap@UNCAsIntranet 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@2001 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0@2004 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@Flags 323 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer@NoDriveTypeAutoRun 145 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer@NoWindowsUpdate 1 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1920x1080(1).left 804 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1920x1080(1).top 257 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1920x1080(1).right 1604 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@WinPos1920x1080(1).bottom 857 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\1\Shell@ScrollPos1920x1080(1).y 0 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell@WinPos1920x1080(1).left 98 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell@WinPos1920x1080(1).top 273 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell@WinPos1920x1080(1).right 898 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\10\Shell@WinPos1920x1080(1).bottom 873 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1920x1080(1).left 90 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1920x1080(1).top 125 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1920x1080(1).right 890 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WinPos1920x1080(1).bottom 725 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\22\Shell@WFlags 2 ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Administrator\Cookies\administrator@172.17.10[1].txt 93 bytes File C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008120120081202 0 bytes File C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008120120081202\index.dat 32768 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\2f255.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\dw.log 76 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\108c5.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1119f.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\12b56d.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\12bfe.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\138320.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\15406.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\15c35b.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\169f2.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1723f.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\174b0.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\18440.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1969e.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1b31e.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1c168.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1cdea.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1dcb34.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1e317.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\1fe141.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\23afb.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\ChCfg.exe 49152 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\data1.cab 3091397 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\data1.hdr 34152 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\data2.cab 512 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\engine32.cab 553805 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista\HDAATI.inf 111251 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista\RHDMIExt.dll 694784 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista\rthdmi32.cat 38041 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista\RtHDMIV.sys 142624 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista\RtkHDMI.dll 2167808 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista\RtkUpd.exe 1196032 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64\HDXATI64.inf 111300 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64\RHDMEx64.dll 764416 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64\rthdmi64.cat 34373 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64\RtHDMIVX.sys 175776 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64\RtkHDM64.dll 1260032 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\Vista64\RtkUpd64.exe 1364480 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K\HDAATI.inf 8197 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K\RtHDMI.sys 3688064 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K\rthdmi32.cat 11822 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K\RtkUpd.exe 1196032 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K64 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K64\HDXATI64.inf 8244 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K64\rthdmi64.cat 11840 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K64\RtHDMIX.sys 3004544 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\HDMI\XP2K64\RtkUpd64.exe 1364480 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\layout.bin 473 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K3 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K3\us 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K3\us\kb888111srvrtm.exe 771288 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K_XP 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K_XP\us 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe 742104 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe 774360 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe 720088 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\Readme.txt 227303 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\RtlExUpd.dll 520192 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\SetCDfmt.exe 23552 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\Setup.exe 121064 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\setup.ibt 456860 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\setup.ini 1348 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\setup.inx 306880 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\setup.isn 250296 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\setup.iss 551 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\pft3~tmp\USetup.iss 553 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\plf1.tmp 4533 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\set1.tmp 116880 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\set2.tmp 116880 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\set7.tmp 116880 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\setE.tmp 116880 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\GLB6.tmp 71680 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\isp1B.