[code] OTScanIt logfile created on: 26/03/2008 00:57:51 OTScanIt by OldTimer - Version 1.0.6.1 Folder = C:\Documents and Settings\dave\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.23% Memory free 3.85 Gb Paging File | 3.31 Gb Available in Paging File | 85.93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 111.15 Gb Free Space | 47.73% Space Free | Partition Type: NTFS Drive D: | 3.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 298.08 Gb Total Space | 195.14 Gb Free Space | 65.46% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PISSOFF Current User Name: dave Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> MD5 = 0629361FAC4576BA48AB39F4903DCE9E | Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 17/01/2008 00:49:34 | Attr = ] smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> MD5 = 5A25A52B38E8406AAFD2E04325321165 | Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 08:19:46 | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> MD5 = 1BE6FBEE744B1F35A8A57D7468DAA686 | Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 01/05/2006 10:07:44 | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ] devsvc.exe -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> MD5 = 3014CA345E8AD68587BABFB162DDDEC5 | InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 11/08/2006 11:15:36 | Attr = ] ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> MD5 = 06DE1310E3F1EA208B3C3B3C3ADE6B55 | Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 31/10/2005 09:51:52 | Attr = ] iviregmgr.exe -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> MD5 = 213822072085B5BBAD9AF30AB577D817 | InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 04/01/2007 19:48:52 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> MD5 = 6E5DAC168D1FF9843E84A59D51D31107 | Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19/10/2006 13:52:24 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 8D64B827A6709C3D18F855619D7D89E9 | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ] ctsched.exe -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> MD5 = C9E32D5C6944192E7676E2EE2B859779 | Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 02:43:42 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> MD5 = B8E684DF9A97497EDD2F87444A6307FB | RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 04/12/2007 19:25:55 | Attr = ] caissdt.exe -> %ProgramFiles%\CA\eTrust Internet Security Suite\caissdt.exe -> MD5 = D236A482C9AE97B3BB9B9689A4A3796D | Computer Associates International, Inc. [Ver = Version 2.0.1.1 | Size = 165416 bytes | Modified Date = 21/04/2006 14:42:24 | Attr = ] atwtusb.exe -> %SystemRoot%\system32\ATWTUSB.EXE -> MD5 = 36004224CDAFF02A5FD7F7556D72C2CD | WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 21/09/2005 18:08:48 | Attr = ] isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> MD5 = 2BAD84B393AF47006D80BA2F03B18029 | Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 20/03/2006 17:34:50 | Attr = ] aacenter.exe -> %ProgramFiles%\ASUS\AASP\1.00.01\aaCenter.exe -> MD5 = 375EA64D23A32BA7DD388D04B43DC855 | [Ver = 0.1.0.1 | Size = 582144 bytes | Modified Date = 30/06/2006 14:57:04 | Attr = ] ainap.exe -> %ProgramFiles%\ASUS\Ai Suite\AiNap\AiNap.exe -> MD5 = 6E425E653CCD6283149F169EB0BFA924 | [Ver = | Size = 1093632 bytes | Modified Date = 10/07/2006 15:49:34 | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> MD5 = FDB3E1F204626A0B4F3E7E2A9CCF91E0 | Logitech Inc. [Ver = 2.41.309 | Size = 450560 bytes | Modified Date = 16/06/2005 02:41:00 | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> MD5 = CCB0B7A1DD8BC5A38FB9AE2C1298A2D9 | Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Modified Date = 16/06/2005 02:41:00 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> MD5 = B78DBE162680C940D168421C29905694 | OldTimer Tools [Ver = 1.0.6.1 | Size = 310784 bytes | Modified Date = 24/03/2008 02:11:08 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> MD5 = 0629361FAC4576BA48AB39F4903DCE9E | Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 17/01/2008 00:49:34 | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> MD5 = 303C174A7303A7702A68653152FC65A0 | Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/11/2007 21:48:04 | Attr = ] (Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> MD5 = 14C23516C990DCD6052152CF034DDE40 | Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 153792 bytes | Modified Date = 20/03/2007 15:41:24 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> MD5 = 60BEE95B4AE6369F0F41881049E5B87D | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 23/03/2008 23:38:25 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> MD5 = 74C35302FCA1B1891F4E255A4A773D4B | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 23/03/2008 23:38:24 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> MD5 = EEC7FA91D3C4C3C05FEEBAA9F06CFC48 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 23/03/2008 23:38:24 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> MD5 = 013AED3D00B99EEDBF7A42E92A1118B1 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 23/03/2008 23:38:25 | Attr = ] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> MD5 = 73686FE0B2E0469F89FD2075BE724704 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ] (Capture Device Service) Capture Device Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> MD5 = 3014CA345E8AD68587BABFB162DDDEC5 | InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 11/08/2006 11:15:36 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> MD5 = 227846995AFEEFA70D328BF5334A86A5 | Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 17/10/2007 11:11:42 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> MD5 = DAF66902F08796F9C694901660E5A64A | Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 00:06:04 | Attr = ] (IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> MD5 = 213822072085B5BBAD9AF30AB577D817 | InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 04/01/2007 19:48:52 | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> MD5 = 6E5DAC168D1FF9843E84A59D51D31107 | Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19/10/2006 13:52:24 | Attr = ] (MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> MD5 = F1534ACA143CA86CD57672953754FAB0 | Sony Corporation [Ver = 4.5.01.04270 | Size = 53337 bytes | Modified Date = 27/04/2006 16:35:16 | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> MD5 = F46070DDADA5C396B1F2EBF1C46DBB08 | Nero AG [Ver = 2, 7, 3, 2 | Size = 779824 bytes | Modified Date = 14/03/2007 19:19:10 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> MD5 = 433049770B810D7C83C5C94CDB3E09D2 | Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 12/03/2007 13:49:46 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 8D64B827A6709C3D18F855619D7D89E9 | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ] (PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> MD5 = 17BB6B38DE8C2BDA692CA1DB0CEA7325 | Sony Corporation [Ver = 4.5.01.04270 | Size = 49241 bytes | Modified Date = 27/04/2006 16:27:06 | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> MD5 = 3980B48DFF300A7E4139F5C64DA65F5C | Sony Corporation [Ver = 4.5.01.04270 | Size = 69718 bytes | Modified Date = 27/04/2006 16:16:28 | Attr = ] (SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> MD5 = 3DBADE5B4AA47C245A69E99D72B8E73B | Sony Corporation [Ver = 4.0.00.05080 | Size = 69632 bytes | Modified Date = 08/05/2006 03:24:54 | Attr = ] [Driver Services - Non-Microsoft Only] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aavmker4.sys -> MD5 = D301F57713A0F6F8A3295AE6EBB69617 | ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 04/12/2007 14:49:02 | Attr = ] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> MD5 = AB0D9669BAB1009E48CC91117E59912B | Analog Devices, Inc. [Ver = 5.10.01.4530 built by: WinDDK | Size = 229376 bytes | Modified Date = 02/05/2006 17:12:06 | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (AEAudio) AE Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> MD5 = 03BE587E90C8B37C7FF1FE2E9C1D1C90 | Andrea Electronics Corporation [Ver = 4.2.32.3 | Size = 93824 bytes | Modified Date = 27/04/2006 06:42:40 | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (aiptektp) HyperPen [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\aiptektp.sys -> MD5 = D4944A84245F67094FD4867F2C1B6993 | AIPTEK International Inc. [Ver = 2.34.00 | Size = 22272 bytes | Modified Date = 07/07/2004 16:02:14 | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (AsIO) AsIO [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AsIO.sys -> MD5 = 19A1DAC5BC607C212E8A94C05886ED52 | [Ver = | Size = 5685 bytes | Modified Date = 22/12/2005 02:22:20 | Attr = ] (aswMon2) avast! Standard Shield Support [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aswmon2.sys -> MD5 = 71785F529C7B251B188245843BBF85DB | ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 04/12/2007 14:55:46 | Attr = ] (aswRdr) aswRdr [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aswRdr.sys -> MD5 = 7BAB4923CABB4404BF05FD111E75E49B | ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 04/12/2007 14:53:39 | Attr = ] (aswTdi) avast! Network Shield Support [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aswTdi.sys -> MD5 = E8A2678EAB78C2060D5EB26803667DC2 | ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 04/12/2007 14:51:52 | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (Cardex) Cardex [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TBPanel.sys -> MD5 = 175418424B0973AE9004257EBC60431C | Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 5306 bytes | Modified Date = 27/07/2002 17:01:06 | Attr = ] (catchme) catchme [Kernel | On_Demand | Running] -> %SystemDrive%\DOCUME~1\dave\LOCALS~1\Temp\catchme.sys -> File not found (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> MD5 = 8DB84DE3AAB34A8B4C2F644EFF41CD76 | Creative Technology Ltd [Ver = 5.12.01.1081-2.04.0050 | Size = 138752 bytes | Modified Date = 10/01/2005 10:15:24 | Attr = ] (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> MD5 = C0FBB516E06E243F0CF31F597E7EBF7D | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 22:07:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> MD5 = F5E7B358A732D09F4BCF2824B88B9E28 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 22:07:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> MD5 = E9317282A63CA4D188C0DF5E09C6AC5F | Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> MD5 = 3FCC124B6E08EE0E9351F717DD136939 | Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 20/09/2007 04:33:16 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\JGOGO.sys -> MD5 = C995C0E8B4503FAC38793BB0236AD246 | JMicron [Ver = 5.0.3790.1 | Size = 6912 bytes | Modified Date = 07/02/2006 11:52:58 | Attr = ] (JRAID) JRAID [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\jraid.sys -> MD5 = F561C67E8E9C598051D4F83296FD1201 | JMicron Technology Corp. [Ver = 1.12.04.00 built by: WinDDK | Size = 43392 bytes | Modified Date = 05/07/2006 12:55:58 | Attr = ] (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Kbd.sys -> MD5 = 0E107ABF190FBEACD1E273AFC552F7D2 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 13440 bytes | Modified Date = 02/06/2005 13:34:44 | Attr = ] (L8042mou) Logitech SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042mou.Sys -> MD5 = 34EB862D3CDA65F2F546BAE267EDF88E | Logitech, Inc. [Ver = 2.41.305.00 | Size = 55040 bytes | Modified Date = 02/06/2005 13:34:56 | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> MD5 = 706F3EB3ADD1B6EF8815CF0EC88C1EF3 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 25856 bytes | Modified Date = 02/06/2005 13:35:32 | Attr = ] (LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouKE.Sys -> MD5 = C4EEB836D5596FB590F6FF538B66D092 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 68864 bytes | Modified Date = 02/06/2005 13:35:28 | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> MD5 = D48659BB24C48345D926ECB45C1EBDF5 | [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 13/08/2004 02:56:20 | Attr = ] (NETMDUSB) Net MD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NETMDUSB.sys -> MD5 = 986ACDECE933131288F1957DC359865F | Sony Corporation [Ver = 1.2.10.08080 | Size = 38951 bytes | Modified Date = 08/08/2002 14:51:32 | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> MD5 = C190757A29A9BC0199032F353DD2557A | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 6854464 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ] (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> MD5 = 103A9B117A7D9903111955CDAFE65AC6 | Creative Technology Ltd. [Ver = 5.12.01.1081-2.04.0050 | Size = 106496 bytes | Modified Date = 10/01/2005 10:15:30 | Attr = ] (P17) Sound Blaster Audigy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\P17.sys -> MD5 = 1DB419CB76493F6292CCFBDC3466F5FF | Creative Technology Ltd. [Ver = 5.12.01.512 | Size = 1389056 bytes | Modified Date = 07/07/2005 08:14:30 | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD | Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> MD5 = D86B4A68565E444D76457F14172C875A | Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 07/03/2007 23:51:00 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtenicxp.sys -> MD5 = B98455F2197FB560BDE2C13D894DB79D | Realtek Semiconductor Corporation [Ver = 5.646.0712.2006 built by: WinDDK | Size = 83712 bytes | Modified Date = 13/07/2006 12:11:04 | Attr = ] (SCDEmu) SCDEmu [Kernel | System | Running] -> %SystemRoot%\system32\drivers\scdemu.sys -> MD5 = A73AE2510014103A44A5A58845219DCB | PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 33292 bytes | Modified Date = 20/01/2008 07:07:58 | Attr = ] (SDTHOOK) SDTHOOK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SDTHOOK.SYS -> MD5 = F88D17B93621EEB8BEF33B81E3AF9207 | Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Modified Date = 05/06/2007 10:56:40 | Attr = ] (se45bus) Sony Ericsson Device 069 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45bus.sys -> MD5 = 531EBC57DB331C8500C042D9F8A6AEF2 | MCCI [Ver = V4.34 | Size = 61536 bytes | Modified Date = 30/11/2006 15:13:56 | Attr = ] (se45mdfl) Sony Ericsson Device 069 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45mdfl.sys -> MD5 = 148E7E813681D3A0A05F09826080CC2B | MCCI [Ver = V4.34 | Size = 9360 bytes | Modified Date = 30/11/2006 15:14:04 | Attr = ] (se45mdm) Sony Ericsson Device 069 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45mdm.sys -> MD5 = B4CE022564D0D3FD7B0E5459AA12AA72 | MCCI [Ver = V4.34 | Size = 97088 bytes | Modified Date = 30/11/2006 15:14:04 | Attr = ] (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45mgmt.sys -> MD5 = 6D04EA9C049EBD78D64ADE447DE3F7EB | MCCI [Ver = V4.34 | Size = 88624 bytes | Modified Date = 30/11/2006 15:14:10 | Attr = ] (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45nd5.sys -> MD5 = FDC74BEAA13A801FAC574BC7AF1450C4 | MCCI [Ver = V4.34 | Size = 18704 bytes | Modified Date = 30/11/2006 15:14:10 | Attr = ] (se45obex) Sony Ericsson Device 069 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45obex.sys -> MD5 = 5E003693822460D37516D9A262DE9E11 | MCCI [Ver = V4.34 | Size = 86432 bytes | Modified Date = 30/11/2006 15:14:14 | Attr = ] (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\se45unic.sys -> MD5 = FC7021ADB632200DA591A55A35A78ACC | MCCI [Ver = V4.34 | Size = 90800 bytes | Modified Date = 30/11/2006 15:14:22 | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> MD5 = 90A3935D05B494A5A39D37E71F09A677 | Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 10:25:53 | Attr = ] (SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> MD5 = B6A6B409FDA9D9EBD3AADB838D3D7173 | Sensaura [Ver = 5.10.00.3524 | Size = 392960 bytes | Modified Date = 17/03/2006 18:18:58 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> MD5 = A1ECEEAA5C5E74B2499EB51D38185B84 | Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 13:56:16 | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (TBPanel) TBPanel [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\TBPanel.sys -> MD5 = 175418424B0973AE9004257EBC60431C | Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 5306 bytes | Modified Date = 27/07/2002 17:01:06 | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe_ID0EYTHM -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe -> MD5 = C1873D880786B6B03AF781E23835D925 | Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 20/03/2007 15:40:44 | Attr = ] Ai Nap -> %ProgramFiles%\ASUS\Ai Suite\AiNap\AiNap.exe -> MD5 = 6E425E653CCD6283149F169EB0BFA924 | [Ver = | Size = 1093632 bytes | Modified Date = 10/07/2006 15:49:34 | Attr = ] AsusServiceProvider -> %ProgramFiles%\ASUS\AASP\1.00.01\aaCenter.exe -> MD5 = 375EA64D23A32BA7DD388D04B43DC855 | [Ver = 0.1.0.1 | Size = 582144 bytes | Modified Date = 30/06/2006 14:57:04 | Attr = ] atwtusb -> %SystemRoot%\system32\ATWTUSB.EXE -> MD5 = 36004224CDAFF02A5FD7F7556D72C2CD | WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 21/09/2005 18:08:48 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> MD5 = 0800F646E76D5F237A77DCDFA7DAC940 | ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 23/03/2008 23:44:52 | Attr = ] CaISSDT -> %ProgramFiles%\CA\eTrust Internet Security Suite\caissdt.exe -> MD5 = D236A482C9AE97B3BB9B9689A4A3796D | Computer Associates International, Inc. [Ver = Version 2.0.1.1 | Size = 165416 bytes | Modified Date = 21/04/2006 14:42:24 | Attr = ] CreativeTaskScheduler -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> MD5 = C9E32D5C6944192E7676E2EE2B859779 | Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 09/01/2006 02:43:42 | Attr = ] CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> MD5 = 06DE1310E3F1EA208B3C3B3C3ADE6B55 | Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 31/10/2005 09:51:52 | Attr = ] eTrustPPAP -> %ProgramFiles%\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe -> MD5 = 0F0BF2DB9AE8658220E832D9FCB5194F | Computer Associates [Ver = 8, 0, 0, 3 | Size = 258048 bytes | Modified Date = 02/01/2008 21:14:04 | Attr = ] ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> MD5 = 2BAD84B393AF47006D80BA2F03B18029 | Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 20/03/2006 17:34:50 | Attr = ] JMB36X Configure -> %SystemRoot%\system32\JMRaidTool.exe -> MD5 = EAAFD8BACFD10B6FDFE0A2E30C4DB1FC | JMicron Technology Corp. [Ver = 1.10.02 | Size = 385024 bytes | Modified Date = 02/06/2006 08:45:20 | Attr = ] Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> MD5 = CCB0B7A1DD8BC5A38FB9AE2C1298A2D9 | Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Modified Date = 02/06/2005 13:22:48 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> MD5 = ECC0EF0BF0394C60CBC20D8054CED299 | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 8491008 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> MD5 = 8F70405BB0B12D9FDDC4D39DBDF17A4D | NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 81920 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe -> MD5 = 530FA80819B092440442DFA70C1D01F6 | [Ver = | Size = 1626112 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ] P17Helper -> %SystemRoot%\system32\P17.dll -> MD5 = 1AAD42336E6DB80F992F5F7B527CFD65 | [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 03/05/2005 11:38:42 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> MD5 = C74C7963EEC07AF49DCE44D64819B2BF | Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 14/11/2007 21:34:31 | Attr = ] SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> MD5 = 5A25A52B38E8406AAFD2E04325321165 | Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 08:19:46 | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> MD5 = 1BE6FBEE744B1F35A8A57D7468DAA686 | Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 01/05/2006 10:07:44 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> MD5 = B8E684DF9A97497EDD2F87444A6307FB | RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 04/12/2007 19:25:55 | Attr = ] UpdReg -> %SystemRoot%\Updreg.EXE -> MD5 = C419DF63E0121D72411285780C2FC6CC | Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 11/05/2000 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> MD5 = FDB3E1F204626A0B4F3E7E2A9CCF91E0 | Logitech Inc. [Ver = 2.41.309 | Size = 450560 bytes | Modified Date = 16/06/2005 02:41:00 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Start Page -> http://www.msn.com -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Unable to obtain MD5 | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 29/03/2007 21:11:22 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {26B337AB-AA70-4EEF-844C-3A6E6451F64B} -> (Sony Ericsson Device 069 USB Ethernet Emulation (NDIS 5)) -> {28BBBB4A-B713-49CE-BAC4-AABA146F0A0D} -> (1394 Net Adapter) -> {502D1DA0-4EF1-4132-A23C-B9F465B4B72A} -> () -> {765DACF6-5B75-41A0-B3BD-42C491C94C85} -> (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> MD5 = 1F5A570AD942DFCFE4500326ABDD72B2 | Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 11:42:30 | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {001EE746-A1F9-460E-80AD-269E088D6A01}[HKEY_LOCAL_MACHINE] -> http://site.ebrary.com/lib/tvulrs/support/plugins/ebraryRdr.cab[Infotl Control] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[CKAVWebScan Object] -> {A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> -> File not found .cmd [@ = cmdfile] -> -> File not found .com [@ = comfile] -> -> File not found .exe [@ = exefile] -> -> File not found .html [@ = htmlfile] -> %ProgramFiles%\Avant Browser\avant.exe -> MD5 = 649079F7FD1EDC8890627C1A0E23AA9F | [Ver = 11.5.0.0 | Size = 1413632 bytes | Modified Date = 27/09/2007 06:19:02 | Attr = ] .url [@ = InternetShortcut] -> %ProgramFiles%\Avant Browser\avant.exe -> MD5 = 649079F7FD1EDC8890627C1A0E23AA9F | [Ver = 11.5.0.0 | Size = 1413632 bytes | Modified Date = 27/09/2007 06:19:02 | Attr = ] .pif [@ = piffile] -> -> File not found .scr [@ = scrfile] -> -> File not found < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 23:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs -> %SystemRoot%\system32\rpcss.dll -> MD5 = B1CD945981445A170ECC710E8A0EC688 | Microsoft Corporation [Ver = 5.1.2600.3124 (xpsp_sp2_qfe.070423-0026) | Size = 399360 bytes | Modified Date = 20/09/2007 04:49:14 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [%systemroot%\system32\qmgr.dll] -> MD5 = 17A0D43C80DB5348759C649835A78CFC | Microsoft Corporation [Ver = 6.7.2600.3143 (xpsp_sp2_qfe.070524-0110) | Size = 408064 bytes | Modified Date = 20/09/2007 04:49:13 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 23:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> MD5 = 36CC8C01B5E50163037BEF56CB96DEFF | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 03/08/2004 23:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> MD5 = CEBED017C4965FC4407CCD986AE0A528 | Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 20/09/2007 04:35:23 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> MD5 = 729798E0933076B8FCFCD9934698F164 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 03/08/2004 23:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> MD5 = A8972A2F9A744DD5EE0BFE429D767F1C | Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> MD5 = 16E7ED9A3DF83B1AC399DF4F31B21DB9 | Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 17:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> MD5 = CEBED017C4965FC4407CCD986AE0A528 | Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 20/09/2007 04:35:23 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> MD5 = 729798E0933076B8FCFCD9934698F164 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 03/08/2004 23:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server] -> MD5 = 14C23516C990DCD6052152CF034DDE40 | Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 153792 bytes | Modified Date = 20/03/2007 15:41:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Avant Browser\avant.exe -> C:\Program Files\Avant Browser\avant.exe [C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser] -> MD5 = 649079F7FD1EDC8890627C1A0E23AA9F | [Ver = 11.5.0.0 | Size = 1413632 bytes | Modified Date = 27/09/2007 06:19:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe -> C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe [C:\Program Files\Sorenson Media\Sorenson Squeeze\Squeeze.exe:*:Enabled:Squeeze Application] -> MD5 = 396F0D206DFA72B78BD8184EB98CF7FA | Sorenson Media Inc. [Ver = 4, 2, 301, 6 | Size = 2940928 bytes | Modified Date = 16/09/2005 09:37:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\InterVideo\DVD8\WinDVD.exe -> C:\Program Files\InterVideo\DVD8\WinDVD.exe [C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD] -> MD5 = AB401EA7E5500DEA63671546AFE4ECBF | InterVideo Inc. [Ver = 8.0.6.109 | Size = 726552 bytes | Modified Date = 05/02/2007 17:33:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe -> C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe [C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\AfterFX.exe:*:Enabled:Adobe After Effects CS3] -> MD5 = 5A0E113790707351FCAE4A36BCBF2DC5 | Adobe Systems Incorporated [Ver = 8.0 | Size = 177664 bytes | Modified Date = 29/04/2007 03:40:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> MD5 = 0F96A34D03D6DE3A4EBF5E34A4F71DD7 | Microsoft Corporation [Ver = 12.0.6300.5000 | Size = 12829216 bytes | Modified Date = 12/12/2007 23:56:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> MD5 = F7351DE406289F3A2FC6E0586A24082F | Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 27/10/2006 15:37:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> MD5 = C6408B67C2DBD2158E189E1C9C894925 | Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 27/10/2006 15:03:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\William Hill Poker\UA.exe -> C:\Program Files\William Hill Poker\UA.exe [C:\Program Files\William Hill Poker\UA.exe:*:Enabled:UA Application] -> MD5 = BDC2EF7F14820BDE3F68B8A78C97188A | [Ver = 5, 0, 0, 0 | Size = 18944 bytes | Modified Date = 24/08/2005 16:28:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> MD5 = A8972A2F9A744DD5EE0BFE429D767F1C | Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> MD5 = 16E7ED9A3DF83B1AC399DF4F31B21DB9 | Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 17:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3703:TCP -> 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3704:TCP -> 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\50900:TCP -> 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\50901:TCP -> 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> MD5 = 8F078AE4ED187AAABC0A305146DE6716 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 23:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> MD5 = D29AD7484B98279ED21877DE051A180F | Microsoft Corporation [Ver = 7.0.6000.381 (winmain(wmbla).070730-1740) | Size = 25944 bytes | Modified Date = 20/09/2007 04:49:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForward|DocHelpUserGuide|HelpReader -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Messenger\Client\\PreventAutoRun -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %SystemRoot%\system32\cmd.exe -> MD5 = EEB024F2C81F0D55936FB825D21A91D6 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %SystemRoot%\system32\msi.dll -> MD5 = 4E7153D034734EABE2FF3CED0A480C0B | Microsoft Corporation [Ver = 3.1.4000.4104 | Size = 2854912 bytes | Modified Date = 20/09/2007 04:49:02 | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %SystemRoot%\system32\reg.exe -> MD5 = 3F1DF5D22C775B5E5DE561755FA9AB55 | Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 03/08/2004 23:56:56 | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %SystemRoot%\system32\url.dll -> MD5 = 139FC10D8726541433DCA4E3A788FFDE | Microsoft Corporation [Ver = 7.00.6000.20733 (vista_ldr.071204-1500) | Size = 105984 bytes | Modified Date = 07/12/2007 02:01:13 | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 0 -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\policies\ -> HKEY_USERS\.DEFAULT\Software\Policies\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update -> < Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-18\Software\Policies\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update -> < Software Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-19\Software\Policies\ -> -> HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update -> < Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-20\Software\Policies\ -> -> HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update -> < Software Policy Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ConferencingRTC\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Internet Explorer\\Windows Update Menu Text -> Microsoft Update -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Messenger\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Messenger\Client\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Messenger\Client\\PreventRun -> 0 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Messenger\Client\\PreventAutoRun -> 0 -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Policies\Microsoft\Windows\System\ -> -> [Files/Folders - Created Within 90 days] 958f7957514ceef8862ed3ec8f6dd584 -> %SystemDrive%\958f7957514ceef8862ed3ec8f6dd584 -> [Folder | Created Date = 09/03/2008 12:20:58 | Attr = ] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 24/03/2008 20:52:04 | Attr = RHS] Boot.bak -> %SystemDrive%\Boot.bak -> MD5 = B359E6B8A3F644541D8A00DE2A90F28F | [Ver = | Size = 212 bytes | Created Date = 25/03/2008 01:10:28 | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 25/03/2008 01:10:22 | Attr = ] cmldr -> %SystemDrive%\cmldr -> MD5 = 94E5450C43E4CF78E1D3AD4816966909 | [Ver = | Size = 260272 bytes | Created Date = 25/03/2008 01:10:27 | Attr = ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Created Date = 24/03/2008 12:39:22 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 25/03/2008 20:26:24 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 24/03/2008 19:42:39 | Attr = ] fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Created Date = 25/03/2008 21:14:45 | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 29/02/2008 15:39:20 | Attr = RH ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 24/03/2008 12:39:26 | Attr = ] aiptektp.sys -> %SystemRoot%\System32\drivers\aiptektp.sys -> MD5 = D4944A84245F67094FD4867F2C1B6993 | AIPTEK International Inc. [Ver = 2.34.00 | Size = 22272 bytes | Created Date = 12/01/2008 12:37:53 | Attr = ] AsInsHelp32.sys -> %SystemRoot%\System32\drivers\AsInsHelp32.sys -> MD5 = 33C171DE483EE145F31234D93B078919 | [Ver = | Size = 3328 bytes | Created Date = 02/03/2008 14:11:27 | Attr = ] AsInsHelp64.sys -> %SystemRoot%\System32\drivers\AsInsHelp64.sys -> MD5 = 52A611253F104FD00D65826E2DC833BA | [Ver = | Size = 5120 bytes | Created Date = 02/03/2008 