[code] WinPFind35 logfile created on: 2/20/2008 8:29:01 PM WinPFind35U Version 1.0.0.0 Folder = C:\Documents and Settings\Mark\My Documents\mark\old\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.48 Mb Total Physical Memory | 775.46 Mb Available Physical Memory | 75.84% Memory free 2.41 Gb Paging File | 2.19 Gb Available in Paging File | 91.21% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.35 Gb Total Space | 36.46 Gb Free Space | 51.82% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DENIBM Current User Name: Mark Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user [Processes - Non-Microsoft Only] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr = ] pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ] winpfind35u.exe -> %UserProfile%\My Documents\mark\old\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/20/2008 11:36:44 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 9/30/2005 6:22:50 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:50 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 1/25/2007 6:40:36 PM | Attr = ] (IBM Rapid Restore Ultra Service) IBM Rapid Restore Ultra Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -> [Ver = 4,0,0,4026 | Size = 339968 bytes | Modified Date = 3/19/2004 4:21:10 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2/4/2008 2:18:32 PM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 1/14/2004 8:21:00 AM | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 106586 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ] (McShield) Network Associates McShield [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 7.1.0.116 | Size = 237657 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ] (McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 69706 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 7:55:48 PM | Attr = ] (PsaSrv) IBM PSA Access Driver Control [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\PSASRV.EXE -> [Ver = | Size = 96824 bytes | Modified Date = 9/30/2003 6:11:36 PM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ] (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ] (SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 7:59:50 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 3:20:04 PM | Attr = ] (ADM8511) ADMtek ADM8511/AN986 USB To Fast Ethernet Converter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ADM8511.SYS -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Modified Date = 8/17/2001 3:11:18 PM | Attr = ] (aeaudio) aeaudio [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.36 | Size = 100384 bytes | Modified Date = 10/23/2003 2:17:10 PM | Attr = ] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.20.1064 | Size = 43672 bytes | Modified Date = 1/28/2005 2:57:20 PM | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 4:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 2:07:44 AM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 4:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 4:51:58 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6451 | Size = 745984 bytes | Modified Date = 5/16/2004 1:41:40 AM | Attr = ] (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 7.43.0.0 built by: WinDDK | Size = 113664 bytes | Modified Date = 3/29/2004 4:55:22 PM | Attr = ] (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 4:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 4:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:07:18 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:07:18 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ] (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.76a | Size = 85936 bytes | Modified Date = 1/14/2004 6:21:00 AM | Attr = ] (DW) DW [Kernel | System | Stopped] -> -> File not found (dwusbdnt) dwusbdnt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\dwusbdnt.sys -> Digit@lway Co., Ltd. [Ver = 2,0,0,0 built by: WinDDK | Size = 10368 bytes | Modified Date = 5/24/2002 11:52:58 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 3:12:10 PM | Attr = ] (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 1:44:04 PM | Attr = ] (hp4200c) %usbscan.SvcDesc% [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hp4200c.sys -> Hewlett-Packard [Ver = 2.02.2000 built by: Administrator | Size = 9312 bytes | Modified Date = 2/18/2001 10:09:56 AM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 8, 0, 0, 0 | Size = 51088 bytes | Modified Date = 3/17/2004 10:22:42 PM | Attr = R ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 16496 bytes | Modified Date = 3/17/2004 10:22:44 PM | Attr = R ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 21744 bytes | Modified Date = 3/17/2004 10:21:02 PM | Attr = ] (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.12.03 | Size = 212864 bytes | Modified Date = 2/25/2004 6:22:00 AM | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.03 | Size = 1041536 bytes | Modified Date = 2/25/2004 6:18:46 AM | Attr = ] (ibmfilter) ibmfilter [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ibmfilter.sys -> IBM [Ver = 3.01 built by: WinDDK | Size = 64256 bytes | Modified Date = 9/23/2004 8:39:58 PM | Attr = ] (IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ] (IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ] (IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ] (IPSECEXT) Nortel Extranet Access Protocol [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 114016 bytes | Modified Date = 5/1/2002 10:16:24 PM | Attr = ] (IPSECSHM) Nortel IPSECSHM Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipsecw2k.sys -> Nortel Networks [Ver = 4.10 | Size = 114016 bytes | Modified Date = 5/1/2002 10:16:24 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp_sp2_rtm.040803-2158) | Size = 34688 bytes | Modified Date = 8/3/2004 10:59:34 PM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 8:48:08 AM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 4:52:12 PM | Attr = ] (NaiAvFilter1) NaiAvFilter1 [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 7.1.0.111 | Size = 83008 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ] (ndiscm) Motorola USB Cable Modem Windows Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NetMotCM.sys -> Motorola Inc. [Ver = 2.4.1.0 | Size = 14336 bytes | Modified Date = 8/9/2003 7:32:14 PM | Attr = R ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 1:29:56 AM | Attr = ] (PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> system32\drivers\PalmUSBD.sys -> File not found (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (pelmouse) Mouse Suite Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PELMOUSE.SYS -> Primax Electronics Ltd. [Ver = 1.4.0.5 | Size = 16384 bytes | Modified Date = 1/10/2003 4:55:32 PM | Attr = ] (pelusblf) USB Mouse Low Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PELUSBLF.SYS -> Primax Electronics Ltd. [Ver = 1.4.2.7 | Size = 9216 bytes | Modified Date = 2/11/2003 4:25:14 PM | Attr = ] (Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 9/19/2003 4:47:00 AM | Attr = ] (portio) TPM Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NscTpmDD.sys -> National Semiconductor Corp. [Ver = 1.18.0.5 | Size = 14695 bytes | Modified Date = 4/27/2004 3:11:30 PM | Attr = ] (psadd) IBM PSA Access Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PSADD.SYS -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 13312 bytes | Modified Date = 1/21/2005 12:51:56 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.22a | Size = 20576 bytes | Modified Date = 12/8/2004 8:03:00 AM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 4:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 4:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 4:52:18 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 2:07:44 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.4060 | Size = 612352 bytes | Modified Date = 4/9/2004 3:41:30 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 5:07:44 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 5:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 5:07:36 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 5:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 5:07:42 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 4:52:22 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.03 built by: WinDDK | Size = 682624 bytes | Modified Date = 2/25/2004 6:20:22 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5107 | Size = 339968 bytes | Modified Date = 5/16/2004 12:10:00 AM | Attr = ] Camera Detector -> %ProgramFiles%\ACD Systems\DevDetect\DevDetect.exe -> ACD Systems, Ltd. [Ver = 1, 3, 0, 1 | Size = 208896 bytes | Modified Date = 12/9/2002 2:35:44 PM | Attr = ] DIGStream -> %ProgramFiles%\DIGStream\digstream.exe -> File not found FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 294912 bytes | Modified Date = 2/4/2004 3:33:20 PM | Attr = ] Hot Key Kbd Daemon -> %SystemRoot%\system32\SKDAEMON.EXE -> LITE-ON [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 3/29/2004 7:02:58 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 11:38:42 AM | Attr = ] HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.245.1.0 | Size = 176128 bytes | Modified Date = 5/4/2004 2:21:22 AM | Attr = ] HPHmon05 -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,3,5 | Size = 491520 bytes | Modified Date = 5/4/2004 5:17:06 PM | Attr = ] HPHUPD05 -> %ProgramFiles%\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe -> Hewlett-Packard [Ver = 5,3,1 | Size = 49152 bytes | Modified Date = 3/31/2004 11:34:44 PM | Attr = ] hplampc -> %SystemRoot%\system32\hplampc.exe -> Hewlett-Packard [Ver = 7.28.2000 | Size = 40448 bytes | Modified Date = 1/17/2002 10:40:10 AM | Attr = ] IBM Warranty Notification -> %ProgramFiles%\IBM\acp\ERTS0749\ERTS0749.exe -> IBM Corporation [Ver = 1, 0, 0, 3 | Size = 106496 bytes | Modified Date = 3/12/2004 9:24:58 PM | Attr = ] ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.012 | Size = 438272 bytes | Modified Date = 4/20/2004 5:01:20 AM | Attr = ] IBMPRC -> %SystemDrive%\IBMTOOLS\utils\ibmprc.exe -> IBM Corp. [Ver = 1, 0, 0, 3 | Size = 90112 bytes | Modified Date = 3/19/2004 3:12:10 PM | Attr = ] ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2/4/2008 2:18:40 PM | Attr = ] Jpjnk -> %ProgramFiles%\Xasjce\Wveqte.exe -> File not found Lexmark 2200 Series -> %ProgramFiles%\Lexmark 2200 Series\lxbvbmgr.exe -> Lexmark International, Inc. [Ver = 1.0.4.0 | Size = 57344 bytes | Modified Date = 2/13/2004 8:08:00 AM | Attr = ] McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.1.1.184 | Size = 135251 bytes | Modified Date = 9/10/2003 3:11:00 AM | Attr = ] Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 7.00.0716.0 | Size = 28672 bytes | Modified Date = 7/16/2002 3:21:48 PM | Attr = ] Mouse Suite 98 Daemon -> %SystemRoot%\system32\ico.exe -> Primax Electronics Ltd. [Ver = 1, 0, 1, 0 | Size = 57344 bytes | Modified Date = 11/20/2003 5:08:14 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr = ] ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 7.1.0.187 | Size = 81990 bytes | Modified Date = 9/29/2003 7:10:00 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:36 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 1/30/2005 3:29:56 AM | Attr = ] UC_SMB -> -> File not found UC_Start -> %ProgramFiles%\IBM\Updater\ucstartup.exe -> [Ver = | Size = 36864 bytes | Modified Date = 9/30/2003 6:39:00 PM | Attr = ] UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 4:01:00 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ibmmessages -> %ProgramFiles%\IBM\Messages By IBM\ibmmessages.exe -> IBM [Ver = 2.012 | Size = 438272 bytes | Modified Date = 4/20/2004 5:01:20 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/17/2007 5:42:12 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] < Mark Startup Folder > -> C:\Documents and Settings\Mark\Start Menu\Programs\Startup -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {8670ee50-01f9-47da-ac1e-cf8549e9e521} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [eupeptic] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> {8670ee50-01f9-47da-ac1e-cf8549e9e521} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [eupeptic] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\isamonitor.exe -> C:\Program Files\Video ActiveX Object\isamonitor.exe [C:\Program Files\Video ActiveX Object\isamonitor.exe] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\isamini.exe -> C:\Program Files\Video ActiveX Object\isamonitor.exe [C:\Program Files\Video ActiveX Object\isamonitor.exe] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.espn.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 1 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion BHO] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 3:02:16 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 1121, 2472 | Size = 323568 bytes | Modified Date = 1/23/2008 4:33:42 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 3:02:16 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Companion] -> Yahoo! Inc. [Ver = 2004, 9, 28, 1 | Size = 292947 bytes | Modified Date = 9/29/2004 3:02:16 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {38ED6132-7EEB-471A-AABB-0580DE8CE1ED} -> () -> {528FE18F-C4A6-497B-8D0B-A3EC9E779D47} -> (Linksys Etherfast USB 10/100 Ethernet Adapter) -> {A601EF20-2C95-4B1D-A4EE-E6583906152B} -> (Broadcom NetXtreme Gigabit Ethernet) -> {BF72D316-F22E-4780-AFB0-B20BAB0D797D} -> (Motorola SURFboard SB5100 USB Cable Modem) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 11:38:40 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 280 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] pwdmon -> %SystemRoot%\system32\pwdmon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 3/19/2004 3:12:10 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12623 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\IBM\Updater\ucsmb.exe -> Updater\ucsmb.exe [%ProgramFiles%\IBM\Updater\ucsmb.exe:*:enabled:IBM Update Connector] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\IBM\Updater\jre\bin\java.exe -> Updater\jre\bin\java.exe [%ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe -> Updater\jre\bin\javaw.exe [%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 11:54:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 3:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%ProgramFiles%\IBM\Updater\ucsmb.exe -> Updater\ucsmb.exe [%ProgramFiles%\IBM\Updater\ucsmb.exe:*:enabled:IBM Update Connector] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%ProgramFiles%\IBM\Updater\jre\bin\java.exe -> Updater\jre\bin\java.exe [%ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe -> Updater\jre\bin\javaw.exe [%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 12/3/2007 4:35:53 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nortel Networks\Extranet.exe -> C:\Program Files\Nortel Networks\Extranet.exe [C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client] -> Nortel Networks NA, Inc. [Ver = V04_15.00 | Size = 565248 bytes | Modified Date = 5/1/2002 10:09:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire 4.0.8 Pro\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire 4.0.8 Pro\LimeWire.exe [C:\Program Files\LimeWire\LimeWire 4.0.8 Pro\LimeWire.exe:*:Enabled:LimeWire: The most advanced file sharing program on the planet.] