[code] WinPFind35 logfile created on: 3/2/2008 10:27:16 PM WinPFind35U Version 1.0.3.0 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.73 Mb Total Physical Memory | 248.32 Mb Available Physical Memory | 48.62% Memory free 1.22 Gb Paging File | 0.86 Gb Available in Paging File | 70.31% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 12.15 Gb Free Space | 8.15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EDWARD Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] guard.exe -> %ProgramFiles%\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] oodag.exe -> %SystemRoot%\system32\oodag.exe -> O&O Software GmbH [Ver = 8.6.2294 | Size = 707344 bytes | Modified Date = 1/12/2007 10:47:22 PM | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 7:50:10 PM | Attr = ] starwindservice.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/1/2005 8:51:48 PM | Attr = ] lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ] clipomatic.exe -> %ProgramFiles%\Clipomatic\Clipomatic.exe -> [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Modified Date = 5/15/1999 9:48:00 AM | Attr = ] fscapture.exe -> %ProgramFiles%\FastStone Capture\FSCapture.exe -> [Ver = | Size = 1110528 bytes | Modified Date = 1/15/2007 11:48:40 PM | Attr = ] flashnote.exe -> %ProgramFiles%\Flashnote\FlashNote.exe -> Softvoile [Ver = 2, 1, 0, 0 | Size = 532480 bytes | Modified Date = 12/16/2006 9:35:32 AM | Attr = ] autohotkey.exe -> %ProgramFiles%\AutoHotkey\AutoHotkey.exe -> [Ver = 1, 0, 46, 03 | Size = 237568 bytes | Modified Date = 12/18/2006 7:51:19 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/9/2008 8:09:33 PM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 3/1/2008 1:06:42 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/9/2005 9:21:31 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 389120 bytes | Modified Date = 8/3/2004 8:35:08 AM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 8/4/2004 12:10:00 AM | Attr = ] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 11/25/2007 12:51:22 PM | Attr = ] (AutoExNT) AutoExNT [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\Autoexnt.exe -> [Ver = | Size = 5904 bytes | Modified Date = 3/2/2007 6:44:01 PM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> File not found (IISADMIN) IIS Admin [Win32_Shared | Auto | Stopped] -> -> File not found (iPodService) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found (LMIMaint) LogMeIn Maintenance Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LogMeIn\RaMaint.exe -> File not found (LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LogMeIn\LogMeIn.exe -> File not found (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 774144 bytes | Modified Date = 1/15/2007 5:14:38 PM | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 7, 11, 0 | Size = 266240 bytes | Modified Date = 1/15/2007 4:01:56 PM | Attr = ] (O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %SystemRoot%\system32\oodag.exe -> O&O Software GmbH [Ver = 8.6.2294 | Size = 707344 bytes | Modified Date = 1/12/2007 10:47:22 PM | Attr = ] (PAOGWRNH) PAOGWRNH [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PAOGWRNH.exe -> File not found (SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Win32_Shared | Auto | Stopped] -> -> File not found (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 7:50:10 PM | Attr = ] (StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 4/1/2005 8:51:48 PM | Attr = ] (W3SVC) World Wide Web Publishing [Win32_Shared | Auto | Stopped] -> -> File not found (WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [Ver = 12.0.1320.0823 | Size = 261120 bytes | Modified Date = 8/23/2007 2:32:00 PM | Attr = ] (WNDXCN) WNDXCN [Win32_Own | Disabled | Stopped] -> %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WNDXCN.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 4:32:18 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Clipomatic -> %ProgramFiles%\Clipomatic\Clipomatic.exe -> [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Modified Date = 5/15/1999 9:48:00 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Clipomatic -> %ProgramFiles%\Clipomatic\Clipomatic.exe -> [Ver = 1, 0, 0, 1 | Size = 65536 bytes | Modified Date = 5/15/1999 9:48:00 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\FastStone Capture.lnk -> %ProgramFiles%\FastStone Capture\FSCapture.exe -> [Ver = | Size = 1110528 bytes | Modified Date = 1/15/2007 11:48:40 PM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\Flashnote.lnk -> %ProgramFiles%\Flashnote\FlashNote.exe -> Softvoile [Ver = 2, 1, 0, 0 | Size = 532480 bytes | Modified Date = 12/16/2006 9:35:32 AM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\Shortcut to hotkey.ahk.lnk -> %UserProfile%\Desktop\less commonly used\computer tweaking\hotkey.ahk.ahk -> [Ver = | Size = 2347 bytes | Modified Date = 2/3/2008 12:05:06 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\NOD32 Control Center.lnk -> %ProgramFiles%\ESET\nod32kui.exe -> File not found < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> wbsys.dll -> %SystemRoot%\system32\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 10:27:44 PM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] {81559C35-8464-49F7-BB0E-07A383BEF910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 8/2/2003 11:20:57 PM | Attr = R ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> zwebauth.dll -> %SystemRoot%\system32\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 5:37:34 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 8/3/2004 8:35:14 AM | Attr = ] LMIinit -> LMIinit.dll -> File not found WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/20/2001 11:34:52 PM | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSimpleStartMenu -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRemoteRecursiveEvents -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\WizmaxBackup_NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceStartMenuLogoff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MemCheckBoxInRunDlg -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoTrayNotify -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartBanner -> (binary data) -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\New Value #1 -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\\DisableWindowsUpdateAccess -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableWindowsUpdate -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\WizmaxBackup_NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceStartMenuLogoff -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MemCheckBoxInRunDlg -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoTrayNotify -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartBanner -> (binary data) -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\New Value #1 -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharing -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoFileSharingControl -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoPrintSharing -> 1 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ca/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;localhost; -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\: Main\\Start Page -> http://www.google.ca/ -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\: ProxyOverride -> 127.0.0.1;localhost; -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4185 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7487 domain(s) found. -> .[msn] -> My Computer -> 38 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4184 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7487 domain(s) found. -> .[msn] -> My Computer -> 38 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\jccatch.dll [FGCatchUrl] -> www.flashget.com [Ver = 1, 8, 4, 1007 | Size = 94308 bytes | Modified Date = 6/29/2007 6:44:36 AM | Attr = ] {4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 8/2/2003 11:24:01 PM | Attr = R ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] {F156768E-81EF-470C-9057-481BA8380DBA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\getflash.dll [FlashGet GetFlash Class] -> www.flashget.com [Ver = 1, 8, 4, 1003 | Size = 163840 bytes | Modified Date = 5/16/2007 12:05:16 AM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{98C92840-EB1C-40BD-B6A5-395EC9CD6510} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{98C92840-EB1C-40BD-B6A5-395EC9CD6510} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 11/10/2005 1:22:10 PM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 3:00:35 AM | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 9, 0, 1012 | Size = 1990704 bytes | Modified Date = 6/29/2007 6:44:34 AM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{09FE188B-6E85-479e-9411-51FB2220DF80} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{36ECAF82-3300-8F84-092E-AFF36D6C7040} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{44627E97-789B-40d4-B5C2-58BD171129A1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6DDFE91C-A45C-4812-8F57-098932C9D88D} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ] CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 9, 0, 1012 | Size = 1990704 bytes | Modified Date = 6/29/2007 6:44:34 AM | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download All with FlashGet -> %ProgramFiles%\FlashGet\JC_ALL.HTM -> [Ver = | Size = 1049 bytes | Modified Date = 5/15/2007 4:10:34 AM | Attr = ] &Download with FlashGet -> %ProgramFiles%\FlashGet\JC_LINK.HTM -> [Ver = | Size = 1898 bytes | Modified Date = 5/15/2007 4:10:34 AM | Attr = ] Lookup on Merriam Webster -> -> File not found Lookup on Wikipedia -> -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{09FE188B-6E85-479e-9411-51FB2220DF80} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{36ECAF82-3300-8F84-092E-AFF36D6C7040} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{44627E97-789B-40d4-B5C2-58BD171129A1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6DDFE91C-A45C-4812-8F57-098932C9D88D} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ] CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 9, 0, 1012 | Size = 1990704 bytes | Modified Date = 6/29/2007 6:44:34 AM | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download All with FlashGet -> %ProgramFiles%\FlashGet\JC_ALL.HTM -> [Ver = | Size = 1049 bytes | Modified Date = 5/15/2007 4:10:34 AM | Attr = ] &Download with FlashGet -> %ProgramFiles%\FlashGet\JC_LINK.HTM -> [Ver = | Size = 1898 bytes | Modified Date = 5/15/2007 4:10:34 AM | Attr = ] Lookup on Merriam Webster -> -> File not found Lookup on Wikipedia -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {197FCB23-B097-4F45-A12A-B4891B1CE4FD} -> () -> {686C4849-0ABC-4BDC-B9F0-CDAB6C410EC3} -> () -> {DE8216FD-E3AF-4C09-A5C2-F62FFB210A80} -> (Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45) -> {E1D8B755-E872-4C4F-AC62-159E05FB3314} -> () -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> about -> 4 = Restricted sites (Not a Default Protocol) -> about: -> 4 = Restricted sites (Not a Default Protocol) -> mhtml -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Microsoft PKM KnowledgePluggable Class] -> File not found ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab[Reg Error: Key does not exist or could not be opened.] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {5C051655-FCD5-4969-9182-770EA5AA5565}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[Solitaire Showdown Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144009334609[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab[Java Plug-in 1.5.0_04] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {E5D419D6-A846-4514-9FAD-97E826C84822}[HKEY_LOCAL_MACHINE] -> http://fdl.msn.com/zone/datafiles/heartbeat.cab[HeartbeatCtl Class] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 7zFM.exe -> %ProgramFiles%\7-Zip\7zFM.exe [C:\Program Files\7-Zip] -> Igor Pavlov [Ver = 4.45 beta | Size = 295936 bytes | Modified Date = 4/16/2007 11:49:54 PM | Attr = ] ahc.exe -> %ProgramFiles%\Adobe\Adobe Help Center\ahc.exe [C:\Program Files\Adobe\Adobe Help Center\] -> Adobe Systems Incorporated [Ver = 1.0.0.793 | Size = 4460544 bytes | Modified Date = 3/15/2005 8:46:48 PM | Attr = R ] Ahk2Exe.exe -> %ProgramFiles%\AutoHotkey\Compiler\Ahk2Exe.exe [Reg Error: Value Path does not exist or could not be read.] -> [Ver = 1, 0, 46, 03 | Size = 68096 bytes | Modified Date = 12/18/2006 7:50:17 PM | Attr = ] aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 2:08:26 PM | Attr = ] alcohol.