14:11:27 | Attr = ] AsIO.sys -> %SystemRoot%\System32\drivers\AsIO.sys -> MD5 = 19A1DAC5BC607C212E8A94C05886ED52 | [Ver = | Size = 5685 bytes | Created Date = 02/03/2008 14:11:30 | Attr = ] L8042Kbd.sys -> %SystemRoot%\System32\drivers\L8042Kbd.sys -> MD5 = 0E107ABF190FBEACD1E273AFC552F7D2 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 13440 bytes | Created Date = 11/01/2008 16:55:19 | Attr = ] L8042mou.Sys -> %SystemRoot%\System32\drivers\L8042mou.Sys -> MD5 = 34EB862D3CDA65F2F546BAE267EDF88E | Logitech, Inc. [Ver = 2.41.305.00 | Size = 55040 bytes | Created Date = 11/01/2008 16:55:19 | Attr = ] LHidKE.Sys -> %SystemRoot%\System32\drivers\LHidKE.Sys -> MD5 = 706F3EB3ADD1B6EF8815CF0EC88C1EF3 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 25856 bytes | Created Date = 11/01/2008 16:55:19 | Attr = ] LMouKE.Sys -> %SystemRoot%\System32\drivers\LMouKE.Sys -> MD5 = C4EEB836D5596FB590F6FF538B66D092 | Logitech, Inc. [Ver = 2.41.305.00 | Size = 68864 bytes | Created Date = 11/01/2008 16:55:19 | Attr = ] scdemu.sys -> %SystemRoot%\System32\drivers\scdemu.sys -> MD5 = A73AE2510014103A44A5A58845219DCB | PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 33292 bytes | Created Date = 20/01/2008 07:07:58 | Attr = ] SDTHOOK.SYS -> %SystemRoot%\System32\drivers\SDTHOOK.SYS -> MD5 = F88D17B93621EEB8BEF33B81E3AF9207 | Panda Software [Ver = 1.6.0.0 | Size = 44928 bytes | Created Date = 03/03/2008 20:05:59 | Attr = ] se45bus.sys -> %SystemRoot%\System32\drivers\se45bus.sys -> MD5 = 531EBC57DB331C8500C042D9F8A6AEF2 | MCCI [Ver = V4.34 | Size = 61536 bytes | Created Date = 14/02/2008 15:31:51 | Attr = ] se45cm.sys -> %SystemRoot%\System32\drivers\se45cm.sys -> MD5 = 671F1D28CE35DD6AD34BBD5318911BFD | MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 14/02/2008 15:31:55 | Attr = ] se45cmnt.sys -> %SystemRoot%\System32\drivers\se45cmnt.sys -> MD5 = 671F1D28CE35DD6AD34BBD5318911BFD | MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 14/02/2008 15:31:55 | Attr = ] se45cr.sys -> %SystemRoot%\System32\drivers\se45cr.sys -> MD5 = E3311DC7BE1D51D18AB5E262A1E3D5DE | MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 14/02/2008 15:32:09 | Attr = ] se45mdfl.sys -> %SystemRoot%\System32\drivers\se45mdfl.sys -> MD5 = 148E7E813681D3A0A05F09826080CC2B | MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 14/02/2008 15:31:55 | Attr = ] se45mdm.sys -> %SystemRoot%\System32\drivers\se45mdm.sys -> MD5 = B4CE022564D0D3FD7B0E5459AA12AA72 | MCCI [Ver = V4.34 | Size = 97088 bytes | Created Date = 14/02/2008 15:31:55 | Attr = ] se45mgmt.sys -> %SystemRoot%\System32\drivers\se45mgmt.sys -> MD5 = 6D04EA9C049EBD78D64ADE447DE3F7EB | MCCI [Ver = V4.34 | Size = 88624 bytes | Created Date = 14/02/2008 15:32:08 | Attr = ] se45nd5.sys -> %SystemRoot%\System32\drivers\se45nd5.sys -> MD5 = FDC74BEAA13A801FAC574BC7AF1450C4 | MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 14/02/2008 15:32:17 | Attr = ] se45obex.sys -> %SystemRoot%\System32\drivers\se45obex.sys -> MD5 = 5E003693822460D37516D9A262DE9E11 | MCCI [Ver = V4.34 | Size = 86432 bytes | Created Date = 14/02/2008 15:32:04 | Attr = ] se45unic.sys -> %SystemRoot%\System32\drivers\se45unic.sys -> MD5 = FC7021ADB632200DA591A55A35A78ACC | MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 14/02/2008 15:32:09 | Attr = ] se45wh.sys -> %SystemRoot%\System32\drivers\se45wh.sys -> MD5 = B9364FE79BDAD9BFE92CF3E672658CDD | MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 14/02/2008 15:31:51 | Attr = ] se45whnt.sys -> %SystemRoot%\System32\drivers\se45whnt.sys -> MD5 = B9364FE79BDAD9BFE92CF3E672658CDD | MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 14/02/2008 15:31:51 | Attr = ] sonyhcb.sys -> %SystemRoot%\System32\drivers\sonyhcb.sys -> MD5 = E78CD3BB53A208DFAB8FC826384307E0 | Sony Corporation [Ver = 1, 0, 0, 53 | Size = 6097 bytes | Created Date = 16/03/2008 14:31:49 | Attr = ] sonyhcc.sys -> %SystemRoot%\System32\drivers\sonyhcc.sys -> MD5 = 55E48017295F26BA266F935DA49C59A4 | Sony Corporation [Ver = 1, 0, 0, 53 | Size = 38739 bytes | Created Date = 16/03/2008 14:31:49 | Attr = ] Sonyhcp.dll -> %SystemRoot%\System32\drivers\Sonyhcp.dll -> MD5 = BDA6C0EFD8EA4BBE738175FEA5C06660 | [Ver = | Size = 3654 bytes | Created Date = 16/03/2008 14:31:49 | Attr = ] sonyhcs.sys -> %SystemRoot%\System32\drivers\sonyhcs.sys -> MD5 = 610F515FCD95D37F3252E1C250EF8C61 | Sony Corporation [Ver = 1, 0, 0, 53 | Size = 299923 bytes | Created Date = 16/03/2008 14:31:49 | Attr = ] sonypvs1.sys -> %SystemRoot%\System32\drivers\sonypvs1.sys -> MD5 = DFADFC2C86662F40759BF02ADD27D569 | Sony Corporation [Ver = 1, 1, 1, 14 | Size = 102220 bytes | Created Date = 16/03/2008 14:31:49 | Attr = ] AsIO.dll -> %SystemRoot%\System32\AsIO.dll -> MD5 = 212F87EE837B4E35E43A93BBFC44E7A7 | [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Created Date = 02/03/2008 14:11:30 | Attr = ] asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> MD5 = 0626E7EE37B9BF78658F6957A92EBFE8 | Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 03/03/2008 19:46:25 | Attr = ] ATWinLog.dll -> %SystemRoot%\System32\ATWinLog.dll -> MD5 = 5D8B8AFC1C9283B6246BA85F20B02C4B | WALTOP International Corp. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Created Date = 12/01/2008 12:37:53 | Attr = ] ATWTUSB.EXE -> %SystemRoot%\System32\ATWTUSB.EXE -> MD5 = 36004224CDAFF02A5FD7F7556D72C2CD | WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Created Date = 12/01/2008 12:37:52 | Attr = ] atwtusbL.exe -> %SystemRoot%\System32\atwtusbL.exe -> MD5 = 533FEF2902AEEE773527B1AF0EEFB199 | WALTOP International Corp. [Ver = 2, 46, 2, 0 | Size = 290816 bytes | Created Date = 12/01/2008 12:37:53 | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> MD5 = 5E1E3DB1E221217A9D8741DF89B739A1 | DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 09/01/2008 11:16:02 | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> MD5 = 2AD4199BBC88C6AC3D15BE27369D63B4 | DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 09/01/2008 11:18:18 | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> MD5 = D5ED7925BE06F2E297B1C2FEF5C521B4 | [Ver = | Size = 4816 bytes | Created Date = 09/01/2008 11:18:18 | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> MD5 = 7F1E0A73558107ACE9C9086761FB1EF9 | DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 09/01/2008 11:16:02 | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> MD5 = 1034E98BB457EB2C1D553DC115E53036 | DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Created Date = 09/01/2008 11:16:02 | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> MD5 = 7A569A83C24C4DF9F75147FF187E0E48 | DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Created Date = 09/01/2008 11:16:02 | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> MD5 = A02A458E8725BB0C21895703FAA92C2B | DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 09/01/2008 11:16:10 | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> MD5 = FFE84C3AE03007350F799720B52F64D2 | [Ver = | Size = 416 bytes | Created Date = 09/01/2008 11:16:10 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 02/01/2008 10:24:39 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> MD5 = 5B5A9F777A396DBDECC76A6FF917C274 | DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Created Date = 09/01/2008 11:16:10 | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> MD5 = FFE84C3AE03007350F799720B52F64D2 | [Ver = | Size = 416 bytes | Created Date = 09/01/2008 11:16:10 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> MD5 = F464045F5AD11DD2708E620A8404DA7B | Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] Funckey.dll -> %SystemRoot%\System32\Funckey.dll -> MD5 = C45C5A6C6EA94B2D3855158C879BB221 | [Ver = 1, 5, 5, 0 | Size = 49152 bytes | Created Date = 12/01/2008 12:37:52 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> MD5 = 9E05A9C264C8A908A8E79450FCBFF047 | [Ver = | Size = 80412 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> MD5 = 94DEACD6A0C37D631C137A0E49A2F6DC | [Ver = | Size = 1406 bytes | Created Date = 03/03/2008 19:45:02 | Attr = ] IVIresize.dll -> %SystemRoot%\System32\IVIresize.dll -> MD5 = E1D4B1D3D1C634E0F5904666FE578E30 | [Ver = | Size = 20480 bytes | Created Date = 23/01/2008 22:43:05 | Attr = ] IVIresizeA6.dll -> %SystemRoot%\System32\IVIresizeA6.dll -> MD5 = EB79A6540869FAB20201C6D5C02FC633 | [Ver = | Size = 200704 bytes | Created Date = 23/01/2008 22:43:05 | Attr = ] IVIresizeM6.dll -> %SystemRoot%\System32\IVIresizeM6.dll -> MD5 = D91A2A349BB9E6552BB7361ACE05B174 | [Ver = | Size = 192512 bytes | Created Date = 23/01/2008 22:43:05 | Attr = ] IVIresizeP6.dll -> %SystemRoot%\System32\IVIresizeP6.dll -> MD5 = F38D5F8C658FA33F907D508A569E1FA8 | [Ver = | Size = 192512 bytes | Created Date = 23/01/2008 22:43:05 | Attr = ] IVIresizePX.dll -> %SystemRoot%\System32\IVIresizePX.dll -> MD5 = 08F077F32332858DD274CB9BDEF0BCBC | [Ver = | Size = 188416 bytes | Created Date = 23/01/2008 22:43:05 | Attr = ] IVIresizeW7.dll -> %SystemRoot%\System32\IVIresizeW7.dll -> MD5 = 429C8B9FF69F06293B4D37F429F0C7B8 | [Ver = | Size = 204800 bytes | Created Date = 23/01/2008 22:43:05 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 03/03/2008 17:58:40 | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> MD5 = 5D10887C550AB149A7D0E0C2438B8655 | The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 09/01/2008 11:18:00 | Attr = ] libguide40.dll -> %SystemRoot%\System32\libguide40.dll -> MD5 = 7047E03227EEB2B400E1306E500FA110 | Intel Corporation [Ver = 4, 0, 2006, 915 | Size = 200704 bytes | Created Date = 22/02/2008 14:24:56 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 14/01/2008 22:51:16 | Attr = ] lsprst7.tgz -> %SystemRoot%\System32\lsprst7.tgz -> MD5 = F6D656CB5652865602CC9E37995CAF1B | [Ver = | Size = 219 bytes | Created Date = 18/01/2008 18:07:49 | Attr = ] mkl_genarts.dll -> %SystemRoot%\System32\mkl_genarts.dll -> MD5 = 55CAEF9811598D80D73185C4ED2014CF | [Ver = | Size = 5206016 bytes | Created Date = 22/02/2008 14:24:56 | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> MD5 = 02CE4DF5C0ED4024775F8C908B271638 | [Ver = | Size = 3596288 bytes | Created Date = 09/01/2008 11:18:12 | Attr = ] QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Created Date = 21/01/2008 22:17:34 | Attr = ] sapphire_ae.dll -> %SystemRoot%\System32\sapphire_ae.dll -> MD5 = 922F9157F141C51727E9188FC3AA57C8 | GenArts, Inc. [Ver = 2.02 | Size = 3727360 bytes | Created Date = 22/02/2008 14:24:56 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> MD5 = 2B657A67AEBB84AEA5632C53E61E23BF | [Ver = | Size = 98816 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] SONYHCY.DLL -> %SystemRoot%\System32\SONYHCY.DLL -> MD5 = 595E4ADEB1B94C69C57EDA411E0809B8 | Sony Corporation [Ver = 1.00.0628 | Size = 53248 bytes | Created Date = 16/03/2008 14:31:49 | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> MD5 = EED2CE7BD9E43B8500D906D944460D22 | The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 09/01/2008 11:18:00 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B | SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> MD5 = B7517DB073B28F5696A1E5528ABEB5D0 | SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> MD5 = B1A9CF0B6F80611D31987C247EC630B4 | SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] sysprs7.tgz -> %SystemRoot%\System32\sysprs7.tgz -> MD5 = 038F6EC8FC64FA4CC72FE7D7E6159B8B | [Ver = | Size = 1025 bytes | Created Date = 18/01/2008 18:07:49 | Attr = ] TABLET.CPL -> %SystemRoot%\System32\TABLET.CPL -> MD5 = 674B366DFDB015B1E0F851BCF5BEEFCF | Aiptek [Ver = 3, 8, 7, 3 | Size = 888832 bytes | Created Date = 12/01/2008 12:37:52 | Attr = ] Tblfunc.dll -> %SystemRoot%\System32\Tblfunc.dll -> MD5 = 92466616B0A2FDD1969859666A53BADB | Aiptek [Ver = 1, 6, 0, 0 | Size = 61440 bytes | Created Date = 12/01/2008 12:37:53 | Attr = ] TBLMOUSE.EXE -> %SystemRoot%\System32\TBLMOUSE.EXE -> MD5 = 9122500FD28C81ACF45FD8F7E1451C41 | WALTOP International Corp. [Ver = 5, 3, 0, 0 | Size = 61440 bytes | Created Date = 12/01/2008 12:37:53 | Attr = ] TblRes.dll -> %SystemRoot%\System32\TblRes.dll -> MD5 = 35577F476A53281C3067C285AE732E6F | WALTOP International Corp. [Ver = 1, 0, 0, 5 | Size = 1617920 bytes | Created Date = 12/01/2008 12:37:52 | Attr = ] tmp10298.FOT -> %SystemRoot%\System32\tmp10298.FOT -> MD5 = EE7551BC76DBEF1F588E282CC8153884 | [Ver = | Size = 1409 bytes | Created Date = 05/03/2008 18:38:53 | Attr = ] u1xi0qt.tgz -> %SystemRoot%\System32\u1xi0qt.tgz -> MD5 = 6A9086C72A3452E14CD3E04650E52C63 | [Ver = | Size = 1024 bytes | Created Date = 12/02/2008 23:56:23 | Attr = ] UnCasino5.exe -> %SystemRoot%\System32\UnCasino5.exe -> MD5 = C25D63EBC914B678A3900B73709480B2 | [Ver = 1, 0, 0, 1 | Size = 107520 bytes | Created Date = 21/03/2008 16:05:40 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> MD5 = D1294B3A9BE1E491FA9F534B4C4E59A9 | [Ver = | Size = 2550 bytes | Created Date = 03/03/2008 19:45:02 | Attr = ] UnPoker.exe -> %SystemRoot%\System32\UnPoker.exe -> MD5 = F17D6AEB9D5A14C730C5CF5FC695C335 | [Ver = 1, 0, 0, 1 | Size = 93184 bytes | Created Date = 03/03/2008 15:31:00 | Attr = ] URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Created Date = 05/01/2008 15:21:26 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> MD5 = AB44CCD0FA8E55EF88DB941EEF95560A | [Ver = | Size = 49152 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] WINTAB32.DLL -> %SystemRoot%\System32\WINTAB32.DLL -> MD5 = 33FC1D80FAF0457DE956DF017C745EAD | WALTOP International Corp. [Ver = 2, 0, 0, 4 | Size = 69632 bytes | Created Date = 12/01/2008 12:37:53 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8 | [Ver = | Size = 68096 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 02/01/2008 23:36:40 | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> aiptbl.ini -> %SystemRoot%\aiptbl.ini -> MD5 = 9C270773EC7B9EC454793CFA6010C5EE | [Ver = | Size = 3978 bytes | Created Date = 12/01/2008 12:37:52 | Attr = ] AsDmiHtm -> %SystemRoot%\AsDmiHtm -> [Folder | Created Date = 02/03/2008 14:09:15 | Attr = R ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 05/01/2008 15:21:28 | Attr = R S] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 14/02/2008 15:21:14 | Attr = ] ebraryRdr.ini -> %SystemRoot%\ebraryRdr.ini -> MD5 = 78A24FABB8309B6069FE2561F40C8CF1 | [Ver = | Size = 34 bytes | Created Date = 01/02/2008 12:45:38 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 23/03/2008 23:41:31 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 02/01/2008 23:37:11 | Attr = ] KHALMNPR.Exe -> %SystemRoot%\KHALMNPR.Exe -> MD5 = CCB0B7A1DD8BC5A38FB9AE2C1298A2D9 | Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Created Date = 11/01/2008 16:55:19 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 05/01/2008 15:21:27 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 06/01/2008 16:46:38 | Attr = ] MSUTIL.INI -> %SystemRoot%\MSUTIL.INI -> MD5 = 052629EE00E726E226AA8B4BA1023ADD | [Ver = | Size = 98 bytes | Created Date = 22/02/2008 14:24:52 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> MD5 = DCC78B14C94A442C60981A7095B4A730 | [Ver = | Size = 69 bytes | Created Date = 19/01/2008 22:17:53 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> MD5 = 1D56C98258B6D70F56BAA32380DEA992 | NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 23/03/2008 23:40:46 | Attr = ] NKCCDViewerSetting -> %SystemRoot%\NKCCDViewerSetting -> [Folder | Created Date = 17/02/2008 14:35:56 | Attr = ] NV52125280.TMP -> %SystemRoot%\NV52125280.TMP -> [Folder | Created Date = 22/02/2008 11:48:22 | Attr = ] P5B-0509.zip -> %SystemRoot%\P5B-0509.zip -> MD5 = 454B014FE376B0C1CB98CDFB49342F17 | [Ver = | Size = 575646 bytes | Created Date = 02/03/2008 15:41:02 | Attr = ] P5B-0701.ROM -> %SystemRoot%\P5B-0701.ROM -> MD5 = CFC14DC3ECCC80E90450F5CDBB310750 | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 16:01:07 | Attr = ] P5B-0701.zip -> %SystemRoot%\P5B-0701.zip -> MD5 = 808AE1E95DDE74BD6444E8E7CE9642EB | [Ver = | Size = 577571 bytes | Created Date = 02/03/2008 16:00:01 | Attr = ] P5B-0806.ROM -> %SystemRoot%\P5B-0806.ROM -> MD5 = 4A0631FB87DF057B9D22D1AAC484E96F | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 16:16:49 | Attr = ] P5B-0806.zip -> %SystemRoot%\P5B-0806.zip -> MD5 = 488E8AA68D2A363D0FDFFD1BBDAA6AED | [Ver = | Size = 579246 bytes | Created Date = 02/03/2008 16:15:42 | Attr = ] P5B-1102.zip -> %SystemRoot%\P5B-1102.zip -> MD5 = E1C68E0F2C0FB3F434AC4DB7EA8A54D5 | [Ver = | Size = 583607 bytes | Created Date = 02/03/2008 16:31:00 | Attr = ] P5B-ASUS-0509.ROM -> %SystemRoot%\P5B-ASUS-0509.ROM -> MD5 = BE0A047BD16B2CA750479462F4D94A47 | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 15:46:40 | Attr = ] P5B-ASUS-1102.ROM -> %SystemRoot%\P5B-ASUS-1102.ROM -> MD5 = 53D3E25FC852D1A7112B7FBCFA2D975F | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 16:31:37 | Attr = ] P5B-ASUS-1705.ROM -> %SystemRoot%\P5B-ASUS-1705.ROM -> MD5 = A99DE330F4C10B69F5207A5BA7492888 | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 16:51:38 | Attr = ] P5B-ASUS-1803.ROM -> %SystemRoot%\P5B-ASUS-1803.ROM -> MD5 = 0D6FD23FC48150FFE06CBC6475A3B57C | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 17:07:42 | Attr = ] P5B-ASUS-1803.zip -> %SystemRoot%\P5B-ASUS-1803.zip -> MD5 = 3CA6719BD09E2FB25C509FEFDF8D710F | [Ver = | Size = 606107 bytes | Created Date = 02/03/2008 17:05:26 | Attr = ] P5B1705.zip -> %SystemRoot%\P5B1705.zip -> MD5 = 5823B8FB9F057B6E0B2900CF55AB43A9 | [Ver = | Size = 603850 bytes | Created Date = 02/03/2008 16:48:04 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 19/01/2008 21:50:05 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = E1034D757709F37F2D1EBD96D5EAD02B | [Ver = | Size = 1409 bytes | Created Date = 05/03/2008 18:38:49 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Created Date = 05/03/2008 18:38:49 | Attr = ] remove.iss -> %SystemRoot%\remove.iss -> MD5 = 74D2F4BE298DB42997D117F9F858C330 | [Ver = | Size = 654 bytes | Created Date = 23/01/2008 23:20:53 | Attr = ] RmTablet.exe -> %SystemRoot%\RmTablet.exe -> MD5 = DB1D98CC44893F4E989CB6F16A35A7A5 | WALTOP International Corp. [Ver = 3, 26, 0, 0 | Size = 90112 bytes | Created Date = 12/01/2008 12:37:52 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 17/01/2008 01:17:38 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 25/03/2008 20:40:42 | Attr = ] udtablet -> %SystemRoot%\udtablet -> [Folder | Created Date = 12/01/2008 12:37:53 | Attr = ] unvise32.exe -> %SystemRoot%\unvise32.exe -> MD5 = 8CE5266F0BBB73C95886CB72B0063CB8 | MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 05/01/2008 15:12:45 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Ahead -> %AllUsersProfile%\Application Data\Ahead -> [Folder | Created Date = 24/01/2008 00:05:06 | Attr = ] GridIron Software -> %AllUsersProfile%\Application Data\GridIron Software -> [Folder | Created Date = 29/02/2008 16:47:06 | Attr = ] InterVideo -> %AllUsersProfile%\Application Data\InterVideo -> [Folder | Created Date = 23/01/2008 22:43:07 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 03/03/2008 17:58:42 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 24/03/2008 22:18:38 | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 29/02/2008 15:40:54 | Attr = ] Minnetonka Audio Software -> %AllUsersProfile%\Application Data\Minnetonka Audio Software -> [Folder | Created Date = 18/01/2008 18:07:49 | Attr = ] Nero -> %AllUsersProfile%\Application Data\Nero -> [Folder | Created Date = 14/01/2008 22:55:44 | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> MD5 = 6D7ECA71A899DA7379793F4526B886C5 | [Ver = | Size = 1387 bytes | Created Date = 15/02/2008 23:24:46 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Created Date = 14/02/2008 15:27:35 | Attr = ] Teleca -> %AllUsersProfile%\Application Data\Teleca -> [Folder | Created Date = 14/02/2008 15:27:05 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 29/02/2008 21:34:44 | Attr = ] @Alternate Data Stream - 173 bytes -> %AllUsersProfile%\Application Data\TEMP:D282699C Vara Software -> %AllUsersProfile%\Application Data\Vara Software -> [Folder | Created Date = 19/03/2008 18:56:22 | Attr = ] VertusTech -> %AllUsersProfile%\Application Data\VertusTech -> [Folder | Created Date = 12/02/2008 23:56:14 | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 02/01/2008 10:54:15 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 02/01/2008 10:12:51 | Attr = ] Ahead -> %AppData%\Ahead -> [Folder | Created Date = 19/01/2008 22:09:46 | Attr = ] Avant Profiles -> %AppData%\Avant Profiles -> [Folder | Created Date = 02/01/2008 10:17:45 | Attr = ] discreet -> %AppData%\discreet -> [Folder | Created Date = 05/01/2008 16:21:06 | Attr = ] DivX -> %AppData%\DivX -> [Folder | Created Date = 23/01/2008 22:46:49 | Attr = ] GridIron -> %AppData%\GridIron -> [Folder | Created Date = 29/02/2008 16:48:05 | Attr = ] InterVideo -> %AppData%\InterVideo -> [Folder | Created Date = 23/01/2008 23:23:06 | Attr = ] Logitech -> %AppData%\Logitech -> [Folder | Created Date = 11/01/2008 17:02:08 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 24/03/2008 22:18:42 | Attr = ] Nero -> %AppData%\Nero -> [Folder | Created Date = 14/01/2008 22:59:29 | Attr = ] Sony Ericsson -> %AppData%\Sony Ericsson -> [Folder | Created Date = 14/02/2008 15:29:53 | Attr = ] SorensonMedia -> %AppData%\SorensonMedia -> [Folder | Created Date = 17/01/2008 20:03:00 | Attr = ] Teleca -> %AppData%\Teleca -> [Folder | Created Date = 14/02/2008 15:30:29 | Attr = ] Vara Software -> %AppData%\Vara Software -> [Folder | Created Date = 19/03/2008 18:50:16 | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 19/01/2008 22:12:31 | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Created Date = 02/01/2008 14:37:31 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Created Date = 05/01/2008 16:21:05 | Attr = ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 14/01/2008 13:15:48 | Attr = ] Installer1368 -> %UserProfile%\Local Settings\Application Data\Installer1368 -> [Folder | Created Date = 05/01/2008 18:45:25 | Attr = ] Installer3316 -> %UserProfile%\Local Settings\Application Data\Installer3316 -> [Folder | Created Date = 05/01/2008 18:38:11 | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 29/02/2008 15:41:03 | Attr = ] Nero -> %UserProfile%\Local Settings\Application Data\Nero -> [Folder | Created Date = 14/01/2008 23:01:57 | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 02/01/2008 10:14:25 | Attr = ] Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson -> [Folder | Created Date = 14/02/2008 15:32:37 | Attr = ] Adobe Photoshop CS For Photographers (2004).pdf -> %AllUsersProfile%\Documents\Adobe Photoshop CS For Photographers (2004).pdf -> MD5 = 8DA84A82009221D6D5AC650358C38617 | [Ver = | Size = 108396232 bytes | Created Date = 12/01/2008 13:32:00 | Attr = ] Focal.Press.Adobe.Photoshop.CS3.for.Photographers.May.2007.eBook-BBL -> %AllUsersProfile%\Documents\Focal.Press.Adobe.Photoshop.CS3.for.Photographers.May.2007.eBook-BBL -> [Folder | Created Date = 12/01/2008 13:08:26 | Attr = ] Photoshop.CS3.All.in.One.Desk.Reference.For.Dummies.May.2007.pdf -> %AllUsersProfile%\Documents\Photoshop.CS3.All.in.One.Desk.Reference.For.Dummies.May.2007.pdf -> MD5 = 99A33DA948EFD628BBD4AD3AD9D6240A | [Ver = | Size = 67326907 bytes | Created Date = 12/01/2008 13:32:03 | Attr = ] Adobe Visual Communicator 3 -> %UserProfile%\My Documents\Adobe Visual Communicator 3 -> [Folder | Created Date = 16/03/2008 15:32:26 | Attr = ] application_form_and_monitoring_form[1][1].doc -> %UserProfile%\My Documents\application_form_and_monitoring_form[1][1].doc -> MD5 = 21C7FFDB26DDBF28C69174253CAC3170 | [Ver = | Size = 105472 bytes | Created Date = 08/01/2008 00:28:00 | Attr = ] AsusUpdt_V71305.zip -> %UserProfile%\My Documents\AsusUpdt_V71305.zip -> MD5 = 2E01810D0DE207734C1A90EC57174402 | [Ver = | Size = 8815816 bytes | Created Date = 02/03/2008 14:40:10 | Attr = ] BIOS BACKUP -> %UserProfile%\My Documents\BIOS BACKUP -> MD5 = 9048EA33AC46A71B7FB012A0FAA605C4 | [Ver = | Size = 1048576 bytes | Created Date = 02/03/2008 14:38:30 | Attr = ] cv_nicole2[1].doc -> %UserProfile%\My Documents\cv_nicole2[1].doc -> MD5 = 1908B45157134C998BFDAC0D0A7DDC07 | [Ver = | Size = 427520 bytes | Created Date = 09/01/2008 22:10:18 | Attr = ] InterVideo -> %UserProfile%\My Documents\InterVideo -> [Folder | Created Date = 23/01/2008 23:26:51 | Attr = ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Created Date = 31/01/2008 14:04:00 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> MD5 = C44A4A37BBDEC7094F3FC417CF68914F | [Ver = | Size = 632 bytes | Created Date = 02/01/2008 10:26:05 | Attr = ] My Titles -> %UserProfile%\My Documents\My Titles -> [Folder | Created Date = 16/03/2008 15:34:09 | Attr = ] Nero Recode -> %UserProfile%\My Documents\Nero Recode -> [Folder | Created Date = 24/01/2008 00:06:25 | Attr = ] Pirate Radio in the Rave Culture.doc -> %UserProfile%\My Documents\Pirate Radio in the Rave Culture.doc -> MD5 = 8DA6DD166222577FA0D56D6D00B03C13 | [Ver = | Size = 41472 bytes | Created Date = 11/01/2008 18:36:22 | Attr = ] pissoff -> %UserProfile%\My Documents\pissoff -> [Folder | Created Date = 15/02/2008 17:18:54 | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> MD5 = 31F94E1C56D0C8D00D6867D67D51DBA7 | [Ver = | Size = 13312 bytes | Created Date = 09/01/2008 23:07:51 | Attr = ] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable To whom it may concern.doc -> %UserProfile%\My Documents\To whom it may concern.doc -> MD5 = 0E8ADE3CAB1EDE6256B6AC4A54EAD5B6 | [Ver = | Size = 26112 bytes | Created Date = 08/01/2008 22:14:45 | Attr = ] To whom it may concern2.doc -> %UserProfile%\My Documents\To whom it may concern2.doc -> MD5 = DB4BD7C157CCFEA07D804618DD53029A | [Ver = | Size = 25600 bytes | Created Date = 09/01/2008 22:27:39 | Attr = ] Ulead DVD MovieFactory -> %UserProfile%\My Documents\Ulead DVD MovieFactory -> [Folder | Created Date = 23/01/2008 22:50:09 | Attr = ] ??????? ??????.doc -> %UserProfile%\My Documents\תיסקאלי אקוונט.doc -> Unable to obtain MD5 | [Ver = | Size = 53248 bytes | Modified Date = 17/12/2006 19:25:02 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = E998140E65E23168558F8C191434939D | [Ver = | Size = 737 bytes | Created Date = 24/03/2008 22:18:38 | Attr = ] aba -> %UserProfile%\Desktop\aba -> [Folder | Created Date = 24/02/2008 18:17:15 | Attr = ] AE GRAPH EDITOR.mov -> %UserProfile%\Desktop\AE GRAPH EDITOR.mov -> MD5 = 1F2ED68F1811ACBFF2A87412D7861090 | [Ver = | Size = 16174291 bytes | Created Date = 03/03/2008 21:38:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\AE GRAPH EDITOR.mov:Zone.Identifier AE5.5 HIDDEN GEMS.pdf -> %UserProfile%\Desktop\AE5.5 HIDDEN GEMS.pdf -> MD5 = 75F6645B5EA4D7F09ED47A45CEBD9369 | [Ver = | Size = 48749 bytes | Created Date = 19/02/2008 11:43:39 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 24/03/2008 22:16:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier budget Bluescreen.pdf -> %UserProfile%\Desktop\budget Bluescreen.pdf -> MD5 = F68B82F1DE01ABD31064EB445D738519 | [Ver = | Size = 3512499 bytes | Created Date = 20/03/2008 14:43:50 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> MD5 = 66B683BEF25B70A6676DB574796DC134 | [Ver = | Size = 1607307 bytes | Created Date = 24/03/2008 20:50:44 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier comp arts grad show.pdf -> %UserProfile%\Desktop\comp arts grad show.pdf -> MD5 = 0BE3C2C91DD26717707EE8E8E5A9CFE3 | [Ver = | Size = 1115781 bytes | Created Date = 22/03/2008 10:55:59 | Attr = ] createsk8_swirlycurls_brushkit_CS.ai -> %UserProfile%\Desktop\createsk8_swirlycurls_brushkit_CS.ai -> MD5 = 1D1F7CFE01654B251B8D608F884E6133 | [Ver = | Size = 1758542 bytes | Created Date = 18/02/2008 14:46:08 | Attr = ] Double Project.lnk -> %UserProfile%\Desktop\Double Project.lnk -> MD5 = D3691E75F8DAEECAA68944C416EF372D | [Ver = | Size = 569 bytes | Created Date = 21/02/2008 00:14:09 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> MD5 = 3263958722182342D69AF0D64DB645A7 | [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 24/03/2008 12:38:28 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe -> MD5 = 31298B9793914BD009D286F494B0C55B | [Ver = | Size = 103802 bytes | Created Date = 24/03/2008 20:50:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Flash_Disinfector.exe:Zone.Identifier Haupt-Prospekt.pdf -> %UserProfile%\Desktop\Haupt-Prospekt.pdf -> MD5 = C237FAA902552C08C600A5BB69BC3C03 | [Ver = | Size = 1197916 bytes | Created Date = 24/03/2008 21:56:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Haupt-Prospekt.pdf:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = 82E73744270461A5596AA3A65874EEDA | [Ver = | Size = 1775 bytes | Created Date = 24/03/2008 19:45:38 | Attr = ] ipod customize.pdf -> %UserProfile%\Desktop\ipod customize.pdf -> MD5 = 4CF8E297C479F09FC3D77CB3F93B13D9 | [Ver = | Size = 7051403 bytes | Created Date = 22/03/2008 11:04:53 | Attr = ] Kursdetails_Wien.pdf -> %UserProfile%\Desktop\Kursdetails_Wien.pdf -> MD5 = 1A9CC5C4212C1DDC22763B0C09800BD0 | [Ver = | Size = 1744118 bytes | Created Date = 24/03/2008 21:56:44 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Kursdetails_Wien.pdf:Zone.Identifier mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> MD5 = A658756F608530FD81BD0FE04A8B8EF5 | Malwarebytes [Ver = 1.0.0.0 | Size = 1505568 bytes | Created Date = 24/03/2008 22:17:31 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier nicole -> %UserProfile%\Desktop\nicole -> [Folder | Created Date = 16/03/2008 16:36:21 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 24/03/2008 19:35:40 | Attr = ] PS CS3 shotcuts.pdf -> %UserProfile%\Desktop\PS CS3 shotcuts.pdf -> MD5 = D91530BF0C2C2BCD8306FF3127AC3A75 | [Ver = | Size = 43552 bytes | Created Date = 14/03/2008 18:03:35 | Attr = ] Shortcut to snappy snaps.lnk -> %UserProfile%\Desktop\Shortcut to snappy snaps.lnk -> MD5 = 8CC3738FB6E21AC26F4235988B604BB0 | [Ver = | Size = 453 bytes | Created Date = 03/02/2008 17:30:01 | Attr = ] sony DVcam.pdf -> %UserProfile%\Desktop\sony DVcam.pdf -> MD5 = ADB157A6FBBB6A2E92491C83003F5089 | [Ver = | Size = 5982720 bytes | Created Date = 16/03/2008 14:37:45 | Attr = ] toonboom.pdf -> %UserProfile%\Desktop\toonboom.pdf -> MD5 = 5210D77418850E648AC72D6ABAD2E380 | [Ver = | Size = 2268452 bytes | Created Date = 22/03/2008 11:08:02 | Attr = ] Visual Communicator 3 Help.pdf -> %UserProfile%\Desktop\Visual Communicator 3 Help.pdf -> MD5 = 2CDA7C14ED8D30FC9B4CA96ACD09945F | [Ver = | Size = 3015339 bytes | Created Date = 16/03/2008 15:34:16 | Attr = ] Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> MD5 = 6529A8967328BACB97E390B8E58FA24A | [Ver = | Size = 1728 bytes | Created Date = 11/01/2008 16:55:28 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 19/01/2008 22:08:18 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 29/02/2008 15:49:03 | Attr = ] InterVideo -> %CommonProgramFiles%\InterVideo -> [Folder | Created Date = 23/01/2008 22:43:11 | Attr = ] LightScribe -> %CommonProgramFiles%\LightScribe -> [Folder | Created Date = 23/01/2008 22:42:01 | Attr = ] Logitech -> %CommonProgramFiles%\Logitech -> [Folder | Created Date = 11/01/2008 16:55:19 | Attr = ] Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Created Date = 14/02/2008 15:27:09 | Attr = ] Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Created Date = 14/02/2008 15:27:06 | Attr = ] Ulead -> %CommonProgramFiles%\Ulead -> [Folder | Created Date = 23/01/2008 23:20:53 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 02/01/2008 10:13:04 | Attr = HS] [Files/Folders - Modified Within 90 days] 958f7957514ceef8862ed3ec8f6dd584 -> %SystemDrive%\958f7957514ceef8862ed3ec8f6dd584 -> [Folder | Modified Date = 09/03/2008 12:20:59 | Attr = ] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Modified Date = 24/03/2008 20:52:04 | Attr = RHS] Boot.bak -> %SystemDrive%\Boot.bak -> MD5 = B359E6B8A3F644541D8A00DE2A90F28F | [Ver = | Size = 212 bytes | Modified Date = 02/03/2008 19:06:49 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> MD5 = C6A569D4E00D0A5BB0C1EF5E6F6A280F | [Ver = | Size = 282 bytes | Modified Date = 25/03/2008 01:10:28 | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 25/03/2008 01:10:28 | Attr = ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Modified Date = 24/03/2008 12:43:47 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 25/03/2008 20:27:01 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 24/03/2008 19:42:39 | Attr = ] fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Modified Date = 25/03/2008 21:14:45 | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 29/02/2008 15:39:20 | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 24/03/2008 22:18:38 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 25/03/2008 20:40:39 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 25/03/2008 01:06:23 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 25/03/2008 20:40:42 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 24/03/2008 21:01:54 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945 | [Ver = | Size = 27 bytes | Modified Date = 24/03/2008 21:01:54 | Attr = ] scdemu.sys -> %SystemRoot%\System32\drivers\scdemu.sys -> MD5 = A73AE2510014103A44A5A58845219DCB | PowerISO Computing, Inc. [Ver = 3, 9, 0, 0 | Size = 33292 bytes | Modified Date = 20/01/2008 07:07:58 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 31/01/2008 13:44:08 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 25/03/2008 20:40:03 | Attr = ] clauth1.dll -> %SystemRoot%\System32\clauth1.dll -> MD5 = C62C3BC9BA776302BA0BCADFB082BD65 | [Ver = | Size = 1025 bytes | Modified Date = 18/01/2008 18:07:49 | Attr = ] clauth2.dll -> %SystemRoot%\System32\clauth2.dll -> MD5 = C62C3BC9BA776302BA0BCADFB082BD65 | [Ver = | Size = 1025 bytes | Modified Date = 18/01/2008 18:07:49 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 24/03/2008 21:00:22 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> MD5 = FFA07D0BC6F121722CBD00C344BEDF99 | [Ver = | Size = 2626 bytes | Modified Date = 02/01/2008 11:49:59 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 31/01/2008 13:57:31 | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> MD5 = 5E1E3DB1E221217A9D8741DF89B739A1 | DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Modified Date = 09/01/2008 11:16:02 | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> MD5 = 3AC6652959AFCEC972E7EF3FB6434759 | DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 09/01/2008 11:15:58 | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> MD5 = 2AD4199BBC88C6AC3D15BE27369D63B4 | DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 09/01/2008 11:18:18 | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> MD5 = D5ED7925BE06F2E297B1C2FEF5C521B4 | [Ver = | Size = 4816 bytes | Modified Date = 09/01/2008 11:18:18 | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> MD5 = 7F1E0A73558107ACE9C9086761FB1EF9 | DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 09/01/2008 11:16:02 | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> MD5 = 1034E98BB457EB2C1D553DC115E53036 | DivX, Inc. [Ver = 6.8.0.14 | Size = 823296 bytes | Modified Date = 09/01/2008 11:16:02 | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> MD5 = 7A569A83C24C4DF9F75147FF187E0E48 | DivX, Inc. [Ver = 6.8.0.14 | Size = 802816 bytes | Modified Date = 09/01/2008 11:16:02 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 19/03/2008 19:10:12 | Attr = RHS] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> MD5 = A02A458E8725BB0C21895703FAA92C2B | DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Modified Date = 09/01/2008 11:16:10 | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> MD5 = FFE84C3AE03007350F799720B52F64D2 | [Ver = | Size = 416 bytes | Modified Date = 09/01/2008 11:16:10 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 25/03/2008 20:39:40 | Attr = H ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 14/02/2008 15:29:10 | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> MD5 = 5B5A9F777A396DBDECC76A6FF917C274 | DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 196608 bytes | Modified Date = 09/01/2008 11:16:10 | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> MD5 = FFE84C3AE03007350F799720B52F64D2 | [Ver = | Size = 416 bytes | Modified Date = 09/01/2008 11:16:10 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> MD5 = BA2978A128E871D7766944F705264D4E | [Ver = | Size = 1660864 bytes | Modified Date = 16/03/2008 20:39:16 | Attr = ] grcauth1.dll -> %SystemRoot%\System32\grcauth1.dll -> MD5 = 6962AD1C39677D84BE2C434E825930FB | [Ver = | Size = 1024 bytes | Modified Date = 12/02/2008 23:56:22 | Attr = ] grcauth2.dll -> %SystemRoot%\System32\grcauth2.dll -> MD5 = 6962AD1C39677D84BE2C434E825930FB | [Ver = | Size = 1024 bytes | Modified Date = 12/02/2008 23:56:22 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> MD5 = 94DEACD6A0C37D631C137A0E49A2F6DC | [Ver = | Size = 1406 bytes | Modified Date = 03/03/2008 23:15:01 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 03/03/2008 17:58:40 | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> MD5 = 5D10887C550AB149A7D0E0C2438B8655 | The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 09/01/2008 11:18:00 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 14/01/2008 22:51:16 | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> MD5 = 56D1AA22BDBFDE2E3A64A93359DD9397 | [Ver = | Size = 12632 bytes | Modified Date = 17/01/2008 00:49:44 | Attr = ] lsprst7.tgz -> %SystemRoot%\System32\lsprst7.tgz -> MD5 = F6D656CB5652865602CC9E37995CAF1B | [Ver = | Size = 219 bytes | Modified Date = 18/01/2008 18:07:49 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> MD5 = 1F401D35669CB7DD14F7B09C5CD1B844 | [Ver = | Size = 138812 bytes | Modified Date = 22/02/2008 12:08:01 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> MD5 = 9EF7A75B975AA61A267B0954D2BD9A5B | [Ver = | Size = 53812 bytes | Modified Date = 19/03/2008 18:30:20 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> MD5 = ECE5056901439DCC8BF2A5279F9B6627 | [Ver = | Size = 383584 bytes | Modified Date = 19/03/2008 18:30:20 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 8D08A7459E2052BD3228E1EA67BC88FF | [Ver = | Size = 443556 bytes | Modified Date = 19/03/2008 18:30:20 | Attr = ] prsgrc.tgz -> %SystemRoot%\System32\prsgrc.tgz -> MD5 = B279702C9A2D7CAA5BD4B560D3A04194 | [Ver = | Size = 114 bytes | Modified Date = 04/03/2008 11:51:14 | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> MD5 = 02CE4DF5C0ED4024775F8C908B271638 | [Ver = | Size = 3596288 bytes | Modified Date = 09/01/2008 11:18:12 | Attr = ] QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Modified Date = 03/03/2008 21:08:22 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 25/03/2008 01:06:23 | Attr = ] sapphire_ae.dll -> %SystemRoot%\System32\sapphire_ae.dll -> MD5 = 922F9157F141C51727E9188FC3AA57C8 | GenArts, Inc. [Ver = 2.02 | Size = 3727360 bytes | Modified Date = 15/01/2008 15:40:52 | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> MD5 = EED2CE7BD9E43B8500D906D944460D22 | The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 09/01/2008 11:18:00 | Attr = ] ssprs.tgz -> %SystemRoot%\System32\ssprs.tgz -> MD5 = 144F47D8B1212E66FD359039CFC6932B | [Ver = | Size = 87 bytes | Modified Date = 04/03/2008 11:51:14 | Attr = ] sysprs7.tgz -> %SystemRoot%\System32\sysprs7.tgz -> MD5 = 038F6EC8FC64FA4CC72FE7D7E6159B8B | [Ver = | Size = 1025 bytes | Modified Date = 18/01/2008 18:07:49 | Attr = ] tmp10298.FOT -> %SystemRoot%\System32\tmp10298.FOT -> MD5 = EE7551BC76DBEF1F588E282CC8153884 | [Ver = | Size = 1409 bytes | Modified Date = 05/03/2008 18:38:53 | Attr = ] u1xi0qt.dll -> %SystemRoot%\System32\u1xi0qt.dll -> MD5 = 7C9061FE02EF2814685F1D350565915F | [Ver = | Size = 1024 bytes | Modified Date = 12/02/2008 23:56:23 | Attr = ] u1xi0qt.tgz -> %SystemRoot%\System32\u1xi0qt.tgz -> MD5 = 6A9086C72A3452E14CD3E04650E52C63 | [Ver = | Size = 1024 bytes | Modified Date = 12/02/2008 23:56:23 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> MD5 = D1294B3A9BE1E491FA9F534B4C4E59A9 | [Ver = | Size = 2550 bytes | Modified Date = 03/03/2008 23:15:01 | Attr = ] URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Modified Date = 14/02/2008 15:38:56 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 04/03/2008 00:22:30 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = 6F813BA4F658C197403E8C9141F25E1D | [Ver = | Size = 2206 bytes | Modified Date = 23/03/2008 15:20:15 | Attr = ] yedppwr.tgz -> %SystemRoot%\System32\yedppwr.tgz -> MD5 = F4CF536024E53F4F7B0769F341C580E9 | [Ver = | Size = 354 bytes | Modified Date = 04/03/2008 11:51:14 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/02/2008 03:01:29 | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> aiptbl.ini -> %SystemRoot%\aiptbl.ini -> MD5 = 9C270773EC7B9EC454793CFA6010C5EE | [Ver = | Size = 3978 bytes | Modified Date = 16/01/2008 18:36:30 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 04/03/2008 00:15:37 | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> MD5 = A9226097C062E76818BDB3A88FE03F59 | [Ver = | Size = 19392 bytes | Modified Date = 02/03/2008 14:35:53 | Attr = ] AsDmiHtm -> %SystemRoot%\AsDmiHtm -> [Folder | Modified Date = 02/03/2008 14:09:16 | Attr = R ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 14/02/2008 15:41:01 | Attr = R S] avisplitter.INI -> %SystemRoot%\avisplitter.INI -> MD5 = 8B138ED363128BFF2C2E1E7FEA9793B4 | [Ver = | Size = 38 bytes | Modified Date = 11/01/2008 00:41:20 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 25/03/2008 20:34:07 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 04/01/2008 15:16:28 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 14/02/2008 15:21:14 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 25/03/2008 22:13:17 | Attr = S] ebraryRdr.ini -> %SystemRoot%\ebraryRdr.ini -> MD5 = 78A24FABB8309B6069FE2561F40C8CF1 | [Ver = | Size = 34 bytes | Modified Date = 01/02/2008 12:45:38 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 24/03/2008 21:00:12 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 16/03/2008 15:29:32 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 29/02/2008 15:46:14 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 02/01/2008 23:37:11 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> MD5 = FD5B9BB1E450388C76450E270A3C3753 | [Ver = | Size = 1374 bytes | Modified Date = 13/02/2008 03:01:08 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 19/03/2008 18:29:12 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 25/03/2008 20:26:48 | Attr = HS] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 05/01/2008 15:21:27 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 23/03/2008 23:37:14 | Attr = ] MSUTIL.INI -> %SystemRoot%\MSUTIL.INI -> MD5 = 052629EE00E726E226AA8B4BA1023ADD | [Ver = | Size = 98 bytes | Modified Date = 22/02/2008 14:24:52 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> MD5 = DCC78B14C94A442C60981A7095B4A730 | [Ver = | Size = 69 bytes | Modified Date = 18/03/2008 23:11:17 | Attr = ] NKCCDViewerSetting -> %SystemRoot%\NKCCDViewerSetting -> [Folder | Modified Date = 17/02/2008 14:35:56 | Attr = ] NV52125280.TMP -> %SystemRoot%\NV52125280.TMP -> [Folder | Modified Date = 22/02/2008 12:07:41 | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 22/02/2008 12:07:41 | Attr = ] P5B-0509.zip -> %SystemRoot%\P5B-0509.zip -> MD5 = 454B014FE376B0C1CB98CDFB49342F17 | [Ver = | Size = 575646 bytes | Modified Date = 02/03/2008 15:46:40 | Attr = ] P5B-0701.zip -> %SystemRoot%\P5B-0701.zip -> MD5 = 808AE1E95DDE74BD6444E8E7CE9642EB | [Ver = | Size = 577571 bytes | Modified Date = 02/03/2008 16:01:07 | Attr = ] P5B-0806.zip -> %SystemRoot%\P5B-0806.zip -> MD5 = 488E8AA68D2A363D0FDFFD1BBDAA6AED | [Ver = | Size = 579246 bytes | Modified Date = 02/03/2008 16:16:49 | Attr = ] P5B-1102.zip -> %SystemRoot%\P5B-1102.zip -> MD5 = E1C68E0F2C0FB3F434AC4DB7EA8A54D5 | [Ver = | Size = 583607 bytes | Modified Date = 02/03/2008 16:31:37 | Attr = ] P5B-ASUS-1803.zip -> %SystemRoot%\P5B-ASUS-1803.zip -> MD5 = 3CA6719BD09E2FB25C509FEFDF8D710F | [Ver = | Size = 606107 bytes | Modified Date = 02/03/2008 17:07:42 | Attr = ] P5B1705.zip -> %SystemRoot%\P5B1705.zip -> MD5 = 5823B8FB9F057B6E0B2900CF55AB43A9 | [Ver = | Size = 603850 bytes | Modified Date = 02/03/2008 16:51:38 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/03/2008 20:35:40 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 19/01/2008 21:50:05 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = E1034D757709F37F2D1EBD96D5EAD02B | [Ver = | Size = 1409 bytes | Modified Date = 05/03/2008 18:38:49 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Modified Date = 24/03/2008 21:50:59 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 25/03/2008 20:26:48 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 23/03/2008 23:54:36 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 23/03/2008 15:21:55 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 29/02/2008 15:57:04 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 04/03/2008 00:18:56 | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 19/01/2008 21:32:27 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 03/01/2008 16:24:08 | Attr = ] system.ini -> %SystemRoot%\system.ini -> MD5 = F4D021E764F6FA554606F4A735A3151B | [Ver = | Size = 227 bytes | Modified Date = 25/03/2008 20:39:54 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 25/03/2008 20:40:43 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 25/03/2008 20:40:42 | Attr = ] udtablet -> %SystemRoot%\udtablet -> [Folder | Modified Date = 12/01/2008 12:37:53 | Attr = ] win.ini -> %SystemRoot%\win.ini -> MD5 = C35A9E5A19CDA33A31B68F469C419AAB | [Ver = | Size = 762 bytes | Modified Date = 03/03/2008 19:54:11 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 23/01/2008 22:43:11 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 25/03/2008 20:34:16 | Attr = H ] XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> MD5 = F9028E289A1FD854241A0D80CB9D2DF3 | [Ver = | Size = 430 bytes | Modified Date = 25/03/2008 20:34:20 | Attr = ] XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> MD5 = FF9BBEE14C7575F7D02EBD607904F555 | [Ver = | Size = 312 bytes | Modified Date = 07/01/2008 16:23:56 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 12789 bytes | Modified Date = 25/03/2008 20:35:27 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 12789 bytes | Modified Date = 25/03/2008 20:35:27 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> MD5 = C09963B0618F2A52B14F7191B7CD63C5 | [Ver = | Size = 11152 bytes | Modified Date = 29/02/2008 13:50:36 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> MD5 = 0E7E24ED21BD5DA96B0D882D5A043AD4 | [Ver = | Size = 8206 bytes | Modified Date = 29/02/2008 16:02:10 | Attr = ] fsgk32.exe -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> MD5 = EF065E62212768622D6D599C84496F29 | F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fssm32.exe -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> MD5 = E782B7208FFEAB29CBD151BBB465ECD9 | F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsgk32.exe -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> MD5 = EF065E62212768622D6D599C84496F29 | F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fssm32.exe -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> MD5 = E782B7208FFEAB29CBD151BBB465ECD9 | F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] AVPFPI0.