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\BitComet.exe -> C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\BitComet.exe [C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 9/29/2005 1:51:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mark\My Documents\mark\LimeWire\LimeWire.exe -> C:\Documents and Settings\Mark\My Documents\mark\LimeWire\LimeWire.exe [C:\Documents and Settings\Mark\My Documents\mark\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe -> C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe [C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client] -> Hewlett-Packard [Ver = 3, 0, 4, 2 | Size = 565248 bytes | Modified Date = 2/15/2005 10:36:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> www.sopcast.com [Ver = 1.1.2.0 | Size = 1863680 bytes | Modified Date = 4/19/2007 11:21:16 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mark\Application Data\SopCast\adv\SopAdver.exe -> C:\Documents and Settings\Mark\Application Data\SopCast\adv\SopAdver.exe [C:\Documents and Settings\Mark\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> www.sopcast.com [Ver = 1, 1, 1, 0 | Size = 260944 bytes | Modified Date = 4/29/2007 5:34:09 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 205824 bytes | Modified Date = 5/3/2007 3:11:19 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 11:54:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 3:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVAnts\Tvants.exe -> C:\Program Files\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 6:01:25 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TVUPlayer\TVUPlayer.exe -> C:\Program Files\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component] -> TVU networks [Ver = 2.3.5.3 | Size = 1299736 bytes | Modified Date = 1/23/2008 5:13:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.0.29 | Size = 19926824 bytes | Modified Date = 2/4/2008 2:18:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6149C5CF-0155-4610-A1B3-E226669EF55B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> [Files/Folders - Created Within 30 days] lbrtfdc.sys -> %SystemRoot%\System32\dllcache\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp_sp2_rtm.040803-2158) | Size = 34688 bytes | Modified Date = 8/3/2004 10:59:34 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Modified Date = 12/10/2007 2:53:30 PM | Attr = ] lbrtfdc.sys -> %SystemRoot%\System32\drivers\lbrtfdc.sys -> Toshiba Corp. [Ver = Version 5.10.3 (xpsp_sp2_rtm.040803-2158) | Size = 34688 bytes | Modified Date = 8/3/2004 10:59:34 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] rules.dat -> %SystemRoot%\rules.dat -> [Ver = | Size = 2858 bytes | Modified Date = 2/20/2008 12:02:47 PM | Attr = ] trashicon.exe -> %SystemRoot%\trashicon.exe -> [Ver = | Size = 69120 bytes | Modified Date = 2/14/2008 5:03:12 PM | Attr = ] wndsk.dll -> %SystemRoot%\wndsk.dll -> [Ver = | Size = 32256 bytes | Modified Date = 2/20/2008 6:21:42 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2/20/2008 12:53:14 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 2/20/2008 5:20:27 PM | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 TVU networks -> %AllUsersProfile%\Application Data\TVU networks -> [Folder | Created Date = 1/27/2008 7:18:19 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/20/2008 12:53:30 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Created Date = 2/9/2008 4:03:34 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 2/20/2008 5:20:12 PM | Attr = ] TVU networks -> %AppData%\TVU networks -> [Folder | Created Date = 1/27/2008 7:18:19 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 2/20/2008 12:22:20 PM | Attr = ] 10 C:\Documents and Settings\Mark\My Documents\*.tmp files -> C:\Documents and Settings\Mark\My Documents\*.tmp -> My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 582 bytes | Modified Date = 2/20/2008 3:34:44 PM | Attr = ] othe word doc -> %UserProfile%\My Documents\othe word doc -> [Folder | Created Date = 2/19/2008 3:46:34 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 861 bytes | Modified Date = 2/20/2008 12:53:18 PM | Attr = ] Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1649 bytes | Modified Date = 2/20/2008 5:20:21 PM | Attr = ] Shortcut to WinPFind35u.lnk -> %UserProfile%\Desktop\Shortcut to WinPFind35u.lnk -> [Ver = | Size = 757 bytes | Modified Date = 2/20/2008 8:15:16 PM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/17/2008 3:12:07 PM | Attr = ] IBMSHARE -> %SystemDrive%\IBMSHARE -> [Folder | Modified Date = 2/20/2008 4:11:10 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/20/2008 5:20:12 PM | Attr = ] quarantine -> %SystemDrive%\quarantine -> [Folder | Modified Date = 2/19/2008 11:42:37 AM | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/8/2008 12:57:10 AM | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/8/2008 12:57:19 AM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/9/2008 2:06:01 AM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/10/2008 12:56:02 AM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/11/2008 2:23:45 AM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/12/2008 1:25:17 AM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/12/2008 1:25:37 AM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/13/2008 1:30:05 AM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/13/2008 5:05:36 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/16/2008 6:25:04 AM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/17/2008 12:26:57 AM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/17/2008 12:26:57 AM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/17/2008 6:38:50 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/17/2008 6:41:50 PM | Attr = H ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/17/2008 7:16:23 PM | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/17/2008 7:55:25 PM | Attr = H ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/19/2008 1:17:01 AM | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/4/2008 12:44:50 AM | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/5/2008 2:02:51 AM | Attr = H ] sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 2/7/2008 1:36:43 AM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/8/2008 12:57:10 AM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/8/2008 12:57:19 AM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/9/2008 2:06:01 AM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/10/2008 12:56:02 AM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/11/2008 2:23:45 AM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/12/2008 1:25:17 