[code] WinPFind35 logfile created on: 2/26/2008 1:26:37 PM WinPFind35U Version 1.0.0.1 Folder = C:\Documents and Settings\Carol\Desktop\WinPFind35u Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.40% Memory free 3.84 Gb Paging File | 3.13 Gb Available in Paging File | 81.39% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 150.57 Gb Free Space | 64.65% Space Free | Partition Type: NTFS Drive D: | 7.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 999.63 Mb Total Space | 947.17 Mb Free Space | 94.75% Space Free | Partition Type: FAT F: Drive not present or media not loaded Drive G: | 232.88 Gb Total Space | 81.93 Gb Free Space | 35.18% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 181.93 Gb Total Space | 161.69 Gb Free Space | 88.87% Space Free | Partition Type: NTFS Drive Z: | 181.93 Gb Total Space | 161.69 Gb Free Space | 88.87% Space Free | Partition Type: NTFS Computer Name: TOSHIBA-USER Current User Name: Carol Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aaksrv.exe -> %SystemRoot%\system32\aaksrv.exe -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 237568 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 2:29:00 PM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 2:31:32 PM | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ] pfftwrk.exe -> %ProgramFiles%\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe -> Boomerang Software, Inc. [Ver = 1, 0, 0, 1 | Size = 98304 bytes | Modified Date = 4/30/2007 6:22:14 PM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 8:40:04 AM | Attr = R ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] devsvc.exe -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 8/11/2006 11:15:36 AM | Attr = ] cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ] dm1service.exe -> %ProgramFiles%\Olympus\DeviceDetector\DM1Service.exe -> OLYMPUS Corporation [Ver = 1, 2, 1, 0 | Size = 65536 bytes | Modified Date = 10/18/2004 11:51:58 AM | Attr = ] dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 10/19/2006 1:52:24 PM | Attr = ] syncservices.exe -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 9/28/2007 12:24:36 PM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 2:28:14 PM | Attr = ] swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ] tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 12/20/2005 2:22:14 PM | Attr = ] ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 5 | Size = 67056 bytes | Modified Date = 1/18/2007 7:04:04 PM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 1:10:32 PM | Attr = ] toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] pg2.exe -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 6:40:42 PM | Attr = ] devdtct2.exe -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 0, 2 | Size = 114688 bytes | Modified Date = 3/11/2005 5:17:08 PM | Attr = ] pfft.exe -> %ProgramFiles%\Boomerang Software\Guardian PC Security Tools\PFFT.exe -> Boomerang Software [Ver = 3, 0, 0, 8 | Size = 306176 bytes | Modified Date = 4/30/2007 6:22:18 PM | Attr = ] hotsync.exe -> %ProgramFiles%\Palm\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:27:34 PM | Attr = ] ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 1:10:24 PM | Attr = ] aa50.exe -> %ProgramFiles%\AMICUS50\AA50.EXE -> Gavel & Gown Software Inc. [Ver = 5.5.1.2672 | Size = 423696 bytes | Modified Date = 10/25/2004 2:39:48 PM | Attr = R ] rtgbills.exe -> %ProgramFiles%\Rtgbills3\rtgbills.exe -> RTG Data Systems [Ver = 2.19.0007 | Size = 1359872 bytes | Modified Date = 2/1/2008 4:05:32 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/9/2008 4:29:33 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 309760 bytes | Modified Date = 2/21/2008 7:41:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aaksrv) aaksrv [Win32_Own | Auto | Running] -> %SystemRoot%\system32\aaksrv.exe -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 237568 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] (AntiSpy Server) AntiSpy Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe -> Boomerang Software, Inc. [Ver = 1, 0, 0, 1 | Size = 98304 bytes | Modified Date = 4/30/2007 6:22:14 PM | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 8:40:04 AM | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 2:09:16 PM | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] (Capture Device Service) Capture Device Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 8/11/2006 11:15:36 AM | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found (DM1Service) DM1Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Olympus\DeviceDetector\DM1Service.exe -> OLYMPUS Corporation [Ver = 1, 2, 1, 0 | Size = 65536 bytes | Modified Date = 10/18/2004 11:51:58 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/28/2004 3:33:00 AM | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 11/28/2005 2:29:00 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 1:10:24 PM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 10/19/2006 1:52:24 PM | Attr = ] (Maxtor Sync Service) Maxtor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 9/28/2007 12:24:36 PM | Attr = ] (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 11/28/2005 2:28:14 PM | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 11/28/2005 2:31:32 PM | Attr = ] (Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/12/2005 8:14:42 PM | Attr = ] (TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 13M | Size = 35328 bytes | Modified Date = 12/20/2005 2:22:14 PM | Attr = ] (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 5 | Size = 67056 bytes | Modified Date = 1/18/2007 7:04:04 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 1:10:32 PM | Attr = ] NapsterShell -> %ProgramFiles%\Napster\napster.exe -> Napster [Ver = 4.1.0.4 | Size = 323216 bytes | Modified Date = 12/10/2007 2:35:52 PM | Attr = ] Pure Networks Port Magic -> %ProgramFiles%\Pure Networks\Port Magic\PortAOL.exe -> Pure Networks, Inc. [Ver = 1.2.1393.0 | Size = 99480 bytes | Modified Date = 4/5/2004 4:33:54 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ccleaner -> %ProgramFiles%\CCleaner\CCleaner.exe -> Piriform Ltd [Ver = 2, 3, 0, 532 | Size = 787696 bytes | Modified Date = 11/22/2007 11:10:36 AM | Attr = ] PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 6:40:42 PM | Attr = ] TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] Tunebite -> %ProgramFiles%\RapidSolution\Tunebite\Tunebite.exe -> File not found updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < Run [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ccleaner -> %ProgramFiles%\CCleaner\CCleaner.exe -> Piriform Ltd [Ver = 2, 3, 0, 532 | Size = 787696 bytes | Modified Date = 11/22/2007 11:10:36 AM | Attr = ] PeerGuardian -> %ProgramFiles%\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Modified Date = 9/18/2005 6:40:42 PM | Attr = ] TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 12/30/2004 3:32:20 AM | Attr = ] Tunebite -> %ProgramFiles%\RapidSolution\Tunebite\Tunebite.exe -> File not found updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> %ProgramFiles%\Olympus\DeviceDetector\DevDtct2.exe -> OLYMPUS IMAGING CORP. [Ver = 3, 2, 0, 2 | Size = 114688 bytes | Modified Date = 3/11/2005 5:17:08 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Guardian PC Security Tools.lnk -> %ProgramFiles%\Boomerang Software\Guardian PC Security Tools\PFFT.exe -> Boomerang Software [Ver = 3, 0, 0, 8 | Size = 306176 bytes | Modified Date = 4/30/2007 6:22:18 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk -> %ProgramFiles%\Palm\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 6/9/2004 2:27:34 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Norton 360.lnk -> %ProgramFiles%\Norton 360\MainStub.exe -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 1, 0, 0 | Size = 155648 bytes | Modified Date = 8/28/2004 3:37:00 AM | Attr = ] < Carol Startup Folder > -> C:\Documents and Settings\Carol\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\avast! Antivirus.lnk -> %ProgramFiles%\Alwil Software\Avast4\ashAvast.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 271736 bytes | Modified Date = 12/4/2007 7:52:15 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 4.2006.627.443 | Size = 135680 bytes | Modified Date = 5/13/2006 6:21:54 PM | Attr = ] system32\aakah.dll -> %SystemRoot%\system32\aakah.dll -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 81920 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4436 | Size = 135168 bytes | Modified Date = 11/28/2005 12:51:04 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> about:blank -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> about:blank -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> about:blank -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4191 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4188 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4188 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4188 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4159 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4159 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4188 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.11.30.dll [BitComet Helper] -> BitComet [Ver = 20071130 | Size = 464184 bytes | Modified Date = 12/4/2007 10:40:02 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 7:09:54 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [BitComet] -> File not found {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Add to Library] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 7:09:54 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKEY_LOCAL_MACHINE] -> [BitComet] -> File not found CmdMapping\\{ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} [HKEY_LOCAL_MACHINE] -> [Add to Library] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Open with WordPerfect -> %ProgramFiles%\WordPerfect Office X3\Programs\WPLauncher.hta -> [Ver = | Size = 2506 bytes | Modified Date = 6/21/2005 3:54:18 PM | Attr = ] Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 7:09:54 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 7:09:54 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_04\bin\NPJPI150_04.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 6/3/2005 7:09:54 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKEY_LOCAL_MACHINE] -> [BitComet] -> File not found CmdMapping\\{ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} [HKEY_LOCAL_MACHINE] -> [Add to Library] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\] > -> HKEY_USERS\S-1-5-21-2628613247-2060689918-2099334647-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Open with WordPerfect -> %ProgramFiles%\WordPerfect Office X3\Programs\WPLauncher.hta -> [Ver = | Size = 2506 bytes | Modified Date = 6/21/2005 3:54:18 PM | Attr = ] Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 5/13/2006 6:15:20 PM | Attr = R ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {062F7A29-3E7F-484E-9A14-C05B2924059A} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {378510B8-4A4E-4C2F-9BFF-A23305D456D9} -> (1394 Net Adapter) -> {60C3F27A-0A8F-41AA-B879-DA2158001B32} -> (1394 Net Adapter) -> {B93844C4-1D35-41FD-A691-35D9E2622FDB} -> (Intel(R) PRO/100 VE Network Connection) -> {FD09C546-52AC-4BB4-9230-7F957BE83EB8} -> (Intel(R) PRO/1000 PL Network Connection) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199988591953[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB[TSEasyInstallX Control] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 924 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 17163 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\ivp\NetInt\Netint.exe -> C:\TOSHIBA\IVP\NetInt\netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> TOSHIBA Corporation [Ver = 3.6.0.0 | Size = 462848 bytes | Modified Date = 11/3/2004 6:06:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\Ivp\ISM\pinger.exe -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> TOSHIBA Corporation [Ver = 3.7.0.0 | Size = 151552 bytes | Modified Date = 3/17/2005 8:37:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.02.000 | Size = 12888 bytes | Modified Date = 10/14/2004 5:33:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online [Ver = 3.0.0.1 | Size = 34904 bytes | Modified Date = 10/20/2004 8:40:04 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online [Ver = 3.0.0.1 | Size = 10328 bytes | Modified Date = 10/20/2004 8:40:04 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 4/10/2006 9:23:23 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 3:54:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 3:54:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> America Online Inc. [Ver = 1, 0, 0, 1 | Size = 140888 bytes | Modified Date = 4/5/2005 7:06:43 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> [Ver = 1, 0, 0, 74 | Size = 79448 bytes | Modified Date = 10/18/2004 7:42:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> AOL Spyware Protection [Ver = 1.00.0076 | Size = 3040856 bytes | Modified Date = 10/15/2004 2:16:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> Gteko Ltd. [Ver = 1, 0, 0, 35 | Size = 59992 bytes | Modified Date = 10/14/2004 6:34:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1147563008\EE\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1147563008\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1147563008\EE\AOLServiceHost.