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\isp1B.tmp\_Setup.dll 368640 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\isp5.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\isp5.tmp\_Setup.dll 159744 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\isp8.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\isp8.tmp\_Setup.dll 159744 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\isp9.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\isp9.tmp\_Setup.dll 159744 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\ISPackFiles.ini 728 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\ispB.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\ispB.tmp\_Setup.dll 159744 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\iss1.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss2.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss2.tmp\setup.ini 455 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss3.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss4.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss5.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss5.tmp\setup.ini 455 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss6.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss6.tmp\setup.ini 455 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss7.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss8.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\iss9.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\issA.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\issA.tmp\setup.ini 455 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\issF.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\IXP000.TMP\VCREDI~3.EXE 2682880 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\VSD1.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\VSD1.tmp\install.log 1502 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\VSD5.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\VSD5.tmp\install.log 1507 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056} 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0407.ini 24692 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0409.ini 22372 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x040a.ini 24046 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x040c.ini 24966 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0410.ini 23776 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0411.ini 14892 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0412.ini 13528 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0419.ini 22284 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x041d.ini 22246 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x041f.ini 21950 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0804.ini 10334 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\0x0816.ini 23594 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\1033.MST 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\ISSetup.dll 3069369 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\MagicInfo-i Premium Edition Client.msi 60251368 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\Setup.INI 2894 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\setup.isn 259693 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{2C5D04A2-F1C1-4F86-8321-E248678B4056}\_ISMSIDEL.INI 1708 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C} 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0407.ini 24692 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0409.ini 22372 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x040a.ini 24046 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x040c.ini 24966 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0410.ini 23776 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0411.ini 14892 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0412.ini 13528 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0419.ini 22284 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x041d.ini 22246 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x041f.ini 21950 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0804.ini 10334 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\0x0816.ini 23594 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\1033.MST 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\ISSetup.dll 3074497 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\MagicInfo-i Premium Edition Client.msi 48395020 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\Setup.INI 2894 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\setup.isn 259693 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{48BE15CA-744E-4074-A9EC-86CAD9437F2C}\_ISMSIDEL.INI 1708 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671} 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0407.ini 24692 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0409.ini 22372 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x040a.ini 24046 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x040c.ini 24966 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0410.ini 23776 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0411.ini 14892 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0412.ini 13528 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0419.ini 22284 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x041d.ini 22246 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x041f.ini 21950 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0804.ini 10334 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\0x0816.ini 23594 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\1033.MST 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\ISSetup.dll 3069369 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\MagicInfo-i Premium Edition Client.msi 60212540 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\Setup.INI 2894 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\setup.isn 259693 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{4EF834BF-F89E-41B6-82D3-4354B0F5A671}\_ISMSIDEL.INI 1708 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F} 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0407.ini 24692 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0409.ini 22372 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x040a.ini 