AM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/12/2008 1:25:37 AM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/13/2008 1:30:05 AM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/13/2008 5:05:36 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/16/2008 6:25:03 AM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/17/2008 12:26:57 AM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/17/2008 12:26:57 AM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/17/2008 6:38:50 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/17/2008 6:41:50 PM | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/17/2008 7:16:23 PM | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/17/2008 7:55:25 PM | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/19/2008 1:17:01 AM | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/4/2008 12:44:50 AM | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/5/2008 2:02:51 AM | Attr = H ] sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/7/2008 1:36:43 AM | Attr = H ] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 2/20/2008 1:53:47 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/20/2008 6:21:42 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/20/2008 3:43:37 PM | Attr = ] 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/20/2008 3:02:48 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/20/2008 8:18:18 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 53724 bytes | Modified Date = 2/20/2008 5:21:25 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 383562 bytes | Modified Date = 2/20/2008 5:21:25 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 443816 bytes | Modified Date = 2/20/2008 5:21:25 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 2/20/2008 8:09:06 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/13/2008 11:24:22 AM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/20/2008 8:17:15 PM | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 1962 bytes | Modified Date = 2/18/2008 11:57:44 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/19/2008 1:22:28 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/14/2008 2:05:00 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/14/2008 2:05:40 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/19/2008 11:16:07 AM | Attr = HS] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 473 bytes | Modified Date = 2/5/2008 6:38:59 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/20/2008 6:29:08 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/20/2008 3:42:05 PM | Attr = H ] randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 2/19/2008 12:30:43 PM | Attr = ] rules.dat -> %SystemRoot%\rules.dat -> [Ver = | Size = 2858 bytes | Modified Date = 2/20/2008 12:02:47 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/20/2008 5:21:25 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/20/2008 8:20:45 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/20/2008 8:17:45 PM | Attr = ] trashicon.exe -> %SystemRoot%\trashicon.exe -> [Ver = | Size = 69120 bytes | Modified Date = 2/14/2008 5:03:12 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/27/2008 12:40:56 PM | Attr = ] wndsk.dll -> %SystemRoot%\wndsk.dll -> [Ver = | Size = 32256 bytes | Modified Date = 2/20/2008 6:21:42 PM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 2/20/2008 5:43:01 PM | Attr = ] HP DArC Task #Hewlett-Packard#7700#MY4822J35YU1.job -> %SystemRoot%\tasks\HP DArC Task #Hewlett-Packard#7700#MY4822J35YU1.job -> [Ver = | Size = 318 bytes | Modified Date = 2/1/2008 10:24:08 PM | Attr = ] HP Usg Daily.job -> %SystemRoot%\tasks\HP Usg Daily.job -> [Ver = | Size = 344 bytes | Modified Date = 2/20/2008 5:42:03 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/20/2008 8:20:45 PM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/20/2008 8:16:06 PM | Attr = H ] User_Feed_Synchronization-{763AB149-50BF-4C50-8599-78D3972D2FE1}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{763AB149-50BF-4C50-8599-78D3972D2FE1}.job -> [Ver = | Size = 420 bytes | Modified Date = 2/20/2008 1:15:24 AM | Attr = H ] WebReg 20050128115829.job -> %SystemRoot%\tasks\WebReg 20050128115829.job -> [Ver = | Size = 478 bytes | Modified Date = 2/20/2008 11:58:00 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5394 bytes | Modified Date = 2/20/2008 8:08:53 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5394 bytes | Modified Date = 2/20/2008 8:08:53 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 1/24/2005 5:00:07 PM | Attr = ] Install_Messenger.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Install_Messenger.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 18895728 bytes | Modified Date = 1/19/2007 5:54:17 PM | Attr = ] Install_MSN_Messenger.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Install_MSN_Messenger.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 9352392 bytes | Modified Date = 10/18/2005 6:40:29 PM | Attr = ] Install_MSN_Messenger_DL.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Install_MSN_Messenger_DL.exe -> Microsoft Corporation [Ver = 6.00.2494.0000 (Lab03_N.010615-2109) | Size = 7364808 bytes | Modified Date = 6/24/2005 4:06:55 PM | Attr = ] istsv_.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\istsv_.exe -> [Ver = | Size = 19456 bytes | Modified Date = 7/4/2006 10:42:17 AM | Attr = ] jre-1_5_0_02-windows-i586-p-iftw_73945943.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\jre-1_5_0_02-windows-i586-p-iftw_73945943.exe -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 226584 bytes | Modified Date = 3/6/2005 12:24:35 AM | Attr = ] jre-1_5_0_04-windows-i586-p-iftw_c07126c3.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\jre-1_5_0_04-windows-i586-p-iftw_c07126c3.exe -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 226584 bytes | Modified Date = 6/8/2005 4:54:57 PM | Attr = ] Patch_MSN_Messenger.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\Patch_MSN_Messenger.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2422984 bytes | Modified Date = 2/2/2006 3:23:30 PM | Attr = ] setup_wm.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 | Size = 774144 bytes | Modified Date = 8/4/2004 3:56:58 AM | Attr = ] ~uga6psetup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\~uga6psetup.exe -> {param:cn|Locus Software, Inc.} [Ver = 2.1.355.20 | Size = 15520695 bytes | Modified Date = 2/15/2008 11:24:38 AM | Attr = ] 555 C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp -> setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\bye2CB.tmp\Disk1\setup.exe -> InstallShield Software Corporation [Ver = 10.01.244 | Size = 119016 bytes | Modified Date = 7/15/2005 7:40:43 PM | Attr = ] setup.exe -> C:\Documents and Settings\Mark\Local Settings\Temp\NI.UGA6P_5555_N122M0312\setup.exe -> LocusSoftware, Inc. [Ver = 2,1,355,20 | Size = 15569440 bytes | Modified Date = 2/15/2008 10:40:57 AM | Attr = ] InfoWindow.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\InfoWindow.dll -> RealNetworks, Inc. [Ver = 6.0.0.11 | Size = 75080 bytes | Modified Date = 1/30/2005 3:28:31 AM | Attr = ] QTInstallerHelper.