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 1.0.0.6 | Size = 110680 bytes | Modified Date = 11/3/2004 4:03:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6212.1000 | Size = 12836728 bytes | Modified Date = 9/6/2007 6:01:10 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 340856 bytes | Modified Date = 8/29/2007 12:23:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 1022840 bytes | Modified Date = 8/28/2007 11:43:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE -> C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4] -> SEIKO EPSON CORPORATION [Ver = 1, 7, 0, 0 | Size = 122880 bytes | Modified Date = 4/30/2004 1:07:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 0.97 | Size = 1913656 bytes | Modified Date = 12/7/2007 10:03:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Olympus\DSSPlayerPro\DictWnd.exe -> C:\Program Files\Olympus\DSSPlayerPro\DictWnd.exe [C:\Program Files\Olympus\DSSPlayerPro\DictWnd.exe:*:Enabled:Dictation Module] -> OLYMPUS IMAGING CORP. [Ver = 5, 4, 4, 2 | Size = 2539520 bytes | Modified Date = 3/11/2005 5:30:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Alwil Software\Avast4\ashAvast.exe -> C:\Program Files\Alwil Software\Avast4\ashAvast.exe [C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus] -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 271736 bytes | Modified Date = 12/4/2007 7:52:15 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\odbcad32.exe -> C:\WINDOWS\system32\odbcad32.exe [C:\WINDOWS\system32\odbcad32.exe:*:Enabled:32bit ODBC Administrator] -> Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 9/17/2007 9:26:25 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 19897640 bytes | Modified Date = 2/19/2008 1:10:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27593:TCP -> 27593:TCP:*:Enabled:BitComet 27593 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27593:UDP -> 27593:UDP:*:Enabled:BitComet 27593 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 7/25/2005 11:20:40 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 7/25/2005 11:20:40 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^Carol^Start Menu^Programs^Startup^Palm Registration.lnk -> %ProgramFiles%\Palm\register.exe -> Palm/Leader Technologies [Ver = 5.28 | Size = 2441216 bytes | Modified Date = 1/4/2006 10:55:54 AM | Attr = ] [Files/Folders - Created Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 1/10/2008 3:28:07 PM | Attr = RH ] 323f793f327497aee543f1 -> %SystemDrive%\323f793f327497aee543f1 -> [Folder | Created Date = 2/25/2008 2:48:20 PM | Attr = ] 94df04c4cdb956045e6ac17353 -> %SystemDrive%\94df04c4cdb956045e6ac17353 -> [Folder | Created Date = 2/25/2008 2:48:38 PM | Attr = ] AMIMERGE -> %SystemDrive%\AMIMERGE -> [Folder | Created Date = 1/9/2008 4:40:20 PM | Attr = ] BJPrinter -> %SystemDrive%\BJPrinter -> [Folder | Created Date = 1/14/2008 10:14:38 PM | Attr = H ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2/25/2008 1:19:44 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/22/2008 9:58:34 AM | Attr = ] deftask.dat -> %SystemDrive%\deftask.dat -> [Ver = | Size = 2139 bytes | Modified Date = 1/28/2008 9:09:52 AM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 1/9/2008 5:55:22 PM | Attr = ] FairCom -> %SystemDrive%\FairCom -> [Folder | Created Date = 1/9/2008 4:41:26 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137051136 bytes | Modified Date = 2/26/2008 8:55:25 AM | Attr = HS] Maxtor temp -> %SystemDrive%\Maxtor temp -> [Folder | Created Date = 1/9/2008 5:30:37 PM | Attr = ] MGtools.exe -> %SystemDrive%\MGtools.exe -> [Ver = | Size = 1238689 bytes | Modified Date = 1/13/2008 6:02:36 PM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 1/9/2008 3:39:30 PM | Attr = RH ] OTREE -> %SystemDrive%\OTREE -> [Folder | Created Date = 1/9/2008 4:43:41 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 1/9/2008 4:12:56 PM | Attr = HS] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 2/22/2008 9:27:30 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 1/9/2008 4:07:22 PM | Attr = HS] apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Modified Date = 10/4/2006 9:06:13 AM | Attr = ] apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Modified Date = 10/4/2006 9:06:20 AM | Attr = ] sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Modified Date = 10/4/2006 9:06:21 AM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr = ] AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 1/9/2008 4:27:48 PM | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Modified Date = 12/4/2007 9:56:02 AM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] DM_1USB.sys -> %SystemRoot%\System32\drivers\DM_1USB.sys -> OLYMPUS OPTICAL CO.,LTD [Ver = 1.0 | Size = 27326 bytes | Modified Date = 11/29/2002 3:54:14 PM | Attr = ] DSSUSB.SYS -> %SystemRoot%\System32\drivers\DSSUSB.SYS -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.7 | Size = 33363 bytes | Modified Date = 1/31/2001 3:54:54 PM | Attr = ] DSSUSB1.SYS -> %SystemRoot%\System32\drivers\DSSUSB1.SYS -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.65 | Size = 39071 bytes | Modified Date = 1/29/2001 2:32:06 PM | Attr = ] DSSUSBF.sys -> %SystemRoot%\System32\drivers\DSSUSBF.sys -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.5 | Size = 25381 bytes | Modified Date = 1/30/2001 5:34:38 PM | Attr = ] DSXUSB.sys -> %SystemRoot%\System32\drivers\DSXUSB.sys -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.20 | Size = 39635 bytes | Modified Date = 1/21/2002 12:39:54 PM | Attr = ] MovRVDrv32.sys -> %SystemRoot%\System32\drivers\MovRVDrv32.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.0 built by: WinDDK | Size = 2688 bytes | Modified Date = 10/9/2007 12:52:18 PM | Attr = ] SndTDriverV32.sys -> %SystemRoot%\System32\drivers\SndTDriverV32.sys -> Windows (R) 2000/XP [Ver = 5.01 built by: WinDDK | Size = 513152 bytes | Modified Date = 10/9/2007 5:04:56 PM | Attr = ] SnopFree.sys -> %SystemRoot%\System32\drivers\SnopFree.sys -> [Ver = | Size = 9472 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] tbhsd.sys -> %SystemRoot%\System32\drivers\tbhsd.sys -> RapidSolution Software AG [Ver = 2, 5, 7, 0 | Size = 26784 bytes | Modified Date = 12/11/2007 9:52:12 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 2/25/2008 2:48:36 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/25/2008 2:48:36 PM | Attr = H ] usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 10/31/2007 2:09:14 PM | Attr = ] AAddressBook32.dll -> %SystemRoot%\System32\AAddressBook32.dll -> [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 10/25/2004 10:22:16 AM | Attr = ] aakah.dll -> %SystemRoot%\System32\aakah.dll -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 81920 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] aakah.sys -> %SystemRoot%\System32\aakah.sys -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 34272 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] aakbdrv.sys -> %SystemRoot%\System32\aakbdrv.sys -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 20768 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] aaksrv.exe -> %SystemRoot%\System32\aaksrv.exe -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 237568 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] AASSCE5332.DLL -> %SystemRoot%\System32\AASSCE5332.DLL -> Wintertree Software Inc. [Ver = 5.14.7.0 | Size = 167936 bytes | Modified Date = 9/15/2004 9:17:44 AM | Attr = ] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Modified Date = 1/9/2004 4:13:58 AM | Attr = ] AF822943B4.sys -> %SystemRoot%\System32\AF822943B4.sys -> [Ver = | Size = 56 bytes | Modified Date = 1/9/2008 6:22:07 PM | Attr = RHS] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 8:04:28 AM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 7:54:04 AM | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 14848 bytes | Modified Date = 1/10/2008 10:33:56 AM | Attr = ] bitcometres.dll -> %SystemRoot%\System32\bitcometres.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 1/9/2008 5:55:22 PM | Attr = ] chilkathttp.dll -> %SystemRoot%\System32\chilkathttp.dll -> Chilkat Software, Inc. [Ver = 2, 3, 0, 0 | Size = 1118208 bytes | Modified Date = 10/20/2007 6:17:18 AM | Attr = ] cpwmon2k.dll -> %SystemRoot%\System32\cpwmon2k.dll -> [Ver = | Size = 87552 bytes | Modified Date = 7/12/2007 10:33:58 PM | Attr = ] CRPAIG32.DLL -> %SystemRoot%\System32\CRPAIG32.DLL -> Seagate Software, Information Management Group, Inc. [Ver = 5, 0, 0, 2 | Size = 229888 bytes | Modified Date = 9/15/2004 9:15:58 AM | Attr = ] CRPE32.DLL -> %SystemRoot%\System32\CRPE32.DLL -> Seagate Software, Inc. [Ver = 8.5.0.217 | Size = 4587577 bytes | Modified Date = 9/15/2004 9:15:58 AM | Attr = ] CTCR_FPG.dll -> %SystemRoot%\System32\CTCR_FPG.dll -> [Ver = | Size = 372736 bytes | Modified Date = 12/13/2001 12:27:22 PM | Attr = ] CTCR_NET.dll -> %SystemRoot%\System32\CTCR_NET.dll -> [Ver = | Size = 196608 bytes | Modified Date = 12/13/2001 12:28:02 PM | Attr = ] CTCR_SPX.dll -> %SystemRoot%\System32\CTCR_SPX.dll -> [Ver = | Size = 196608 bytes | Modified Date = 12/13/2001 12:29:26 PM | Attr = ] CTCR_TCP.dll -> %SystemRoot%\System32\CTCR_TCP.dll -> [Ver = | Size = 196608 bytes | Modified Date = 12/13/2001 12:30:48 PM | Attr = ] DM1USBAPI.dll -> %SystemRoot%\System32\DM1USBAPI.dll -> OLYMPUS OPTICAL CO.,LTD [Ver = 1, 2, 0, 0 | Size = 69632 bytes | Modified Date = 9/30/2003 6:58:42 PM | Attr = ] DM1USBAPIVB.dll -> %SystemRoot%\System32\DM1USBAPIVB.dll -> [Ver = | Size = 45056 bytes | Modified Date = 9/5/2003 4:03:50 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 1/9/2008 4:27:21 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> DSSCodec.dll -> %SystemRoot%\System32\DSSCodec.dll -> Olympus Optical Co., Ltd. [Ver = 1, 0, 0, 0 | Size = 155648 bytes | Modified Date = 2/25/2004 1:28:36 PM | Attr = ] dsscore.dll -> %SystemRoot%\System32\dsscore.dll -> OLYMPUS IMAGING CORP. [Ver = 5.1.4.0 | Size = 217088 bytes | Modified Date = 3/9/2005 2:13:48 PM | Attr = ] DSSCOREVB.dll -> %SystemRoot%\System32\DSSCOREVB.dll -> OLYMPUS IMAGING CORP. [Ver = 5.1.4.0 | Size = 217088 bytes | Modified Date = 3/9/2005 2:15:40 PM | Attr = ] DSSFSAPI.dll -> %SystemRoot%\System32\DSSFSAPI.dll -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.7.2 | Size = 49152 bytes | Modified Date = 8/18/2003 5:15:50 PM | Attr = ] DSSFSSET.cpl -> %SystemRoot%\System32\DSSFSSET.cpl -> OLYMPUS CORPORATION [Ver = 5.1.0.0 | Size = 61440 bytes | Modified Date = 8/3/2004 3:29:44 PM | Attr = ] DSSLicMn.dll -> %SystemRoot%\System32\DSSLicMn.dll -> OLYMPUS IMAGING CORP. [Ver = 1, 0, 1, 0 | Size = 122880 bytes | Modified Date = 10/28/2004 10:41:26 AM | Attr = ] DSSLicMnVB.dll -> %SystemRoot%\System32\DSSLicMnVB.dll -> OLYMPUS IMAGING CORP. [Ver = 1, 0, 1, 0 | Size = 122880 bytes | Modified Date = 10/28/2004 10:41:32 AM | Attr = ] dsslire.dll -> %SystemRoot%\System32\dsslire.dll -> OLYMPUS CORPORATION [Ver = 1, 0, 0, 2 | Size = 65552 bytes | Modified Date = 6/17/2004 3:52:34 AM | Attr = ] DSSUSB.DLL -> %SystemRoot%\System32\DSSUSB.DLL -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1, 8, 0, 0 | Size = 49152 bytes | Modified Date = 7/10/2000 10:53:56 AM | Attr = ] DSSUSB1.DLL -> %SystemRoot%\System32\DSSUSB1.DLL -> OLYMPUS CORPORATION [Ver = 1.7.1.0 | Size = 73728 bytes | Modified Date = 9/8/2004 10:55:34 PM | Attr = ] DSSUSBF.dll -> %SystemRoot%\System32\DSSUSBF.dll -> OLYMPUS OPTICAL CO.,LTD. [Ver = 1.6.1.0 | Size = 49152 bytes | Modified Date = 9/8/2004 10:42:58 PM | Attr = ] DSXUSB.dll -> %SystemRoot%\System32\DSXUSB.dll -> OLYMPUS CORPORATION [Ver = 1.1.1.0 | Size = 73728 bytes | Modified Date = 9/8/2004 10:59:58 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 1/9/2008 4:31:27 PM | Attr = ] HHActiveX.dll -> %SystemRoot%\System32\HHActiveX.dll -> eHelp Corporation. [Ver = 9.20.566 | Size = 446464 bytes | Modified Date = 1/25/2002 4:24:22 PM | Attr = ] igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4436 | Size = 135168 bytes | Modified Date = 11/28/2005 12:51:10 AM | Attr = ] imagr5.dll -> %SystemRoot%\System32\imagr5.dll -> Pegasus Software,LLC [Ver = 5.00.304 | Size = 569344 bytes | Modified Date = 7/6/2001 2:41:30 PM | Attr = ] imagx5.dll -> %SystemRoot%\System32\imagx5.dll -> Pegasus Software, LLC [Ver = 5.00.014 | Size = 544768 bytes | Modified Date = 7/6/2001 12:44:46 PM | Attr = ] ImagXpr5.dll -> %SystemRoot%\System32\ImagXpr5.dll -> Pegasus Software, LLC [Ver = 5.00.009 | Size = 283920 bytes | Modified Date = 7/6/2001 6:24:18 PM | Attr = ] IMPLODE.DLL -> %SystemRoot%\System32\IMPLODE.DLL -> [Ver = | Size = 17920 bytes | Modified Date = 9/15/2004 9:16:00 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [Ver = | Size = 3766 bytes | Modified Date = 2/25/2008 1:47:29 PM | Attr = HS] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 1/10/2008 9:53:27 AM | Attr = ] lqoe89kr.lwp -> %SystemRoot%\System32\lqoe89kr.lwp -> [Ver = | Size = 4400 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] NeroCheck.exe -> %SystemRoot%\System32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ] OdiAPI.dll -> %SystemRoot%\System32\OdiAPI.dll -> [Ver = | Size = 53248 bytes | Modified Date = 6/21/2004 10:14:54 AM | Attr = ] OdiOlDVR.dll -> %SystemRoot%\System32\OdiOlDVR.dll -> [Ver = | Size = 110592 bytes | Modified Date = 2/10/2005 4:11:10 PM | Attr = ] OTAMIRG.DLL -> %SystemRoot%\System32\OTAMIRG.DLL -> Gavel & Gown Software Inc. [Ver = 5.5.1.2672 | Size = 143360 bytes | Modified Date = 10/25/2004 10:23:08 AM | Attr = ] p2sctree.cnt -> %SystemRoot%\System32\p2sctree.cnt -> [Ver = | Size = 1350 bytes | Modified Date = 9/7/2001 8:32:32 AM | Attr = ] P2SCTREE.HLP -> %SystemRoot%\System32\P2SCTREE.HLP -> [Ver = | Size = 1448724 bytes | Modified Date = 9/7/2001 8:31:54 AM | Attr = ] P2SODBC.DLL -> %SystemRoot%\System32\P2SODBC.DLL -> Seagate Software Information Management Group, Inc. [Ver = 7.0.0.134 | Size = 206848 bytes | Modified Date = 9/15/2004 9:16:00 AM | Attr = ] picn20.dll -> %SystemRoot%\System32\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Modified Date = 6/26/2001 8:15:46 AM | Attr = ] polarziplight.dll -> %SystemRoot%\System32\polarziplight.dll -> Polar sales@polarsoftware.com www.polarsoftware.com [Ver = 5.0.10.0 | Size = 307200 bytes | Modified Date = 5/29/2002 10:22:02 AM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 1/10/2008 3:00:49 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] SnoopFreeSvc.exe -> %SystemRoot%\System32\SnoopFreeSvc.exe -> [Ver = | Size = 90112 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 1/9/2008 7:35:17 PM | Attr = ] SSCSDK32.DLL -> %SystemRoot%\System32\SSCSDK32.DLL -> Three |D| Graphics, Inc. [Ver = 1, 0, 3, 7 | Size = 901120 bytes | Modified Date = 9/15/2004 9:16:00 AM | Attr = ] STRDEVAPI.dll -> %SystemRoot%\System32\STRDEVAPI.dll -> OLYMPUS Corpration [Ver = 0, 8, 0, 0 | Size = 86016 bytes | Modified Date = 1/14/2005 7:01:36 PM | Attr = ] TwnLib20.dll -> %SystemRoot%\System32\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Modified Date = 6/26/2000 11:45:30 AM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 1/10/2008 1:00:27 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 1/10/2008 1:00:08 PM | Attr = H ] AA50.INI -> %SystemRoot%\AA50.INI -> [Ver = | Size = 5770 bytes | Modified Date = 2/26/2008 11:46:02 AM | Attr = ] AA50INSTALL.INI -> %SystemRoot%\AA50INSTALL.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/9/2008 4:45:16 PM | Attr = ] AADailiesConfig.ini -> %SystemRoot%\AADailiesConfig.ini -> [Ver = | Size = 310127 bytes | Modified Date = 9/15/2004 9:14:12 AM | Attr = ] atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 24 bytes | Modified Date = 1/9/2008 9:46:04 PM | Attr = ] Cache -> %SystemRoot%\Cache -> [Folder | Created Date = 1/9/2008 9:37:58 PM | Attr = ] CMDLIC.DLL -> %SystemRoot%\CMDLIC.DLL -> COMODO [Ver = 1.0.1.2 | Size = 208896 bytes | Modified Date = 5/8/2007 5:01:12 PM | Attr = ] CRYSTAL -> %SystemRoot%\CRYSTAL -> [Folder | Created Date = 1/9/2008 4:40:26 PM | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 1/10/2008 11:21:29 AM | Attr = HS] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 1/9/2008 4:35:14 PM | Attr = ] Dssole.INI -> %SystemRoot%\Dssole.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/9/2008 6:10:58 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/22/2008 9:59:02 AM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2/22/2008 9:29:18 AM | Attr = ] etrnview.exe -> %SystemRoot%\etrnview.exe -> RealLegal [Ver = 7.2.0.618 | Size = 999506 bytes | Modified Date = 1/9/2008 9:31:22 PM | Attr = ] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 1/9/2008 9:00:43 PM | Attr = HS] hosts -> %SystemRoot%\hosts -> [Ver = | Size = 34504 bytes | Modified Date = 1/30/2007 12:20:44 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 1/10/2008 1:00:42 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/10/2008 1:03:30 PM | Attr = ] iTiAN.id.uses -> %SystemRoot%\iTiAN.id.uses -> [Ver = | Size = 8 bytes | Modified Date = 2/4/2008 11:06:01 PM | Attr = HS] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.3 | Size = 729088 bytes | Modified Date = 1/11/2008 4:08:43 PM | Attr = ] MAXLINK.INI -> %SystemRoot%\MAXLINK.INI -> [Ver = | Size = 78 bytes | Modified Date = 1/9/2008 4:39:36 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 1/19/2008 2:45:27 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1158 bytes | Modified Date = 1/13/2008 5:29:46 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2/20/2008 1:39:19 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 1/10/2008 12:56:01 PM | Attr = ] PalmDevC.dll -> %SystemRoot%\PalmDevC.dll -> PalmSource, Inc [Ver = 6.0.1 | Size = 53248 bytes | Modified Date = 1/9/2008 4:35:22 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 1/10/2008 10:58:44 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/25/2008 1:13:38 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/26/2008 8:57:19 AM | Attr = H ] QuickInstall.INI -> %SystemRoot%\QuickInstall.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/27/2008 7:34:10 AM | Attr = ] QUICKI~1.INI -> %SystemRoot%\QUICKI~1.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/25/2008 4:59:20 PM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 1/9/2008 4:14:56 PM | Attr = ] smscfg.ini -> %SystemRoot%\smscfg.ini -> [Ver = | Size = 61 bytes | Modified Date = 1/9/2008 4:12:55 PM | Attr = ] SnoopFreeDll.dll -> %SystemRoot%\SnoopFreeDll.dll -> [Ver = | Size = 45056 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] SnoopFreeUI.exe -> %SystemRoot%\SnoopFreeUI.exe -> SnoopFree Software [Ver = 1, 0, 0, 0 | Size = 221184 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 2/7/2008 11:46:24 AM | Attr = ] UNBOC.EXE -> %SystemRoot%\UNBOC.EXE -> COMODO [Ver = 4.25.001 | Size = 235008 bytes | Modified Date = 8/8/2007 8:02:00 PM | Attr = ] UNINSTALL.INI -> %SystemRoot%\UNINSTALL.INI -> [Ver = | Size = 0 bytes | Modified Date = 2/18/2008 8:42:47 AM | Attr = ] UNNeroVision.cfg -> %SystemRoot%\UNNeroVision.cfg -> [Ver = | Size = 102840 bytes | Modified Date = 8/4/2004 8:23:29 AM | Attr = ] UNNeroVision.exe -> %SystemRoot%\UNNeroVision.exe -> Ahead Software AG [Ver = 1, 2, 2, 222 | Size = 2019328 bytes | Modified Date = 7/16/2004 7:40:35 AM | Attr = ] UNNMP.cfg -> %SystemRoot%\UNNMP.cfg -> [Ver = | Size = 50503 bytes | Modified Date = 8/4/2004 8:23:29 AM | Attr = ] UNNMP.exe -> %SystemRoot%\UNNMP.exe -> Ahead Software AG [Ver = 1, 2, 2, 214 | Size = 1994752 bytes | Modified Date = 6/23/2004 12:26:33 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 1/10/2008 1:02:38 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2/23/2008 9:23:00 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Ahead -> %AllUsersProfile%\Application Data\Ahead -> [Folder | Created Date = 1/10/2008 7:28:47 AM | Attr = ] AOL Downloads -> %AllUsersProfile%\Application Data\AOL Downloads -> [Folder | Created Date = 1/9/2008 9:46:12 PM | Attr = ] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Created Date = 1/9/2008 4:59:48 PM | Attr = ] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Created Date = 1/9/2008 5:00:34 PM | Attr = ] Avg7 -> %AllUsersProfile%\Application Data\Avg7 -> [Folder | Created Date = 1/29/2008 9:28:09 AM | Attr = ] Borland -> %AllUsersProfile%\Application Data\Borland -> [Folder | Created Date = 1/9/2008 3:14:00 PM | Attr = ] Corel -> %AllUsersProfile%\Application Data\Corel -> [Folder | Created Date = 1/9/2008 3:14:00 PM | Attr = ] DataViz -> %AllUsersProfile%\Application Data\DataViz -> [Folder | Created Date = 1/9/2008 10:20:54 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Created Date = 2/25/2008 11:25:48 AM | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Created Date = 1/9/2008 9:09:53 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 2/21/2008 11:07:41 AM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 1/10/2008 1:53:41 PM | Attr = ] HotSync -> %AllUsersProfile%\Application Data\HotSync -> [Folder | Created Date = 1/9/2008 4:36:23 PM | Attr = ] InstallShield -> %AllUsersProfile%\Application Data\InstallShield -> [Folder | Created Date = 1/9/2008 3:15:09 PM | Attr = ] Intel -> %AllUsersProfile%\Application Data\Intel -> [Folder | Created Date = 1/9/2008 4:27:37 PM | Attr = ] InterVideo -> %AllUsersProfile%\Application Data\InterVideo -> [Folder | Created Date = 1/9/2008 10:11:44 PM | Attr = ] Maxtor -> %AllUsersProfile%\Application Data\Maxtor -> [Folder | Created Date = 1/9/2008 11:07:04 PM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 1/9/2008 3:40:13 PM | Attr = ] Napster -> %AllUsersProfile%\Application Data\Napster -> [Folder | Created Date = 2/18/2008 5:10:17 PM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1778 bytes | Modified Date = 1/23/2008 11:27:08 AM | Attr = ] RapidSolution -> %AllUsersProfile%\Application Data\RapidSolution -> [Folder | Created Date = 2/18/2008 7:24:12 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 1/13/2008 6:17:10 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Created Date = 1/29/2008 10:53:06 AM | Attr = ] Ulead Systems -> %AllUsersProfile%\Application Data\Ulead Systems -> [Folder | Created Date = 1/9/2008 10:08:38 PM | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 1/9/2008 9:41:28 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Created Date = 1/30/2008 10:10:39 AM | Attr = ] Ahead -> %AppData%\Ahead -> [Folder | Created Date = 1/16/2008 10:43:33 AM | Attr = ] AOL -> %AppData%\AOL -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Created Date = 1/9/2008 5:01:42 PM | Attr = ] Comma Separated Values (Windows).ADR -> %AppData%\Comma Separated Values (Windows).ADR -> [Ver = | Size = 25030 bytes | Modified Date = 1/9/2008 8:55:18 PM | Attr = ] Corel -> %AppData%\Corel -> [Folder | Created Date = 1/9/2008 3:27:47 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2/15/2006 2:30:03 AM | Attr = HS] DivX -> %AppData%\DivX -> [Folder | Created Date = 1/29/2008 2:18:23 PM | Attr = ] ExplorerPlus -> %AppData%\ExplorerPlus -> [Folder | Created Date = 1/9/2008 2:59:05 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 1/9/2008 9:33:55 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 1/10/2008 2:01:34 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Created Date = 1/24/2008 11:25:42 AM | Attr = ] HotSync -> %AppData%\HotSync -> [Folder | Created Date = 1/9/2008 