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> MD5 = C22B1F8209F3CCD042A69F9A6CE02999 | Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] avpproxy.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> MD5 = E1E52B67AF4BB60AB3D400D47D91235B | F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] daas_s.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> MD5 = 3B07863E5916FCD8E6557406AF8BE02E | F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 27/02/2008 15:59:28 | Attr = ] fm4av.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> MD5 = 0BA709752528EAD420ABAD669C57526A | [Ver = | Size = 513536 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fpinor.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> MD5 = 5BBAEDE2E0272188813411DEF9C451F7 | F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsbl.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> MD5 = 81FD1F3D87FD8A4E160055057FD081A0 | F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsbld.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> MD5 = 2C4A30970FC4B537B9532584409D5C3D | F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 25/03/2008 21:15:38 | Attr = ] fsecr32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> MD5 = 374EDF8515247726EEDA3851DE466172 | F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> MD5 = 8A53C996346A7607884FAD9110AE37C7 | F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsmart.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> MD5 = 05D7EBC4F30991E82C2B56DEBAE5EE7B | F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 25/03/2008 21:15:42 | Attr = ] fspe32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> MD5 = 1B52EBD294A36148F5E9336EBB133E8E | F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fssubmit.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> MD5 = 60750AD257436EB8803EB2EEA3166B90 | F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 25/03/2008 21:15:37 | Attr = ] fsup32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> MD5 = EE2B0B19C17F8E52BA93856C04B46F9E | F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fsupcx32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> MD5 = 0CF2A243DD6418FB552B509B6F23A0B5 | F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupfg32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> MD5 = CFCF097732E4E0E8D99E3B943A9AABD4 | F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupmw32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> MD5 = F969BD0D9BE19C272B850591E8757DB6 | F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupnp32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> MD5 = 39D3D63CC9098FA95DC76623F7A3C3D7 | F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupux32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> MD5 = 1A8B2E265A5336958885DEADAC6BDB43 | F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupwu32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> MD5 = 78972E478AB73E149266C32EDCECB4E2 | [Ver = | Size = 126976 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsusscr.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> MD5 = F445515DF5948CA56F4623C237DF84EC | F-Secure Corporation [Ver = 2.30.14093 | Size = 880640 bytes | Modified Date = 25/03/2008 21:15:42 | Attr = ] Nse_w32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> MD5 = AEBA06AE50B74CE2B02A8A215C5734D5 | [Ver = | Size = 506936 bytes | Modified Date = 25/03/2008 21:15:36 | Attr = ] AVPFPI0.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> MD5 = C22B1F8209F3CCD042A69F9A6CE02999 | Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] avpproxy.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> MD5 = E1E52B67AF4BB60AB3D400D47D91235B | F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fm4av.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll -> MD5 = 0BA709752528EAD420ABAD669C57526A | [Ver = | Size = 513536 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fpinor.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> MD5 = 5BBAEDE2E0272188813411DEF9C451F7 | F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsbl.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> MD5 = 81FD1F3D87FD8A4E160055057FD081A0 | F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsgkiapi.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> MD5 = 8A53C996346A7607884FAD9110AE37C7 | F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] fsecr32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> MD5 = 374EDF8515247726EEDA3851DE466172 | F-Secure Corporation [Ver = 2.08.8110 | Size = 262144 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fspe32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> MD5 = 1B52EBD294A36148F5E9336EBB133E8E | F-Secure Corporation [Ver = 1.2.410 | Size = 475136 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fsup32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> MD5 = EE2B0B19C17F8E52BA93856C04B46F9E | F-Secure Corporation [Ver = 1.2.410 | Size = 573440 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fsupcx32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> MD5 = 0CF2A243DD6418FB552B509B6F23A0B5 | F-Secure Corporation [Ver = 1.2.410 | Size = 73728 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupfg32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> MD5 = CFCF097732E4E0E8D99E3B943A9AABD4 | F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupmw32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> MD5 = F969BD0D9BE19C272B850591E8757DB6 | F-Secure Corporation [Ver = 1.2.410 | Size = 106496 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupnp32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> MD5 = 39D3D63CC9098FA95DC76623F7A3C3D7 | F-Secure Corporation [Ver = 1.2.410 | Size = 131072 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupux32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> MD5 = 1A8B2E265A5336958885DEADAC6BDB43 | F-Secure Corporation [Ver = 1.2.410 | Size = 122880 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupwu32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> MD5 = 78972E478AB73E149266C32EDCECB4E2 | [Ver = | Size = 126976 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsmart.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> MD5 = 05D7EBC4F30991E82C2B56DEBAE5EE7B | F-Secure Corporation [Ver = 1, 0, 0, 28 | Size = 147456 bytes | Modified Date = 25/03/2008 21:15:42 | Attr = ] fsusscr.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> MD5 = F445515DF5948CA56F4623C237DF84EC | F-Secure Corporation [Ver = 2.30.14093 | Size = 880640 bytes | Modified Date = 25/03/2008 21:15:42 | Attr = ] Nse_w32.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll -> MD5 = AEBA06AE50B74CE2B02A8A215C5734D5 | [Ver = | Size = 506936 bytes | Modified Date = 25/03/2008 21:15:36 | Attr = ] fssubmit.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> MD5 = 60750AD257436EB8803EB2EEA3166B90 | F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 25/03/2008 21:15:37 | Attr = ] fsblu.dll -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> MD5 = 2C4A30970FC4B537B9532584409D5C3D | F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 25/03/2008 21:15:38 | Attr = ] Perflib_Perfdata_7b8.dat -> C:\Documents and Settings\dave\Local Settings\Temp\Perflib_Perfdata_7b8.dat -> Unable to obtain MD5 | [Ver = | Size = 16384 bytes | Modified Date = 25/03/2008 20:34:38 | Attr = ] 2 C:\Documents and Settings\dave\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\dave\Local Settings\Temp\*.tmp -> index.dat -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\index.dat -> MD5 = 6267CAF426889218633393F77D55CB87 | [Ver = | Size = 25 bytes | Modified Date = 26/03/2008 00:24:30 | Attr = ] ext.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> MD5 = 1072F4D437A9933406B2E92E1A0E5375 | [Ver = | Size = 444 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] fsedb.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat -> MD5 = 2A361708DF1F34D044B6E729D96CE898 | [Ver = | Size = 632098 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fsupdllb.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat -> MD5 = CD834EA9D830085006AB662861B73E5D | [Ver = | Size = 422594 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupplgn.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat -> MD5 = 61831A6C022302E185394470C6CF3059 | [Ver = | Size = 226 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsuptmpl.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat -> MD5 = 157396283A33A5997596C252ECAB69F3 | [Ver = | Size = 5858 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] perf.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> MD5 = 5188DBCDC6F2B2F0F5A5DA0DD66638EA | [Ver = | Size = 128 bytes | Modified Date = 25/03/2008 23:03:00 | Attr = ] sae.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> MD5 = F2B61133ADD6BE09FF55801F06DC0E36 | [Ver = | Size = 243 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] sai.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> MD5 = 303C58453389D90FDB5E101E07CA7E9A | [Ver = | Size = 1348 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] ext.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat -> MD5 = 1072F4D437A9933406B2E92E1A0E5375 | [Ver = | Size = 444 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] sae.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat -> MD5 = F2B61133ADD6BE09FF55801F06DC0E36 | [Ver = | Size = 243 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] sai.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat -> MD5 = 303C58453389D90FDB5E101E07CA7E9A | [Ver = | Size = 1348 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] fsedb.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat -> MD5 = 2A361708DF1F34D044B6E729D96CE898 | [Ver = | Size = 632098 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] fsupdllb.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat -> MD5 = CD834EA9D830085006AB662861B73E5D | [Ver = | Size = 422594 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsupplgn.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat -> MD5 = 61831A6C022302E185394470C6CF3059 | [Ver = | Size = 226 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] fsuptmpl.dat -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat -> MD5 = 157396283A33A5997596C252ECAB69F3 | [Ver = | Size = 5858 bytes | Modified Date = 25/03/2008 21:15:41 | Attr = ] bl131w.blu131.mail.live.com.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\bl131w.blu131.mail.live.com.ini -> MD5 = 7EB7D3AB62573DB38658F66146393995 | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:49:27 | Attr = ] cgi.ebay.at.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\cgi.ebay.at.ini -> MD5 = A631CAA08DD70F6644CF3DB2055F5ABA | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:49:56 | Attr = ] cgi.ebay.co.uk.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\cgi.ebay.co.uk.ini -> MD5 = 930735C79C1CDB5CFA297F19DAF395CA | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:51:10 | Attr = ] login.live.com.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\login.live.com.ini -> MD5 = B67EF0297DBE5C5B738C02AAA650A563 | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:49:26 | Attr = ] offer.ebay.co.uk.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\offer.ebay.co.uk.ini -> MD5 = C414E94EBFE2A176F6B881F62D40A1AD | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:59:02 | Attr = ] shop.ebay.co.uk.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\shop.ebay.co.uk.ini -> MD5 = 6E004EBD432F0AEE1ECFA4A39BA9E775 | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:50:55 | Attr = ] signin.ebay.co.uk.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\signin.ebay.co.uk.ini -> MD5 = 60B0442014FC21FD527D53636FBC95CB | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:58:59 | Attr = ] virusscan.jotti.org.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\virusscan.jotti.org.ini -> MD5 = 211B2D4EA7FB079367B11FE9EA3ADD31 | [Ver = | Size = 25 bytes | Modified Date = 26/03/2008 00:24:30 | Attr = ] www.aniboom.com.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\www.aniboom.com.ini -> MD5 = 92BC2CF4F2BC25E124A0C35624CF53A3 | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 20:40:58 | Attr = ] www.ebay.co.uk.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\www.ebay.co.uk.ini -> MD5 = 703C5D009D5059D40F086DEB3E6E8F7B | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:50:43 | Attr = ] www.geekstogo.com.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\www.geekstogo.com.ini -> MD5 = FDBA14178053A8948950C7FE3F9744ED | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 20:41:05 | Attr = ] www.mandy.com.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\www.mandy.com.ini -> MD5 = F15F32AE7132BDFE325F48C551C036FD | [Ver = | Size = 25 bytes | Modified Date = 26/03/2008 00:02:21 | Attr = ] www.msn.co.il.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\www.msn.co.il.ini -> MD5 = 8CC4C060A50B6E7C0172D022C18FE754 | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 21:59:42 | Attr = ] www.willhill.com.ini -> C:\Documents and Settings\dave\Local Settings\Temp\$.ficn$\index\www.willhill.com.ini -> MD5 = CD810D993B6BFAB2A363A02E5A6F776E | [Ver = | Size = 25 bytes | Modified Date = 25/03/2008 20:41:49 | Attr = ] FS@av.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini -> MD5 = E752F35183E7AAA2E3554EB1DB9978AA | [Ver = | Size = 203 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] FS@avpe.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini -> MD5 = F3A5D6584C3BAAF8E8047C031A58FF43 | [Ver = | Size = 205 bytes | Modified Date = 25/03/2008 21:15:29 | Attr = ] FS@bleng.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini -> MD5 = 7422B9521A2DE8961FE4410433E762B5 | [Ver = | Size = 241 bytes | Modified Date = 25/03/2008 21:15:38 | Attr = ] FS@corp.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini -> MD5 = 768508E91F9CF324C7F3225667601F80 | [Ver = | Size = 176 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] FS@hydra.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini -> MD5 = 78F1937E865CFF78D09C213217ACA406 | [Ver = | Size = 250 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] FS@mlc.