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\QTInstallerHelper.dll -> [Ver = | Size = 69632 bytes | Modified Date = 9/23/2004 7:18:19 PM | Attr = ] sohujjyj.dll -> C:\Documents and Settings\Mark\Local Settings\Temp\sohujjyj.dll -> [Ver = | Size = 53248 bytes | Modified Date = 2/20/2008 8:26:25 PM | Attr = ] 555 C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp -> Perflib_Perfdata_7a4.dat -> C:\Documents and Settings\Mark\Local Settings\Temp\Perflib_Perfdata_7a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/5/2006 9:28:52 PM | Attr = ] Perflib_Perfdata_b8c.dat -> C:\Documents and Settings\Mark\Local Settings\Temp\Perflib_Perfdata_b8c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/5/2006 9:28:56 PM | Attr = ] 555 C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Mark\Local Settings\Temp\*.tmp -> setup.ini -> C:\Documents and Settings\Mark\Local Settings\Temp\bye2CB.tmp\Disk1\setup.ini -> [Ver = | Size = 459 bytes | Modified Date = 7/15/2005 7:40:43 PM | Attr = ] settings.ini -> C:\Documents and Settings\Mark\Local Settings\Temp\NI.UGA6P_5555_N122M0312\settings.ini -> [Ver = | Size = 23 bytes | Modified Date = 2/15/2008 11:25:28 AM | Attr = ] iTunesSetupAdmin[1].exe -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IBKYSLPB\iTunesSetupAdmin[1].exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 116008 bytes | Modified Date = 11/13/2007 10:24:37 PM | Attr = ] iottem.dll -> C:\WINDOWS\Temp\iottem.dll -> [Ver = | Size = 32256 bytes | Modified Date = 2/20/2008 4:38:11 PM | Attr = ] 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> System.Xml.dll -> C:\WINDOWS\Temp\ZAP25F.tmp\System.Xml.dll -> [Ver = | Size = 1855712 bytes | Modified Date = 12/2/2007 1:13:59 AM | Attr = ] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/13/2007 7:56:00 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 11/13/2007 7:56:00 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 49152 bytes | Modified Date = 11/13/2007 7:56:00 PM | Attr = ] 0x0401.ini -> C:\WINDOWS\Temp\_is11E\0x0401.ini -> [Ver = | Size = 3935 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x0404.ini -> C:\WINDOWS\Temp\_is11E\0x0404.ini -> [Ver = | Size = 3209 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x0405.ini -> C:\WINDOWS\Temp\_is11E\0x0405.ini -> [Ver = | Size = 4382 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x0406.ini -> C:\WINDOWS\Temp\_is11E\0x0406.ini -> [Ver = | Size = 4408 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x0407.ini -> C:\WINDOWS\Temp\_is11E\0x0407.ini -> [Ver = | Size = 4667 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x0408.ini -> C:\WINDOWS\Temp\_is11E\0x0408.ini -> [Ver = | Size = 5058 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0409.ini -> C:\WINDOWS\Temp\_is11E\0x0409.ini -> [Ver = | Size = 4187 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x040a.ini -> C:\WINDOWS\Temp\_is11E\0x040a.ini -> [Ver = | Size = 4824 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x040b.ini -> C:\WINDOWS\Temp\_is11E\0x040b.ini -> [Ver = | Size = 4291 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x040c.ini -> C:\WINDOWS\Temp\_is11E\0x040c.ini -> [Ver = | Size = 4938 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x040d.ini -> C:\WINDOWS\Temp\_is11E\0x040d.ini -> [Ver = | Size = 3614 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x040e.ini -> C:\WINDOWS\Temp\_is11E\0x040e.ini -> [Ver = | Size = 4174 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0410.ini -> C:\WINDOWS\Temp\_is11E\0x0410.ini -> [Ver = | Size = 4710 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0411.ini -> C:\WINDOWS\Temp\_is11E\0x0411.ini -> [Ver = | Size = 4325 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0413.ini -> C:\WINDOWS\Temp\_is11E\0x0413.ini -> [Ver = | Size = 4653 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] 0x0414.ini -> C:\WINDOWS\Temp\_is11E\0x0414.ini -> [Ver = | Size = 4371 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0415.ini -> C:\WINDOWS\Temp\_is11E\0x0415.ini -> [Ver = | Size = 4455 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0416.ini -> C:\WINDOWS\Temp\_is11E\0x0416.ini -> [Ver = | Size = 4509 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0419.ini -> C:\WINDOWS\Temp\_is11E\0x0419.ini -> [Ver = | Size = 4455 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x041d.ini -> C:\WINDOWS\Temp\_is11E\0x041d.ini -> [Ver = | Size = 4179 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] 0x0804.ini -> C:\WINDOWS\Temp\_is11E\0x0804.ini -> [Ver = | Size = 3266 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] Setup.INI -> C:\WINDOWS\Temp\_is11E\Setup.INI -> [Ver = | Size = 1461 bytes | Modified Date = 12/2/2007 3:07:19 PM | Attr = ] _ISMSIDEL.INI -> C:\WINDOWS\Temp\_is11E\_ISMSIDEL.INI -> [Ver = | Size = 1019 bytes | Modified Date = 12/2/2007 3:07:20 PM | Attr = ] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 1/24/2005 6:49:07 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/24/2005 6:49:07 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1OIK38L2\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/24/2005 6:49:07 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IBKYSLPB\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/24/2005 6:49:07 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WYZR6XQ1\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/24/2005 6:49:07 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ZA8NKUDK\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/24/2005 6:49:07 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] DIGStream -> %AllUsersProfile%\Application Data\DIGStream -> [Folder | Modified Date = 2/20/2008 1:37:06 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2/20/2008 12:53:14 PM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1367 bytes | Modified Date = 2/14/2008 3:56:28 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2/20/2008 8:18:04 PM | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 TVU networks -> %AllUsersProfile%\Application Data\TVU networks -> [Folder | Modified Date = 1/27/2008 7:18:19 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/20/2008 12:53:30 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 2/9/2008 4:04:01 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 2/20/2008 5:20:12 PM | Attr = ] TVU networks -> %AppData%\TVU networks -> [Folder | Modified Date = 1/27/2008 7:18:22 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 74752 bytes | Modified Date = 2/20/2008 12:01:44 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4240744 bytes | Modified Date = 2/20/2008 6:27:08 PM | Attr = H ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 2/20/2008 12:22:20 PM | Attr = ] 10 C:\Documents and Settings\Mark\My Documents\*.tmp files -> C:\Documents and Settings\Mark\My Documents\*.tmp -> mark -> %UserProfile%\My Documents\mark -> [Folder | Modified Date = 2/19/2008 3:42:14 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/14/2008 6:45:43 PM | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 582 bytes | Modified Date = 2/20/2008 3:34:44 PM | Attr = ] othe word doc -> %UserProfile%\My Documents\othe word doc -> [Folder | Modified Date = 2/20/2008 6:31:46 PM | Attr = ] word doc -> %UserProfile%\My Documents\word doc -> [Folder | Modified Date = 2/19/2008 3:47:50 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 861 bytes | Modified Date = 2/20/2008 12:53:18 PM | Attr = ] Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1649 bytes | Modified Date = 2/20/2008 5:20:21 PM | Attr = ] Shortcut to WinPFind35u.lnk -> %UserProfile%\Desktop\Shortcut to WinPFind35u.lnk -> [Ver = | Size = 757 bytes | Modified Date = 2/20/2008 8:15:16 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 2/20/2008 5:20:27 PM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 2/24/2007 11:46:43 PM | Attr = ] Adobe(2) -> C:\Documents and Settings\All Users\Application Data\Adobe(2) -> [Folder | Modified Date = 2/4/2005 3:05:56 PM | Attr = ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 8/28/2007 7:05:44 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 4/30/2007 8:41:12 PM | Attr = ] DIGStream -> C:\Documents and Settings\All Users\Application Data\DIGStream -> [Folder | Modified Date = 2/20/2008 1:37:06 PM | Attr = ] FaxCtr -> C:\Documents and Settings\All Users\Application Data\FaxCtr -> [Folder | Modified Date = 12/2/2007 3:07:47 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 9/3/2006 5:23:29 PM | Attr = ] Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [Folder | Modified Date = 2/20/2008 12:53:14 PM | Attr = ] GTek -> C:\Documents and Settings\All Users\Application Data\GTek -> [Folder | Modified Date = 9/15/2005 5:55:27 PM | Attr = H ] IBM -> C:\Documents and Settings\All Users\Application Data\IBM -> [Folder | Modified Date = 1/21/2005 12:45:02 PM | Attr = ] Jes-Soft -> C:\Documents and Settings\All Users\Application Data\Jes-Soft -> [Folder | Modified Date = 10/24/2006 10:34:06 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 4/21/2007 7:38:28 PM | Attr = S] MSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir -> [Folder | Modified Date = 10/7/2006 1:11:19 PM | Attr = ] Network Associates -> C:\Documents and Settings\All Users\Application Data\Network Associates -> [Folder | Modified Date = 2/2/2005 8:52:20 PM | Attr = ] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [Folder | Modified Date = 1/26/2005 2:49:54 AM | Attr = ] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [Folder | Modified Date = 2/21/2003 11:02:04 AM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 2/22/2005 1:10:36 PM | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 2/20/2008 8:18:04 PM | Attr = ] @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 TVU networks -> C:\Documents and Settings\All Users\Application Data\TVU networks -> [Folder | Modified Date = 1/27/2008 7:18:19 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 6/30/2006 4:04:40 PM | Attr = ] Windows Live Toolbar -> C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar -> [Folder | Modified Date = 11/30/2006 8:52:50 AM | Attr = ] yahoo! -> C:\Documents and Settings\All Users\Application Data\yahoo! -> [Folder | Modified Date = 7/12/2006 8:06:09 PM | Attr = RH ] C:\Documents and Settings\Mark\Application Data\ -> C:\Documents and Settings\Mark\Application Data -> [Folder | Modified Date = 2/20/2008 5:20:12 PM | Attr = RH ] ACD Systems -> C:\Documents and Settings\Mark\Application Data\ACD Systems -> [Folder | Modified Date = 3/13/2005 3:51:36 PM | Attr = ] ACDInTouch -> C:\Documents and Settings\Mark\Application Data\ACDInTouch -> [Folder | Modified Date = 4/11/2005 10:39:56 PM | Attr = ] Adobe -> C:\Documents and Settings\Mark\Application Data\Adobe -> [Folder | Modified Date = 2/26/2005 6:52:09 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Mark\Application Data\AdobeUM -> [Folder | Modified Date = 11/5/2006 6:22:54 PM | Attr = ] Apple Computer -> C:\Documents and Settings\Mark\Application Data\Apple Computer -> [Folder | Modified Date = 5/8/2007 1:08:39 AM | Attr = ] FaxCtr -> C:\Documents and Settings\Mark\Application Data\FaxCtr -> [Folder | Modified Date = 12/3/2007 9:35:46 AM | Attr = ] Google -> C:\Documents and Settings\Mark\Application Data\Google -> [Folder | Modified Date = 12/21/2005 2:00:17 PM | Attr = ] Grisoft -> C:\Documents and Settings\Mark\Application Data\Grisoft -> [Folder | Modified Date = 2/20/2008 12:53:30 PM | Attr = ] IBM -> C:\Documents and Settings\Mark\Application Data\IBM -> [Folder | Modified Date = 1/25/2005 4:32:29 PM | Attr = ] Identities -> C:\Documents and Settings\Mark\Application Data\Identities -> [Folder | Modified Date = 2/21/2003 10:42:18 AM | Attr = ] InterVideo -> C:\Documents and Settings\Mark\Application Data\InterVideo -> [Folder | Modified Date = 1/21/2005 4:12:37 PM | Attr = ] Leadertech -> C:\Documents and Settings\Mark\Application Data\Leadertech -> [Folder | Modified Date = 1/21/2005 4:14:34 PM | Attr = ] Macromedia -> C:\Documents and Settings\Mark\Application Data\Macromedia -> [Folder | Modified Date = 1/26/2005 3:00:49 AM | Attr = ] Microsoft -> C:\Documents and Settings\Mark\Application Data\Microsoft -> [Folder | Modified Date = 12/2/2007 1:12:46 AM | Attr = S] Move Networks -> C:\Documents and Settings\Mark\Application Data\Move Networks -> [Folder | Modified Date = 2/9/2008 4:04:01 PM | Attr = ] PC Tools -> C:\Documents and Settings\Mark\Application Data\PC Tools -> [Folder | Modified Date = 2/20/2008 5:20:12 PM | Attr = ] Real -> C:\Documents and Settings\Mark\Application Data\Real -> [Folder | Modified Date = 1/30/2005 3:32:30 AM | Attr = ] Sonic -> C:\Documents and Settings\Mark\Application Data\Sonic -> [Folder | Modified Date = 1/21/2005 4:15:04 PM | Attr = ] SopCast -> C:\Documents and Settings\Mark\Application Data\SopCast -> [Folder | Modified Date = 5/4/2007 6:50:10 PM | Attr = ] Sun -> C:\Documents and Settings\Mark\Application Data\Sun -> [Folder | Modified Date = 5/6/2005 3:32:39 PM | Attr = ] Symantec -> C:\Documents and Settings\Mark\Application Data\Symantec -> [Folder | Modified Date = 1/21/2005 12:47:12 PM | Attr = ] TVU networks -> C:\Documents and Settings\Mark\Application Data\TVU networks -> [Folder | Modified Date = 1/27/2008 7:18:22 PM | Attr = ] uTorrent -> C:\Documents and Settings\Mark\Application Data\uTorrent -> [Folder | Modified Date = 12/4/2007 12:39:55 PM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 2/20/2008 8:20:45 PM | Attr = S] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/13/2007 10:23:44 PM | Attr = ] Check Updates for Windows Live Toolbar.job -> C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 2/20/2008 5:43:01 PM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/18/2001 7:00:00 AM | Attr = RH ] HP DArC Task #Hewlett-Packard#7700#MY4822J35YU1.job -> C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY4822J35YU1.job -> [Ver = | Size = 318 bytes | Modified Date = 2/1/2008 10:24:08 PM | Attr = ] HP Usg Daily.job -> C:\WINDOWS\Tasks\HP Usg Daily.job -> [Ver = | Size = 344 bytes | Modified Date = 2/20/2008 5:42:03 PM | Attr = ] MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/20/2008 8:20:45 PM | Attr = H ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/20/2008 8:16:06 PM | Attr = H ] Symantec NetDetect.job -> C:\WINDOWS\Tasks\Symantec NetDetect.job -> [Ver = | Size = 364 bytes | Modified Date = 1/24/2005 5:11:21 PM | Attr = ] User_Feed_Synchronization-{763AB149-50BF-4C50-8599-78D3972D2FE1}.job -> C:\WINDOWS\Tasks\User_Feed_Synchronization-{763AB149-50BF-4C50-8599-78D3972D2FE1}.job -> [Ver = | Size = 420 bytes | Modified Date = 2/20/2008 1:15:24 AM | Attr = H ] WebReg 20050128115829.job -> C:\WINDOWS\Tasks\WebReg 20050128115829.job -> [Ver = | Size = 478 bytes | Modified Date = 2/20/2008 11:58:00 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 112 