4:35:27 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 2/18/2008 5:10:07 PM | Attr = ] Intel -> %AppData%\Intel -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Created Date = 1/9/2008 9:43:41 PM | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 1/9/2008 4:40:12 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 1/9/2008 6:27:49 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 1/9/2008 2:54:10 PM | Attr = ] McAfee.com Personal Firewall -> %AppData%\McAfee.com Personal Firewall -> [Folder | Created Date = 1/9/2008 4:28:55 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 1/9/2008 2:56:24 PM | Attr = ] MySpace -> %AppData%\MySpace -> [Folder | Created Date = 1/25/2008 8:44:31 AM | Attr = ] Roxio -> %AppData%\Roxio -> [Folder | Created Date = 2/18/2008 5:35:26 PM | Attr = ] Sonic -> %AppData%\Sonic -> [Folder | Created Date = 1/9/2008 9:27:03 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 1/30/2008 1:51:07 PM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Created Date = 1/29/2008 3:29:34 PM | Attr = ] toshiba -> %AppData%\toshiba -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Tunebite -> %AppData%\Tunebite -> [Folder | Created Date = 2/18/2008 7:24:46 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 1/9/2008 3:10:06 PM | Attr = ] Ulead Systems -> %AppData%\Ulead Systems -> [Folder | Created Date = 2/25/2008 11:16:10 AM | Attr = ] Windows Desktop Search -> %AppData%\Windows Desktop Search -> [Folder | Created Date = 1/9/2008 5:17:01 PM | Attr = ] You've Got Pictures Screensaver -> %AppData%\You've Got Pictures Screensaver -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 1/10/2008 10:03:22 AM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 1/9/2008 5:00:19 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Created Date = 1/9/2008 4:59:18 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] CutePDF Writer -> %UserProfile%\Local Settings\Application Data\CutePDF Writer -> [Folder | Created Date = 2/6/2008 4:17:46 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 9216 bytes | Modified Date = 2/4/2008 4:23:37 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 128 bytes | Modified Date = 1/9/2008 3:10:51 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 34288 bytes | Modified Date = 2/18/2006 10:20:57 AM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 1/24/2008 11:25:42 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 7462954 bytes | Modified Date = 5/13/2006 6:38:42 PM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 1/9/2008 5:17:11 PM | Attr = ] iPodSoft -> %UserProfile%\Local Settings\Application Data\iPodSoft -> [Folder | Created Date = 2/20/2008 10:46:52 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 1/9/2008 3:40:28 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 1/9/2008 2:56:24 PM | Attr = ] systemCurUses -> %UserProfile%\Local Settings\Application Data\systemCurUses -> [Ver = | Size = 9 bytes | Modified Date = 2/20/2008 10:58:47 AM | Attr = HS] systemHdID -> %UserProfile%\Local Settings\Application Data\systemHdID -> [Ver = | Size = 6 bytes | Modified Date = 2/20/2008 10:46:44 AM | Attr = HS] Wildtangent -> %UserProfile%\Local Settings\Application Data\Wildtangent -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Created Date = 1/10/2008 10:58:39 AM | Attr = ] Yahoo -> %UserProfile%\Local Settings\Application Data\Yahoo -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] {3248F0A6-6813-11D6-A77B-00B0D0150040} -> %UserProfile%\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040} -> [Folder | Created Date = 1/9/2008 4:28:25 PM | Attr = ] Symantec -> %AllUsersProfile%\Documents\Symantec -> [Folder | Created Date = 1/29/2008 11:39:17 AM | Attr = ] - Getting Started Tips -.doc -> %UserProfile%\My Documents\- Getting Started Tips -.doc -> [Ver = | Size = 179200 bytes | Modified Date = 7/29/2004 4:49:32 PM | Attr = ] a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [Folder | Created Date = 1/13/2008 9:23:46 PM | Attr = ] Access Codes - Software.DOC -> %UserProfile%\My Documents\Access Codes - Software.DOC -> [Ver = | Size = 11904 bytes | Modified Date = 1/9/2008 10:17:21 PM | Attr = ] Answer Waiver.pdf -> %UserProfile%\My Documents\Answer Waiver.pdf -> [Ver = | Size = 62605 bytes | Modified Date = 2/18/2008 10:08:21 AM | Attr = ] Baked Beans.DOC -> %UserProfile%\My Documents\Baked Beans.DOC -> [Ver = | Size = 13440 bytes | Modified Date = 1/9/2008 10:17:32 PM | Attr = ] CC Backup File Registry -> %UserProfile%\My Documents\CC Backup File Registry -> [Ver = | Size = 230254 bytes | Modified Date = 1/29/2008 3:54:39 PM | Attr = ] cc_20080129_1555.reg -> %UserProfile%\My Documents\cc_20080129_1555.reg -> [Ver = | Size = 29756 bytes | Modified Date = 1/29/2008 3:55:07 PM | Attr = ] cc_20080129_1643.reg -> %UserProfile%\My Documents\cc_20080129_1643.reg -> [Ver = | Size = 65172 bytes | Modified Date = 1/29/2008 4:43:24 PM | Attr = ] cc_20080129_1649.reg -> %UserProfile%\My Documents\cc_20080129_1649.reg -> [Ver = | Size = 366 bytes | Modified Date = 1/29/2008 4:49:09 PM | Attr = ] cc_20080130_0734.reg -> %UserProfile%\My Documents\cc_20080130_0734.reg -> [Ver = | Size = 460 bytes | Modified Date = 1/30/2008 7:34:32 AM | Attr = ] cc_20080130_1855.reg -> %UserProfile%\My Documents\cc_20080130_1855.reg -> [Ver = | Size = 762 bytes | Modified Date = 1/30/2008 6:55:16 PM | Attr = ] cc_20080210_1214.reg -> %UserProfile%\My Documents\cc_20080210_1214.reg -> [Ver = | Size = 30486 bytes | Modified Date = 2/10/2008 12:14:21 PM | Attr = ] cc_20080220_0942.reg -> %UserProfile%\My Documents\cc_20080220_0942.reg -> [Ver = | Size = 22950 bytes | Modified Date = 2/20/2008 9:42:56 AM | Attr = ] Contacts -> %UserProfile%\My Documents\Contacts -> [Folder | Created Date = 1/9/2008 3:38:40 PM | Attr = ] Corel User Files -> %UserProfile%\My Documents\Corel User Files -> [Folder | Created Date = 1/9/2008 3:27:54 PM | Attr = ] Corroborating Witness Aff.pdf -> %UserProfile%\My Documents\Corroborating Witness Aff.pdf -> [Ver = | Size = 33592 bytes | Modified Date = 2/18/2008 10:07:58 AM | Attr = ] Cruise Tips.DOC -> %UserProfile%\My Documents\Cruise Tips.DOC -> [Ver = | Size = 163968 bytes | Modified Date = 1/9/2008 10:17:40 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 76 bytes | Modified Date = 1/10/2008 1:06:56 PM | Attr = HS] Documents -> %UserProfile%\My Documents\Documents -> [Folder | Created Date = 1/9/2008 3:37:05 PM | Attr = ] Documents To Go -> %UserProfile%\My Documents\Documents To Go -> [Folder | Created Date = 1/9/2008 10:20:51 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 1/9/2008 2:53:29 PM | Attr = ] DSSPlayer -> %UserProfile%\My Documents\DSSPlayer -> [Folder | Created Date = 1/9/2008 6:31:22 PM | Attr = ] Egg Salad.DOC -> %UserProfile%\My Documents\Egg Salad.DOC -> [Ver = | Size = 15488 bytes | Modified Date = 1/9/2008 10:17:52 PM | Attr = ] EX PARTE NOTES.DOC -> %UserProfile%\My Documents\EX PARTE NOTES.DOC -> [Ver = | Size = 27776 bytes | Modified Date = 1/9/2008 10:17:59 PM | Attr = ] Fees Collected.XLS -> %UserProfile%\My Documents\Fees Collected.XLS -> [Ver = | Size = 6336 bytes | Modified Date = 1/9/2008 10:18:07 PM | Attr = ] Imputed Minimum Wage Calculations.DOC -> %UserProfile%\My Documents\Imputed Minimum Wage Calculations.DOC -> [Ver = | Size = 18048 bytes | Modified Date = 1/9/2008 10:18:12 PM | Attr = ] Macaroni Salad.DOC -> %UserProfile%\My Documents\Macaroni Salad.DOC -> [Ver = | Size = 14976 bytes | Modified Date = 1/9/2008 10:18:23 PM | Attr = ] MacaroniSalad, etc.DOC -> %UserProfile%\My Documents\MacaroniSalad, etc.DOC -> [Ver = | Size = 29824 bytes | Modified Date = 1/9/2008 10:18:30 PM | Attr = ] Mediation Settlement Agreement.DOC -> %UserProfile%\My Documents\Mediation Settlement Agreement.DOC -> [Ver = | Size = 65152 bytes | Modified Date = 1/9/2008 10:18:37 PM | Attr = ] MSA with cx.pdf -> %UserProfile%\My Documents\MSA with cx.pdf -> [Ver = | Size = 2200225 bytes | Modified Date = 2/18/2008 10:07:38 AM | Attr = ] Music Downloads -> %UserProfile%\My Documents\Music Downloads -> [Folder | Created Date = 1/9/2008 4:51:29 PM | Attr = ] My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [Folder | Created Date = 1/9/2008 3:11:22 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 1/9/2008 4:28:24 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 1/9/2008 4:28:24 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 1/9/2008 3:12:27 PM | Attr = R ] Notice of SSN.pdf -> %UserProfile%\My Documents\Notice of SSN.pdf -> [Ver = | Size = 90973 bytes | Modified Date = 2/18/2008 10:08:09 AM | Attr = ] Petition for Dissolution With Cx.pdf -> %UserProfile%\My Documents\Petition for Dissolution With Cx.pdf -> [Ver = | Size = 295402 bytes | Modified Date = 2/18/2008 10:04:40 AM | Attr = ] Potato Salad.DOC -> %UserProfile%\My Documents\Potato Salad.DOC -> [Ver = | Size = 15488 bytes | Modified Date = 1/9/2008 10:18:46 PM | Attr = ] Sample - Closing The Deal.ppt -> %UserProfile%\My Documents\Sample - Closing The Deal.ppt -> [Ver = | Size = 40448 bytes | Modified Date = 7/13/2004 1:41:32 PM | Attr = ] Sample - Closing The Deal1.ppt -> %UserProfile%\My Documents\Sample - Closing The Deal1.ppt -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2008 10:18:52 PM | Attr = ] Sample - Golf and Fitness.xls -> %UserProfile%\My Documents\Sample - Golf and Fitness.xls -> [Ver = | Size = 33792 bytes | Modified Date = 7/13/2004 1:41:32 PM | Attr = ] Sample - Golf Scorecard.XLS -> %UserProfile%\My Documents\Sample - Golf Scorecard.XLS -> [Ver = | Size = 19136 bytes | Modified Date = 1/9/2008 10:18:54 PM | Attr = ] Sample - Home Purchase.xls -> %UserProfile%\My Documents\Sample - Home Purchase.xls -> [Ver = | Size = 25088 bytes | Modified Date = 4/21/2004 9:47:00 AM | Attr = ] Sample - Travel Information.doc -> %UserProfile%\My Documents\Sample - Travel Information.doc -> [Ver = | Size = 77824 bytes | Modified Date = 7/13/2004 1:41:32 PM | Attr = ] Short Form Financial Affidavit.pdf -> %UserProfile%\My Documents\Short Form Financial Affidavit.pdf -> [Ver = | Size = 548743 bytes | Modified Date = 2/18/2008 10:05:45 AM | Attr = ] Symantec -> %UserProfile%\My Documents\Symantec -> [Folder | Created Date = 1/29/2008 11:35:45 AM | Attr = ] Telephone Answering Machin.DOC -> %UserProfile%\My Documents\Telephone Answering Machin.DOC -> [Ver = | Size = 10880 bytes | Modified Date = 1/9/2008 10:18:57 PM | Attr = ] Tunebite -> %UserProfile%\My Documents\Tunebite -> [Folder | Created Date = 2/18/2008 7:27:48 PM | Attr = ] UCCJEA Affidavit.pdf -> %UserProfile%\My Documents\UCCJEA Affidavit.pdf -> [Ver = | Size = 137312 bytes | Modified Date = 2/18/2008 10:06:16 AM | Attr = ] Ulead DVD MovieFactory -> %UserProfile%\My Documents\Ulead DVD MovieFactory -> [Folder | Created Date = 2/25/2008 11:16:10 AM | Attr = ] Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Created Date = 1/9/2008 9:12:30 PM | Attr = ] Ad-Aware SE Personal.lnk -> %AllUsersProfile%\Desktop\Ad-Aware SE Personal.lnk -> [Ver = | Size = 852 bytes | Modified Date = 1/9/2008 9:43:38 PM | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1751 bytes | Modified Date = 2/18/2008 1:32:57 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 860 bytes | Modified Date = 2/20/2008 9:44:58 AM | Attr = ] BookSmart.lnk -> %AllUsersProfile%\Desktop\BookSmart.lnk -> [Ver = | Size = 1581 bytes | Modified Date = 1/9/2008 10:08:36 PM | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [Ver = | Size = 806 bytes | Modified Date = 1/9/2008 10:11:17 PM | Attr = ] Documents To Go.lnk -> %AllUsersProfile%\Desktop\Documents To Go.lnk -> [Ver = | Size = 1624 bytes | Modified Date = 1/9/2008 10:20:51 PM | Attr = ] DVR Player.lnk -> %AllUsersProfile%\Desktop\DVR Player.lnk -> [Ver = | Size = 1906 bytes | Modified Date = 1/29/2008 2:22:11 PM | Attr = ] E-Transcript Viewer.lnk -> %AllUsersProfile%\Desktop\E-Transcript Viewer.lnk -> [Ver = | Size = 580 bytes | Modified Date = 1/9/2008 9:31:22 PM | Attr = ] Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [Ver = | Size = 1455 bytes | Modified Date = 1/9/2008 9:32:25 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2/25/2008 2:56:59 PM | Attr = ] Maxtor Manager.lnk -> %AllUsersProfile%\Desktop\Maxtor Manager.lnk -> [Ver = | Size = 2397 bytes | Modified