24046 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x040c.ini 24966 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0410.ini 23776 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0411.ini 14892 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0412.ini 13528 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0419.ini 22284 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x041d.ini 22246 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x041f.ini 21950 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0804.ini 10334 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\0x0816.ini 23594 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\1033.MST 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\ISSetup.dll 3069367 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\MagicInfo-i Premium Edition Client.msi 60284220 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\Setup.INI 2894 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\setup.isn 259693 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{7F6E1AB2-89AA-4526-8044-B707FE484B7F}\_ISMSIDEL.INI 1708 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839} 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0407.ini 24692 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0409.ini 22372 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x040a.ini 24046 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x040c.ini 24966 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0410.ini 23776 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0411.ini 14892 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0412.ini 13528 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0419.ini 22284 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x041d.ini 22246 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x041f.ini 21950 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0804.ini 10334 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\0x0816.ini 23594 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\1033.MST 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\ISSetup.dll 3069368 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\MagicInfo-i Premium Edition Client.msi 60277564 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\Setup.INI 2894 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\setup.isn 259693 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{CEC31874-22A0-4C05-90F0-9E6F37C51839}\_ISMSIDEL.INI 1708 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126} 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0407.ini 24692 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0409.ini 22372 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x040a.ini 24046 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x040c.ini 24966 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0410.ini 23776 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0411.ini 14892 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0412.ini 13528 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0419.ini 22284 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x041d.ini 22246 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x041f.ini 21950 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0804.ini 10334 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\0x0816.ini 23594 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\1033.MST 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\ISSetup.dll 3068631 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\MagicInfo-i Premium Edition Client.msi 41708544 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\Setup.INI 2895 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\setup.isn 259693 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\{D0EDE3F9-4897-4DB9-9596-391E3BF31126}\_ISMSIDEL.INI 1708 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\35de2.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\36ce6.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\3a0e6.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\42fc8.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\58f48.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\5fb42.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\698688.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\7cef8.mst 10240 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\8364d.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\9c23a.mst 3584 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\a1731.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\ac2f.mst 10752 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\atidcmxx.sys 23312 bytes executable File C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye2.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye2.tmp\Disk1 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye3.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye3.tmp\Disk1 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye4.tmp 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\bye4.tmp\Disk1 0 bytes File C:\Documents and Settings\Administrator\Local Settings\Temp\devcon.exe 77312 bytes executable File C:\Documents and Settings\Administrator\Recent\AODConfig.lnk 1080 bytes File C:\Documents and Settings\Administrator\Recent\C12A7EFAAC3D4BEC30EB1EC9693B1AA0.lnk 910 bytes File C:\Documents and Settings\Administrator\Recent\ContentsId.lnk 435 bytes File C:\Documents and Settings\Administrator\Recent\Log.lnk 326 bytes File C:\Documents and Settings\Administrator\Recent\oeminfo.lnk 631 bytes File C:\Documents and Settings\Administrator\Recent\system32.lnk 483 bytes File C:\Documents and Settings\Default User\Cookies 0 bytes File C:\Documents and Settings\Default User\Cookies\index.dat 16384 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 0 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\1590AM68 0 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\1590AM68\desktop.ini 67 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\3LXBO8I2 0 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\3LXBO8I2\desktop.ini 67 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6MIX30KZ 0 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6MIX30KZ\desktop.ini 67 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\FXAAJ7ZG 0 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\FXAAJ7ZG\desktop.ini 67 bytes File C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes File C:\Documents and Settings\LocalService\Cookies 0 bytes File