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\Favorites\TD Bank - easyweb.url:favicon 318 bytes C:\Documents and Settings\Chris\Favorites\Western Email.url:favicon 25214 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Cancun\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Chance\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\cottage 2005\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\cottage and sydney\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Da Boyz\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\family cottage\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Grandma\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Greece 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Greek Wedding\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Kim\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\My House\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\New Years 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\NYC\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Rons Bachlour party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Sydney\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Chris\Shared\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dorothy\Desktop\TD Canada Trust.url:favicon 318 bytes C:\Documents and Settings\Dorothy\Favorites\Cooks.com - Recipes - Chicken Fillet.url:favicon 2550 bytes C:\Documents and Settings\Dorothy\Favorites\Hotel Search Results.url:favicon 766 bytes C:\Documents and Settings\Dorothy\Favorites\London Free Press Daily Classifieds.url:favicon 318 bytes C:\Documents and Settings\Dorothy\Favorites\Monster.ca - Today's The Day!.url:favicon 4710 bytes C:\Documents and Settings\Dorothy\Favorites\olgc.ca.url:favicon 568 bytes C:\Documents and Settings\Dorothy\Favorites\The University of Western Ontario.url:favicon 1406 bytes C:\Documents and Settings\Dorothy\Favorites\Theatres - SilverCity London.url:favicon 1150 bytes C:\Documents and Settings\Dorothy\Favorites\workopolis.com - Search Jobs - Canada's Biggest Job Site.url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\alluc.url:favicon 2550 bytes C:\Documents and Settings\Mark\Favorites\Animal Fights.url:favicon 318 bytes C:\Documents and Settings\Mark\Favorites\Ballparks by Munsey and Suppes.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\Bill Walton Statistics - Basketball-Reference.com.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\Canada Post - About Specifications for Lettermail.url:favicon 894 bytes C:\Documents and Settings\Mark\Favorites\Canadian Tire.url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\DraftExpress.url:favicon 266 bytes C:\Documents and Settings\Mark\Favorites\Facebook Mark Swidzinsky.url:favicon 1150 bytes C:\Documents and Settings\Mark\Favorites\Flying Human TricksPRO.com - Wingsuite Video.url:favicon 1150 bytes C:\Documents and Settings\Mark\Favorites\Geeks to Go! Tech experts answer your questions.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\HoopsHype - NBA Draft 2005.url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\inside hoops.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\InsideHoops Basketball Forum - Basketball Message Board - Powered by vBulletin.url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\The Lounge @ www.ezboard.com.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\Official Site of the Tennessee Titans.url:favicon 1078 bytes C:\Documents and Settings\Mark\Favorites\Pitchfork Feature The 200 Greatest Songs of the 1960s.url:favicon 1150 bytes C:\Documents and Settings\Mark\Favorites\RAPTORS.COM - The Official Site of Canada's Team.url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\RealGM Index.url:favicon 318 bytes C:\Documents and Settings\Mark\Favorites\Scotia OnLine Sign-On.url:favicon 318 bytes C:\Documents and Settings\Mark\Favorites\Spielplan - Basketball - StreamcityBoard.url:favicon 2550 bytes C:\Documents and Settings\Mark\Favorites\Sports Central.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\TinyPic - Share the Experience!™.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\UWO email.url:favicon 25214 bytes C:\Documents and Settings\Mark\Favorites\Watch online news for free..url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\Yahoo! Sports.url:favicon 6598 bytes C:\Documents and Settings\Mark\Favorites\jstor Search Results- rural violence.url:favicon 1150 bytes C:\Documents and Settings\Mark\Favorites\jstor Search Results- violence.url:favicon 1150 bytes C:\Documents and Settings\Mark\Favorites\jstor Search Results.url:favicon 1150 bytes C:\Documents and Settings\Mark\Favorites\LiveScoreHunter - Live Results, Live Scores, Live Streaming Video, Scoreboards, Live Tickers, LiveScore - Basketball.url:favicon 894 bytes C:\Documents and Settings\Mark\Favorites\Metal Storm - Featured bands.url:favicon 318 bytes C:\Documents and Settings\Mark\Favorites\metal.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\Mish's Global Economic Trend Analysis Where Is All The Oil Money Going.url:favicon 3638 bytes C:\Documents and Settings\Mark\Favorites\Mock VI Let's get this rollin'.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\NCAA® Career Statistics.url:favicon 1406 bytes C:\Documents and Settings\Mark\Favorites\Office of the Registrar @ The University of Western Ontario.url:favicon 1078 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Cancun\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Chance\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\cottage 2005\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\cottage and sydney\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Da Boyz\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\family cottage\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Grandma\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Greece 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Greek Wedding\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Kim\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\My House\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\New Years 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\NYC\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Rons Bachlour party\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Sydney\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\chris' pictures\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\exit wounds\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\40 Greatest Metal Songs (VH1)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\A Night At The Opera\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\ANNIHILATOR\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Annihilator - 1989 - Alice in Hell\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Audioslave - Audioslave\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\black sabbath\Black Sabbath\Greatest Hits 1970-1978\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Black Sabbath - The Dio Years [2007]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Classic.Albums.Iron.Maiden.The.Number.of.the.Beast.DVDRip.XviD-pedr1nho\Sample\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Classic.Albums.Iron.Maiden.The.Number.of.the.Beast.DVDRip.XviD-pedr1nho\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\David Bowie - The