Date = 2/20/2008 10:39:21 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1613 bytes | Modified Date = 1/9/2008 2:56:06 PM | Attr = ] Napster.lnk -> %AllUsersProfile%\Desktop\Napster.lnk -> [Ver = | Size = 1555 bytes | Modified Date = 2/18/2008 5:11:23 PM | Attr = ] Nero StartSmart.lnk -> %AllUsersProfile%\Desktop\Nero StartSmart.lnk -> [Ver = | Size = 1250 bytes | Modified Date = 1/10/2008 7:31:37 AM | Attr = ] Presentations X3.lnk -> %AllUsersProfile%\Desktop\Presentations X3.lnk -> [Ver = | Size = 948 bytes | Modified Date = 1/9/2008 6:21:33 PM | Attr = ] Quattro Pro X3.lnk -> %AllUsersProfile%\Desktop\Quattro Pro X3.lnk -> [Ver = | Size = 1950 bytes | Modified Date = 1/9/2008 6:21:33 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Modified Date = 2/25/2008 1:20:45 PM | Attr = ] spybotsd152.exe -> %AllUsersProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9723856 bytes | Modified Date = 2/6/2008 10:46:32 AM | Attr = ] Ulead DVD MovieFactory 6 Launcher.lnk -> %AllUsersProfile%\Desktop\Ulead DVD MovieFactory 6 Launcher.lnk -> [Ver = | Size = 2169 bytes | Modified Date = 1/9/2008 10:10:10 PM | Attr = ] WinZip.lnk -> %AllUsersProfile%\Desktop\WinZip.lnk -> [Ver = | Size = 747 bytes | Modified Date = 1/9/2008 9:37:04 PM | Attr = ] WordPerfect X3.lnk -> %AllUsersProfile%\Desktop\WordPerfect X3.lnk -> [Ver = | Size = 2429 bytes | Modified Date = 2/25/2008 1:47:26 PM | Attr = ] America Online 9.0.lnk -> %UserProfile%\Desktop\America Online 9.0.lnk -> [Ver = | Size = 700 bytes | Modified Date = 1/10/2008 7:39:54 AM | Attr = ] Amicus Attorney V.lnk -> %UserProfile%\Desktop\Amicus Attorney V.lnk -> [Ver = | Size = 670 bytes | Modified Date = 1/9/2008 4:40:44 PM | Attr = ] avast! Antivirus.lnk -> %UserProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1732 bytes | Modified Date = 2/15/2008 11:24:09 AM | Attr = ] BitComet.lnk -> %UserProfile%\Desktop\BitComet.lnk -> [Ver = | Size = 705 bytes | Modified Date = 1/9/2008 5:55:10 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1559 bytes | Modified Date = 1/13/2008 5:54:01 PM | Attr = ] CleanUp!.lnk -> %UserProfile%\Desktop\CleanUp!.lnk -> [Ver = | Size = 698 bytes | Modified Date = 1/9/2008 6:05:36 PM | Attr = ] CorelDRAW X3.lnk -> %UserProfile%\Desktop\CorelDRAW X3.lnk -> [Ver = | Size = 1972 bytes | Modified Date = 1/9/2008 6:29:27 PM | Attr = ] Dictation Module.lnk -> %UserProfile%\Desktop\Dictation Module.lnk -> [Ver = | Size = 1638 bytes | Modified Date = 1/9/2008 6:12:00 PM | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1436 bytes | Modified Date = 1/9/2008 10:11:17 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/22/2008 9:19:28 AM | Attr = ] DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [Ver = | Size = 681 bytes | Modified Date = 2/25/2008 11:25:47 AM | Attr = ] ExplorerPlus.lnk -> %UserProfile%\Desktop\ExplorerPlus.lnk -> [Ver = | Size = 1702 bytes | Modified Date = 1/11/2008 4:09:19 PM | Attr = ] HotSync Manager.lnk -> %UserProfile%\Desktop\HotSync Manager.lnk -> [Ver = | Size = 1478 bytes | Modified Date = 1/9/2008 4:40:52 PM | Attr = ] iArt.lnk -> %UserProfile%\Desktop\iArt.lnk -> [Ver = | Size = 661 bytes | Modified Date = 2/20/2008 10:46:18 AM | Attr = ] IsoBuster.lnk -> %UserProfile%\Desktop\IsoBuster.lnk -> [Ver = | Size = 772 bytes | Modified Date = 1/29/2008 9:45:40 AM | Attr = ] LimeWire PRO 4.14.10.lnk -> %UserProfile%\Desktop\LimeWire PRO 4.14.10.lnk -> [Ver = | Size = 1601 bytes | Modified Date = 2/18/2008 7:57:33 PM | Attr = ] MagicISO.lnk -> %UserProfile%\Desktop\MagicISO.lnk -> [Ver = | Size = 1497 bytes | Modified Date = 1/29/2008 9:40:51 AM | Attr = ] Media Center.lnk -> %UserProfile%\Desktop\Media Center.lnk -> [Ver = | Size = 1471 bytes | Modified Date = 1/9/2008 3:10:47 PM | Attr = ] Microsoft Office Excel 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Excel 2007.lnk -> [Ver = | Size = 2561 bytes | Modified Date = 1/9/2008 4:16:58 PM | Attr = ] Microsoft Office Groove 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Groove 2007.lnk -> [Ver = | Size = 2603 bytes | Modified Date = 1/9/2008 4:16:55 PM | Attr = ] Microsoft Office OneNote 2007.lnk -> %UserProfile%\Desktop\Microsoft Office OneNote 2007.lnk -> [Ver = | Size = 2525 bytes | Modified Date = 1/9/2008 4:16:47 PM | Attr = ] Microsoft Office Outlook 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Outlook 2007.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 2/25/2008 8:45:32 AM | Attr = ] Microsoft Office Word 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007.lnk -> [Ver = | Size = 2599 bytes | Modified Date = 1/9/2008 4:16:30 PM | Attr = ] Palm Desktop.lnk -> %UserProfile%\Desktop\Palm Desktop.lnk -> [Ver = | Size = 1603 bytes | Modified Date = 1/9/2008 4:35:57 PM | Attr = ] Palm Quick Install.lnk -> %UserProfile%\Desktop\Palm Quick Install.lnk -> [Ver = | Size = 695 bytes | Modified Date = 1/9/2008 4:40:59 PM | Attr = ] PeerGuardian.lnk -> %UserProfile%\Desktop\PeerGuardian.lnk -> [Ver = | Size = 635 bytes | Modified Date = 2/17/2008 9:44:36 AM | Attr = ] RecordNow!.lnk -> %UserProfile%\Desktop\RecordNow!.lnk -> [Ver = | Size = 1865 bytes | Modified Date = 1/9/2008 9:27:17 PM | Attr = ] RTG Bills.lnk -> %UserProfile%\Desktop\RTG Bills.lnk -> [Ver = | Size = 646 bytes | Modified Date = 2/1/2008 3:52:53 PM | Attr = ] RTG Timer.lnk -> %UserProfile%\Desktop\RTG Timer.lnk -> [Ver = | Size = 646 bytes | Modified Date = 2/1/2008 3:52:53 PM | Attr = ] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1310976 bytes | Modified Date = 2/22/2008 9:18:43 AM | Attr = ] Shortcut to ATF_Cleaner.lnk -> %UserProfile%\Desktop\Shortcut to ATF_Cleaner.lnk -> [Ver = | Size = 686 bytes | Modified Date = 1/9/2008 10:04:02 PM | Attr = ] Shortcut to My Documents on 'Secretary (Cmb)' (Y).lnk -> %UserProfile%\Desktop\Shortcut to My Documents on 'Secretary (Cmb)' (Y).lnk -> [Ver = | Size = 296 bytes | Modified Date = 1/9/2008 6:32:07 PM | Attr = ] Shortcut to rtgbills.lnk -> %UserProfile%\Desktop\Shortcut to rtgbills.lnk -> [Ver = | Size = 855 bytes | Modified Date = 1/9/2008 4:49:48 PM | Attr = ] Shortcut to Team50 on 'Secretary (Cmb)' (Z).lnk -> %UserProfile%\Desktop\Shortcut to Team50 on 'Secretary (Cmb)' (Z).lnk -> [Ver = | Size = 290 bytes | Modified Date = 1/9/2008 6:31:53 PM | Attr = ] Shortcut to Wireless Network Connection.lnk -> %UserProfile%\Desktop\Shortcut to Wireless Network Connection.lnk -> [Ver = | Size = 416 bytes | Modified Date = 1/9/2008 6:32:23 PM | Attr = ] Windows Explorer.lnk -> %UserProfile%\Desktop\Windows Explorer.lnk -> [Ver = | Size = 1486 bytes | Modified Date = 1/10/2008 1:46:14 PM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 793 bytes | Modified Date = 2/26/2008 1:18:04 PM | Attr = ] WindowsDesktopSearch-KB917013-V301-XP-x86-ENU.MSI -> %UserProfile%\Desktop\WindowsDesktopSearch-KB917013-V301-XP-x86-ENU.MSI -> [Ver = | Size = 4981248 bytes | Modified Date = 1/9/2008 4:29:26 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/22/2008 10:10:11 AM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 2/22/2008 10:09:32 AM | Attr = ] WinRAR.lnk -> %UserProfile%\Desktop\WinRAR.lnk -> [Ver = | Size = 643 bytes | Modified Date = 1/9/2008 2:58:07 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1768 bytes | Modified Date = 2/18/2008 1:32:57 PM | Attr = ] Device Detector 3.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> [Ver = | Size = 1661 bytes | Modified Date = 1/9/2008 6:10:59 PM | Attr = ] Guardian PC Security Tools.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Guardian PC Security Tools.lnk -> [Ver = | Size = 799 bytes | Modified Date = 1/10/2008 6:53:30 AM | Attr = ] HOTSYNCSHORTCUTNAME.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk -> [Ver = | Size = 1538 bytes | Modified Date = 1/9/2008 4:36:24 PM | Attr = ] Norton 360.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Norton 360.lnk -> [Ver = | Size = 1643 bytes | Modified Date = 1/29/2008 11:07:37 AM | Attr = ] RAMASST.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> [Ver = | Size = 1505 bytes | Modified Date = 2/15/2006 11:31:48 AM | Attr = ] avast! Antivirus.lnk -> %UserProfile%\Start Menu\Programs\Startup\avast! Antivirus.lnk -> [Ver = | Size = 1720 bytes | Modified Date = 2/15/2008 10:37:33 AM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2/15/2006 10:39:06 AM | Attr = HS] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 1/10/2008 7:28:41 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 1/9/2008 4:59:48 PM | Attr = ] Borland Shared -> %CommonProgramFiles%\Borland Shared -> [Folder | Created Date = 1/9/2008 5:23:30 PM | Attr = ] Corel -> %CommonProgramFiles%\Corel -> [Folder | Created Date = 1/9/2008 6:20:40 PM | Attr = ] DataViz -> %CommonProgramFiles%\DataViz -> [Folder | Created Date = 1/9/2008 9:55:50 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 1/9/2008 3:53:43 PM | Attr = ] InterVideo -> %CommonProgramFiles%\InterVideo -> [Folder | Created Date = 1/9/2008 4:11:12 PM | Attr = ] LightScribe -> %CommonProgramFiles%\LightScribe -> [Folder | Created Date = 1/9/2008 10:10:33 PM | Attr = ] Napster Shared -> %CommonProgramFiles%\Napster Shared -> [Folder | Created Date = 2/18/2008 5:11:11 PM | Attr = ] Roxio Shared -> %CommonProgramFiles%\Roxio Shared -> [Folder | Created Date = 2/18/2008 5:11:11 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 1/29/2008 10:51:50 AM | Attr = ] Ulead Systems -> %CommonProgramFiles%\Ulead Systems -> [Folder | Created Date = 1/9/2008 10:08:40 PM | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1/10/2008 3:28:12 PM | Attr = RH ] 323f793f327497aee543f1 -> %SystemDrive%\323f793f327497aee543f1 -> [Folder | Modified Date = 2/25/2008 2:48:37 PM | Attr = ] 94df04c4cdb956045e6ac17353 -> %SystemDrive%\94df04c4cdb956045e6ac17353 -> [Folder | Modified Date = 2/25/2008 2:49:13 PM | Attr = ] AMIMERGE -> %SystemDrive%\AMIMERGE -> [Folder | Modified Date = 2/19/2008 10:40:06 AM | Attr = ] BJPrinter -> %SystemDrive%\BJPrinter -> [Folder | Modified Date = 1/14/2008 10:14:38 PM | Attr = H ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 1/29/2008 3:37:15 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/25/2008 1:26:54 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/22/2008 9:58:34 AM | Attr = ] deftask.dat -> %SystemDrive%\deftask.dat -> [Ver = | Size = 2139 bytes | Modified Date = 1/28/2008 9:09:52 AM | Attr = ] DOCS -> %SystemDrive%\DOCS -> [Folder | Modified Date = 2/4/2008 4:23:25 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/9/2008 4:28:24 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2/20/2008 4:08:22 PM | Attr = ] FairCom -> %SystemDrive%\FairCom -> [Folder | Modified Date = 1/9/2008 4:41:26 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2137051136 bytes | Modified Date = 2/26/2008 8:55:25 AM | Attr = HS] Maxtor temp -> %SystemDrive%\Maxtor temp -> [Folder | Modified Date = 1/9/2008 5:30:37 PM | Attr = ] MGtools.exe -> %SystemDrive%\MGtools.exe -> [Ver = | Size = 1238689 bytes | Modified Date = 1/13/2008 6:02:36 PM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 1/9/2008 3:39:30 PM | Attr = RH ] OTREE -> %SystemDrive%\OTREE -> [Folder | Modified Date = 1/9/2008 4:43:43 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/25/2008 2:49:45 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 1/9/2008 2:36:43 PM | Attr = HS] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 2/22/2008 9:55:34 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 1/9/2008 4:28:11 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/26/2008 1:16:50 PM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr = ] AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.9.0 | Size = 21275 bytes | Modified Date = 1/9/2008 4:27:48 PM | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Modified Date = 12/4/2007 9:56:02 AM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2/22/2008 9:34:28 AM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 2/22/2008 9:34:28 AM | Attr = ] hosts.20080206-111057.