C:\Documents and Settings\LocalService\Cookies\index.dat 16384 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 0 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1590AM68 0 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1590AM68\desktop.ini 67 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3LXBO8I2 0 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3LXBO8I2\desktop.ini 67 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6MIX30KZ 0 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6MIX30KZ\desktop.ini 67 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FXAAJ7ZG 0 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FXAAJ7ZG\desktop.ini 67 bytes File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1590AM68 0 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1590AM68\desktop.ini 67 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3LXBO8I2 0 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3LXBO8I2\desktop.ini 67 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6MIX30KZ 0 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6MIX30KZ\desktop.ini 67 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FXAAJ7ZG 0 bytes File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FXAAJ7ZG\desktop.ini 67 bytes File C:\RECYCLER\S-1-5-21-2865792204-2146801355-998289785-500 0 bytes File C:\RECYCLER\S-1-5-21-2865792204-2146801355-998289785-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2865792204-2146801355-998289785-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-954178965-1861495505-687340881-500 0 bytes File C:\RECYCLER\S-1-5-21-954178965-1861495505-687340881-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-954178965-1861495505-687340881-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1091035466-3201690398-1383708873-500 0 bytes File C:\RECYCLER\S-1-5-21-1091035466-3201690398-1383708873-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1091035466-3201690398-1383708873-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1122521340-785310808-1285891944-500 0 bytes File C:\RECYCLER\S-1-5-21-1122521340-785310808-1285891944-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1122521340-785310808-1285891944-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1169943973-1701625859-3270039751-500 0 bytes File C:\RECYCLER\S-1-5-21-1169943973-1701625859-3270039751-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1169943973-1701625859-3270039751-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1409867410-2144658686-278095236-500 0 bytes File C:\RECYCLER\S-1-5-21-1409867410-2144658686-278095236-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1409867410-2144658686-278095236-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1427196179-1312071006-2153436135-500 0 bytes File C:\RECYCLER\S-1-5-21-1427196179-1312071006-2153436135-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1427196179-1312071006-2153436135-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1563303760-2592089557-2636437329-500 0 bytes File C:\RECYCLER\S-1-5-21-1563303760-2592089557-2636437329-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1563303760-2592089557-2636437329-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1588734867-4137610046-3951331382-500 0 bytes File C:\RECYCLER\S-1-5-21-1588734867-4137610046-3951331382-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1588734867-4137610046-3951331382-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1647638689-2518189185-1514655418-500 0 bytes File C:\RECYCLER\S-1-5-21-1647638689-2518189185-1514655418-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1647638689-2518189185-1514655418-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1708235595-4083240136-3223537825-500 0 bytes File C:\RECYCLER\S-1-5-21-1708235595-4083240136-3223537825-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1708235595-4083240136-3223537825-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1807912204-3310893006-3837037344-500 0 bytes File C:\RECYCLER\S-1-5-21-1807912204-3310893006-3837037344-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1807912204-3310893006-3837037344-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-1955988865-615119794-1889615487-500 0 bytes File C:\RECYCLER\S-1-5-21-1955988865-615119794-1889615487-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-1955988865-615119794-1889615487-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-2196277320-3098259746-3209781282-500 0 bytes File C:\RECYCLER\S-1-5-21-2196277320-3098259746-3209781282-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2196277320-3098259746-3209781282-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-2268513725-4163566240-940671480-500 0 bytes File C:\RECYCLER\S-1-5-21-2268513725-4163566240-940671480-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2268513725-4163566240-940671480-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-2343310058-4293595576-4069237859-500 0 bytes File C:\RECYCLER\S-1-5-21-2343310058-4293595576-4069237859-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2343310058-4293595576-4069237859-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-2709056177-141306975-4276424342-500 0 bytes File C:\RECYCLER\S-1-5-21-2709056177-141306975-4276424342-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2709056177-141306975-4276424342-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-275796292-3127858483-3348420976-500 0 bytes File C:\RECYCLER\S-1-5-21-275796292-3127858483-3348420976-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-275796292-3127858483-3348420976-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-2853697771-1055311365-2510583993-500 0 bytes File C:\RECYCLER\S-1-5-21-2853697771-1055311365-2510583993-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2853697771-1055311365-2510583993-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-977884091-2094757630-4091713960-500 0 bytes File C:\RECYCLER\S-1-5-21-977884091-2094757630-4091713960-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-977884091-2094757630-4091713960-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-980879744-2583755831-764809533-500 0 bytes File C:\RECYCLER\S-1-5-21-980879744-2583755831-764809533-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-980879744-2583755831-764809533-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-2999427924-846193165-3260435839-500 0 bytes File C:\RECYCLER\S-1-5-21-2999427924-846193165-3260435839-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-2999427924-846193165-3260435839-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-3037956753-988260457-1478570615-500 