Man Who Sold the World - Rock 1999 320Kbps\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Derek and the Dominos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Disturbed - Believe\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Disturbed - Ten Thousand Fists-(Advance)-2005-Perfect Quality\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Disturbed-The Sickness(Darkside_RG)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Led Zeppelin - Houses of the holy\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Led Zeppelin - 1976 - The Song Remains the Same (@128kbps) BY EZE\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Led Zeppelin-Led Zeppelin lV(Darkside_RG)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Led Zeppelin-Physical Graffiti(Darkside_RG)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Makaveli-The Don Killuminati\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Megadeth - Killing is my Business... And Business is good\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Metallica - The Black Album\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Motorhead - Ace of Spades\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Queensryche - Empire [@320]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Queensryche - Operation Mindcrime - Deluxe\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Rage Against The Machine - Evil Empire\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Six Degrees Of Inner Turbulence\Cd 1\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Six Degrees Of Inner Turbulence\Cd 2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Six Degrees Of Inner Turbulence\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Sum 41 - Chuck (2004) - Punk Rock [www.torrentazos.com]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Symphony X - V The New Mythology Suite\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Terry Reid - Seed of Memory\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\The Velvet Underground-The Velvet Underground and Nico(Darkside_RG)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\The_White_Stripes-Get_Behind_Me_Satan-2005-XXL\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Train Of Thought\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Tv On The Radio - Desperate Youth, Blood Thirsty Babes (2004)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\TV On The Radio - Return To Cookie Mountain [2006]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Weezer (Blue Album)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Dr. Dre - The Chronic [1992]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Dream Theater - Awake 1994\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Guess Who - Greatest Hits Of.mp3f\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\Jimi Hendrix-Band Of Gypsys Live At The Fillmore East(Darkside_RG)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\King Crimson - 1974 - Red (320)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Albums\King Crimson - In the Court of the Crimson King (30th Anniversary Edition)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\BitComet\Downloads\Alexander (2004)[Action]\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\mark\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\old\other\raptors\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\old\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\mark\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\My Pictures\2008_01_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Mark\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\Desktop\EasyWeb.url:favicon 318 bytes C:\Documents and Settings\Robert\Desktop\Scotia OnLine Sign-On.url:favicon 894 bytes C:\Documents and Settings\Robert\Favorites\Cineplex Entertainment LP.url:favicon 1150 bytes C:\Documents and Settings\Robert\Favorites\Theatres - SilverCity London.url:favicon 1150 bytes C:\Documents and Settings\Robert\Favorites\YouTube .url:favicon 1150 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\Emco Gold Awards 2006 Florida\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\Copy of Mom and Dad 25th\Pictures of Italy\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\Copy of Mom and Dad 25th\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\Cottage Summer 2006\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\vegas '07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\vegas '07\Vegas Trip\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Cancun Trip\Mom and Dad 25th\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Emco Gold Awards 2006 Florida\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\Vegas Trip\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Music\A Fine Frenzy\One Cell In the Sea\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Music\A Fine Frenzy\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\College State Trip\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Backyard 2007_07_21\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Birds Cottage 2007_08_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Chris Cottage 2007_08_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_08_03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_08_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_11_23\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_11_24\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_11_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_26\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\2007_12_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage 2007_07_28\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage 2007_07_29\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage 2007_08_06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage 2007_08_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage 2007_09_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage Winter 07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Cottage2007_09_02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Flowers Coattage 2007_08_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Flowers Home 2007_07_25\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Home 2007_09_12\2007_09_06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Home 2007_09_12\2007_09_07\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Home 2007_09_12\2007_09_09\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Home 2007_09_12\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Humming Bird 2007_08_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Insects Cottage 2007_08_04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Janet's Wedding 2007-07-23,\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Mom&Dad 2007_08_15\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Penn State vs Ohio StaTE 2007_10_27\Penn State vs Ohio State Trip\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Penn State vs Ohio StaTE 2007_10_27\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Projects Cottage 2007_08_10\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Sydney 2007_08_11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Robert\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 312 < End of report > [/code]