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini -> MD5 = 6B220165670BC6EF747E8A975E54B45B | [Ver = | Size = 204 bytes | Modified Date = 25/03/2008 21:15:42 | Attr = ] FS@ols.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini -> MD5 = F21D2D73D7862E81CBCA2F64FC4A393B | [Ver = | Size = 168 bytes | Modified Date = 25/03/2008 21:15:37 | Attr = ] FS@peg.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini -> MD5 = 0E0CB5F162637AB64C1AA7EBB8A1B7A3 | [Ver = | Size = 204 bytes | Modified Date = 25/03/2008 21:15:36 | Attr = ] verdicts.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> MD5 = A53E40E25FD013ED1777E9C1136B6E35 | [Ver = | Size = 2539 bytes | Modified Date = 25/03/2008 21:15:29 | Attr = ] FS@av.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini -> MD5 = E752F35183E7AAA2E3554EB1DB9978AA | [Ver = | Size = 203 bytes | Modified Date = 25/03/2008 21:15:31 | Attr = ] FS@avpe.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini -> MD5 = F3A5D6584C3BAAF8E8047C031A58FF43 | [Ver = | Size = 205 bytes | Modified Date = 25/03/2008 21:15:29 | Attr = ] verdicts.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini -> MD5 = A53E40E25FD013ED1777E9C1136B6E35 | [Ver = | Size = 2539 bytes | Modified Date = 25/03/2008 21:15:29 | Attr = ] FS@corp.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini -> MD5 = 768508E91F9CF324C7F3225667601F80 | [Ver = | Size = 176 bytes | Modified Date = 25/03/2008 21:15:44 | Attr = ] FS@hydra.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini -> MD5 = 78F1937E865CFF78D09C213217ACA406 | [Ver = | Size = 250 bytes | Modified Date = 25/03/2008 21:15:40 | Attr = ] FS@mlc.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini -> MD5 = 6B220165670BC6EF747E8A975E54B45B | [Ver = | Size = 204 bytes | Modified Date = 25/03/2008 21:15:42 | Attr = ] FS@peg.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini -> MD5 = 0E0CB5F162637AB64C1AA7EBB8A1B7A3 | [Ver = | Size = 204 bytes | Modified Date = 25/03/2008 21:15:36 | Attr = ] FS@ols.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini -> MD5 = F21D2D73D7862E81CBCA2F64FC4A393B | [Ver = | Size = 168 bytes | Modified Date = 25/03/2008 21:15:37 | Attr = ] FS@bleng.ini -> C:\Documents and Settings\dave\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini -> MD5 = 7422B9521A2DE8961FE4410433E762B5 | [Ver = | Size = 241 bytes | Modified Date = 25/03/2008 21:15:38 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 26/01/2008 23:22:58 | Attr = ] Ahead -> %AllUsersProfile%\Application Data\Ahead -> [Folder | Modified Date = 24/01/2008 00:05:06 | Attr = ] GridIron Software -> %AllUsersProfile%\Application Data\GridIron Software -> [Folder | Modified Date = 29/02/2008 16:49:54 | Attr = ] InterVideo -> %AllUsersProfile%\Application Data\InterVideo -> [Folder | Modified Date = 23/01/2008 22:43:07 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 03/03/2008 17:58:42 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 17/01/2008 00:50:01 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 24/03/2008 22:18:38 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 31/01/2008 14:03:56 | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 12/03/2008 03:03:02 | Attr = ] Minnetonka Audio Software -> %AllUsersProfile%\Application Data\Minnetonka Audio Software -> [Folder | Modified Date = 18/01/2008 18:07:49 | Attr = ] Nero -> %AllUsersProfile%\Application Data\Nero -> [Folder | Modified Date = 19/01/2008 21:31:24 | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> MD5 = 6D7ECA71A899DA7379793F4526B886C5 | [Ver = | Size = 1387 bytes | Modified Date = 15/02/2008 23:24:46 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Modified Date = 14/02/2008 15:27:41 | Attr = ] Teleca -> %AllUsersProfile%\Application Data\Teleca -> [Folder | Modified Date = 14/02/2008 15:27:42 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 23/03/2008 01:32:40 | Attr = ] @Alternate Data Stream - 173 bytes -> %AllUsersProfile%\Application Data\TEMP:D282699C Ulead Systems -> %AllUsersProfile%\Application Data\Ulead Systems -> [Folder | Modified Date = 23/01/2008 23:58:34 | Attr = ] Vara Software -> %AllUsersProfile%\Application Data\Vara Software -> [Folder | Modified Date = 19/03/2008 18:56:22 | Attr = ] VertusTech -> %AllUsersProfile%\Application Data\VertusTech -> [Folder | Modified Date = 12/02/2008 23:56:14 | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 02/01/2008 10:54:15 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 02/01/2008 10:14:59 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 20/03/2008 19:02:42 | Attr = ] Ahead -> %AppData%\Ahead -> [Folder | Modified Date = 12/03/2008 00:03:06 | Attr = ] Avant Profiles -> %AppData%\Avant Profiles -> [Folder | Modified Date = 02/01/2008 12:36:04 | Attr = ] BSplayer Pro -> %AppData%\BSplayer Pro -> [Folder | Modified Date = 13/03/2008 09:54:01 | Attr = ] discreet -> %AppData%\discreet -> [Folder | Modified Date = 05/01/2008 16:21:06 | Attr = ] DivX -> %AppData%\DivX -> [Folder | Modified Date = 23/01/2008 22:46:49 | Attr = ] GridIron -> %AppData%\GridIron -> [Folder | Modified Date = 29/02/2008 16:48:05 | Attr = ] InterVideo -> %AppData%\InterVideo -> [Folder | Modified Date = 23/01/2008 23:23:06 | Attr = ] Logitech -> %AppData%\Logitech -> [Folder | Modified Date = 11/01/2008 17:02:08 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 24/03/2008 22:18:42 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 29/02/2008 16:47:08 | Attr = S] Nero -> %AppData%\Nero -> [Folder | Modified Date = 14/01/2008 22:59:29 | Attr = ] Sony Ericsson -> %AppData%\Sony Ericsson -> [Folder | Modified Date = 14/02/2008 15:29:53 | Attr = ] SorensonMedia -> %AppData%\SorensonMedia -> [Folder | Modified Date = 17/01/2008 20:03:00 | Attr = ] Teleca -> %AppData%\Teleca -> [Folder | Modified Date = 14/02/2008 15:30:29 | Attr = ] Ulead Systems -> %AppData%\Ulead Systems -> [Folder | Modified Date = 23/01/2008 22:50:09 | Attr = ] Vara Software -> %AppData%\Vara Software -> [Folder | Modified Date = 19/03/2008 18:50:22 | Attr = ] WinampNEW -> %AppData%\WinampNEW -> [Folder | Modified Date = 06/01/2008 17:18:34 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 16/03/2008 15:32:26 | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Modified Date = 19/01/2008 22:14:38 | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 02/01/2008 14:37:31 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 25/03/2008 20:30:26 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> MD5 = EE8443436AB13FD55926355325208F86 | [Ver = | Size = 42496 bytes | Modified Date = 25/03/2008 01:48:29 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> MD5 = 8E3B6BD89FC19DB5711A252239CDA153 | [Ver = | Size = 97768 bytes | Modified Date = 16/03/2008 15:34:01 | Attr = ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Modified Date = 14/01/2008 13:15:48 | Attr = ] Installer1368 -> %UserProfile%\Local Settings\Application Data\Installer1368 -> [Folder | Modified Date = 05/01/2008 18:45:26 | Attr = ] Installer3316 -> %UserProfile%\Local Settings\Application Data\Installer3316 -> [Folder | Modified Date = 05/01/2008 18:38:14 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 10/03/2008 20:53:28 | Attr = S] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Modified Date = 29/02/2008 15:41:03 | Attr = ] Nero -> %UserProfile%\Local Settings\Application Data\Nero -> [Folder | Modified Date = 14/01/2008 23:01:57 | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 02/01/2008 10:14:25 | Attr = ] Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson -> [Folder | Modified Date = 14/02/2008 15:32:37 | Attr = ] Focal.Press.Adobe.Photoshop.CS3.for.Photographers.May.2007.eBook-BBL -> %AllUsersProfile%\Documents\Focal.Press.Adobe.Photoshop.CS3.for.Photographers.May.2007.eBook-BBL -> [Folder | Modified Date = 12/01/2008 13:28:26 | Attr = ] sys63390.bin -> %AllUsersProfile%\Documents\sys63390.bin -> MD5 = 3E3720140C229B6D3E87557449BA5ECE | [Ver = | Size = 111 bytes | Modified Date = 29/12/2007 05:53:32 | Attr = ] Adobe -> %UserProfile%\My Documents\Adobe -> [Folder | Modified Date = 26/01/2008 23:25:42 | Attr = ] Adobe Visual Communicator 3 -> %UserProfile%\My Documents\Adobe Visual Communicator 3 -> [Folder | Modified Date = 16/03/2008 15:34:09 | Attr = ] application_form_and_monitoring_form[1][1].doc -> %UserProfile%\My Documents\application_form_and_monitoring_form[1][1].doc -> MD5 = 21C7FFDB26DDBF28C69174253CAC3170 | [Ver = | Size = 105472 bytes | Modified Date = 08/01/2008 22:29:03 | Attr = ] AsusUpdt_V71305.zip -> %UserProfile%\My Documents\AsusUpdt_V71305.zip -> MD5 = 2E01810D0DE207734C1A90EC57174402 | [Ver = | Size = 8815816 bytes | Modified Date = 02/03/2008 15:33:14 | Attr = ] BIOS BACKUP -> %UserProfile%\My Documents\BIOS BACKUP -> MD5 = 9048EA33AC46A71B7FB012A0FAA605C4 | [Ver = | Size = 1048576 bytes | Modified Date = 02/03/2008 14:38:30 | Attr = ] bobby website -> %UserProfile%\My Documents\bobby website -> [Folder | Modified Date = 13/03/2008 20:34:15 | Attr = ] cv_nicole2[1].doc -> %UserProfile%\My Documents\cv_nicole2[1].doc -> MD5 = 1908B45157134C998BFDAC0D0A7DDC07 | [Ver = | Size = 427520 bytes | Modified Date = 09/01/2008 23:08:28 | Attr = ] Files -> %UserProfile%\My Documents\Files -> [Folder | Modified Date = 23/03/2008 22:05:40 | Attr = ] InterVideo -> %UserProfile%\My Documents\InterVideo -> [Folder | Modified Date = 23/01/2008 23:26:51 | Attr = ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Modified Date = 31/01/2008 14:04:00 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 28/02/2008 11:32:51 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 23/02/2008 19:52:28 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 29/02/2008 14:46:43 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> MD5 = C44A4A37BBDEC7094F3FC417CF68914F | [Ver = | Size = 632 bytes | Modified Date = 26/03/2008 00:53:35 | Attr = ] My Titles -> %UserProfile%\My Documents\My Titles -> [Folder | Modified Date = 16/03/2008 20:45:27 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 23/01/2008 22:42:32 | Attr = R ] Nero Recode -> %UserProfile%\My Documents\Nero Recode -> [Folder | Modified Date = 24/01/2008 00:06:45 | Attr = ] NeroVision -> %UserProfile%\My Documents\NeroVision -> [Folder | Modified Date = 17/01/2008 00:53:59 | Attr = ] Pirate Radio in the Rave Culture.doc -> %UserProfile%\My Documents\Pirate Radio in the Rave Culture.doc -> MD5 = 8DA6DD166222577FA0D56D6D00B03C13 | [Ver = | Size = 41472 bytes | Modified Date = 11/01/2008 19:47:29 | Attr = ] pissoff -> %UserProfile%\My Documents\pissoff -> [Folder | Modified Date = 19/03/2008 20:19:29 | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> MD5 = 31F94E1C56D0C8D00D6867D67D51DBA7 | [Ver = | Size = 13312 bytes | Modified Date = 09/01/2008 23:07:52 | Attr = ] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable To whom it may concern.doc -> %UserProfile%\My Documents\To whom it may concern.doc -> MD5 = 0E8ADE3CAB1EDE6256B6AC4A54EAD5B6 | [Ver = | Size = 26112 bytes | Modified Date = 08/01/2008 22:14:45 | Attr = ] To whom it may concern2.doc -> %UserProfile%\My Documents\To whom it may concern2.doc -> MD5 = DB4BD7C157CCFEA07D804618DD53029A | [Ver = | Size = 25600 bytes | Modified Date = 09/01/2008 23:04:23 | Attr = ] Ulead DVD MovieFactory -> %UserProfile%\My Documents\Ulead DVD MovieFactory -> [Folder | Modified Date = 23/01/2008 22:50:09 | Attr = ] ??????? ??????.doc -> %UserProfile%\My Documents\תיסקאלי אקוונט.doc -> Unable to obtain MD5 | [Ver = | Size = 53248 bytes | Modified Date = 17/12/2006 19:25:02 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> MD5 = E998140E65E23168558F8C191434939D | [Ver = | Size = 737 bytes | Modified Date = 24/03/2008 22:18:38 | Attr = ] aba -> %UserProfile%\Desktop\aba -> [Folder | Modified Date = 25/03/2008 22:50:37 | Attr = ] AE GRAPH EDITOR.mov -> %UserProfile%\Desktop\AE GRAPH EDITOR.mov -> MD5 = 1F2ED68F1811ACBFF2A87412D7861090 | [Ver = | Size = 16174291 bytes | Modified Date = 03/03/2008 21:38:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\AE GRAPH EDITOR.mov:Zone.Identifier AE5.5 HIDDEN GEMS.pdf -> %UserProfile%\Desktop\AE5.5 HIDDEN GEMS.pdf -> MD5 = 75F6645B5EA4D7F09ED47A45CEBD9369 | [Ver = | Size = 48749 bytes | Modified Date = 19/02/2008 11:43:39 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> MD5 = D9DE89F0FAF18019BC9595F0F47BCA61 | Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 24/03/2008 22:16:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier budget Bluescreen.pdf -> %UserProfile%\Desktop\budget Bluescreen.pdf -> MD5 = F68B82F1DE01ABD31064EB445D738519 | [Ver = | Size = 3512499 bytes | Modified Date = 20/03/2008 14:43:50 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> MD5 = 66B683BEF25B70A6676DB574796DC134 | [Ver = | Size = 1607307 bytes | Modified Date = 24/03/2008 20:50:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier comp arts grad show.pdf -> %UserProfile%\Desktop\comp arts grad show.pdf -> MD5 = 0BE3C2C91DD26717707EE8E8E5A9CFE3 | [Ver = | Size = 1115781 bytes | Modified Date = 22/03/2008 10:55:59 | Attr = ] Double Project.lnk -> %UserProfile%\Desktop\Double Project.lnk -> MD5 = D3691E75F8DAEECAA68944C416EF372D | [Ver = | Size = 569 bytes | Modified Date = 21/02/2008 00:14:09 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> MD5 = 3263958722182342D69AF0D64DB645A7 | [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 24/03/2008 19:42:31 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Files.lnk -> %UserProfile%\Desktop\Files.lnk -> MD5 = 5AAF93D4779F2A3E6338573046F9D560 | [Ver = | Size = 451 bytes | Modified Date = 29/02/2008 22:43:28 | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe -> MD5 = 31298B9793914BD009D286F494B0C55B | [Ver = | Size = 103802 bytes | Modified Date = 24/03/2008 20:50:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Flash_Disinfector.exe:Zone.Identifier Haupt-Prospekt.pdf -> %UserProfile%\Desktop\Haupt-Prospekt.pdf -> MD5 = C237FAA902552C08C600A5BB69BC3C03 | [Ver = | Size = 1197916 bytes | Modified Date = 24/03/2008 21:56:52 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Haupt-Prospekt.pdf:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> MD5 = 82E73744270461A5596AA3A65874EEDA | [Ver = | Size = 1775 bytes | Modified Date = 24/03/2008 19:45:38 | Attr = ] ipod customize.pdf -> %UserProfile%\Desktop\ipod customize.pdf -> MD5 = 4CF8E297C479F09FC3D77CB3F93B13D9 | [Ver = | Size = 7051403 bytes | Modified Date = 22/03/2008 11:04:53 | Attr = ] Kursdetails_Wien.pdf -> %UserProfile%\Desktop\Kursdetails_Wien.pdf -> MD5 = 1A9CC5C4212C1DDC22763B0C09800BD0 | [Ver = | Size = 1744118 bytes | Modified Date = 24/03/2008 21:56:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Kursdetails_Wien.pdf:Zone.Identifier mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> MD5 = A658756F608530FD81BD0FE04A8B8EF5 | Malwarebytes [Ver = 1.0.0.0 | Size = 1505568 bytes | Modified Date = 24/03/2008 22:17:34 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier nicole -> %UserProfile%\Desktop\nicole -> [Folder | Modified Date = 16/03/2008 17:28:58 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 24/03/2008 19:39:56 | Attr = ] PS CS3 shotcuts.pdf -> %UserProfile%\Desktop\PS CS3 shotcuts.pdf -> MD5 = D91530BF0C2C2BCD8306FF3127AC3A75 | [Ver = | Size = 43552 bytes | Modified Date = 14/03/2008 18:03:35 | Attr = ] schedule semester 2.pdf -> %UserProfile%\Desktop\schedule semester 2.pdf -> MD5 = 85498880D5B9AB78AB21BFD798D7313E | [Ver = | Size = 1234639 bytes | Modified