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080206-111057.backup -> [Ver = | Size = 909 bytes | Modified Date = 1/29/2008 4:19:56 PM | Attr = ] hosts.backup -> %SystemRoot%\System32\drivers\etc\hosts.backup -> [Ver = | Size = 222979 bytes | Modified Date = 1/13/2008 6:46:31 PM | Attr = R ] Hosts.bak -> %SystemRoot%\System32\drivers\etc\Hosts.bak -> [Ver = | Size = 224837 bytes | Modified Date = 2/6/2008 11:10:57 AM | Attr = RH ] PalmUSBD.sys -> %SystemRoot%\System32\drivers\PalmUSBD.sys -> PalmSource, Inc. [Ver = 6, 0, 1, 0 | Size = 16694 bytes | Modified Date = 1/9/2008 4:35:23 PM | Attr = ] SnopFree.sys -> %SystemRoot%\System32\drivers\SnopFree.sys -> [Ver = | Size = 9472 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] tbhsd.sys -> %SystemRoot%\System32\drivers\tbhsd.sys -> RapidSolution Software AG [Ver = 2, 5, 7, 0 | Size = 26784 bytes | Modified Date = 12/11/2007 9:52:12 AM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 2/25/2008 2:49:05 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/25/2008 2:48:36 PM | Attr = H ] $ncsp$.inf -> %SystemRoot%\System32\$ncsp$.inf -> [Ver = | Size = 333 bytes | Modified Date = 1/9/2008 4:12:52 PM | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 451 bytes | Modified Date = 1/9/2008 4:28:10 PM | Attr = ] aakah.dll -> %SystemRoot%\System32\aakah.dll -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 81920 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] aakah.sys -> %SystemRoot%\System32\aakah.sys -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 34272 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] aakbdrv.sys -> %SystemRoot%\System32\aakbdrv.sys -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 20768 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] aaksrv.exe -> %SystemRoot%\System32\aaksrv.exe -> Spydex, Inc. [Ver = 3, 6, 0, 0 | Size = 237568 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] AF822943B4.sys -> %SystemRoot%\System32\AF822943B4.sys -> [Ver = | Size = 56 bytes | Modified Date = 1/9/2008 6:22:07 PM | Attr = RHS] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2/25/2008 2:53:50 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 1/9/2008 3:32:05 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Modified Date = 12/4/2007 8:04:28 AM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Modified Date = 12/4/2007 7:54:04 AM | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 14848 bytes | Modified Date = 1/10/2008 10:33:56 AM | Attr = ] bitcometres.dll -> %SystemRoot%\System32\bitcometres.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 1/9/2008 5:55:22 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/26/2008 8:50:43 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/26/2008 9:26:05 AM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 1/10/2008 12:04:06 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 1/9/2008 7:09:45 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 2/25/2008 8:04:03 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 1/9/2008 10:07:24 PM | Attr = ] DLA -> %SystemRoot%\System32\DLA -> [Folder | Modified Date = 2/26/2008 8:55:27 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/26/2008 8:50:43 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/25/2008 2:49:05 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 1/9/2008 5:00:10 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 1/10/2008 1:03:39 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 321136 bytes | Modified Date = 1/29/2008 4:45:10 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 2/25/2008 1:47:36 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 1/30/2008 1:53:04 PM | Attr = ] KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [Ver = | Size = 3766 bytes | Modified Date = 2/25/2008 1:47:29 PM | Attr = HS] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 2/25/2008 2:48:35 PM | Attr = ] lqoe89kr.lwp -> %SystemRoot%\System32\lqoe89kr.lwp -> [Ver = | Size = 4400 bytes | Modified Date = 2/5/2008 7:03:55 PM | Attr = ] mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf -> [Ver = | Size = 1506 bytes | Modified Date = 1/9/2008 6:21:43 PM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2/25/2008 2:53:50 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 70914 bytes | Modified Date = 2/26/2008 9:00:45 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 426354 bytes | Modified Date = 2/26/2008 9:00:45 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 506626 bytes | Modified Date = 2/26/2008 9:00:45 AM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Modified Date = 1/10/2008 3:00:49 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.4.1 | Size = 57344 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.4.1 | Size = 90112 bytes | Modified Date = 1/31/2008 11:13:18 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 1/21/2008 7:57:35 AM | Attr = ] SnoopFreeSvc.exe -> %SystemRoot%\System32\SnoopFreeSvc.exe -> [Ver = | Size = 90112 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Modified Date = 1/9/2008 7:35:17 PM | Attr = ] Status.MPF -> %SystemRoot%\System32\Status.MPF -> [Ver = | Size = 50912 bytes | Modified Date = 1/9/2008 3:33:40 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 1/9/2008 4:19:32 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/26/2008 1:17:00 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/12/2008 8:32:58 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 1/10/2008 1:00:27 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 1/10/2008 1:00:08 PM | Attr = H ] AA50.INI -> %SystemRoot%\AA50.INI -> [Ver = | Size = 5770 bytes | Modified Date = 2/26/2008 11:46:02 AM | Attr = ] AA50INSTALL.INI -> %SystemRoot%\AA50INSTALL.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/9/2008 4:45:16 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/25/2008 2:51:48 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/15/2008 10:24:35 AM | Attr = R S] atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 24 bytes | Modified Date = 1/9/2008 9:46:04 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/26/2008 8:55:26 AM | Attr = S] Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 1/9/2008 9:37:58 PM | Attr = ] CRYSTAL -> %SystemRoot%\CRYSTAL -> [Folder | Modified Date = 1/9/2008 4:41:27 PM | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 1/10/2008 11:21:30 AM | Attr = HS] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/19/2008 8:44:13 AM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 1/9/2008 9:41:43 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/22/2008 10:00:54 AM | Attr = S] Dssole.INI -> %SystemRoot%\Dssole.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/9/2008 6:10:58 PM | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2/25/2008 2:47:55 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2/22/2008 9:59:02 AM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2/22/2008 9:29:49 AM | Attr = ] etrnview.exe -> %SystemRoot%\etrnview.exe -> RealLegal [Ver = 7.2.0.618 | Size = 999506 bytes | Modified Date = 1/9/2008 9:31:22 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 1/29/2008 4:35:52 PM | Attr = R S] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 1/9/2008 9:00:43 PM | Attr = HS] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/25/2008 2:49:41 PM | Attr = ] I386 -> %SystemRoot%\I386 -> [Folder | Modified Date = 1/9/2008 4:28:38 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 1/10/2008 1:02:19 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2/13/2008 3:55:48 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/26/2008 8:50:43 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/25/2008 1:22:23 PM | Attr = HS] iTiAN.id.uses -> %SystemRoot%\iTiAN.id.uses -> [Ver = | Size = 8 bytes | Modified Date = 2/4/2008 11:06:01 PM | Attr = HS] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.3 | Size = 729088 bytes | Modified Date = 1/11/2008 4:08:43 PM | Attr = ] MAXLINK.INI -> %SystemRoot%\MAXLINK.INI -> [Ver = | Size = 78 bytes | Modified Date = 1/9/2008 4:39:36 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/10/2008 1:02:31 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 1/10/2008 12:04:52 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2/19/2008 8:15:02 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1158 bytes | Modified Date = 1/13/2008 5:29:46 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 1/10/2008 12:50:43 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2/20/2008 1:39:19 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/10/2008 12:56:01 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 500 bytes | Modified Date = 1/9/2008 4:43:44 PM | Attr = ] PalmDevC.dll -> %SystemRoot%\PalmDevC.dll -> PalmSource, Inc [Ver = 6.0.1 | Size = 53248 bytes | Modified Date = 1/9/2008 4:35:22 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/26/2008 11:46:15 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/29/2008 3:37:14 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2/25/2008 1:13:38 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/26/2008 8:57:19 AM | Attr = H ] QuickInstall.INI -> %SystemRoot%\QuickInstall.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/27/2008 7:34:10 AM | Attr = ] QUICKI~1.INI -> %SystemRoot%\QUICKI~1.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/25/2008 4:59:20 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/26/2008 8:57:00 AM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 1/9/2008 4:14:56 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 1/9/2008 4:12:49 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 1/9/2008 2:47:22 PM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 1/9/2008 6:20:58 PM | Attr = ] smscfg.ini -> %SystemRoot%\smscfg.ini -> [Ver = | Size = 61 bytes | Modified Date = 1/9/2008 4:12:55 PM | Attr = ] SnoopFreeDll.dll -> %SystemRoot%\SnoopFreeDll.dll -> [Ver = | Size = 45056 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] SnoopFreeUI.exe -> %SystemRoot%\SnoopFreeUI.exe -> SnoopFree Software [Ver = 1, 0, 0, 0 | Size = 221184 bytes | Modified Date = 2/6/2008 11:21:25 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 1/10/2008 1:09:57 PM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 2/7/2008 11:46:24 AM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2/1/2008 2:33:24 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/29/2008 3:37:15 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/26/2008 9:00:45 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/29/2008 10:50:48 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/26/2008 12:58:33 PM | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 11776 bytes | Modified Date = 2/4/2008 4:23:30 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable UNINSTALL.INI -> %SystemRoot%\UNINSTALL.INI -> [Ver = | Size = 0 bytes | Modified Date = 2/18/2008 8:42:47 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 1/10/2008 1:02:38 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 698 bytes | Modified Date = 2/25/2008 2:49:52 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/29/2008 4:39:23 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2/25/2008 2:49:09 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2/23/2008 9:23:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/26/2008 8:55:29 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6718 bytes | Modified Date = 2/26/2008 10:30:27 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7103 bytes | Modified Date = 2/26/2008 10:30:27 AM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 1/9/2008 4:19:25 PM | Attr = ] Perflib_Perfdata_b1c.