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\Alcohol.exe [C:\Program Files\Alcohol Soft\Alcohol 120\] -> Alcohol Soft Development Team [Ver = 1.9.5.4327 | Size = 1309568 bytes | Modified Date = 7/29/2006 1:36:38 PM | Attr = ] AU3_Spy.exe -> %ProgramFiles%\AutoHotkey\AU3_Spy.exe [Reg Error: Value Path does not exist or could not be read.] -> DaloozaSoft [Ver = 1.0 | Size = 14368 bytes | Modified Date = 1/29/2006 6:28:34 PM | Attr = ] aupdate.dll -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found AutoHotkey.exe -> %ProgramFiles%\AutoHotkey\AutoHotkey.exe [Reg Error: Value Path does not exist or could not be read.] -> [Ver = 1, 0, 46, 03 | Size = 237568 bytes | Modified Date = 12/18/2006 7:51:19 PM | Attr = ] AutoScriptWriter.exe -> %ProgramFiles%\AutoHotkey\AutoScriptWriter\AutoScriptWriter.exe [Reg Error: Value Path does not exist or could not be read.] -> DaloozaSoft [Ver = 2.0 | Size = 47136 bytes | Modified Date = 5/1/2004 7:15:32 AM | Attr = ] BackItUp.exe -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\BackItUp.exe [C:\Program Files\Nero\Nero 7\Nero BackItUp\] -> Nero AG [Ver = 2, 7, 3, 2 | Size = 19410944 bytes | Modified Date = 1/15/2007 5:25:32 PM | Attr = ] CamWizrd.exe -> %CommonProgramFiles%\Logitech\QCDRV\BIN\CamWizrd.exe [C:\Program Files\Common Files\Logitech\QCDRV\BIN] -> Logitech Inc. [Ver = 8.4.7.1031 | Size = 184320 bytes | Modified Date = 5/13/2005 12:42:52 PM | Attr = ] ccleaner.exe -> %ProgramFiles%\CCleaner\ccleaner.exe [C:\Program Files\CCleaner] -> Piriform Ltd [Ver = 2, 3, 0, 532 | Size = 787696 bytes | Modified Date = 11/22/2007 11:10:36 AM | Attr = ] CDGrab.exe -> %ProgramFiles%\Illustrate\dBpoweramp\CDGrab.exe [C:\Program Files\Illustrate\dBpoweramp\] -> Illustrate [Ver = 12, 2, 0, 2 | Size = 1585152 bytes | Modified Date = 8/7/2007 9:56:43 AM | Attr = ] combofix.exe -> %UserProfile%\Desktop\ComboFix.exe [Reg Error: Value Path does not exist or could not be read.] -> [Ver = | Size = 1598023 bytes | Modified Date = 2/19/2008 5:31:16 PM | Attr = ] CoreConverter.exe -> %ProgramFiles%\Illustrate\dBpoweramp\CoreConverter.exe [C:\Program Files\Illustrate\dBpoweramp\] -> Illustrate [Ver = 12, 2, 0, 2 | Size = 225280 bytes | Modified Date = 8/7/2007 9:56:42 AM | Attr = ] dBConfig.exe -> %ProgramFiles%\Illustrate\dBpoweramp\dBConfig.exe [C:\Program Files\Illustrate\dBpoweramp\] -> Illustrate [Ver = 12, 2, 0, 2 | Size = 413048 bytes | Modified Date = 8/7/2007 9:56:41 AM | Attr = ] DMCFileSelector.exe -> %ProgramFiles%\Illustrate\dBpoweramp\DMCFileSelector.exe [C:\Program Files\Illustrate\dBpoweramp\] -> Illustrate [Ver = 12, 2, 0, 2 | Size = 364544 bytes | Modified Date = 8/7/2007 9:56:43 AM | Attr = ] Dreamweaver.exe -> %ProgramFiles%\Macromedia\Dreamweaver 8\Dreamweaver.exe [C:\Program Files\Macromedia\Dreamweaver 8\;C:\Program Files\Common Files\Macromedia\] -> Macromedia, Inc. [Ver = 8.0.2.2809 | Size = 14651392 bytes | Modified Date = 4/21/2006 5:18:26 PM | Attr = ] Extension Manager.exe -> %ProgramFiles%\Macromedia\Extension Manager\Extension Manager.exe [C:\Program Files\Macromedia\Extension Manager\;C:\Program Files\Common Files\Macromedia] -> Macromedia, Inc. [Ver = 1.7.240 | Size = 614400 bytes | Modified Date = 8/10/2005 3:13:52 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/9/2008 8:09:33 PM | Attr = ] Flashnote.exe -> %ProgramFiles%\Flashnote\FlashNote.exe [Reg Error: Value Path does not exist or could not be read.] -> Softvoile [Ver = 2, 1, 0, 0 | Size = 532480 bytes | Modified Date = 12/16/2006 9:35:32 AM | Attr = ] FSCapture.exe -> %ProgramFiles%\FastStone Capture\FSCapture.exe [Reg Error: Value Path does not exist or could not be read.] -> [Ver = | Size = 1110528 bytes | Modified Date = 1/15/2007 11:48:40 PM | Attr = ] fsquirt.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found GetPopupInfo.exe -> %ProgramFiles%\Illustrate\dBpoweramp\GetPopupInfo.exe [C:\Program Files\Illustrate\dBpoweramp\] -> Illustrate [Ver = 12, 2, 0, 2 | Size = 151552 bytes | Modified Date = 8/7/2007 9:56:42 AM | Attr = ] guistudiomdl.exe -> %ProgramFiles%\GUI StudioMDL 1.0\guistudiomdl.exe [Reg Error: Value Path does not exist or could not be read.] -> Neil 'Jed' Jedrzejewski [Ver = 1, 0, 0, 0 | Size = 106496 bytes | Modified Date = 4/24/2004 9:51:44 AM | Attr = ] Half-Life editing -> %SystemDrive%\hl-edit [Reg Error: Value Path does not exist or could not be read.] -> [Folder | Modified Date = 4/7/2007 11:04:08 AM | Attr = ] HijackThis.exe -> %ProgramFiles%\HijackThis\HijackThis.exe [C:\Program Files\HijackThis] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 2/29/2008 11:26:08 PM | Attr = ] hlmv.exe -> %ProgramFiles%\Jed's Half-Life Model Viewer 1.3.5\hlmv.exe [Reg Error: Value Path does not exist or could not be read.] -> Neil 'Jed' Jedrzejewski [Ver = 1, 3, 5, 0 | Size = 139264 bytes | Modified Date = 6/23/2005 2:31:04 PM | Attr = ] hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe [Reg Error: Value Path does not exist or could not be read.] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 8/23/2001 4:00:00 PM | Attr = ] ImageDrive.exe -> %ProgramFiles%\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe [C:\Program Files\Nero\Nero 7\Nero ImageDrive\] -> Nero AG [Ver = 3.0.0.12 | Size = 1064960 bytes | Modified Date = 11/8/2006 3:52:28 PM | Attr = ] ImageReady.exe -> %ProgramFiles%\Adobe\Adobe Photoshop CS2\ImageReady.exe [C:\Program Files\Adobe\Adobe Photoshop CS2\] -> Adobe Systems Incorporated [Ver = Version 9.0x196 | Size = 19980288 bytes | Modified Date = 3/22/2005 3:41:12 AM | Attr = ] Installer.exe -> %ProgramFiles%\AMX Mod X\Installer.exe [Reg Error: Value Path does not exist or could not be read.] -> [Ver = | Size = 609792 bytes | Modified Date = 12/24/2006 12:02:06 AM | Attr = ] javaws.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_02\bin] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 7/12/2007 1:22:38 AM | Attr = ] LaunchPad.exe -> %ProgramFiles%\Sony\Station\LaunchPad\LaunchPad.exe [C:\Program Files\Sony\Station\LaunchPad] -> [Ver = | Size = 2392064 bytes | Modified Date = 8/1/2006 6:49:18 PM | Attr = ] Logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe [C:\Program Files\Logitech\Video] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 2:14:44 PM | Attr = ] Madden04.exe -> %ProgramFiles%\EA SPORTS\Madden NFL 2004\Madden04.exe [C:\Program Files\EA SPORTS\Madden NFL 2004] -> [Ver = | Size = 172032 bytes | Modified Date = 7/5/2003 7:38:41 PM | Attr = ] MapleStory.exe -> %ProgramFiles%\Wizet\MapleStory\MapleStory.exe [C:\Program Files\Wizet\MapleStory] -> Wizet [Ver = 1, 0, 0, 1 | Size = 1740322 bytes | Modified Date = 7/11/2007 2:58:53 PM | Attr = ] MotiveSB.exe -> %ProgramFiles%\NetAssistant\SmartBridge [C:\Program Files\Motive\Common] -> [Folder | Modified Date = 3/12/2007 9:35:07 PM | Attr = ] mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player"] -> [Ver = | Size = 4639 bytes | Modified Date = 8/4/2004 3:56:52 AM | Attr = ] msimn.exe -> msimn.exe [%ProgramFiles%\Outlook Express] -> File not found MusicConverter.exe -> %ProgramFiles%\Illustrate\dBpoweramp\MusicConverter.exe [C:\Program Files\Illustrate\dBpoweramp\] -> Illustrate [Ver = 12, 2, 0, 2 | Size = 647168 bytes | Modified Date = 8/7/2007 9:56:42 AM | Attr = ] NCoverEd.exe -> %ProgramFiles%\Ahead\CoverDesigner\CoverDes.exe [C:\Program Files\Ahead\CoverDesigner\] -> Nero AG [Ver = 2, 3, 0, 46 | Size = 2445312 bytes | Modified Date = 7/13/2005 5:05:04 PM | Attr = ] nero.exe -> %ProgramFiles%\Nero\Nero 7\Core\nero.exe [C:\Program Files\Nero\Nero 7\Core\] -> Nero AG [Ver = 7, 7, 5, 1 | Size = 36331520 bytes | Modified Date = 1/12/2007 9:29:14 PM | Attr = ] NeroBurnRights.exe -> %ProgramFiles%\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe [C:\Program Files\Nero\Nero 7\Nero Toolkit\] -> Nero AG [Ver = 2.1.0.6 | Size = 913408 bytes | Modified Date = 11/21/2006 4:06:34 PM | Attr = ] NeroHome.exe -> %ProgramFiles%\Nero\Nero 7\Nero Home\NeroHome.exe [C:\Program Files\Nero\Nero 7\Nero Home\] -> Nero AG [Ver = 1, 7, 11, 0 | Size = 667648 bytes | Modified Date = 1/15/2007 4:15:36 PM | Attr = ] NeroVision.exe -> %ProgramFiles%\Nero\Nero 7\Nero Vision\NeroVision.exe [C:\Program Files\Nero\Nero 7\Nero Vision\] -> Nero AG [Ver = 4,9,0,18 | Size = 1001984 bytes | Modified Date = 1/12/2007 2:22:52 PM | Attr = ] nhl2001.exe -> %ProgramFiles%\EA SPORTS\NHL 2001\nhl2001.exe [C:\PROGRA~1\EASPOR~1\NHL200~1] -> [Ver = | Size = 3022893 bytes | Modified Date = 9/28/2000 5:54:20 PM | Attr = ] notepad++.exe -> %ProgramFiles%\Notepad++\notepad++.exe [Reg Error: Value Path does not exist or could not be read.] -> Don HO don.h@free.fr [Ver = 4.5 | Size = 815104 bytes | Modified Date = 10/24/2007 7:18:46 PM | Attr = ] oodag.exe -> %SystemRoot%\system32\oodag.exe [C:\WINDOWS\system32\] -> O&O Software GmbH [Ver = 8.6.2294 | Size = 707344 bytes | Modified Date = 1/12/2007 10:47:22 PM | Attr = ] oodcmd.exe -> %ProgramFiles%\OO Software\Defrag Professional\oodcmd.exe [C:\Program Files\OO Software\Defrag Professional\] -> O&O Software GmbH [Ver = 8.0.1.4713 | Size = 334096 bytes | Modified Date = 1/12/2007 10:50:24 PM | Attr = ] Photoshop.exe -> %ProgramFiles%\Adobe\Adobe Photoshop CS2\Photoshop.exe [C:\Program Files\Adobe\Adobe Photoshop CS2\] -> Adobe Systems, Incorporated [Ver = 9.0 (9.0x196) | Size = 19533824 bytes | Modified Date = 3/22/2005 4:29:36 AM | Attr = ] pinball.exe -> %ProgramFiles%\Windows NT\Pinball\pinball.exe [C:\Program Files\Windows NT\Pinball] -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Modified Date = 8/4/2004 3:56:55 AM | Attr = ] PowerDVD -> %ProgramFiles%\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD] -> CyberLink Corp. [Ver = 6.00.2023 | Size = 528384 bytes | Modified Date = 8/23/2005 12:33:26 AM | Attr = ] PowerDVD.exe -> %ProgramFiles%\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD] -> CyberLink Corp. [Ver = 6.00.2023 | Size = 528384 bytes | Modified Date = 8/23/2005 12:33:26 AM | Attr = ] Recode.exe -> %ProgramFiles%\Nero\Nero 7\Nero Recode\Recode.exe [C:\Program Files\Nero\Nero 7\Nero Recode\] -> Nero AG [Ver = 2, 4, 5, 0 | Size = 11837440 bytes | Modified Date = 12/8/2006 12:00:14 PM | Attr = ] recuva.exe -> %ProgramFiles%\Recuva\recuva.exe [C:\Program Files\Recuva] -> Piriform Ltd [Ver = 1, 8, 0, 174 | Size = 786160 bytes | Modified Date = 11/15/2007 11:30:58 AM | Attr = ] RoxioTarget.exe -> %ProgramFiles%\Logitech\Video\RoxioTarget.exe [Reg Error: Value Path does not exist or could not be read.] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 29696 bytes | Modified Date = 6/8/2005 2:23:38 PM | Attr = ] SmartBridge.exe -> %ProgramFiles%\NetAssistant\SmartBridge [Reg Error: Value Path does not exist or could not be read.] -> [Folder | Modified Date = 3/12/2007 9:35:07 PM | Attr = ] SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX [C:\Program Files\Analog Devices\SoundMAX] -> [Folder | Modified Date = 3/12/2007 9:23:15 PM | Attr = ] Unlocker.exe -> %ProgramFiles%\Unlocker\Unlocker.exe [Reg Error: Value Path does not exist or could not be read.] -> [Ver = | Size = 86528 bytes | Modified Date = 9/7/2006 12:19:19 PM | Attr = ] wab.exe -> wab.exe [%ProgramFiles%\Outlook Express] -> File not found wabmig.exe -> wabmig.exe [%ProgramFiles%\Outlook Express] -> File not found WaveChk.exe -> %ProgramFiles%\Logitech\Video\WaveChk.exe [Reg Error: Value Path does not exist or could not be read.] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 131072 bytes | Modified Date = 6/8/2005 1:46:58 PM | Attr = ] WinDVR.exe -> %ProgramFiles%\InterVideo\WinDVR\WinDvr.exe [C:\Program Files\InterVideo\WinDVR] -> InterVideo Inc. [Ver = 2.0.34.282 | Size = 712782 bytes | Modified Date = 9/3/2003 6:52:36 PM | Attr = ] WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR] -> [Ver = | Size = 936960 bytes | Modified Date = 9/20/2007 6:34:22 PM | Attr = ] WMPBurn.exe -> %ProgramFiles%\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe [C:\Program Files\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\] -> Nero AG [Ver = 2, 0, 2, 6 | Size = 1335296 bytes | Modified Date = 7/25/2006 7:25:06 PM | Attr = ] WORDPAD.EXE -> %ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE [Reg Error: Value Path does not exist or could not be read.] -> File not found WRITE.EXE -> %ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE [Reg Error: Value Path does not exist or could not be read.] -> File not found xfire.exe -> %ProgramFiles%\Xfire\xfire.exe [Reg Error: Value Path does not exist or could not be read.] -> Xfire Inc. [Ver = 13133 | Size = 2880336 bytes | Modified Date = 1/30/2008 9:03:24 PM | Attr = ] xplorer2.exe -> %UserProfile%\My Documents\Downloads\Xplorer2 Pro v1.6.0.0 with manual (full)\crk\xplorer2_UC.exe [Reg Error: Value Path does not exist or could not be read.] -> ZabKat [Ver = 1, 6, 0, 0 | Size = 292316 bytes | Modified Date = 6/22/2006 11:27:10 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOMHTTP -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\ElevateNonAdmins -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 17 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdates -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 600 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\RestrictAnonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\RestrictAnonymousSAM -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\EveryoneIncludesAnonymous -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ForceGuest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 5:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Name -> ZWebAuth -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Comment -> MSN Gaming Zone SSP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Capabilities -> 48 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\TokenSize -> 44 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 57763 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2806B2F9-C8EC-4D66-9391-BBD3E0BD8DE3} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DE8216FD-E3AF-4C09-A5C2-F62FFB210A80} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 57763 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2806B2F9-C8EC-4D66-9391-BBD3E0BD8DE3} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DE8216FD-E3AF-4C09-A5C2-F62FFB210A80} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {01000A03-E058-11D3-9C13-0000E220DC33} -> MiraScan V4.03 {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} -> Security Update for CAPICOM (KB931906) {1577AE5D-907A-400E-9F48-65749744BFF5}_is1 -> Webserver Stress Tool 7 {184E7118-0295-43C4-B72C-1D54AA75AAF7} -> Windows Live Mail {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 {3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2 {508CE775-4BA4-4748-82DF-FE28DA9F03B0} -> Windows Live Messenger {53480370-6CA2-47EC-BC05-02B4B9271C31} -> O&O Defrag Professional Edition {5783F2D7-6001-0409-0002-0060B0CE6BBA} -> AutoCAD 2008 - English {6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0 {786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0 {789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client {7BC43F11-02C8-45FA-ABDC-E2F9FF31F825} -> Windows Live installer {8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer {90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007 {96E3AED5-3D0B-4BB0-84C2-1EDADB204487} -> FlashFXP v3 {A25B43DE-B43F-4288-A52A-3EA3B1674B35} -> MapleStory {A49F249F-0C91-497F-86DF-B2585E8E76B7} -> Microsoft Visual C++ 2005 Redistributable {B0C30E93-D3D9-4F04-A2AC-54749B573275} -> Command & Conquer 3 {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player {B74D4E10-1033-0000-0000-000000000001} -> Adobe Bridge 1.0 {BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1 -> ConvertXtoDVD 2.1.12.214 {C43048A9-742C-4DAD-90D2-E3B53C9DB825} -> Logitech QuickCam Software {CB5EA99C-8A5B-49F2-9A1A-2EF78BE4DB41} -> Windows Live Sign-in Assistant {CC9D60B8-B270-4AE0-8208-CCB01C42CD6A} -> InterVideo WinDVR {D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} -> GTA San Andreas {D47087E7-AA15-4D1D-8C0A-60F7E446D597} -> PSP ISO Compressor {DDDD90B2-80F2-413A-8A8E-38C5076A7DBA} -> Dragon NaturallySpeaking 9 {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} -> Windows Media Encoder 9 Series {E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0 7-Zip -> 7-Zip 4.45 beta Adobe Flash Player Plugin -> Adobe Flash Player Plugin Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 AutoCAD 2008 - English -> AutoCAD 2008 - English AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 CCleaner -> CCleaner (remove only) Clipomatic -> Clipomatic CrossLoop_is1 -> CrossLoop 1.2 dBpoweramp Music Converter -> dBpoweramp Music Converter dBpoweramp Windows Media Audio 10 Codec -> dBpoweramp Windows Media Audio 10 Codec dBpowerAMP Windows Media Audio 9 Codec -> dBpowerAMP Windows Media Audio 9 Codec FlashGet -> FlashGet 1.9.0.1012 Foxit PDF Editor -> Foxit PDF Editor Free Music Zilla_is1 -> Free Music Zilla Freez FLV to MP3 Converter V1.2_is1 -> Freez FLV to MP3 Converter FrostWire -> FrostWire 4.13.2.0 GMailFS -> GMail Drive Shell Extension GoldWave v5.20 -> GoldWave v5.20 GUI StudioMDL -> GUI StudioMDL 1.0 Half-Life editing -> Half-Life editing 0.9b Halo CE -> Microsoft Halo Custom Edition Hamachi -> Hamachi 1.0.1.5 HijackThis -> HijackThis 2.0.2 HLSW_is1 -> HLSW v1.2.0 HUFFYUV -> Huffyuv AVI lossless video codec (Remove Only) IrfanView -> IrfanView (remove only) KB901190 -> Security Update for Windows XP (KB901190) KB921503 -> Security Update for Windows XP (KB921503) KB925902 -> Security Update for Windows XP (KB925902) KB927891 -> Update for Windows XP (KB927891) KB928365.T1_1ToU569_1 -> Security Update for Microsoft .NET Framework 2.0 (KB928365) KB929123 -> Security Update for Windows XP (KB929123) KB929338 -> Update for Windows XP (KB929338) KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) KB930178 -> Security Update for Windows XP (KB930178) KB930916 -> Update for Windows XP (KB930916) KB931261 -> Security Update for Windows XP (KB931261) KB931768 -> Security Update for Windows XP (KB931768) KB931784 -> Security Update for Windows XP (KB931784) KB931906 -> Security Update for CAPICOM (KB931906) KB932168 -> Security Update for Windows XP (KB932168) KB933360 -> Update for Windows XP (KB933360) KB933566 -> Security Update for Windows XP (KB933566) KB933729 -> Security Update for Windows XP (KB933729) KB935839 -> Security Update for Windows XP (KB935839) KB935840 -> Security Update for Windows XP (KB935840) KB936021 -> Security Update for Windows XP (KB936021) KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) KB937143 -> Security Update for Windows XP (KB937143) KB937894 -> Security Update for Windows XP (KB937894) KB938127 -> Security Update for Windows XP (KB938127) KB938828 -> Update for Windows XP (KB938828) KB938829 -> Security Update for Windows XP (KB938829) KB939373 -> Security Update for Windows XP (KB939373) KB939653 -> Security Update for Windows XP (KB939653) KB939683 -> Hotfix for Windows Media Player 11 (KB939683) KB941202 -> Security Update for Windows XP (KB941202) KB941568 -> Security Update for Windows XP (KB941568) KB941569 -> Security Update for Windows XP (KB941569) KB941644 -> Security Update for Windows XP (KB941644) KB942615 -> Security Update for Windows XP (KB942615) KB942763 -> Update for Windows XP (KB942763) KB942840 -> Update for Windows XP (KB942840) KB943460 -> Security Update for Windows XP (KB943460) KB943485 -> Security Update for Windows XP (KB943485) KB944653 -> Security Update for Windows XP (KB944653) KB946627 -> Update for Windows XP (KB946627) KLiteCodecPack_is1 -> K-Lite Mega Codec Pack 1.53 Macro Express 3 -> Macro Express 3 MediaCoder PSP Edition -> MediaCoder PSP Edition 0.6.0 Messenger Plus! Live -> Messenger Plus! Live Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0 Mozilla Firefox (2.0.0.12) -> Mozilla Firefox (2.0.0.12) Mp3tag -> Mp3tag v2.39 MSTTS -> Microsoft Text-to-Speech Engine 4.0 (English) Notepad++ -> Notepad++ PacSteamT -> PacSteamT Panda ActiveScan -> Panda ActiveScan PeerGuardian_is1 -> PeerGuardian 2.0 QcDrv -> Logitech® Camera Driver QuickSFV -> QuickSFV (Remove only) ReadPlease 2003_is1 -> ReadPlease 2003/ReadPlease PLUS 2003 Recuva -> Recuva (remove only) Spybot - Search & Destroy_is1 -> Spybot - Search & Destroy 1.4 Starcraft -> Starcraft Steam App 400 -> Portal StuffPlug3 -> StuffPlug 3 System Requirements Lab -> System Requirements Lab UltraISO_is1 -> UltraISO Premium V8.65 Unlocker -> Unlocker 1.8.5 VirtuaWin_is1 -> VirtuaWin v3.2 VLC media player -> VideoLAN VLC media player 0.8.6d Windows Media Encoder 9 -> Windows Media Encoder 9 Series Windows XP Service Pack -> Windows XP Service Pack 3 WinMount_is1 -> WinMount V2.0.6 WinRAR archiver -> WinRAR archiver Xfire -> Xfire (remove only) xplorer2p -> xplorer² professional ZHTIELangPack -> Chinese (Traditional) Language Support < Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> Steam App 10 -> Counter-Strike Steam App 215 -> Source SDK Base uTorrent -> µTorrent < Uninstall List [HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\] > -> HKEY_USERS\S-1-5-21-1292428093-1606980848-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> Steam App 10 -> Counter-Strike Steam App 215 -> Source SDK Base uTorrent -> µTorrent [Files/Folders - Created Within 90 days] 0dac2256ea0ffa904f0ecfa2c272 -> %SystemDrive%\0dac2256ea0ffa904f0ecfa2c272 -> [Folder | Created Date = 12/29/2007 2:40:28 PM | Attr = ] ATI -> %SystemDrive%\ATI -> [Folder | Created Date = 12/9/2007 9:09:54 PM | Attr = ] audio.jobs -> %SystemDrive%\audio.jobs -> [Ver = | Size = 1607 bytes | Modified Date = 12/5/2007 5:49:27 PM | Attr = ] audio.mp2 -> %SystemDrive%\audio.mp2 -> [Ver = | Size = 88192732 bytes | Modified Date = 12/5/2007 6:01:27 PM | Attr = ] bbmpeg.ini -> %SystemDrive%\bbmpeg.ini -> [Ver = | Size = 4804 bytes | Modified Date = 12/5/2007 6:14:23 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/18/2008 6:27:30 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535613440 bytes | Modified Date = 3/2/2008 11:31:46 AM | Attr = HS] Mp3 Output -> %SystemDrive%\Mp3 Output -> [Folder | Created Date = 12/26/2007 7:30:57 PM | Attr = ] Nexon -> %SystemDrive%\Nexon -> [Folder | Created Date = 1/26/2008 5:35:00 PM | Attr = ] nja -> %SystemDrive%\nja -> [Folder | Created Date = 12/8/2007 7:45:46 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2/19/2008 5:34:14 PM | Attr = ] test.avs -> %SystemDrive%\test.avs -> [Ver = | Size = 331 bytes | Modified Date = 12/5/2007 6:01:27 PM | Attr = ] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 1/28/2008 12:17:56 PM | Attr = ] video.avs -> %SystemDrive%\video.avs -> [Ver = | Size = 223 bytes | Modified Date = 12/5/2007 6:14:20 PM | Attr = ] video.mpv -> %SystemDrive%\video.mpv -> [Ver = | Size = 0 bytes | Modified Date = 12/5/2007 6:14:21 PM | Attr = ] video.tpr -> %SystemDrive%\video.tpr -> [Ver = | Size = 9000 bytes | Modified Date = 12/5/2007 6:14:20 PM | Attr = ] VueScan -> %SystemDrive%\VueScan -> [Folder | Created Date = 2/2/2008 9:46:38 PM | Attr = ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr = ] WinMTBus.sys -> %SystemRoot%\System32\drivers\WinMTBus.sys -> WinMount International Inc. [Ver = 1.00 | Size = 196224 bytes | Modified Date = 4/11/2007 12:35:38 PM | Attr = ] 1.reg -> %SystemRoot%\System32\1.reg -> [Ver = | Size = 2364 bytes | Modified Date = 3/2/2007 6:44:01 PM | Attr = ] a15.tbl -> %SystemRoot%\System32\a15.tbl -> [Ver = | Size = 1460 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] a234.tbl -> %SystemRoot%\System32\a234.tbl -> [Ver = | Size = 44370 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] acode.tbl -> %SystemRoot%\System32\acode.tbl -> [Ver = | Size = 44370 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] arphr.tbl -> %SystemRoot%\System32\arphr.tbl -> [Ver = | Size = 110566 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] arptr.tbl -> %SystemRoot%\System32\arptr.tbl -> [Ver = | Size = 16312 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] array30.tab -> %SystemRoot%\System32\array30.tab -> [Ver = | Size = 146126 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] arrayhw.tab -> %SystemRoot%\System32\arrayhw.tab -> [Ver = | Size = 18600 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] Autoexnt.bat -> %SystemRoot%\System32\Autoexnt.bat -> [Ver = | Size = 175 bytes | Modified Date = 3/2/2007 6:44:01 PM | Attr = ] Autoexnt.exe -> %SystemRoot%\System32\Autoexnt.exe -> [Ver = | Size = 5904 bytes | Modified Date = 3/2/2007 6:44:01 PM | Attr = ] BarCod32.OCX -> %SystemRoot%\System32\BarCod32.OCX -> [Ver = 1.70.001 | Size = 86960 bytes | Modified Date = 6/23/1999 12:05:22 AM | Attr = ] big5.nls -> %SystemRoot%\System32\big5.nls -> [Ver = | Size = 66728 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\bopomofo.nls -> [Ver = | Size = 82172 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] CRCOMBO.ocx -> %SystemRoot%\System32\CRCOMBO.ocx -> Boma Technology Co.,Ltd. [Ver = 1.01.0003 | Size = 61440 bytes | Modified Date = 1/4/2000 9:37:32 AM | Attr = ] c_10001.nls -> %SystemRoot%\System32\c_10001.nls -> [Ver = | Size = 162850 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10002.nls -> %SystemRoot%\System32\c_10002.nls -> [Ver = | Size = 195618 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10003.nls -> %SystemRoot%\System32\c_10003.nls -> [Ver = | Size = 177698 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_10008.nls -> %SystemRoot%\System32\c_10008.nls -> [Ver = | Size = 173602 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_1361.nls -> %SystemRoot%\System32\c_1361.nls -> [Ver = | Size = 189986 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20000.nls -> %SystemRoot%\System32\c_20000.nls -> [Ver = | Size = 180258 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20290.nls -> %SystemRoot%\System32\c_20290.