Date = 12/02/2008 22:24:35 | Attr = ] Shortcut to snappy snaps.lnk -> %UserProfile%\Desktop\Shortcut to snappy snaps.lnk -> MD5 = 8CC3738FB6E21AC26F4235988B604BB0 | [Ver = | Size = 453 bytes | Modified Date = 03/02/2008 17:30:01 | Attr = ] sony DVcam.pdf -> %UserProfile%\Desktop\sony DVcam.pdf -> MD5 = ADB157A6FBBB6A2E92491C83003F5089 | [Ver = | Size = 5982720 bytes | Modified Date = 16/03/2008 14:37:45 | Attr = ] toonboom.pdf -> %UserProfile%\Desktop\toonboom.pdf -> MD5 = 5210D77418850E648AC72D6ABAD2E380 | [Ver = | Size = 2268452 bytes | Modified Date = 22/03/2008 11:08:02 | Attr = ] Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> MD5 = 6529A8967328BACB97E390B8E58FA24A | [Ver = | Size = 1728 bytes | Modified Date = 11/01/2008 16:55:28 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 20/01/2008 19:42:20 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 29/02/2008 15:49:03 | Attr = ] InterVideo -> %CommonProgramFiles%\InterVideo -> [Folder | Modified Date = 23/01/2008 23:20:03 | Attr = ] LightScribe -> %CommonProgramFiles%\LightScribe -> [Folder | Modified Date = 04/03/2008 00:05:16 | Attr = ] Logitech -> %CommonProgramFiles%\Logitech -> [Folder | Modified Date = 11/01/2008 16:55:19 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 29/02/2008 15:57:39 | Attr = ] Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Modified Date = 14/02/2008 15:27:39 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 29/02/2008 15:56:46 | Attr = ] Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Modified Date = 04/03/2008 00:06:11 | Attr = ] Ulead -> %CommonProgramFiles%\Ulead -> [Folder | Modified Date = 23/01/2008 23:20:53 | Attr = ] Ulead Systems -> %CommonProgramFiles%\Ulead Systems -> [Folder | Modified Date = 23/01/2008 23:58:32 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 02/01/2008 10:24:15 | Attr = HS] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 25/03/2008 20:34:43 | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 26/01/2008 23:22:58 | Attr = ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 14/11/2007 21:49:55 | Attr = ] Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [Folder | Modified Date = 24/01/2008 00:05:06 | Attr = ] ALM -> C:\Documents and Settings\All Users\Application Data\ALM -> [Folder | Modified Date = 17/10/2007 11:46:21 | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 14/11/2007 21:34:03 | Attr = ] CA -> C:\Documents and Settings\All Users\Application Data\CA -> [Folder | Modified Date = 08/12/2007 10:51:11 | Attr = ] FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [Folder | Modified Date = 17/10/2007 11:51:49 | Attr = ] GridIron Software -> C:\Documents and Settings\All Users\Application Data\GridIron Software -> [Folder | Modified Date = 29/02/2008 16:49:54 | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 04/12/2007 19:29:03 | Attr = ] InterVideo -> C:\Documents and Settings\All Users\Application Data\InterVideo -> [Folder | Modified Date = 23/01/2008 22:43:07 | Attr = ] Kaspersky Lab -> C:\Documents and Settings\All Users\Application Data\Kaspersky Lab -> [Folder | Modified Date = 03/03/2008 17:58:42 | Attr = ] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [Folder | Modified Date = 17/01/2008 00:50:01 | Attr = ] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [Folder | Modified Date = 24/03/2008 22:18:38 | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 31/01/2008 14:03:56 | Attr = S] Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help -> [Folder | Modified Date = 12/03/2008 03:03:02 | Attr = ] Minnetonka Audio Software -> C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software -> [Folder | Modified Date = 18/01/2008 18:07:49 | Attr = ] Nero -> C:\Documents and Settings\All Users\Application Data\Nero -> [Folder | Modified Date = 19/01/2008 21:31:24 | Attr = ] NVIDIA -> C:\Documents and Settings\All Users\Application Data\NVIDIA -> [Folder | Modified Date = 15/10/2007 16:31:41 | Attr = ] nView_Profiles -> C:\Documents and Settings\All Users\Application Data\nView_Profiles -> [Folder | Modified Date = 15/10/2007 12:35:57 | Attr = ] SmartSound Software Inc -> C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc -> [Folder | Modified Date = 04/12/2007 19:29:45 | Attr = ] Sony Corporation -> C:\Documents and Settings\All Users\Application Data\Sony Corporation -> [Folder | Modified Date = 22/10/2007 19:47:34 | Attr = ] Sony Ericsson -> C:\Documents and Settings\All Users\Application Data\Sony Ericsson -> [Folder | Modified Date = 14/02/2008 15:27:41 | Attr = ] Teleca -> C:\Documents and Settings\All Users\Application Data\Teleca -> [Folder | Modified Date = 14/02/2008 15:27:42 | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 23/03/2008 01:32:40 | Attr = ] @Alternate Data Stream - 173 bytes -> %AllUsersProfile%\Application Data\TEMP:D282699C Ulead Systems -> C:\Documents and Settings\All Users\Application Data\Ulead Systems -> [Folder | Modified Date = 23/01/2008 23:58:34 | Attr = ] Vara Software -> C:\Documents and Settings\All Users\Application Data\Vara Software -> [Folder | Modified Date = 19/03/2008 18:56:22 | Attr = ] VertusTech -> C:\Documents and Settings\All Users\Application Data\VertusTech -> [Folder | Modified Date = 12/02/2008 23:56:14 | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 02/01/2008 10:54:15 | Attr = ] WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller -> [Folder | Modified Date = 02/01/2008 10:14:59 | Attr = ] C:\Documents and Settings\dave\Application Data\ -> C:\Documents and Settings\dave\Application Data -> [Folder | Modified Date = 24/03/2008 22:18:42 | Attr = RH ] Adobe -> C:\Documents and Settings\dave\Application Data\Adobe -> [Folder | Modified Date = 20/03/2008 19:02:42 | Attr = ] AdobeUM -> C:\Documents and Settings\dave\Application Data\AdobeUM -> [Folder | Modified Date = 16/10/2007 20:37:55 | Attr = ] Ahead -> C:\Documents and Settings\dave\Application Data\Ahead -> [Folder | Modified Date = 12/03/2008 00:03:06 | Attr = ] Apple Computer -> C:\Documents and Settings\dave\Application Data\Apple Computer -> [Folder | Modified Date = 14/11/2007 21:35:41 | Attr = ] Avant Profiles -> C:\Documents and Settings\dave\Application Data\Avant Profiles -> [Folder | Modified Date = 02/01/2008 12:36:04 | Attr = ] BSplayer Pro -> C:\Documents and Settings\dave\Application Data\BSplayer Pro -> [Folder | Modified Date = 13/03/2008 09:54:01 | Attr = ] discreet -> C:\Documents and Settings\dave\Application Data\discreet -> [Folder | Modified Date = 05/01/2008 16:21:06 | Attr = ] DivX -> C:\Documents and Settings\dave\Application Data\DivX -> [Folder | Modified Date = 23/01/2008 22:46:49 | Attr = ] GridIron -> C:\Documents and Settings\dave\Application Data\GridIron -> [Folder | Modified Date = 29/02/2008 16:48:05 | Attr = ] Help -> C:\Documents and Settings\dave\Application Data\Help -> [Folder | Modified Date = 16/11/2007 21:00:51 | Attr = ] Identities -> C:\Documents and Settings\dave\Application Data\Identities -> [Folder | Modified Date = 15/10/2007 11:52:55 | Attr = ] InterVideo -> C:\Documents and Settings\dave\Application Data\InterVideo -> [Folder | Modified Date = 23/01/2008 23:23:06 | Attr = ] Lavasoft -> C:\Documents and Settings\dave\Application Data\Lavasoft -> [Folder | Modified Date = 05/12/2007 18:20:16 | Attr = ] Logitech -> C:\Documents and Settings\dave\Application Data\Logitech -> [Folder | Modified Date = 11/01/2008 17:02:08 | Attr = ] Lost Marble -> C:\Documents and Settings\dave\Application Data\Lost Marble -> [Folder | Modified Date = 02/11/2007 00:14:19 | Attr = ] Macromedia -> C:\Documents and Settings\dave\Application Data\Macromedia -> [Folder | Modified Date = 17/10/2007 11:53:57 | Attr = ] Malwarebytes -> C:\Documents and Settings\dave\Application Data\Malwarebytes -> [Folder | Modified Date = 24/03/2008 22:18:42 | Attr = ] Media Player Classic -> C:\Documents and Settings\dave\Application Data\Media Player Classic -> [Folder | Modified Date = 17/10/2007 23:37:05 | Attr = ] Microsoft -> C:\Documents and Settings\dave\Application Data\Microsoft -> [Folder | Modified Date = 29/02/2008 16:47:08 | Attr = S] Nero -> C:\Documents and Settings\dave\Application Data\Nero -> [Folder | Modified Date = 14/01/2008 22:59:29 | Attr = ] Real -> C:\Documents and Settings\dave\Application Data\Real -> [Folder | Modified Date = 04/12/2007 19:27:27 | Attr = ] Sony Corporation -> C:\Documents and Settings\dave\Application Data\Sony Corporation -> [Folder | Modified Date = 22/10/2007 19:53:18 | Attr = ] Sony Ericsson -> C:\Documents and Settings\dave\Application Data\Sony Ericsson -> [Folder | Modified Date = 14/02/2008 15:29:53 | Attr = ] SorensonMedia -> C:\Documents and Settings\dave\Application Data\SorensonMedia -> [Folder | Modified Date = 17/01/2008 20:03:00 | Attr = ] Teleca -> C:\Documents and Settings\dave\Application Data\Teleca -> [Folder | Modified Date = 14/02/2008 15:30:29 | Attr = ] Ulead Systems -> C:\Documents and Settings\dave\Application Data\Ulead Systems -> [Folder | Modified Date = 23/01/2008 22:50:09 | Attr = ] Vara Software -> C:\Documents and Settings\dave\Application Data\Vara Software -> [Folder | Modified Date = 19/03/2008 18:50:22 | Attr = ] WinampNEW -> C:\Documents and Settings\dave\Application Data\WinampNEW -> [Folder | Modified Date = 06/01/2008 17:18:34 | Attr = ] WinRAR -> C:\Documents and Settings\dave\Application Data\WinRAR -> [Folder | Modified Date = 17/10/2007 23:35:50 | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 15/10/2007 12:35:49 | Attr = RH ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 25/03/2008 20:26:23 | Attr = S] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 15/10/2007 11:52:08 | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 15/10/2007 11:47:32 | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 15/10/2007 11:50:46 | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 05/01/2008 15:23:31 | Attr = S] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 15/10/2007 13:18:02 | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> MD5 = 6A82073D6E1CAEA8E63CF491BAADFA2B | [Ver = | Size = 65 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 25/03/2008 20:34:16 | Attr = H ] XoftSpySE 2.job -> C:\WINDOWS\Tasks\XoftSpySE 2.job -> MD5 = F9028E289A1FD854241A0D80CB9D2DF3 | [Ver = | Size = 430 bytes | Modified Date = 25/03/2008 20:34:20 | Attr = ] XoftSpySE.job -> C:\WINDOWS\Tasks\XoftSpySE.job -> MD5 = FF9BBEE14C7575F7D02EBD607904F555 | [Ver = | Size = 312 bytes | Modified Date = 07/01/2008 16:23:56 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs] "CTE_32 Name"="2454519:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install\VxDs] "DefaultSettings"="-10:{3C7DA433-1047-9FC4-00BA-978A09424856}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{9AB7F4CF-B598-D21E-CB77-64C1BA6393E5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{9AB7F4CF-B598-D21E-CB77-64C1BA6393E5}\Version 1.1] "dat"="806585365:{4ACA313B-9C31-8DE9-C38D-B6A5446B2657}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\] "AB141C35E9F4BF344B9FC010BB17F68A"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{9E12E6D4-6106-10F7-91CF-0634074CCE33}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{9E12E6D4-6106-10F7-91CF-0634074CCE33}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{9E12E6D4-6106-10F7-91CF-0634074CCE33}\Install\xga-3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{9E12E6D4-6106-10F7-91CF-0634074CCE33}\Install\xga-3\dat] "default"="518022161:{50C1673D-3260-CABD-5351-2107E75B7AF1}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{9AB7F4CF-B598-D21E-CB77-64C1BA6393E5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{9AB7F4CF-B598-D21E-CB77-64C1BA6393E5}\Version 3.x] "dat"="1767914624:{57B281B3-DCCE-F44D-366D-01163B9537DC}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll] "AplicationGoo"="6a)#0f\x00be3183\x84\xe1l3bd0\xd6" "ChkAppHelp"="{028B01B4-E150-FD32-0A6E-D26C582873BE}" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:D282699C 173 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\Desktop\aba\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\Desktop\nicole\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\bobbyweb new\images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\bobbyweb new\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\flash site\images\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\images\index\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\INTIMACY for bobby\final LOGO\PINK\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\INTIMACY for bobby\FLYER\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\Spyda Bobby\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\bobby website\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\A Century of Animated Shorts I\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\A Century of Animated Shorts II\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\A Century of Animated Shorts III\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\A Century of Animated Shorts IV\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\Betty Boop Cartoons from the 1930s\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\Free.Jimmy.2006.LiMiTED.DVDRip.XViD\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\Monkey Dust s01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\Monkey Dust s02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\Monkey Dust s03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\SOUTH PARK\Season 11\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\SOUTH PARK\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 01\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 02\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 03\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 06\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 17\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 18\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\The Simpsons - Season 19\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\THE SIMPSONS\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\ANIMATION\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\FOOD\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\GENARTS_SAPPHIRE_V2.02_FOR_AE-XFORCE\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\Beowulf[2007]DvDrip[Eng]-FXG\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\BO SELECTA\Bo Selecta - Series 3\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\parkour vids\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\The.Da.Vinci.Code[2006]DvDrip[EnG\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\The.Last.King.of.Scotland.DVDRip.XviD\CD1\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\The.Last.King.of.Scotland.DVDRip.XviD\CD2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\Grindhouse-Planet.Terror[2007][Unrated.Edition]DvDrip[Eng]-aXXo\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\heroes\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\Little Britain Season 2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\MOVIES\Michael.Clayton.DVDRip.XviD-NeDiVx\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Files\particle illusion 3 emitters\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\hertzfeld dvd\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\dave\My Documents\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 142 < End of report > [/code]