0 bytes File C:\RECYCLER\S-1-5-21-3037956753-988260457-1478570615-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-3037956753-988260457-1478570615-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-3342803157-2725115875-1790341725-500 0 bytes File C:\RECYCLER\S-1-5-21-3342803157-2725115875-1790341725-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-3342803157-2725115875-1790341725-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-3525832044-2965876374-3265954458-500 0 bytes File C:\RECYCLER\S-1-5-21-3525832044-2965876374-3265954458-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-3525832044-2965876374-3265954458-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-3576266350-3791913015-1144556260-500 0 bytes File C:\RECYCLER\S-1-5-21-3576266350-3791913015-1144556260-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-3576266350-3791913015-1144556260-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-3882585988-2504489236-3570448058-500 0 bytes File C:\RECYCLER\S-1-5-21-3882585988-2504489236-3570448058-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-3882585988-2504489236-3570448058-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-3938400592-1463817861-56455577-500 0 bytes File C:\RECYCLER\S-1-5-21-3938400592-1463817861-56455577-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-3938400592-1463817861-56455577-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-4048642853-424414966-841418922-500 0 bytes File C:\RECYCLER\S-1-5-21-4048642853-424414966-841418922-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-4048642853-424414966-841418922-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-4051324062-3490772985-3871615572-500 0 bytes File C:\RECYCLER\S-1-5-21-4051324062-3490772985-3871615572-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-4051324062-3490772985-3871615572-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-4231799248-788481984-1064418256-500 0 bytes File C:\RECYCLER\S-1-5-21-4231799248-788481984-1064418256-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-4231799248-788481984-1064418256-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-438331805-2945841635-2269778258-500 0 bytes File C:\RECYCLER\S-1-5-21-438331805-2945841635-2269778258-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-438331805-2945841635-2269778258-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-776614750-2474777608-705725908-500 0 bytes File C:\RECYCLER\S-1-5-21-776614750-2474777608-705725908-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-776614750-2474777608-705725908-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-795744473-3441521119-2628348427-500 0 bytes File C:\RECYCLER\S-1-5-21-795744473-3441521119-2628348427-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-795744473-3441521119-2628348427-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-795965820-2112781288-1451285955-500 0 bytes File C:\RECYCLER\S-1-5-21-795965820-2112781288-1451285955-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-795965820-2112781288-1451285955-500\INFO2 20 bytes File C:\RECYCLER\S-1-5-21-843649701-519992986-1177616910-500 0 bytes File C:\RECYCLER\S-1-5-21-843649701-519992986-1177616910-500\desktop.ini 65 bytes File C:\RECYCLER\S-1-5-21-843649701-519992986-1177616910-500\INFO2 20 bytes File C:\WINDOWS\system32\Cache 0 bytes File C:\WINDOWS\system32\win.ini 76 bytes File C:\WINDOWS\system32\winhelp.exe 256192 bytes File C:\WINDOWS\system32\_default.pif 707 bytes File C:\WINDOWS\TEMP\ASPNETSetup_00000.log 13596 bytes File C:\WINDOWS\TEMP\Cookies 0 bytes File C:\WINDOWS\TEMP\Cookies\index.dat 16384 bytes File C:\WINDOWS\TEMP\dd_depcheck_NETFX_EXP_35.txt 186330 bytes File C:\WINDOWS\TEMP\dd_dotnetfx35error.txt 2 bytes File C:\WINDOWS\TEMP\dd_dotnetfx35install.txt 217760 bytes File C:\WINDOWS\TEMP\dd_NET_Framework20_Setup5590.txt 8172230 bytes File C:\WINDOWS\TEMP\dd_NET_Framework30_Setup5699.txt 3407978 bytes File C:\WINDOWS\TEMP\dd_NET_Framework35_MSI570B.txt 1139736 bytes File C:\WINDOWS\TEMP\dd_RGB9RAST_x86.msi5580.txt 134182 bytes File C:\WINDOWS\TEMP\dd_wcf_retCA295F.txt 5120 bytes File C:\WINDOWS\TEMP\dd_XPS.txt 4308 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_a4.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_b34.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_bac.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_c24.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_c4c.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_e0c.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_e20.dat 16384 bytes File C:\WINDOWS\TEMP\SilverlightMSI5746.txt 227466 bytes File C:\WINDOWS\TEMP\SilverlightUI5746.txt 9234 bytes File C:\WINDOWS\TEMP\T30DebugLogFile.txt 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\4I94CWTR 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\4I94CWTR\desktop.ini 67 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat 16384 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\IRL6GMK9 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\IRL6GMK9\desktop.ini 67 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\LOZTDY7Q 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\LOZTDY7Q\desktop.ini 67 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\T2I1QOJ4 0 bytes File C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\T2I1QOJ4\desktop.ini 67 bytes File C:\WINDOWS\TEMP\uxeventlog.txt 5426 bytes File C:\WINDOWS\TEMP\WSFF8.tmp 25277 bytes File C:\WINDOWS\TEMP\WSFF9.tmp 30052 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_114.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_3c0.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_4e4.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_660.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_73c.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_74c.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_770.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_77c.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_854.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_88c.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_9c4.dat 16384 bytes File C:\WINDOWS\TEMP\History 0 bytes File C:\WINDOWS\TEMP\History\History.IE5 0 bytes File C:\WINDOWS\TEMP\History\History.IE5\desktop.ini 145 bytes File C:\WINDOWS\TEMP\History\History.IE5\index.dat 16384 bytes File C:\WINDOWS\TEMP\Perflib_Perfdata_a0c.dat 16384 bytes ---- EOF - GMER 2.1 ----