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_b1c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/26/2008 8:56:51 AM | Attr = ] 2 C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> setup_wm.exe -> C:\Documents and Settings\Carol\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 10.00.00.3931 | Size = 819200 bytes | Modified Date = 10/2/2006 1:30:10 PM | Attr = ] 3 C:\Documents and Settings\Carol\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Carol\Local Settings\Temp\*.tmp -> Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/26/2008 8:55:30 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2/18/2008 1:32:53 PM | Attr = ] Ahead -> %AllUsersProfile%\Application Data\Ahead -> [Folder | Modified Date = 1/10/2008 7:28:47 AM | Attr = ] AOL -> %AllUsersProfile%\Application Data\AOL -> [Folder | Modified Date = 2/4/2008 1:13:50 PM | Attr = ] AOL Downloads -> %AllUsersProfile%\Application Data\AOL Downloads -> [Folder | Modified Date = 1/9/2008 9:46:14 PM | Attr = ] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Modified Date = 1/9/2008 4:59:48 PM | Attr = ] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 1/9/2008 5:01:20 PM | Attr = ] Avg7 -> %AllUsersProfile%\Application Data\Avg7 -> [Folder | Modified Date = 1/29/2008 9:28:09 AM | Attr = ] Borland -> %AllUsersProfile%\Application Data\Borland -> [Folder | Modified Date = 1/9/2008 6:21:23 PM | Attr = ] Corel -> %AllUsersProfile%\Application Data\Corel -> [Folder | Modified Date = 1/9/2008 3:14:00 PM | Attr = ] DataViz -> %AllUsersProfile%\Application Data\DataViz -> [Folder | Modified Date = 1/9/2008 10:20:54 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Modified Date = 2/25/2008 11:25:48 AM | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Modified Date = 1/9/2008 9:09:53 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 2/21/2008 11:07:41 AM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 1/29/2008 9:28:02 AM | Attr = ] HotSync -> %AllUsersProfile%\Application Data\HotSync -> [Folder | Modified Date = 1/9/2008 4:36:23 PM | Attr = ] InstallShield -> %AllUsersProfile%\Application Data\InstallShield -> [Folder | Modified Date = 1/9/2008 3:15:09 PM | Attr = ] Intel -> %AllUsersProfile%\Application Data\Intel -> [Folder | Modified Date = 1/9/2008 4:27:37 PM | Attr = ] InterVideo -> %AllUsersProfile%\Application Data\InterVideo -> [Folder | Modified Date = 1/9/2008 10:11:44 PM | Attr = ] Maxtor -> %AllUsersProfile%\Application Data\Maxtor -> [Folder | Modified Date = 1/9/2008 11:12:44 PM | Attr = ] McAfee.com Personal Firewall -> %AllUsersProfile%\Application Data\McAfee.com Personal Firewall -> [Folder | Modified Date = 1/9/2008 2:51:34 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 1/29/2008 10:50:48 AM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 2/13/2008 3:56:50 PM | Attr = ] Napster -> %AllUsersProfile%\Application Data\Napster -> [Folder | Modified Date = 2/18/2008 5:10:17 PM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1778 bytes | Modified Date = 1/23/2008 11:27:08 AM | Attr = ] RapidSolution -> %AllUsersProfile%\Application Data\RapidSolution -> [Folder | Modified Date = 2/20/2008 11:12:31 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/6/2008 12:09:43 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 2/15/2008 10:27:10 AM | Attr = ] Ulead Systems -> %AllUsersProfile%\Application Data\Ulead Systems -> [Folder | Modified Date = 1/9/2008 10:10:08 PM | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 1/9/2008 9:41:28 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2/18/2008 9:57:08 AM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2/18/2008 5:35:02 PM | Attr = ] Ahead -> %AppData%\Ahead -> [Folder | Modified Date = 1/16/2008 10:43:33 AM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 1/22/2008 10:31:47 PM | Attr = ] Comma Separated Values (Windows).ADR -> %AppData%\Comma Separated Values (Windows).ADR -> [Ver = | Size = 25030 bytes | Modified Date = 1/9/2008 8:55:18 PM | Attr = ] Corel -> %AppData%\Corel -> [Folder | Modified Date = 1/9/2008 3:27:47 PM | Attr = ] DivX -> %AppData%\DivX -> [Folder | Modified Date = 1/29/2008 2:18:23 PM | Attr = ] ExplorerPlus -> %AppData%\ExplorerPlus -> [Folder | Modified Date = 1/9/2008 3:08:55 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 1/9/2008 9:33:55 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 1/10/2008 2:01:34 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 1/24/2008 11:25:42 AM | Attr = ] HotSync -> %AppData%\HotSync -> [Folder | Modified Date = 1/9/2008 4:35:27 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 2/18/2008 5:10:07 PM | Attr = ] Intel -> %AppData%\Intel -> [Folder | Modified Date = 1/9/2008 4:27:30 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 1/9/2008 9:43:41 PM | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Modified Date = 1/9/2008 4:40:12 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 2/19/2008 12:13:57 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 1/9/2008 2:54:10 PM | Attr = ] McAfee.com Personal Firewall -> %AppData%\McAfee.com Personal Firewall -> [Folder | Modified Date = 1/9/2008 3:15:39 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 1/9/2008 9:57:16 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 1/9/2008 2:56:24 PM | Attr = ] MySpace -> %AppData%\MySpace -> [Folder | Modified Date = 1/25/2008 8:44:31 AM | Attr = ] Roxio -> %AppData%\Roxio -> [Folder | Modified Date = 2/18/2008 7:37:43 PM | Attr = ] Sonic -> %AppData%\Sonic -> [Folder | Modified Date = 1/9/2008 9:27:03 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 1/30/2008 1:51:07 PM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 1/29/2008 3:29:34 PM | Attr = ] Tunebite -> %AppData%\Tunebite -> [Folder | Modified Date = 2/20/2008 9:45:24 AM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 1/23/2008 11:56:00 AM | Attr = ] Ulead Systems -> %AppData%\Ulead Systems -> [Folder | Modified Date = 2/25/2008 11:16:10 AM | Attr = ] Windows Desktop Search -> %AppData%\Windows Desktop Search -> [Folder | Modified Date = 1/9/2008 5:17:02 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 1/9/2008 9:12:31 PM | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Modified Date = 1/10/2008 10:03:22 AM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 1/9/2008 5:00:19 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 1/9/2008 5:01:43 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 2/15/2008 10:24:34 AM | Attr = ] CutePDF Writer -> %UserProfile%\Local Settings\Application Data\CutePDF Writer -> [Folder | Modified Date = 2/6/2008 4:18:14 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 9216 bytes | Modified Date = 2/4/2008 4:23:37 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 128 bytes | Modified Date = 1/9/2008 3:10:51 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 2/21/2008 11:07:41 AM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 1/24/2008 11:25:42 AM | Attr = ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Modified Date = 1/9/2008 5:17:11 PM | Attr = ] iPodSoft -> %UserProfile%\Local Settings\Application Data\iPodSoft -> [Folder | Modified Date = 2/20/2008 10:46:52 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2/25/2008 2:54:09 PM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Modified Date = 1/9/2008 3:40:28 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 1/9/2008 2:56:24 PM | Attr = ] systemCurUses -> %UserProfile%\Local Settings\Application Data\systemCurUses -> [Ver = | Size = 9 bytes | Modified Date = 2/20/2008 10:58:47 AM | Attr = HS] systemHdID -> %UserProfile%\Local Settings\Application Data\systemHdID -> [Ver = | Size = 6 bytes | Modified Date = 2/20/2008 10:46:44 AM | Attr = HS] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 1/10/2008 10:58:39 AM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 135 bytes | Modified Date = 1/9/2008 2:46:42 PM | Attr = HS] Symantec -> %AllUsersProfile%\Documents\Symantec -> [Folder | Modified Date = 2/15/2008 10:25:54 AM | Attr = ] a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [Folder | Modified Date = 1/13/2008 9:23:46 PM | Attr = ] Access Codes - Software.DOC -> %UserProfile%\My Documents\Access Codes - Software.DOC -> [Ver = | Size = 11904 bytes | Modified Date = 1/9/2008 10:17:21 PM | Attr = ] Answer Waiver.pdf -> %UserProfile%\My Documents\Answer Waiver.pdf -> [Ver = | Size = 62605 bytes | Modified Date = 2/18/2008 10:08:21 AM | Attr = ] Baked Beans.DOC -> %UserProfile%\My Documents\Baked Beans.DOC -> [Ver = | Size = 13440 bytes | Modified Date = 1/9/2008 10:17:32 PM | Attr = ] CC Backup File Registry -> %UserProfile%\My Documents\CC Backup File Registry -> [Ver = | Size = 230254 bytes | Modified Date = 1/29/2008 3:54:39 PM | Attr = ] cc_20080129_1555.reg -> %UserProfile%\My Documents\cc_20080129_1555.reg -> [Ver = | Size = 29756 bytes | Modified Date = 1/29/2008 3:55:07 PM | Attr = ] cc_20080129_1643.reg -> %UserProfile%\My Documents\cc_20080129_1643.reg -> [Ver = | Size = 65172 bytes | Modified Date = 1/29/2008 4:43:24 PM | Attr = ] cc_20080129_1649.reg -> %UserProfile%\My Documents\cc_20080129_1649.reg -> [Ver = | Size = 366 bytes | Modified Date = 1/29/2008 4:49:09 PM | Attr = ] cc_20080130_0734.reg -> %UserProfile%\My Documents\cc_20080130_0734.reg -> [Ver = | Size = 460 bytes | Modified Date = 1/30/2008 7:34:32 AM | Attr = ] cc_20080130_1855.reg -> %UserProfile%\My Documents\cc_20080130_1855.reg -> [Ver = | Size = 762 bytes | Modified Date = 1/30/2008 6:55:16 PM | Attr = ] cc_20080210_1214.reg -> %UserProfile%\My Documents\cc_20080210_1214.reg -> [Ver = | Size = 30486 bytes | Modified Date = 2/10/2008 12:14:21 PM | Attr = ] cc_20080220_0942.reg -> %UserProfile%\My Documents\cc_20080220_0942.reg -> [Ver = | Size = 22950 bytes | Modified Date = 2/20/2008 9:42:56 AM | Attr = ] Contacts -> %UserProfile%\My Documents\Contacts -> [Folder | Modified Date = 1/9/2008 3:38:40 PM | Attr = ] Corel User Files -> %UserProfile%\My Documents\Corel User Files -> [Folder | Modified Date = 1/9/2008 3:33:29 PM | Attr = ] Corroborating Witness Aff.pdf -> %UserProfile%\My Documents\Corroborating Witness Aff.pdf -> [Ver = | Size = 33592 bytes | Modified Date = 2/18/2008 10:07:58 AM | Attr = ] Cruise Tips.DOC -> %UserProfile%\My Documents\Cruise Tips.DOC -> [Ver = | Size = 163968 bytes | Modified Date = 1/9/2008 10:17:40 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 76 bytes | Modified Date = 1/10/2008 1:06:56 PM | Attr = HS] Documents -> %UserProfile%\My Documents\Documents -> [Folder | Modified Date = 1/9/2008 4:18:07 PM | Attr = ] Documents To Go -> %UserProfile%\My Documents\Documents To Go -> [Folder | Modified Date = 1/9/2008 10:21:34 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 2/25/2008 1:21:39 PM | Attr = ] DSSPlayer -> %UserProfile%\My Documents\DSSPlayer -> [Folder | Modified Date = 1/9/2008 6:31:22 PM | Attr = ] Egg Salad.DOC -> %UserProfile%\My Documents\Egg Salad.DOC -> [Ver = | Size = 15488 bytes | Modified Date = 1/9/2008 10:17:52 PM | Attr = ] EX PARTE NOTES.DOC -> %UserProfile%\My Documents\EX PARTE NOTES.DOC -> [Ver = | Size = 27776 bytes | Modified Date = 1/9/2008 10:17:59 PM | Attr = ] Fees Collected.XLS -> %UserProfile%\My Documents\Fees Collected.XLS -> [Ver = | Size = 6336 bytes | Modified Date = 1/9/2008 10:18:07 PM | Attr = ] Imputed Minimum Wage Calculations.DOC -> %UserProfile%\My Documents\Imputed Minimum Wage Calculations.DOC -> [Ver = | Size = 18048 bytes | Modified Date = 1/9/2008 10:18:12 PM | Attr = ] Macaroni Salad.DOC -> %UserProfile%\My Documents\Macaroni Salad.DOC -> [Ver = | Size = 14976 bytes | Modified Date = 1/9/2008 10:18:23 PM | Attr = ] MacaroniSalad, etc.DOC -> %UserProfile%\My Documents\MacaroniSalad, etc.DOC -> [Ver = | Size = 29824 bytes | Modified Date = 1/9/2008 10:18:30 PM | Attr = ] Mediation Settlement Agreement.DOC -> %UserProfile%\My Documents\Mediation Settlement Agreement.DOC -> [Ver = | Size = 65152 bytes | Modified Date = 1/9/2008 10:18:37 PM | Attr = ] MSA with cx.pdf -> %UserProfile%\My Documents\MSA with cx.pdf -> [Ver = | Size = 2200225 bytes | Modified Date = 2/18/2008 10:07:38 AM | Attr = ] Music Downloads -> %UserProfile%\My Documents\Music Downloads -> [Folder | Modified Date = 2/6/2008 4:18:47 PM | Attr = ] My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [Folder | Modified Date = 1/9/2008 3:11:22 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2/18/2008 7:45:35 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/4/2008 11:27:38 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 1/9/2008 10:11:17 PM | Attr = R ] Notice of SSN.pdf -> %UserProfile%\My Documents\Notice of SSN.pdf -> [Ver = | Size = 90973 bytes | Modified Date = 2/18/2008 10:08:09 AM | Attr = ] Petition for Dissolution With Cx.pdf -> %UserProfile%\My Documents\Petition for Dissolution With Cx.pdf -> [Ver = | Size = 295402 bytes | Modified Date = 2/18/2008 10:04:40 AM | Attr = ] Potato Salad.DOC -> %UserProfile%\My Documents\Potato Salad.DOC -> [Ver = | Size = 15488 bytes | Modified Date = 1/9/2008 10:18:46 PM | Attr = ] Sample - Closing The Deal1.ppt -> %UserProfile%\My Documents\Sample - Closing The Deal1.ppt -> [Ver = | Size = 40960 bytes | Modified Date = 1/9/2008 10:18:52 PM | Attr = ] Sample - Golf Scorecard.XLS -> %UserProfile%\My Documents\Sample - Golf Scorecard.XLS -> [Ver = | Size = 19136 bytes | Modified Date = 1/9/2008 10:18:54 PM | Attr = ] Short Form Financial Affidavit.pdf -> %UserProfile%\My Documents\Short Form Financial Affidavit.pdf -> [Ver = | Size = 548743 bytes | Modified Date = 2/18/2008 10:05:45 AM | Attr = ] Symantec -> %UserProfile%\My Documents\Symantec -> [Folder | Modified Date = 1/29/2008 11:35:45 AM | Attr = ] Telephone Answering Machin.DOC -> %UserProfile%\My Documents\Telephone Answering Machin.DOC -> [Ver = | Size = 10880 bytes | Modified Date = 1/9/2008 10:18:57 PM | Attr = ] Tunebite -> %UserProfile%\My Documents\Tunebite -> [Folder | Modified Date = 2/18/2008 7:27:48 PM | Attr = ] UCCJEA Affidavit.pdf -> %UserProfile%\My Documents\UCCJEA Affidavit.pdf -> [Ver = | Size = 137312 bytes | Modified Date = 2/18/2008 10:06:16 AM | Attr = ] Ulead DVD MovieFactory -> %UserProfile%\My Documents\Ulead DVD MovieFactory -> [Folder | Modified Date = 2/25/2008 11:16:10 AM | Attr = ] Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Modified Date = 1/9/2008 9:12:30 PM | Attr = ] Ad-Aware SE Personal.lnk -> %AllUsersProfile%\Desktop\Ad-Aware SE Personal.lnk -> [Ver = | Size = 852 bytes | Modified Date = 1/9/2008 9:43:38 PM | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1751 bytes | Modified Date = 2/18/2008 1:32:57 PM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 860 bytes | Modified Date = 2/20/2008 9:44:58 AM | Attr = ] BookSmart.lnk -> %AllUsersProfile%\Desktop\BookSmart.lnk -> [Ver = | Size = 1581 bytes | Modified Date = 1/9/2008 10:08:36 PM | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [Ver = | Size = 806 bytes | Modified Date = 1/9/2008 10:11:17 PM | Attr = ] Documents To Go.lnk -> %AllUsersProfile%\Desktop\Documents To Go.lnk -> [Ver = | Size = 1624 bytes | Modified Date = 1/9/2008 10:20:51 PM | Attr = ] DVR Player.lnk -> %AllUsersProfile%\Desktop\DVR Player.lnk -> [Ver = | Size = 1906 bytes | Modified Date = 1/29/2008 2:22:11 PM | Attr = ] E-Transcript Viewer.lnk -> %AllUsersProfile%\Desktop\E-Transcript Viewer.lnk -> [Ver = | Size = 580 bytes | Modified Date = 1/9/2008 9:31:22 PM | Attr = ] Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [Ver = | Size = 1455 bytes | Modified Date = 1/9/2008 9:32:25 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2/25/2008 2:56:59 PM | Attr = ] Maxtor Manager.lnk -> %AllUsersProfile%\Desktop\Maxtor Manager.lnk -> [Ver = | Size = 2397 bytes | Modified Date = 2/20/2008 10:39:21 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1613 bytes | Modified Date = 1/9/2008 2:56:06 PM | Attr = ] Napster.lnk -> %AllUsersProfile%\Desktop\Napster.lnk -> [Ver = | Size = 1555 bytes | Modified Date = 2/18/2008 5:11:23 PM | Attr = ] Nero StartSmart.lnk -> %AllUsersProfile%\Desktop\Nero StartSmart.lnk -> [Ver = | Size = 1250 bytes | Modified Date = 1/10/2008 7:31:37 AM | Attr = ] Presentations X3.lnk -> %AllUsersProfile%\Desktop\Presentations X3.lnk -> [Ver = | Size = 948 bytes | Modified Date = 1/9/2008 6:21:33 PM | Attr = ] Quattro Pro X3.lnk -> %AllUsersProfile%\Desktop\Quattro Pro X3.lnk -> [Ver = | Size = 1950 bytes | Modified Date = 1/9/2008 6:21:33 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Modified Date = 2/25/2008 1:20:45 PM | Attr = ] spybotsd152.exe -> %AllUsersProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9723856 bytes | Modified Date = 2/6/2008 10:46:32 AM | Attr = ] Ulead DVD MovieFactory 6 Launcher.lnk -> %AllUsersProfile%\Desktop\Ulead DVD MovieFactory 6 Launcher.lnk -> [Ver = | Size = 2169 bytes | Modified Date = 1/9/2008 10:10:10 PM | Attr = ] WinZip.lnk -> %AllUsersProfile%\Desktop\WinZip.lnk -> [Ver = | Size = 747 bytes | Modified Date = 1/9/2008 9:37:04 PM | Attr = ] WordPerfect X3.lnk -> %AllUsersProfile%\Desktop\WordPerfect X3.lnk -> [Ver = | Size = 2429 bytes | Modified Date = 2/25/2008 1:47:26 PM | Attr = ] America Online 9.0.lnk -> %UserProfile%\Desktop\America Online 9.0.lnk -> [Ver = | Size = 700 bytes | Modified Date = 1/10/2008 7:39:54 AM | Attr = ] Amicus Attorney V.lnk -> %UserProfile%\Desktop\Amicus Attorney V.lnk -> [Ver = | Size = 670 bytes | Modified Date = 1/9/2008 4:40:44 PM | Attr = ] avast! Antivirus.lnk -> %UserProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1732 bytes | Modified Date = 2/15/2008 11:24:09 AM | Attr = ] BitComet.lnk -> %UserProfile%\Desktop\BitComet.lnk -> [Ver = | Size = 705 bytes | Modified Date = 1/9/2008 5:55:10 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1559 bytes | Modified Date = 1/13/2008 5:54:01 PM | Attr = ] CleanUp!.lnk -> %UserProfile%\Desktop\CleanUp!.lnk -> [Ver = | Size = 698 bytes | Modified Date = 1/9/2008 6:05:36 PM | Attr = ] CorelDRAW X3.lnk -> %UserProfile%\Desktop\CorelDRAW X3.lnk -> [Ver = | Size = 1972 bytes | Modified Date = 1/9/2008 6:29:27 PM | Attr = ] Dictation Module.lnk -> %UserProfile%\Desktop\Dictation Module.lnk -> [Ver = | Size = 1638 bytes | Modified Date = 1/9/2008 6:12:00 PM | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1436 bytes | Modified Date = 1/9/2008 10:11:17 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/22/2008 9:19:28 AM | Attr = ] DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [Ver = | Size = 681 bytes | Modified Date = 2/25/2008 11:25:47 AM | Attr = ] ExplorerPlus.lnk -> %UserProfile%\Desktop\ExplorerPlus.lnk -> [Ver = | Size = 1702 bytes | Modified Date = 1/11/2008 4:09:19 PM | Attr = ] HotSync Manager.lnk -> %UserProfile%\Desktop\HotSync Manager.lnk -> [Ver = | Size = 1478 bytes | Modified Date = 1/9/2008 4:40:52 PM | Attr = ] iArt.lnk -> %UserProfile%\Desktop\iArt.lnk -> [Ver = | Size = 661 bytes | Modified Date = 2/20/2008 10:46:18 AM | Attr = ] IsoBuster.lnk -> %UserProfile%\Desktop\IsoBuster.lnk -> [Ver = | Size = 772 bytes | Modified Date = 1/29/2008 9:45:40 AM | Attr = ] LimeWire PRO 4.14.10.lnk -> %UserProfile%\Desktop\LimeWire PRO 4.14.10.lnk -> [Ver = | Size = 1601 bytes | Modified Date = 2/18/2008 7:57:33 PM | Attr = ] MagicISO.lnk -> %UserProfile%\Desktop\MagicISO.lnk -> [Ver = | Size = 1497 bytes | Modified Date = 1/29/2008 9:40:51 AM | Attr = ] Media Center.lnk -> %UserProfile%\Desktop\Media Center.lnk -> [Ver = | Size = 1471 bytes | Modified Date = 1/9/2008 3:10:47 PM | Attr = ] Microsoft Office Excel 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Excel 2007.lnk -> [Ver = | Size = 2561 bytes | Modified Date = 1/9/2008 4:16:58 PM | Attr = ] Microsoft Office Groove 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Groove 2007.lnk -> [Ver = | Size = 2603 bytes | Modified Date = 1/9/2008 4:16:55 PM | Attr = ] Microsoft Office OneNote 2007.lnk -> %UserProfile%\Desktop\Microsoft Office OneNote 2007.lnk -> [Ver = | Size = 2525 bytes | Modified Date = 1/9/2008 4:16:47 PM | Attr = ] Microsoft Office Outlook 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Outlook 2007.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 2/25/2008 8:45:32 AM | Attr = ] Microsoft Office Word 2007.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007.lnk -> [Ver = | Size = 2599 bytes | Modified Date = 1/9/2008 4:16:30 PM | Attr = ] Palm Desktop.lnk -> %UserProfile%\Desktop\Palm Desktop.lnk -> [Ver = | Size = 1603 bytes | Modified Date = 1/9/2008 4:35:57 PM | Attr = ] Palm Quick Install.lnk -> %UserProfile%\Desktop\Palm Quick Install.lnk -> [Ver = | Size = 695 bytes | Modified Date = 1/9/2008 4:40:59 PM | Attr = ] PeerGuardian.lnk -> %UserProfile%\Desktop\PeerGuardian.lnk -> [Ver = | Size = 635 bytes | Modified Date = 2/17/2008 9:44:36 AM | Attr = ] RecordNow!.lnk -> %UserProfile%\Desktop\RecordNow!.lnk -> [Ver = | Size = 1865 bytes | Modified Date = 1/9/2008 9:27:17 PM | Attr = ] RTG Bills.lnk -> %UserProfile%\Desktop\RTG Bills.lnk -> [Ver = | Size = 646 bytes | Modified Date = 2/1/2008 3:52:53 PM | Attr = ] RTG Timer.lnk -> %UserProfile%\Desktop\RTG Timer.lnk -> [Ver = | Size = 646 bytes | Modified Date = 2/1/2008 3:52:53 PM | Attr = ] SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1310976 bytes | Modified Date = 2/22/2008 9:18:43 AM | Attr = ] Shortcut to ATF_Cleaner.lnk -> %UserProfile%\Desktop\Shortcut to ATF_Cleaner.lnk -> [Ver = | Size = 686 bytes | Modified Date = 1/9/2008 10:04:02 PM | Attr = ] Shortcut to My Documents on 'Secretary (Cmb)' (Y).lnk -> %UserProfile%\Desktop\Shortcut to My Documents on 'Secretary (Cmb)' (Y).lnk -> [Ver = | Size = 296 bytes | Modified Date = 1/9/2008 6:32:07 PM | Attr = ] Shortcut to rtgbills.lnk -> %UserProfile%\Desktop\Shortcut to rtgbills.lnk -> [Ver = | Size = 855 bytes | Modified Date = 1/9/2008 4:49:48 PM | Attr = ] Shortcut to Team50 on 'Secretary (Cmb)' (Z).lnk -> %UserProfile%\Desktop\Shortcut to Team50 on 'Secretary (Cmb)' (Z).lnk -> [Ver = | Size = 290 bytes | Modified Date = 1/9/2008 6:31:53 PM | Attr = ] Shortcut to Wireless Network Connection.lnk -> %UserProfile%\Desktop\Shortcut to Wireless Network Connection.lnk -> [Ver = | Size = 416 bytes | Modified Date = 1/9/2008 6:32:23 PM | Attr = ] Windows Explorer.lnk -> %UserProfile%\Desktop\Windows Explorer.lnk -> [Ver = | Size = 1486 bytes | Modified Date = 1/10/2008 1:46:14 PM | Attr = ] Windows Media Player.lnk -> %UserProfile%\Desktop\Windows Media Player.lnk -> [Ver = | Size = 793 bytes | Modified Date = 2/26/2008 1:18:04 PM | Attr = ] WindowsDesktopSearch-KB917013-V301-XP-x86-ENU.MSI -> %UserProfile%\Desktop\WindowsDesktopSearch-KB917013-V301-XP-x86-ENU.MSI -> [Ver = | Size = 4981248 bytes | Modified Date = 1/9/2008 4:29:26 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/22/2008 10:12:42 AM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480883 bytes | Modified Date = 2/22/2008 10:09:32 AM | Attr = ] WinRAR.lnk -> %UserProfile%\Desktop\WinRAR.lnk -> [Ver = | Size = 643 bytes | Modified Date = 1/9/2008 2:58:07 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1768 bytes | Modified Date = 2/18/2008 1:32:57 PM | Attr = ] Device Detector 3.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Device Detector 3.lnk -> [Ver = | Size = 1661 bytes | Modified Date = 1/9/2008 6:10:59 PM | Attr = ] Guardian PC Security Tools.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Guardian PC Security Tools.lnk -> [Ver = | Size = 799 bytes | Modified Date = 1/10/2008 6:53:30 AM | Attr = ] HOTSYNCSHORTCUTNAME.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk -> [Ver = | Size = 1538 bytes | Modified Date = 1/9/2008 4:36:24 PM | Attr = ] Norton 360.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Norton 360.lnk -> [Ver = | Size = 1643 bytes | Modified Date = 1/29/2008 11:07:37 AM | Attr = ] avast! Antivirus.lnk -> %UserProfile%\Start Menu\Programs\Startup\avast! Antivirus.lnk -> [Ver = | Size = 1720 bytes | Modified Date = 2/15/2008 10:37:33 AM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2/18/2008 1:32:57 PM | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 1/10/2008 7:28:46 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 1/9/2008 4:59:48 PM | Attr = ] Borland Shared -> %CommonProgramFiles%\Borland Shared -> [Folder | Modified Date = 1/9/2008 5:23:30 PM | Attr = ] Corel -> %CommonProgramFiles%\Corel -> [Folder | Modified Date = 1/9/2008 6:20:40 PM | Attr = ] DataViz -> %CommonProgramFiles%\DataViz -> [Folder | Modified Date = 1/9/2008 10:20:54 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 1/9/2008 6:27:31 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 1/9/2008 3:15:07 PM | Attr = ] InterVideo -> %CommonProgramFiles%\InterVideo -> [Folder | Modified Date = 1/9/2008 10:11:52 PM | Attr = ] LightScribe -> %CommonProgramFiles%\LightScribe -> [Folder | Modified Date = 1/9/2008 10:10:34 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 1/10/2008 1:31:29 PM | Attr = ] Napster Shared -> %CommonProgramFiles%\Napster Shared -> [Folder | Modified Date = 2/18/2008 5:11:12 PM | Attr = ] Roxio Shared -> %CommonProgramFiles%\Roxio Shared -> [Folder | Modified Date = 2/18/2008 5:11:11 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2/15/2008 10:27:11 AM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 1/10/2008 12:04:20 PM | Attr = ] Ulead Systems -> %CommonProgramFiles%\Ulead Systems -> [Folder | Modified Date = 1/9/2008 10:09:24 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]