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20932.nls -> %SystemRoot%\System32\c_20932.nls -> [Ver = | Size = 180770 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20936.nls -> %SystemRoot%\System32\c_20936.nls -> [Ver = | Size = 173602 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_20949.nls -> %SystemRoot%\System32\c_20949.nls -> [Ver = | Size = 177698 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] c_21027.nls -> %SystemRoot%\System32\c_21027.nls -> [Ver = | Size = 66082 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] dayiphr.tbl -> %SystemRoot%\System32\dayiphr.tbl -> [Ver = | Size = 520 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] dayiptr.tbl -> %SystemRoot%\System32\dayiptr.tbl -> [Ver = | Size = 700 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] DriverInstall.dll -> %SystemRoot%\System32\DriverInstall.dll -> [Ver = | Size = 45056 bytes | Modified Date = 8/29/2007 9:11:04 AM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Created Date = 12/28/2007 10:10:52 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Eztw32.dll -> %SystemRoot%\System32\Eztw32.dll -> [Ver = | Size = 65536 bytes | Modified Date = 9/14/1998 8:43:16 PM | Attr = R ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] fximg50g.ocx -> %SystemRoot%\System32\fximg50g.ocx -> Pegasus Software LLC [Ver = 5, 0, 1, 3 | Size = 238080 bytes | Modified Date = 6/16/1999 8:19:46 AM | Attr = ] fxlbl50g.ocx -> %SystemRoot%\System32\fxlbl50g.ocx -> Pegasus Software, LLC [Ver = 5, 0, 0, 8 | Size = 178688 bytes | Modified Date = 6/16/1999 8:23:32 AM | Attr = ] fxrtx50g.ocx -> %SystemRoot%\System32\fxrtx50g.ocx -> Pegasus Software, LLC [Ver = 5, 0, 0, 9 | Size = 170496 bytes | Modified Date = 6/16/1999 8:25:04 AM | Attr = ] fxtls532.dll -> %SystemRoot%\System32\fxtls532.dll -> ImageFX [Ver = 5, 0, 0, 5 | Size = 122880 bytes | Modified Date = 2/25/1999 11:32:56 AM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] imagr3.dll -> %SystemRoot%\System32\imagr3.dll -> Pegasus Software,LLC [Ver = 3.00.069 | Size = 313856 bytes | Modified Date = 4/5/1999 1:05:14 PM | Attr = ] imagx3.dll -> %SystemRoot%\System32\imagx3.dll -> Pegasus Software, LLC [Ver = 3.00.018 | Size = 415744 bytes | Modified Date = 5/24/1999 2:30:38 PM | Attr = ] imagxpr3.dll -> %SystemRoot%\System32\imagxpr3.dll -> [Ver = 3.00.018 | Size = 255344 bytes | Modified Date = 5/21/1999 9:35:16 AM | Attr = ] Instexnt.exe -> %SystemRoot%\System32\Instexnt.exe -> [Ver = | Size = 34064 bytes | Modified Date = 3/2/2007 6:44:01 PM | Attr = ] IVIresize.dll -> %SystemRoot%\System32\IVIresize.dll -> [Ver = | Size = 20480 bytes | Modified Date = 12/10/2001 6:42:22 PM | Attr = ] IVIresizeA6.dll -> %SystemRoot%\System32\IVIresizeA6.dll -> [Ver = | Size = 200704 bytes | Modified Date = 12/10/2001 6:42:26 PM | Attr = ] IVIresizeM6.dll -> %SystemRoot%\System32\IVIresizeM6.dll -> [Ver = | Size = 192512 bytes | Modified Date = 12/10/2001 6:42:26 PM | Attr = ] IVIresizeP6.dll -> %SystemRoot%\System32\IVIresizeP6.dll -> [Ver = | Size = 192512 bytes | Modified Date = 12/10/2001 6:42:24 PM | Attr = ] IVIresizePX.dll -> %SystemRoot%\System32\IVIresizePX.dll -> [Ver = | Size = 188416 bytes | Modified Date = 12/10/2001 6:42:24 PM | Attr = ] IVIresizeW7.dll -> %SystemRoot%\System32\IVIresizeW7.dll -> [Ver = | Size = 204800 bytes | Modified Date = 12/10/2001 6:42:28 PM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] ksc.nls -> %SystemRoot%\System32\ksc.nls -> [Ver = | Size = 47066 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] lcphrase.tbl -> %SystemRoot%\System32\lcphrase.tbl -> [Ver = | Size = 211938 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] lcptr.tbl -> %SystemRoot%\System32\lcptr.tbl -> [Ver = | Size = 24114 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] lfpsd13n.dll -> %SystemRoot%\System32\lfpsd13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 55808 bytes | Modified Date = 5/22/2003 4:31:56 PM | Attr = ] libmp3lame-0.dll -> %SystemRoot%\System32\libmp3lame-0.dll -> [Ver = | Size = 383238 bytes | Modified Date = 2/25/2007 3:36:44 PM | Attr = ] MDraw32p.ocx -> %SystemRoot%\System32\MDraw32p.ocx -> Bennet-Tec Information Systems, Inc. [Ver = 2.5.006 | Size = 471800 bytes | Modified Date = 9/28/1999 2:50:06 AM | Attr = R ] msdayi.tbl -> %SystemRoot%\System32\msdayi.tbl -> [Ver = | Size = 116285 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] NCMedia.dll -> %SystemRoot%\System32\NCMedia.dll -> [Ver = | Size = 4762112 bytes | Modified Date = 3/1/2007 4:18:36 AM | Attr = ] noise.jpn -> %SystemRoot%\System32\noise.jpn -> [Ver = | Size = 2060 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] noise.kor -> %SystemRoot%\System32\noise.kor -> [Ver = | Size = 1486 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] phon.tbl -> %SystemRoot%\System32\phon.tbl -> [Ver = | Size = 4071 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] phoncode.tbl -> %SystemRoot%\System32\phoncode.tbl -> [Ver = | Size = 43242 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] phonptr.tbl -> %SystemRoot%\System32\phonptr.tbl -> [Ver = | Size = 2714 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] picn1320.ssm -> %SystemRoot%\System32\picn1320.ssm -> [Ver = | Size = 47163 bytes | Modified Date = 12/10/1998 6:59:34 AM | Attr = ] picn1820.ssm -> %SystemRoot%\System32\picn1820.ssm -> [Ver = | Size = 59013 bytes | Modified Date = 1/29/1999 5:36:16 PM | Attr = ] picn20.dll -> %SystemRoot%\System32\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.11 | Size = 29184 bytes | Modified Date = 3/30/1999 6:42:40 AM | Attr = ] picn8220.ssm -> %SystemRoot%\System32\picn8220.ssm -> [Ver = | Size = 16066 bytes | Modified Date = 1/29/1999 5:32:54 PM | Attr = ] PINTLPAD.HLP -> %SystemRoot%\System32\PINTLPAD.HLP -> [Ver = | Size = 14821 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] PINTLPAE.HLP -> %SystemRoot%\System32\PINTLPAE.HLP -> [Ver = | Size = 16254 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] prc.nls -> %SystemRoot%\System32\prc.nls -> [Ver = | Size = 83748 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] prcp.nls -> %SystemRoot%\System32\prcp.nls -> [Ver = | Size = 83748 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] Servmess.dll -> %SystemRoot%\System32\Servmess.dll -> [Ver = | Size = 2320 bytes | Modified Date = 3/2/2007 6:44:01 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] WinMTBus.inf -> %SystemRoot%\System32\WinMTBus.inf -> [Ver = | Size = 1724 bytes | Modified Date = 4/11/2007 12:35:36 PM | Attr = ] WinMTBus.sys -> %SystemRoot%\System32\WinMTBus.sys -> WinMount International Inc. [Ver = 1.00 | Size = 196224 bytes | Modified Date = 4/11/2007 12:35:38 PM | Attr = ] WINPY.MB -> %SystemRoot%\System32\WINPY.MB -> [Ver = | Size = 1783864 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] WINSP.MB -> %SystemRoot%\System32\WINSP.MB -> [Ver = | Size = 1564868 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] WINZM.MB -> %SystemRoot%\System32\WINZM.MB -> [Ver = | Size = 1223500 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> [Ver = 29825 | Size = 54608 bytes | Modified Date = 1/30/2008 9:03:26 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\xjis.nls -> [Ver = | Size = 28288 bytes | Modified Date = 8/23/2001 11:00:00 AM | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/18/2008 6:28:31 PM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 12/28/2007 10:10:47 PM | Attr = ] LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 12/28/2007 10:03:29 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr = ] NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2/27/2008 10:33:28 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/23/2008 3:34:11 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/18/2008 4:41:41 PM | Attr = H ] RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] scunin.dat -> %SystemRoot%\scunin.dat -> [Ver = | Size = 35382 bytes | Modified Date = 1/26/2008 9:42:56 PM | Attr = ] ScUnin.exe -> %SystemRoot%\ScUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Modified Date = 1/26/2008 9:42:52 PM | Attr = ] ScUnin.pif -> %SystemRoot%\ScUnin.pif -> [Ver = | Size = 967 bytes | Modified Date = 1/26/2008 9:42:52 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2/27/2008 10:35:28 PM | Attr = ] UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Modified Date = 9/14/2007 7:02:10 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2/7/2008 5:16:46 PM | Attr = ] InterVideo -> %AllUsersProfile%\Application Data\InterVideo -> [Folder | Created Date = 2/21/2008 7:07:53 PM | Attr = ] Command & Conquer 3 Tiberium Wars -> %AppData%\Command & Conquer 3 Tiberium Wars -> [Folder | Created Date = 1/28/2008 1:31:45 PM | Attr = ] FMZilla -> %AppData%\FMZilla -> [Folder | Created Date = 12/26/2007 12:49:04 AM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2/7/2008 5:17:13 PM | Attr = ] Hamachi -> %AppData%\Hamachi -> [Folder | Created Date = 1/25/2008 11:04:16 PM | Attr = ] Nexon -> %AppData%\Nexon -> [Folder | Created Date = 1/26/2008 5:46:23 PM | Attr = ] Thinstall -> %AppData%\Thinstall -> [Folder | Created Date = 1/15/2008 4:40:10 PM | Attr = ] VirtuaWin -> %AppData%\VirtuaWin -> [Folder | Created Date = 12/10/2007 6:40:59 PM | Attr = ] WinMount -> %AppData%\WinMount -> [Folder | Created Date = 12/28/2007 9:29:29 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 1/28/2008 12:31:00 PM | Attr = ] Xfire -> %AppData%\Xfire -> [Folder | Created Date = 2/4/2008 9:40:36 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 136 bytes | Modified Date = 12/10/2007 4:05:50 PM | Attr = ] GHISLER -> %UserProfile%\Local Settings\Application Data\GHISLER -> [Folder | Created Date = 1/28/2008 12:24:24 PM | Attr = ] cc_20080207_1756.reg -> %UserProfile%\My Documents\cc_20080207_1756.reg -> [Ver = | Size = 1391366 bytes | Modified Date = 2/7/2008 5:57:50 PM | Attr = ] cj beauty February Special.doc -> %UserProfile%\My Documents\cj beauty February Special.doc -> [Ver = | Size = 33792 bytes | Modified Date = 2/16/2008 1:42:09 PM | Attr = ] cj beauty February Special.docx -> %UserProfile%\My Documents\cj beauty February Special.docx -> [Ver = | Size = 12719 bytes | Modified Date = 2/16/2008 1:41:59 PM | Attr = ] co2cardesiigns.doc -> %UserProfile%\My Documents\co2cardesiigns.doc -> [Ver = | Size = 254464 bytes | Modified Date = 2/14/2008 8:45:01 PM | Attr = ] co2carnotes.doc -> %UserProfile%\My Documents\co2carnotes.doc -> [Ver = | Size = 29184 bytes | Modified Date = 2/14/2008 8:45:27 PM | Attr = ] co2dragster.doc -> %UserProfile%\My Documents\co2dragster.doc -> [Ver = | Size = 29184 bytes | Modified Date = 2/14/2008 8:44:38 PM | Attr = ] Command & Conquer 3 Tiberium Wars -> %UserProfile%\My Documents\Command & Conquer 3 Tiberium Wars -> [Folder | Created Date = 1/28/2008 1:33:10 PM | Attr = ] 16 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> crystaldial.docx -> %UserProfile%\My Documents\crystaldial.docx -> [Ver = | Size = 25765 bytes | Modified Date = 1/25/2008 3:07:10 PM | Attr = ] DVDFab -> %UserProfile%\My Documents\DVDFab -> [Folder | Created Date = 1/28/2008 12:42:29 PM | Attr = ] eng_kayak.docx -> %UserProfile%\My Documents\eng_kayak.docx -> [Ver = | Size = 22615 bytes | Modified Date = 1/14/2008 5:43:38 PM | Attr = ] firefoxbackups -> %UserProfile%\My Documents\firefoxbackups -> [Folder | Created Date = 1/20/2008 2:12:58 PM | Attr = ] frenchexamstudyin.docx -> %UserProfile%\My Documents\frenchexamstudyin.docx -> [Ver = | Size = 12576 bytes | Modified Date = 1/20/2008 1:37:04 PM | Attr = ] frenchu2.docx -> %UserProfile%\My Documents\frenchu2.docx -> [Ver = | Size = 11648 bytes | Modified Date = 12/6/2007 6:14:46 PM | Attr = ] french_oralexam.docx -> %UserProfile%\My Documents\french_oralexam.docx -> [Ver = | Size = 14789 bytes | Modified Date = 1/10/2008 8:58:34 PM | Attr = ] geo africa.docx -> %UserProfile%\My Documents\geo africa.docx -> [Ver = | Size = 11201 bytes | Modified Date = 3/2/2008 7:46:10 PM | Attr = ] geo canada best contry to live in.docx -> %UserProfile%\My Documents\geo canada best contry to live in.docx -> [Ver = | Size = 13274 bytes | Modified Date = 2/10/2008 9:22:51 PM | Attr = ] geo Canadian Connections .docx -> %UserProfile%\My Documents\geo Canadian Connections .docx -> [Ver = | Size = 15274 bytes | Modified Date = 2/5/2008 8:29:38 PM | Attr = ] geo report[1].doc -> %UserProfile%\My Documents\geo report[1].doc -> [Ver = | Size = 557568 bytes | Modified Date = 3/2/2008 10:03:15 PM | Attr = ] much ado Act 3 Scene 1.docx -> %UserProfile%\My Documents\much ado Act 3 Scene 1.docx -> [Ver = | Size = 13048 bytes | Modified Date = 12/13/2007 5:01:01 PM | Attr = ] much ado nothing Act 3 Scene 4.docx -> %UserProfile%\My Documents\much ado nothing Act 3 Scene 4.docx -> [Ver = | Size = 13563 bytes | Modified Date = 12/16/2007 12:51:13 PM | Attr = ] much ado script.docx -> %UserProfile%\My Documents\much ado script.docx -> [Ver = | Size = 11769 bytes | Modified Date = 12/19/2007 8:30:06 PM | Attr = ] muchado_act1s1_s2_act2s1.docx -> %UserProfile%\My Documents\muchado_act1s1_s2_act2s1.docx -> [Ver = | Size = 13624 bytes | Modified Date = 12/10/2007 5:17:03 PM | Attr = ] muchado_act1si.docx -> %UserProfile%\My Documents\muchado_act1si.docx -> [Ver = | Size = 13976 bytes | Modified Date = 12/9/2007 4:30:13 PM | Attr = ] muchado_act2_scene3.docx -> %UserProfile%\My Documents\muchado_act2_scene3.docx -> [Ver = | Size = 11670 bytes | Modified Date = 12/12/2007 5:32:13 PM | Attr = ] muchado_scene2act2.docx -> %UserProfile%\My Documents\muchado_scene2act2.docx -> [Ver = | Size = 12215 bytes | Modified Date = 12/11/2007 4:49:58 PM | Attr = ] My Documents.lnk -> %UserProfile%\My Documents\My Documents.lnk -> [Ver = | Size = 336 bytes | Modified Date = 1/13/2008 5:27:06 PM | Attr = ] My ISO Files -> %UserProfile%\My Documents\My ISO Files -> [Folder | Created Date = 12/28/2007 11:21:57 AM | Attr = ] NeroVision -> %UserProfile%\My Documents\NeroVision -> [Folder | Created Date = 1/4/2008 4:11:11 PM | Attr = ] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Created Date = 2/10/2008 1:12:25 PM | Attr = ] Publication1.pub -> %UserProfile%\My Documents\Publication1.pub -> [Ver = | Size = 7272960 bytes | Modified Date = 1/25/2008 5:47:18 PM | Attr = ] sci journal 2.docx -> %UserProfile%\My Documents\sci journal 2.docx -> [Ver = | Size = 11719 bytes | Modified Date = 3/2/2008 9:19:19 PM | Attr = ] science base unints metric system.docx -> %UserProfile%\My Documents\science base unints metric system.docx -> [Ver = | Size = 14564 bytes | Modified Date = 2/21/2008 5:49:30 PM | Attr = ] science identify 1.3.docx -> %UserProfile%\My Documents\science identify 1.3.docx -> [Ver = | Size = 17940 bytes | Modified Date = 2/14/2008 9:31:19 PM | Attr = ] science journal.docx -> %UserProfile%\My Documents\science journal.docx -> [Ver = | Size = 13126 bytes | Modified Date = 2/21/2008 6:54:21 PM | Attr = ] science Properties of Matter Definitions.docx -> %UserProfile%\My Documents\science Properties of Matter Definitions.docx -> [Ver = | Size = 14479 bytes | Modified Date = 2/11/2008 6:39:45 PM | Attr = ] science safety.docx -> %UserProfile%\My Documents\science safety.docx -> [Ver = | Size = 15258 bytes | Modified Date = 2/10/2008 10:30:21 PM | Attr = ] sciencetableofcontents.docx -> %UserProfile%\My Documents\sciencetableofcontents.docx -> [Ver = | Size = 14369 bytes | Modified Date = 2/4/2008 7:58:16 PM | Attr = ] template.dotx -> %UserProfile%\My Documents\template.dotx -> [Ver = | Size = 20712 bytes | Modified Date = 1/14/2008 4:46:31 PM | Attr = ] template2.dotx -> %UserProfile%\My Documents\template2.dotx -> [Ver = | Size = 22018 bytes | Modified Date = 1/14/2008 4:56:32 PM | Attr = ] ~$chado_scene2act2.docx -> %UserProfile%\My Documents\~$chado_scene2act2.docx -> [Ver = | Size = 162 bytes | Modified Date = 12/11/2007 4:49:58 PM | Attr = H ] ~$ench_oralexam.docx -> %UserProfile%\My Documents\~$ench_oralexam.docx -> [Ver = | Size = 162 bytes | Modified Date = 1/10/2008 8:18:55 PM | Attr = H ] ~$ience identify 1.3.docx -> %UserProfile%\My Documents\~$ience identify 1.3.docx -> [Ver = | Size = 162 bytes | Modified Date = 2/14/2008 6:12:33 PM | Attr = H ] ~$iencetableofcontents.docx -> %UserProfile%\My Documents\~$iencetableofcontents.docx -> [Ver = | Size = 162 bytes | Modified Date = 2/4/2008 7:54:32 PM | Attr = H ] ~$o canada best contry to live in.docx -> %UserProfile%\My Documents\~$o canada best contry to live in.docx -> [Ver = | Size = 162 bytes | Modified Date = 2/10/2008 11:07:15 PM | Attr = H ] ~$o Canadian Connections .docx -> %UserProfile%\My Documents\~$o Canadian Connections .docx -> [Ver = | Size = 162 bytes | Modified Date = 2/5/2008 7:00:00 PM | Attr = H ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 766 bytes | Modified Date = 2/7/2008 5:17:01 PM | Attr = ] InterVideo WinDVR.lnk -> %AllUsersProfile%\Desktop\InterVideo WinDVR.lnk -> [Ver = | Size = 1674 bytes | Modified Date = 2/21/2008 7:05:40 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1619 bytes | Modified Date = 2/9/2008 8:07:53 PM | Attr = ] Play Command & Conquer 3 Tiberium Wars.lnk -> %AllUsersProfile%\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk -> [Ver = | Size = 560 bytes | Modified Date = 1/28/2008 1:19:02 PM | Attr = ] Xfire.lnk -> %AllUsersProfile%\Desktop\Xfire.lnk -> [Ver = | Size = 655 bytes | Modified Date = 2/4/2008 9:40:34 PM | Attr = ] 01076950.cab -> %UserProfile%\Desktop\01076950.cab -> [Ver = | Size = 10365 bytes | Modified Date = 2/26/2008 6:51:30 PM | Attr = ] 01076950.dot -> %UserProfile%\Desktop\01076950.dot -> [Ver = | Size = 20480 bytes | Modified Date = 10/4/2006 4:21:48 PM | Attr = ] acers2w -> %UserProfile%\Desktop\acers2w -> [Folder | Created Date = 2/2/2008 9:31:52 PM | Attr = ] Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.iso -> %UserProfile%\Desktop\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.iso -> [Ver = | Size = 381145088 bytes | Modified Date = 1/19/2008 4:27:52 PM | Attr = ] Anime18 copy.jpg -> %UserProfile%\Desktop\Anime18 copy.jpg -> [Ver = | Size = 322492 bytes | Modified Date = 1/17/2008 11:04:44 PM | Attr = ] Anime18 copy2.jpg -> %UserProfile%\Desktop\Anime18 copy2.jpg -> [Ver = | Size = 329131 bytes | Modified Date = 1/18/2008 3:58:16 PM | Attr = ] Anime18.psd -> %UserProfile%\Desktop\Anime18.psd -> [Ver = | Size = 5506424 bytes | Modified Date = 1/18/2008 4:26:33 PM | Attr = ] animepinkblue.gif -> %UserProfile%\Desktop\animepinkblue.gif -> [Ver = | Size = 56788 bytes | Modified Date = 1/18/2008 4:27:31 PM | Attr = ] avgas-setup-7.5.1.43-3339(2).exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339(2).exe -> [Ver = | Size = 14113576 bytes | Modified Date = 2/7/2008 5:15:54 PM | Attr = ] bwchart103g.zip -> %UserProfile%\Desktop\bwchart103g.zip -> [Ver = | Size = 170400 bytes | Modified Date = 3/2/2008 5:40:32 PM | Attr = ] c4ds -> %UserProfile%\Desktop\c4ds -> [Folder | Created Date = 1/24/2008 8:40:34 PM | Attr = ] CNC3_patch109_english(2).exe -> %UserProfile%\Desktop\CNC3_patch109_english(2).exe -> [Ver = | Size = 276520960 bytes | Modified Date = 1/26/2008 8:11:34 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1598023 bytes | Modified Date = 2/19/2008 5:31:16 PM | Attr = ] Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX -> %UserProfile%\Desktop\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX -> [Folder | Created Date = 1/28/2008 1:06:57 PM | Attr = ] cute_monkey.jpg -> %UserProfile%\Desktop\cute_monkey.jpg -> [Ver = | Size = 150193 bytes | Modified Date = 2/7/2008 8:12:04 PM | Attr = ] daily.jpg -> %UserProfile%\Desktop\daily.jpg -> [Ver = | Size = 312305 bytes | Modified Date = 2/28/2008 10:09:55 PM | Attr = ] dramaticarts.psd -> %UserProfile%\Desktop\dramaticarts.psd -> [Ver = | Size = 15100217 bytes | Modified Date = 2/10/2008 8:21:10 PM | Attr = ] DSC00411.JPG -> %UserProfile%\Desktop\DSC00411.JPG -> [Ver = | Size = 150972 bytes | Modified Date = 1/25/2008 6:00:57 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/18/2008 6:27:18 PM | Attr = ] EN_170_171_Patch.exe -> %UserProfile%\Desktop\EN_170_171_Patch.exe -> THQ Canada Inc. [Ver = 1.0.0.1 | Size = 10150824 bytes | Modified Date = 1/26/2008 7:59:49 PM | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 2/19/2008 5:26:58 PM | Attr = ] Firefox Setup 2.0.0.12.exe -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe -> Mozilla [Ver = 4.42 | Size = 6029648 bytes | Modified Date = 2/9/2008 8:05:56 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe:Zone.Identifier fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 262 bytes | Modified Date = 2/19/2008 5:30:29 PM | Attr = ] FlashFXP.lnk -> %UserProfile%\Desktop\FlashFXP.lnk -> [Ver = | Size = 699 bytes | Modified Date = 1/13/2008 8:27:07 PM | Attr = ] flt-cnc9.7z -> %UserProfile%\Desktop\flt-cnc9.7z -> [Ver = | Size = 12039332 bytes | Modified Date = 1/26/2008 8:00:38 PM | Attr = ] Free Music Zilla.lnk -> %UserProfile%\Desktop\Free Music Zilla.lnk -> [Ver = | Size = 745 bytes | Modified Date = 12/26/2007 12:48:51 AM | Attr = ] GGClient_setup.exe -> %UserProfile%\Desktop\GGClient_setup.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 13123836 bytes | Modified Date = 2/3/2008 3:34:13 PM | Attr = ] HerosSeason01Disk1.iso -> %UserProfile%\Desktop\HerosSeason01Disk1.iso -> [Ver = | Size = 72187903 bytes | Modified Date = 1/19/2008 11:42:51 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1597 bytes | Modified Date = 2/29/2008 11:26:09 PM | Attr = ] hitman2.exe.lnk -> %UserProfile%\Desktop\hitman2.exe.lnk -> [Ver = | Size = 787 bytes | Modified Date = 12/8/2007 10:39:57 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/29/2008 11:25:53 PM | Attr = ] hoodmoon.jpg -> %UserProfile%\Desktop\hoodmoon.jpg -> [Ver = | Size = 110877 bytes | Modified Date = 1/16/2008 6:49:15 PM | Attr = ] Install_WLMessenger.msi -> %UserProfile%\Desktop\Install_WLMessenger.msi -> [Ver = | Size = 17167872 bytes | Modified Date = 2/22/2008 8:39:55 PM | Attr = ] janu08.m3u -> %UserProfile%\Desktop\janu08.m3u -> [Ver = | Size = 5208 bytes | Modified Date = 1/23/2008 8:38:05 PM | Attr = ] jhcomputers[1].jpg -> %UserProfile%\Desktop\jhcomputers[1].jpg -> [Ver = | Size = 23968 bytes | Modified Date = 1/25/2008 5:50:34 PM | Attr = ] jhcomputers[1].pdf -> %UserProfile%\Desktop\jhcomputers[1].pdf -> [Ver = | Size = 234521 bytes | Modified Date = 1/25/2008 5:55:34 PM | Attr = ] Kyle Paas - Beautiful Surprise.mp3 -> %UserProfile%\Desktop\Kyle Paas - Beautiful Surprise.mp3 -> [Ver = | Size = 1569354 bytes | Modified Date = 1/24/2008 9:22:49 PM | Attr = ] less commonly used -> %UserProfile%\Desktop\less commonly used -> [Folder | Created Date = 1/13/2008 4:49:27 PM | Attr = ] Madagascar[1].doc -> %UserProfile%\Desktop\Madagascar[1].doc -> [Ver = | Size = 33792 bytes | Modified Date = 3/2/2008 8:41:33 PM | Attr = ] Manga Rumoured Girlfriend -> %UserProfile%\Desktop\Manga Rumoured Girlfriend -> [Folder | Created Date = 2/3/2008 12:03:38 AM | Attr = ] MiraScan.lnk -> %UserProfile%\Desktop\MiraScan.lnk -> [Ver = | Size = 1655 bytes | Modified Date = 2/2/2008 9:32:45 PM | Attr = ] NOD32AV Fully Loaded ver. 2.70 -> %UserProfile%\Desktop\NOD32AV Fully Loaded ver. 2.70 -> [Folder | Created Date = 2/16/2008 1:12:40 PM | Attr = ] none.zip -> %UserProfile%\Desktop\none.zip -> [Ver = | Size = 6520 bytes | Modified Date = 1/30/2008 1:20:53 PM | Attr = ] ntbos.ts.xvid.ITL2.0.avi -> %UserProfile%\Desktop\ntbos.ts.xvid.ITL2.0.avi -> [Ver = | Size = 1519278080 bytes | Modified Date = 12/27/2007 6:03:54 AM | Attr = ] perfectpartyplatters.pdf -> %UserProfile%\Desktop\perfectpartyplatters.pdf -> [Ver = | Size = 1058382 bytes | Modified Date = 2/22/2008 9:31:09 PM | Attr = ] perfectpartyplatters.psd -> %UserProfile%\Desktop\perfectpartyplatters.psd -> [Ver = | Size = 1185284 bytes | Modified Date = 2/22/2008 9:30:27 PM | Attr = ] photorepair2.jpg -> %UserProfile%\Desktop\photorepair2.jpg -> [Ver = | Size = 165128 bytes | Modified Date = 2/3/2008 12:18:05 PM | Attr = ] photorepaired.jpg -> %UserProfile%\Desktop\photorepaired.jpg -> [Ver = | Size = 155099 bytes | Modified Date = 2/2/2008 10:35:31 PM | Attr = ] PSP -> %UserProfile%\Desktop\PSP -> [Folder | Created Date = 1/20/2008 11:21:36 PM | Attr = ] purplee.jpg -> %UserProfile%\Desktop\purplee.jpg -> [Ver = | Size = 1157813 bytes | Modified Date = 2/28/2008 9:33:30 PM | Attr = ] QuickSFV.lnk -> %UserProfile%\Desktop\QuickSFV.lnk -> [Ver = | Size = 697 bytes | Modified Date = 1/27/2008 10:45:21 AM | Attr = ] recorded -> %UserProfile%\Desktop\recorded -> [Folder | Created Date = 12/26/2007 12:35:52 AM | Attr = ] scannedimage.jpg -> %UserProfile%\Desktop\scannedimage.jpg -> [Ver = | Size = 38309 bytes | Modified Date = 2/2/2008 10:10:13 PM | Attr = ] scannedimage.psd -> %UserProfile%\Desktop\scannedimage.psd -> [Ver = | Size = 1946257 bytes | Modified Date = 2/2/2008 10:31:30 PM | Attr = ] sciencetitlepage.psd -> %UserProfile%\Desktop\sciencetitlepage.psd -> [Ver = | Size = 11606360 bytes | Modified Date = 2/18/2008 5:24:50 PM | Attr = ] SocialBookMarkingTool.zip -> %UserProfile%\Desktop\SocialBookMarkingTool.zip -> [Ver = | Size = 30012 bytes | Modified Date = 1/28/2008 8:17:40 PM | Attr = ] Songs.lnk -> %UserProfile%\Desktop\Songs.lnk -> [Ver = | Size = 1266 bytes | Modified Date = 12/27/2007 5:15:44 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 950 bytes | Modified Date = 2/5/2008 9:56:11 PM | Attr = ] spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9722720 bytes | Modified Date = 2/5/2008 9:54:52 PM | Attr = ] starcraft.ahk -> %UserProfile%\Desktop\starcraft.ahk -> [Ver = | Size = 4 bytes | Modified Date = 1/31/2008 1:02:13 PM | Attr = ] Untitled-3.png -> %UserProfile%\Desktop\Untitled-3.png -> [Ver = | Size = 228719 bytes | Modified Date = 1/25/2008 10:54:52 PM | Attr = ] uper[1].jpg -> %UserProfile%\Desktop\uper[1].jpg -> [Ver = | Size = 27709 bytes | Modified Date = 1/25/2008 5:49:55 PM | Attr = ] uper[1].pdf -> %UserProfile%\Desktop\uper[1].pdf -> [Ver = | Size = 284120 bytes | Modified Date = 1/25/2008 5:55:01 PM | Attr = ] vlcsnap-70332.png -> %UserProfile%\Desktop\vlcsnap-70332.png -> [Ver = | Size = 500556 bytes | Modified Date = 1/25/2008 10:41:49 PM | Attr = ] vuesca84.exe -> %UserProfile%\Desktop\vuesca84.exe -> Hamrick Software [Ver = 8.4.57 | Size = 5228288 bytes | Modified Date = 2/2/2008 9:46:32 PM | Attr = ] VueScan.lnk -> %UserProfile%\Desktop\VueScan.lnk -> [Ver = | Size = 647 bytes | Modified Date = 2/2/2008 9:46:48 PM | Attr = ] WaterOnMars2_gcc_big.jpg -> %UserProfile%\Desktop\WaterOnMars2_gcc_big.jpg -> [Ver = | Size = 44449 bytes | Modified Date = 1/30/2008 3:25:39 PM | Attr = ] werd.jpg -> %UserProfile%\Desktop\werd.jpg -> [Ver = | Size = 21268 bytes | Modified Date = 2/6/2008 4:41:44 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 3/2/2008 10:25:28 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 482000 bytes | Modified Date = 3/2/2008 10:24:42 PM | Attr = ] wrar371.exe -> %UserProfile%\Desktop\wrar371.exe -> [Ver = | Size = 1206366 bytes | Modified Date = 1/28/2008 12:29:40 PM | Attr = ] zi[1].doc -> %UserProfile%\Desktop\zi[1].doc -> [Ver = | Size = 32256 bytes | Modified Date = 2/26/2008 8:49:06 PM | Attr = ] ~$076950.dot -> %UserProfile%\Desktop\~$076950.dot -> [Ver = | Size = 162 bytes | Modified Date = 2/26/2008 6:52:23 PM | Attr = H ] Shortcut to hotkey.ahk.lnk -> %UserProfile%\Start Menu\Programs\Startup\Shortcut to hotkey.ahk.lnk -> [Ver = | Size = 897 bytes | Modified Date = 1/13/2008 4:52:50 PM | Attr = ] Everstrike Software -> %CommonProgramFiles%\Everstrike Software -> [Folder | Created Date = 12/29/2007 11:01:09 PM | Attr = ] EZB Systems -> %CommonProgramFiles%\EZB Systems -> [Folder | Created Date = 12/28/2007 11:22:08 AM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 12/7/2007 7:50:00 PM | Attr = ] [Files/Folders - Modified Within 90 days] 0dac2256ea0ffa904f0ecfa2c272 -> %SystemDrive%\0dac2256ea0ffa904f0ecfa2c272 -> [Folder | Modified Date = 12/29/2007 2:40:28 PM | Attr = ] ATI -> %SystemDrive%\ATI -> [Folder | Modified Date = 12/9/2007 9:09:54 PM | Attr = ] audio.jobs -> %SystemDrive%\audio.jobs -> [Ver = | Size = 1607 bytes | Modified Date = 12/5/2007 5:49:27 PM | Attr = ] audio.mp2 -> %SystemDrive%\audio.mp2 -> [Ver = | Size = 88192732 bytes | Modified Date = 12/5/2007 6:01:27 PM | Attr = ] bbmpeg.ini -> %SystemDrive%\bbmpeg.ini -> [Ver = | Size = 4804 bytes | Modified Date = 12/5/2007 6:14:23 PM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/29/2008 10:12:21 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/18/2008 6:27:30 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 1/30/2008 1:58:50 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535613440 bytes | Modified Date = 3/2/2008 11:31:46 AM | Attr = HS] HJT -> %SystemDrive%\HJT -> [Folder | Modified Date = 2/29/2008 11:24:11 PM | Attr = ] Mp3 Output -> %SystemDrive%\Mp3 Output -> [Folder | Modified Date = 2/10/2008 12:39:28 PM | Attr = ] Nexon -> %SystemDrive%\Nexon -> [Folder | Modified Date = 1/26/2008 5:35:00 PM | Attr = ] nja -> %SystemDrive%\nja -> [Folder | Modified Date = 12/10/2007 5:26:59 PM | Attr = ] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 12/28/2007 10:02:50 PM | Attr = RHS] PacSteamT -> %SystemDrive%\PacSteamT -> [Folder | Modified Date = 12/7/2007 9:19:21 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/29/2008 11:26:08 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2/27/2008 10:35:24 PM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 1/26/2008 9:27:19 PM | Attr = ] test.avs -> %SystemDrive%\test.avs -> [Ver = | Size = 331 bytes | Modified Date = 12/5/2007 6:01:27 PM | Attr = ] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 1/28/2008 12:29:00 PM | Attr = ] video.avs -> %SystemDrive%\video.avs -> [Ver = | Size = 223 bytes | Modified Date = 12/5/2007 6:14:20 PM | Attr = ] video.mpv -> %SystemDrive%\video.mpv -> [Ver = | Size = 0 bytes | Modified Date = 12/5/2007 6:14:21 PM | Attr = ] video.tpr -> %SystemDrive%\video.tpr -> [Ver = | Size = 9000 bytes | Modified Date = 12/5/2007 6:14:20 PM | Attr = ] VueScan -> %SystemDrive%\VueScan -> [Folder | Modified Date = 2/2/2008 9:53:31 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/2/2008 10:25:34 PM | Attr = R ] @Alternate Data Stream - 8 bytes -> %SystemRoot%: etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2/20/2008 6:29:34 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2/20/2008 6:29:34 PM | Attr = ] hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn -> [Ver = | Size = 224502 bytes | Modified Date = 2/5/2008 10:27:34 PM | Attr = R ] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 17480 bytes | Modified Date = 1/26/2008 9:57:59 PM | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 69632 bytes | Modified Date = 2/7/2008 5:51:04 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 12/29/2007 2:43:04 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2/14/2008 5:04:37 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/2/2008 12:14:17 PM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 12/29/2007 2:50:22 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2/29/2008 10:15:27 PM | Attr = ] CTF -> %SystemRoot%\System32\CTF -> [Folder | Modified Date = 2/5/2008 10:26:15 PM | Attr = H ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 1/28/2008 1:19:10 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/12/2008 6:17:51 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/1/2008 7:11:17 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 12/10/2007 5:23:29 PM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Modified Date = 12/28/2007 10:10:52 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 434960 bytes | Modified Date = 1/21/2008 6:12:19 PM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 12/29/2007 2:42:39 PM | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 12/29/2007 2:49:55 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 12/29/2007 2:51:05 PM | Attr = ] oodag -> %SystemRoot%\System32\oodag -> [Folder | Modified Date = 2/26/2008 4:02:22 PM | Attr = ] OODBS.lor -> %SystemRoot%\System32\OODBS.lor -> [Ver = | Size = 142881 bytes | Modified Date = 3/2/2008 11:31:16 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 55132 bytes | Modified Date = 1/1/2008 7:08:06 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 347100 bytes | Modified Date = 1/1/2008 7:08:06 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 410724 bytes | Modified Date = 1/1/2008 7:08:06 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 12/28/2007 10:00:18 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 1/26/2008 8:29:41 PM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 12/29/2007 2:50:59 PM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 12/29/2007 2:51:07 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2/29/2008 10:13:24 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2228 bytes | Modified Date = 2/29/2008 3:45:21 PM | Attr = ] xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> [Ver = 29825 | Size = 54608 bytes | Modified Date = 1/30/2008 9:03:26 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/12/2008 4:30:58 PM | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 12/28/2007 10:00:05 PM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 12/29/2007 3:02:27 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/18/2007 5:36:24 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/2/2008 11:32:08 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/12/2008 6:40:06 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 12/8/2007 7:21:37 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/18/2008 6:41:31 PM | Attr = S] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 12/28/2007 9:55:50 PM | Attr = ] elpow_spyBLOB -> %SystemRoot%\elpow_spyBLOB -> [Ver = | Size = 2584994 bytes | Modified Date = 3/2/2008 10:27:22 PM | Attr = ] elpow_spyINDEX -> %SystemRoot%\elpow_spyINDEX -> [Ver = | Size = 255876 bytes | Modified Date = 3/2/2008 10:27:22 PM | Attr = ] elpow_spyKEYLOG -> %SystemRoot%\elpow_spyKEYLOG -> [Ver = | Size = 165458592 bytes | Modified Date = 3/2/2008 10:27:22 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2/20/2008 6:30:37 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 1/19/2008 7:44:37 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/7/2008 5:35:41 PM | Attr = ] hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [Ver = | Size = 225 bytes | Modified Date = 3/2/2008 9:18:29 PM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 12/29/2007 2:50:05 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/29/2008 3:55:23 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/29/2008 10:12:30 PM | Attr = HS] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 12/28/2007 10:10:47 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/1/2008 7:09:56 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 8157 bytes | Modified Date = 12/9/2007 8:12:56 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 12/29/2007 2:50:00 PM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 12/29/2007 2:49:55 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2/21/2008 10:35:34 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 12/29/2007 2:42:39 PM | Attr = ] outlook.pst -> %SystemRoot%\outlook.pst -> [Ver = | Size = 271360 bytes | Modified Date = 1/30/2008 2:07:03 PM | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 12/29/2007 2:43:05 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/2/2008 10:25:14 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2/27/2008 10:33:28 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/23/2008 3:34:11 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2/18/2008 4:41:41 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2/29/2008 10:13:22 PM | Attr = ] scunin.dat -> %SystemRoot%\scunin.dat -> [Ver = | Size = 35382 bytes | Modified Date = 1/26/2008 9:42:56 PM | Attr = ] ScUnin.exe -> %SystemRoot%\ScUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Modified Date = 1/26/2008 9:42:52 PM | Attr = ] ScUnin.pif -> %SystemRoot%\ScUnin.pif -> [Ver = | Size = 967 bytes | Modified Date = 1/26/2008 9:42:52 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2/12/2008 5:56:47 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 12/28/2007 10:11:25 PM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 12/29/2007 2:50:02 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 12/29/2007 2:51:07 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 277 bytes | Modified Date = 2/27/2008 10:33:40 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/2/2008 11:31:19 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3/2/2008 11:34:09 AM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2/2/2008 9:32:43 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1116 bytes | Modified Date = 1/11/2008 9:21:11 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 165 bytes | Modified Date = 2/5/2008 10:26:34 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/28/2008 1:18:47 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/2/2008 11:32:17 AM | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1314 bytes | Modified Date = 10/12/2007 9:55:22 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 16533 bytes | Modified Date = 3/2/2008 11:34:32 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 16533 bytes | Modified Date = 3/2/2008 11:37:15 AM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 4064 bytes | Modified Date = 12/11/2005 9:29:16 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 11846 bytes | Modified Date = 6/4/2006 4:41:01 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2/7/2007 5:23:44 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 2756 bytes | Modified Date = 5/13/2005 12:27:47 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Autodesk -> %AllUsersProfile%\Application Data\Autodesk -> [Folder | Modified Date = 1/2/2008 8:22:11 PM | Attr = ] CyberLink -> %AllUsersProfile%\Application Data\CyberLink -> [Folder | Modified Date = 12/5/2007 4:57:10 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2/7/2008 5:16:46 PM | Attr = ] InterVideo -> %AllUsersProfile%\Application Data\InterVideo -> [Folder | Modified Date = 2/21/2008 7:07:53 PM | Attr = ] Messenger Plus! -> %AllUsersProfile%\Application Data\Messenger Plus! -> [Folder | Modified Date = 12/9/2007 6:43:36 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 1/28/2008 1:19:02 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 2/12/2008 5:05:40 PM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1359 bytes | Modified Date = 1/23/2008 3:35:22 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/12/2008 6:40:29 PM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 12/8/2007 8:20:41 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 12/4/2007 5:38:28 PM | Attr = ] Autodesk -> %AppData%\Autodesk -> [Folder | Modified Date = 1/2/2008 8:22:10 PM | Attr = ] Command & Conquer 3 Tiberium Wars -> %AppData%\Command & Conquer 3 Tiberium Wars -> [Folder | Modified Date = 1/28/2008 1:31:46 PM | Attr = ] CyberLink -> %AppData%\CyberLink -> [Folder | Modified Date = 12/5/2007 4:57:23 PM | Attr = ] flashnote -> %AppData%\flashnote -> [Folder | Modified Date = 3/2/2008 6:54:43 PM | Attr = ] FMZilla -> %AppData%\FMZilla -> [Folder | Modified Date = 12/26/2007 12:49:42 AM | Attr = ] FrostWire -> %AppData%\FrostWire -> [Folder | Modified Date = 3/2/2008 6:02:40 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2/7/2008 5:17:13 PM | Attr = ] Hamachi -> %AppData%\Hamachi -> [Folder | Modified Date = 3/2/2008 6:23:08 PM | Attr = ] Hamachi-Backup -> %AppData%\Hamachi-Backup -> [Folder | Modified Date = 1/25/2008 11:03:46 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/11/2008 6:55:47 PM | Attr = S] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 1/14/2008 7:54:46 PM | Attr = ] Nexon -> %AppData%\Nexon -> [Folder | Modified Date = 1/26/2008 5:46:23 PM | Attr = ] Thinstall -> %AppData%\Thinstall -> [Folder | Modified Date = 1/15/2008 4:40:10 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 2/4/2008 4:10:36 PM | Attr = ] Ventrilo -> %AppData%\Ventrilo -> [Folder | Modified Date = 12/11/2007 10:19:06 PM | Attr = ] VirtuaWin -> %AppData%\VirtuaWin -> [Folder | Modified Date = 12/10/2007 6:40:59 PM | Attr = ] Vso -> %AppData%\Vso -> [Folder | Modified Date = 1/28/2008 12:46:20 PM | Attr = ] WinMount -> %AppData%\WinMount -> [Folder | Modified Date = 12/28/2007 9:29:29 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 1/28/2008 12:31:00 PM | Attr = ] Xfire -> %AppData%\Xfire -> [Folder | Modified Date = 2/4/2008 10:34:14 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 12/10/2007 4:29:17 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 46080 bytes | Modified Date = 1/24/2008 8:44:55 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 136 bytes | Modified Date = 12/10/2007 4:05:50 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 140216 bytes | Modified Date = 1/20/2008 11:30:00 AM | Attr = ] GHISLER -> %UserProfile%\Local Settings\Application Data\GHISLER -> [Folder | Modified Date = 1/28/2008 12:24:24 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2188180 bytes | Modified Date = 3/2/2008 12:11:57 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2/10/2008 1:12:23 PM | Attr = ] AdobeStockPhotos -> %UserProfile%\My Documents\AdobeStockPhotos -> [Folder | Modified Date = 1/29/2008 1:12:59 AM | Attr = ] 16 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> cc_20080207_1756.reg -> %UserProfile%\My Documents\cc_20080207_1756.reg -> [Ver = | Size = 1391366 bytes | Modified Date = 2/7/2008 5:57:50 PM | Attr = ] cj beauty February Special.doc -> %UserProfile%\My Documents\cj beauty February Special.doc -> [Ver = | Size = 33792 bytes | Modified Date = 2/16/2008 1:42:09 PM | Attr = ] cj beauty February Special.docx -> %UserProfile%\My Documents\cj beauty February Special.docx -> [Ver = | Size = 12719 bytes | Modified Date = 2/16/2008 1:41:59 PM | Attr = ] co2cardesiigns.doc -> %UserProfile%\My Documents\co2cardesiigns.doc -> [Ver = | Size = 254464 bytes | Modified Date = 2/14/2008 8:45:01 PM | Attr = ] co2carnotes.doc -> %UserProfile%\My Documents\co2carnotes.doc -> [Ver = | Size = 29184 bytes | Modified Date = 2/14/2008 8:45:27 PM | Attr = ] co2dragster.doc -> %UserProfile%\My Documents\co2dragster.doc -> [Ver = | Size = 29184 bytes | Modified Date = 2/14/2008 8:44:38 PM | Attr = ] Command & Conquer 3 Tiberium Wars -> %UserProfile%\My Documents\Command & Conquer 3 Tiberium Wars -> [Folder | Modified Date = 1/29/2008 1:29:12 PM | Attr = ] ConvertXtoDVD -> %UserProfile%\My Documents\ConvertXtoDVD -> [Folder | Modified Date = 1/26/2008 10:06:26 PM | Attr = ] crystaldial.docx -> %UserProfile%\My Documents\crystaldial.docx -> [Ver = | Size = 25765 bytes | Modified Date = 1/25/2008 3:07:10 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 3/2/2008 6:11:55 PM | Attr = ] DVDFab -> %UserProfile%\My Documents\DVDFab -> [Folder | Modified Date = 1/28/2008 12:42:30 PM | Attr = ] eng_kayak.docx -> %UserProfile%\My Documents\eng_kayak.docx -> [Ver = | Size = 22615 bytes | Modified Date = 1/14/2008 5:43:38 PM | Attr = ] firefoxbackups -> %UserProfile%\My Documents\firefoxbackups -> [Folder | Modified Date = 1/26/2008 11:00:00 AM | Attr = ] frenchexamstudyin.docx -> %UserProfile%\My Documents\frenchexamstudyin.docx -> [Ver = | Size = 12576 bytes | Modified Date = 1/20/2008 1:37:04 PM | Attr = ] frenchu2.docx -> %UserProfile%\My Documents\frenchu2.docx -> [Ver = | Size = 11648 bytes | Modified Date = 12/6/2007 6:14:46 PM | Attr = ] french_oralexam.docx -> %UserProfile%\My Documents\french_oralexam.docx -> [Ver = | Size = 14789 bytes | Modified Date = 1/10/2008 8:58:34 PM | Attr = ] geo africa.docx -> %UserProfile%\My Documents\geo africa.docx -> [Ver = | Size = 11201 bytes | Modified Date = 3/2/2008 7:46:10 PM | Attr = ] geo canada best contry to live in.docx -> %UserProfile%\My Documents\geo canada best contry to live in.docx -> [Ver = | Size = 13274 bytes | Modified Date = 2/10/2008 9:22:51 PM | Attr = ] geo Canadian Connections .docx -> %UserProfile%\My Documents\geo Canadian Connections .docx -> [Ver = | Size = 15274 bytes | Modified Date = 2/5/2008 8:29:38 PM | Attr = ] geo report[1].doc -> %UserProfile%\My Documents\geo report[1].doc -> [Ver = | Size = 557568 bytes | Modified Date = 3/2/2008 10:03:15 PM | Attr = ] Incomplete -> %UserProfile%\My Documents\Incomplete -> [Folder | Modified Date = 3/2/2008 6:23:27 PM | Attr = ] much ado Act 3 Scene 1.docx -> %UserProfile%\My Documents\much ado Act 3 Scene 1.docx -> [Ver = | Size = 13048 bytes | Modified Date = 12/13/2007 5:01:01 PM | Attr = ] much ado nothing Act 3 Scene 4.docx -> %UserProfile%\My Documents\much ado nothing Act 3 Scene 4.docx -> [Ver = | Size = 13563 bytes | Modified Date = 12/16/2007 12:51:13 PM | Attr = ] much ado script.docx -> %UserProfile%\My Documents\much ado script.docx -> [Ver = | Size = 11769 bytes | Modified Date = 12/19/2007 8:30:06 PM | Attr = ] muchado_act1s1_s2_act2s1.docx -> %UserProfile%\My Documents\muchado_act1s1_s2_act2s1.docx -> [Ver = | Size = 13624 bytes | Modified Date = 12/10/2007 5:17:03 PM | Attr = ] muchado_act1si.docx -> %UserProfile%\My Documents\muchado_act1si.docx -> [Ver = | Size = 13976 bytes | Modified Date = 12/9/2007 4:30:13 PM | Attr = ] muchado_act2_scene3.docx -> %UserProfile%\My Documents\muchado_act2_scene3.docx -> [Ver = | Size = 11670 bytes | Modified Date = 12/12/2007 5:32:13 PM | Attr = ] muchado_scene2act2.docx -> %UserProfile%\My Documents\muchado_scene2act2.docx -> [Ver = | Size = 12215 bytes | Modified Date = 12/11/2007 4:49:58 PM | Attr = ] My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Modified Date = 3/1/2008 9:33:45 PM | Attr = ] My Documents.lnk -> %UserProfile%\My Documents\My Documents.lnk -> [Ver = | Size = 336 bytes | Modified Date = 1/13/2008 5:27:06 PM | Attr = ] My ISO Files -> %UserProfile%\My Documents\My ISO Files -> [Folder | Modified Date = 12/28/2007 11:21:57 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 12/10/2007 7:33:51 PM | Attr = S] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 1/25/2008 10:46:30 PM | Attr = S] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 3/2/2008 9:53:47 PM | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 611 bytes | Modified Date = 3/2/2008 11:37:29 AM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2/21/2008 9:55:55 PM | Attr = S] NeroVision -> %UserProfile%\My Documents\NeroVision -> [Folder | Modified Date = 1/4/2008 4:11:11 PM | Attr = ] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Modified Date = 2/10/2008 1:12:30 PM | Attr = ] PDVD_MediaDisc.PlayList -> %UserProfile%\My Documents\PDVD_MediaDisc.PlayList -> [Ver = | Size = 676 bytes | Modified Date = 1/22/2008 11:08:10 PM | Attr = ] Publication1.pub -> %UserProfile%\My Documents\Publication1.pub -> [Ver = | Size = 7272960 bytes | Modified Date = 1/25/2008 5:47:18 PM | Attr = ] sci journal 2.docx -> %UserProfile%\My Documents\sci journal 2.docx -> [Ver = | Size = 11719 bytes | Modified Date = 3/2/2008 9:19:19 PM | Attr = ] Science -> %UserProfile%\My Documents\Science -> [Folder | Modified Date = 2/10/2008 11:32:56 AM | Attr = ] science base unints metric system.docx -> %UserProfile%\My Documents\science base unints metric system.docx -> [Ver = | Size = 14564 bytes | Modified Date = 2/21/2008 5:49:30 PM | Attr = ] science identify 1.3.docx -> %UserProfile%\My Documents\science identify 1.3.docx -> [Ver = | Size = 17940 bytes | Modified Date = 2/14/2008 9:31:19 PM | Attr = ] science journal.docx -> %UserProfile%\My Documents\science journal.docx -> [Ver = | Size = 13126 bytes | Modified Date = 2/21/2008 6:54:21 PM | Attr = ] science Properties of Matter Definitions.docx -> %UserProfile%\My Documents\science Properties of Matter Definitions.docx -> [Ver = | Size = 14479 bytes | Modified Date = 2/11/2008 6:39:45 PM | Attr = ] science safety.docx -> %UserProfile%\My Documents\science safety.docx -> [Ver = | Size = 15258 bytes | Modified Date = 2/10/2008 10:30:21 PM | Attr = ] sciencetableofcontents.docx -> %UserProfile%\My Documents\sciencetableofcontents.docx -> [Ver = | Size = 14369 bytes | Modified Date = 2/4/2008 7:58:16 PM | Attr = ] template.dotx -> %UserProfile%\My Documents\template.dotx -> [Ver = | Size = 20712 bytes | Modified Date = 1/14/2008 4:46:31 PM | Attr = ] template2.dotx -> %UserProfile%\My Documents\template2.dotx -> [Ver = | Size = 22018 bytes | Modified Date = 1/14/2008 4:56:32 PM | Attr = ] ~$chado_scene2act2.docx -> %UserProfile%\My Documents\~$chado_scene2act2.docx -> [Ver = | Size = 162 bytes | Modified Date = 12/11/2007 4:49:58 PM | Attr = H ] ~$ench_oralexam.docx -> %UserProfile%\My Documents\~$ench_oralexam.docx -> [Ver = | Size = 162 bytes | Modified Date = 1/10/2008 8:18:55 PM | Attr = H ] ~$ience identify 1.3.docx -> %UserProfile%\My Documents\~$ience identify 1.3.docx -> [Ver = | Size = 162 bytes | Modified Date = 2/14/2008 6:12:33 PM | Attr = H ] ~$iencetableofcontents.docx -> %UserProfile%\My Documents\~$iencetableofcontents.docx -> [Ver = | Size = 162 bytes | Modified Date = 2/4/2008 7:54:32 PM | Attr = H ] ~$o canada best contry to live in.docx -> %UserProfile%\My Documents\~$o canada best contry to live in.docx -> [Ver = | Size = 162 bytes | Modified Date = 2/10/2008 11:07:15 PM | Attr = H ] ~$o Canadian Connections .docx -> %UserProfile%\My Documents\~$o Canadian Connections .docx -> [Ver = | Size = 162 bytes | Modified Date = 2/5/2008 7:00:00 PM | Attr = H ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 766 bytes | Modified Date = 2/7/2008 5:17:01 PM | Attr = ] InterVideo WinDVR.lnk -> %AllUsersProfile%\Desktop\InterVideo WinDVR.lnk -> [Ver = | Size = 1674 bytes | Modified Date = 2/21/2008 7:05:40 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1619 bytes | Modified Date = 2/9/2008 8:07:53 PM | Attr = ] Play Command & Conquer 3 Tiberium Wars.lnk -> %AllUsersProfile%\Desktop\Play Command & Conquer 3 Tiberium Wars.lnk -> [Ver = | Size = 560 bytes | Modified Date = 1/28/2008 1:19:02 PM | Attr = ] Xfire.lnk -> %AllUsersProfile%\Desktop\Xfire.lnk -> [Ver = | Size = 655 bytes | Modified Date = 2/4/2008 9:40:34 PM | Attr = ] 01076950.cab -> %UserProfile%\Desktop\01076950.cab -> [Ver = | Size = 10365 bytes | Modified Date = 2/26/2008 6:51:30 PM | Attr = ] acers2w -> %UserProfile%\Desktop\acers2w -> [Folder | Modified Date = 2/2/2008 9:32:01 PM | Attr = ] Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.iso -> %UserProfile%\Desktop\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.iso -> [Ver = | Size = 381145088 bytes | Modified Date = 1/19/2008 4:27:52 PM | Attr = ] Anime18 copy.jpg -> %UserProfile%\Desktop\Anime18 copy.jpg -> [Ver = | Size = 322492 bytes | Modified Date = 1/17/2008 11:04:44 PM | Attr = ] Anime18 copy2.jpg -> %UserProfile%\Desktop\Anime18 copy2.jpg -> [Ver = | Size = 329131 bytes | Modified Date = 1/18/2008 3:58:16 PM | Attr = ] Anime18.psd -> %UserProfile%\Desktop\Anime18.psd -> [Ver = | Size = 5506424 bytes | Modified Date = 1/18/2008 4:26:33 PM | Attr = ] animepinkblue.gif -> %UserProfile%\Desktop\animepinkblue.gif -> [Ver = | Size = 56788 bytes | Modified Date = 1/18/2008 4:27:31 PM | Attr = ] avgas-setup-7.5.1.43-3339(2).exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339(2).exe -> [Ver = | Size = 14113576 bytes | Modified Date = 2/7/2008 5:15:54 PM | Attr = ] burning and dling -> %UserProfile%\Desktop\burning and dling -> [Folder | Modified Date = 1/13/2008 6:18:01 PM | Attr = R ] bwchart103g.zip -> %UserProfile%\Desktop\bwchart103g.zip -> [Ver = | Size = 170400 bytes | Modified Date = 3/2/2008 5:40:32 PM | Attr = ] c4ds -> %UserProfile%\Desktop\c4ds -> [Folder | Modified Date = 1/24/2008 8:40:57 PM | Attr = ] clearupmem.lnk -> %UserProfile%\Desktop\clearupmem.lnk -> [Ver = | Size = 1481 bytes | Modified Date = 12/31/2007 2:10:13 PM | Attr = ] CNC3_patch109_english(2).exe -> %UserProfile%\Desktop\CNC3_patch109_english(2).exe -> [Ver = | Size = 276520960 bytes | Modified Date = 1/26/2008 8:11:34 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1598023 bytes | Modified Date = 2/19/2008 5:31:16 PM | Attr = ] Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX -> %UserProfile%\Desktop\Command_And_Conquer_3_Tiberium_Wars_Kane_Edition_Keygen-RazorDOX -> [Folder | Modified Date = 1/28/2008 1:07:07 PM | Attr = ] cute_monkey.jpg -> %UserProfile%\Desktop\cute_monkey.jpg -> [Ver = | Size = 150193 bytes | Modified Date = 2/7/2008 8:12:04 PM | Attr = ] daily.jpg -> %UserProfile%\Desktop\daily.jpg -> [Ver = | Size = 312305 bytes | Modified Date = 2/28/2008 10:09:55 PM | Attr = ] dramaticarts.psd -> %UserProfile%\Desktop\dramaticarts.psd -> [Ver = | Size = 15100217 bytes | Modified Date = 2/10/2008 8:21:10 PM | Attr = ] DSC00411.JPG -> %UserProfile%\Desktop\DSC00411.JPG -> [Ver = | Size = 150972 bytes | Modified Date = 1/25/2008 6:00:57 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/18/2008 6:27:18 PM | Attr = ] EN_170_171_Patch.exe -> %UserProfile%\Desktop\EN_170_171_Patch.exe -> THQ Canada Inc. [Ver = 1.0.0.1 | Size = 10150824 bytes | Modified Date = 1/26/2008 7:59:49 PM | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 2/19/2008 5:26:58 PM | Attr = ] Firefox Setup 2.0.0.12.exe -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe -> Mozilla [Ver = 4.42 | Size = 6029648 bytes | Modified Date = 2/9/2008 8:05:56 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe:Zone.Identifier fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 262 bytes | Modified Date = 2/19/2008 5:30:29 PM | Attr = ] FlashFXP.lnk -> %UserProfile%\Desktop\FlashFXP.lnk -> [Ver = | Size = 699 bytes | Modified Date = 1/13/2008 8:27:07 PM | Attr = ] flt-cnc9.7z -> %UserProfile%\Desktop\flt-cnc9.7z -> [Ver = | Size = 12039332 bytes | Modified Date = 1/26/2008 8:00:38 PM | Attr = ] Free Music Zilla.lnk -> %UserProfile%\Desktop\Free Music Zilla.lnk -> [Ver = | Size = 745 bytes | Modified Date = 12/26/2007 12:48:51 AM | Attr = ] GGClient_setup.exe -> %UserProfile%\Desktop\GGClient_setup.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 13123836 bytes | Modified Date = 2/3/2008 3:34:13 PM | Attr = ] HerosSeason01Disk1.iso -> %UserProfile%\Desktop\HerosSeason01Disk1.iso -> [Ver = | Size = 72187903 bytes | Modified Date = 1/19/2008 11:42:51 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1597 bytes | Modified Date = 2/29/2008 11:26:09 PM | Attr = ] hitman2.exe.lnk -> %UserProfile%\Desktop\hitman2.exe.lnk -> [Ver = | Size = 787 bytes | Modified Date = 12/8/2007 10:39:57 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 2/29/2008 11:25:53 PM | Attr = ] hoodmoon.jpg -> %UserProfile%\Desktop\hoodmoon.jpg -> [Ver = | Size = 110877 bytes | Modified Date = 1/16/2008 6:49:15 PM | Attr = ] Install_WLMessenger.msi -> %UserProfile%\Desktop\Install_WLMessenger.msi -> [Ver = | Size = 17167872 bytes | Modified Date = 2/22/2008 8:39:55 PM | Attr = ] janu08.m3u -> %UserProfile%\Desktop\janu08.m3u -> [Ver = | Size = 5208 bytes | Modified Date = 1/23/2008 8:38:05 PM | Attr = ] jhcomputers[1].jpg -> %UserProfile%\Desktop\jhcomputers[1].jpg -> [Ver = | Size = 23968 bytes | Modified Date = 1/25/2008 5:50:34 PM | Attr = ] jhcomputers[1].pdf -> %UserProfile%\Desktop\jhcomputers[1].pdf -> [Ver = | Size = 234521 bytes | Modified Date = 1/25/2008 5:55:34 PM | Attr = ] Kyle Paas - Beautiful Surprise.mp3 -> %UserProfile%\Desktop\Kyle Paas - Beautiful Surprise.mp3 -> [Ver = | Size = 1569354 bytes | Modified Date = 1/24/2008 9:22:49 PM | Attr = ] less commonly used -> %UserProfile%\Desktop\less commonly used -> [Folder | Modified Date = 1/27/2008 10:58:13 AM | Attr = ] Madagascar[1].doc -> %UserProfile%\Desktop\Madagascar[1].doc -> [Ver = | Size = 33792 bytes | Modified Date = 3/2/2008 8:41:33 PM | Attr = ] Manga Rumoured Girlfriend -> %UserProfile%\Desktop\Manga Rumoured Girlfriend -> [Folder | Modified Date = 2/3/2008 12:03:45 AM | Attr = ] MiraScan.lnk -> %UserProfile%\Desktop\MiraScan.lnk -> [Ver = | Size = 1655 bytes | Modified Date = 2/2/2008 9:32:45 PM | Attr = ] NOD32AV Fully Loaded ver. 2.70 -> %UserProfile%\Desktop\NOD32AV Fully Loaded ver. 2.70 -> [Folder | Modified Date = 2/16/2008 1:12:40 PM | Attr = ] none.zip -> %UserProfile%\Desktop\none.zip -> [Ver = | Size = 6520 bytes | Modified Date = 1/30/2008 1:20:53 PM | Attr = ] ntbos.ts.xvid.ITL2.0.avi -> %UserProfile%\Desktop\ntbos.ts.xvid.ITL2.0.avi -> [Ver = | Size = 1519278080 bytes | Modified Date = 12/27/2007 6:03:54 AM | Attr = ] perfectpartyplatters.pdf -> %UserProfile%\Desktop\perfectpartyplatters.pdf -> [Ver = | Size = 1058382 bytes | Modified Date = 2/22/2008 9:31:09 PM | Attr = ] perfectpartyplatters.psd -> %UserProfile%\Desktop\perfectpartyplatters.psd -> [Ver = | Size = 1185284 bytes | Modified Date = 2/22/2008 9:30:27 PM | Attr = ] photorepair2.jpg -> %UserProfile%\Desktop\photorepair2.jpg -> [Ver = | Size = 165128 bytes | Modified Date = 2/3/2008 12:18:05 PM | Attr = ] photorepaired.jpg -> %UserProfile%\Desktop\photorepaired.jpg -> [Ver = | Size = 155099 bytes | Modified Date = 2/2/2008 10:35:31 PM | Attr = ] Pictures -> %UserProfile%\Desktop\Pictures -> [Folder | Modified Date = 1/13/2008 8:47:51 PM | Attr = ] PSP -> %UserProfile%\Desktop\PSP -> [Folder | Modified Date = 1/26/2008 5:55:24 PM | Attr = ] purplee.jpg -> %UserProfile%\Desktop\purplee.jpg -> [Ver = | Size = 1157813 bytes | Modified Date = 2/28/2008 9:33:30 PM | Attr = ] QuickSFV.lnk -> %UserProfile%\Desktop\QuickSFV.lnk -> [Ver = | Size = 697 bytes | Modified Date = 1/27/2008 10:45:21 AM | Attr = ] recorded -> %UserProfile%\Desktop\recorded -> [Folder | Modified Date = 2/17/2008 4:28:44 PM | Attr = ] scannedimage.jpg -> %UserProfile%\Desktop\scannedimage.jpg -> [Ver = | Size = 38309 bytes | Modified Date = 2/2/2008 10:10:13 PM | Attr = ] scannedimage.psd -> %UserProfile%\Desktop\scannedimage.psd -> [Ver = | Size = 1946257 bytes | Modified Date = 2/2/2008 10:31:30 PM | Attr = ] sciencetitlepage.psd -> %UserProfile%\Desktop\sciencetitlepage.psd -> [Ver = | Size = 11606360 bytes | Modified Date = 2/18/2008 5:24:50 PM | Attr = ] screenies -> %UserProfile%\Desktop\screenies -> [Folder | Modified Date = 2/7/2008 3:45:24 PM | Attr = ] SocialBookMarkingTool.zip -> %UserProfile%\Desktop\SocialBookMarkingTool.zip -> [Ver = | Size = 30012 bytes | Modified Date = 1/28/2008 8:17:40 PM | Attr = ] Songs.lnk -> %UserProfile%\Desktop\Songs.lnk -> [Ver = | Size = 1266 bytes | Modified Date = 12/27/2007 5:15:44 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 950 bytes | Modified Date = 2/5/2008 9:56:11 PM | Attr = ] spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9722720 bytes | Modified Date = 2/5/2008 9:54:52 PM | Attr = ] starcraft.ahk -> %UserProfile%\Desktop\starcraft.ahk -> [Ver = | Size = 4 bytes | Modified Date = 1/31/2008 1:02:13 PM | Attr = ] Untitled-3.png -> %UserProfile%\Desktop\Untitled-3.png -> [Ver = | Size = 228719 bytes | Modified Date = 1/25/2008 10:54:52 PM | Attr = ] uper[1].jpg -> %UserProfile%\Desktop\uper[1].jpg -> [Ver = | Size = 27709 bytes | Modified Date = 1/25/2008 5:49:55 PM | Attr = ] uper[1].pdf -> %UserProfile%\Desktop\uper[1].pdf -> [Ver = | Size = 284120 bytes | Modified Date = 1/25/2008 5:55:01 PM | Attr = ] vlcsnap-70332.png -> %UserProfile%\Desktop\vlcsnap-70332.png -> [Ver = | Size = 500556 bytes | Modified Date = 1/25/2008 10:41:49 PM | Attr = ] vuesca84.exe -> %UserProfile%\Desktop\vuesca84.exe -> Hamrick Software [Ver = 8.4.57 | Size = 5228288 bytes | Modified Date = 2/2/2008 9:46:32 PM | Attr = ] VueScan.lnk -> %UserProfile%\Desktop\VueScan.lnk -> [Ver = | Size = 647 bytes | Modified Date = 2/2/2008 9:46:48 PM | Attr = ] WaterOnMars2_gcc_big.jpg -> %UserProfile%\Desktop\WaterOnMars2_gcc_big.jpg -> [Ver = | Size = 44449 bytes | Modified Date = 1/30/2008 3:25:39 PM | Attr = ] werd.jpg -> %UserProfile%\Desktop\werd.jpg -> [Ver = | Size = 21268 bytes | Modified Date = 2/6/2008 4:41:44 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 3/2/2008 10:25:28 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 482000 bytes | Modified Date = 3/2/2008 10:24:42 PM | Attr = ] wrar371.exe -> %UserProfile%\Desktop\wrar371.exe -> [Ver = | Size = 1206366 bytes | Modified Date = 1/28/2008 12:29:40 PM | Attr = ] zi[1].doc -> %UserProfile%\Desktop\zi[1].doc -> [Ver = | Size = 32256 bytes | Modified Date = 2/26/2008 8:49:06 PM | Attr = ] ~$076950.dot -> %UserProfile%\Desktop\~$076950.dot -> [Ver = | Size = 162 bytes | Modified Date = 2/26/2008 6:52:23 PM | Attr = H ]   -> %UserProfile%\Desktop\  -> [Folder | Modified Date = 1/7/2008 6:10:35 PM | Attr = S] Shortcut to hotkey.ahk.lnk -> %UserProfile%\Start Menu\Programs\Startup\Shortcut to hotkey.ahk.lnk -> [Ver = | Size = 897 bytes | Modified Date = 1/13/2008 4:52:50 PM | Attr = ] Everstrike Software -> %CommonProgramFiles%\Everstrike Software -> [Folder | Modified Date = 12/29/2007 11:01:09 PM | Attr = ] EZB Systems -> %CommonProgramFiles%\EZB Systems -> [Folder | Modified Date = 12/28/2007 11:22:08 AM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 1/5/2008 11:38:09 AM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 12/29/2007 2:50:31 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 12/10/2007 5:26:45 PM | Attr = ] < End of report > [/code]