[code] OTScanIt logfile created on: 3/31/2008 1:47:54 PM OTScanIt by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\don\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1022.09 Mb Total Physical Memory | 645.67 Mb Available Physical Memory | 63.17% Memory free 2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.36% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.53 Gb Total Space | 4.92 Gb Free Space | 25.21% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 4.88 Gb Total Space | 1.20 Gb Free Space | 24.69% Space Free | Partition Type: NTFS Drive G: | 34.18 Gb Total Space | 7.23 Gb Free Space | 21.14% Space Free | Partition Type: NTFS Drive H: | 34.18 Gb Total Space | 7.21 Gb Free Space | 21.10% Space Free | Partition Type: NTFS Drive I: | 56.23 Gb Total Space | 1.49 Gb Free Space | 2.65% Space Free | Partition Type: NTFS Computer Name: MYSYSTEM Current User Name: don Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aswupdsv.exe -> G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ] ashserv.exe -> G:\Program Files\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/25/2003 12:52:00 AM | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 2/25/2003 12:50:00 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 3/13/2008 9:25:00 PM | Attr = ] ashdisp.exe -> G:\Program Files\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr = ] ashmaisv.exe -> G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ] ashwebsv.exe -> G:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 3/27/2008 2:59:26 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.8.0 | Size = 370176 bytes | Modified Date = 3/29/2008 5:10:10 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 9:36:33 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> G:\Program Files\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 8:00:16 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 7:59:53 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> G:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 7:59:01 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/25/2003 12:52:00 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 3/13/2008 9:25:00 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Modified Date = 12/4/2007 9:49:02 AM | Attr = ] (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Modified Date = 12/4/2007 9:55:46 AM | Attr = ] (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Modified Date = 12/4/2007 9:53:39 AM | Attr = ] (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Modified Date = 12/4/2007 9:51:52 AM | Attr = ] (ATIAVPCI) ATI Unified AVStream service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\atinavrr.sys -> ATI Technologies Inc. [Ver = 6.14.10.226 | Size = 512000 bytes | Modified Date = 1/5/2007 3:22:18 AM | Attr = ] (cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 12/13/2004 4:14:00 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.0.15.0 built by: WinDDK | Size = 180736 bytes | Modified Date = 3/31/2005 6:04:52 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 6:45:54 PM | Attr = ] (iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 6.0.0.1022 | Size = 247808 bytes | Modified Date = 5/11/2006 11:30:52 AM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 9:42:58 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.26a | Size = 20576 bytes | Modified Date = 5/12/2005 7:54:10 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 716272 bytes | Modified Date = 1/28/2008 11:28:42 PM | Attr = ] (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4946.0 nd412 cp1 | Size = 1106888 bytes | Modified Date = 2/14/2006 4:26:02 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> avast! -> G:\Program Files\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 8:00:23 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 9:07:00 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < don Startup Folder > -> C:\Documents and Settings\don\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\gebcywu.dll [] -> [Ver = | Size = 37888 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003] > -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> gebcywu -> %SystemRoot%\system32\gebcywu.dll -> [Ver = | Size = 37888 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogOff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003] > -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogOff -> 0 -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders -> 0 -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun -> 0 -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> google.net-studio.org -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\] > -> -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\: Main\\Start Page -> google.net-studio.org -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ] {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\gebcywu.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 37888 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ] {ECB08C5D-EE00-4ED4-AFB0-3DDDAB8502A7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mllji.dll [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 2:11:33 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\] > -> HKEY_USERS\S-1-5-21-1960408961-725345543-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 2:11:34 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {42F7A391-6BED-4F19-BD31-9945F903ADB9} -> (Intel(R) PRO/1000 PL Network Connection) -> {6B2F3BC8-32B5-45FE-9C1D-4A7A4070B03B} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01A88BB1-1174-41EC-ACCB-963509EAE56B}[HKEY_LOCAL_MACHINE] -> http://support.dell.com/systemprofiler/SysPro.CAB[SysProWmi Class] -> {3DCEC959-378A-4922-AD7E-FD5C925D927F}[HKEY_LOCAL_MACHINE] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab[Disney Online Games ActiveX Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201487982218[WUWebControl Class] -> {77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://www.nick.com/common/groove/gx/GrooveAX27.cab[Groove Control] -> {85D1F3B2-2A21-11D7-97B9-0010DC2A6243}[HKEY_LOCAL_MACHINE] -> http://secure2.comned.com/signuptemplates/securelogin-devel.cab[SecureLogin class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {95D88B35-A521-472B-A182-BB1A98356421}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab[Pearson Installation Assistant 2] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe[Virtools WebPlayer Class] -> {E6D23284-0E9B-417D-A782-03E4487FC947}[HKEY_LOCAL_MACHINE] -> http://asp.mathxl.com/books/_Players/MathPlayer.cab[Pearson MathXL Player] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DisneyOnlineGames.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DisneyOnlineGames.ocx\\.Owner -> {3DCEC959-378A-4922-AD7E-FD5C925D927F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DisneyOnlineGames.ocx\\{3DCEC959-378A-4922-AD7E-FD5C925D927F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\.Owner -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\{77E32299-629F-43C6-AB77-6A1E6D7663F6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MathPlayer.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MathPlayer.ocx\\.Owner -> {E6D23284-0E9B-417D-A782-03E4487FC947} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MathPlayer.ocx\\{E6D23284-0E9B-417D-A782-03E4487FC947} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PearsonInstallAsst2.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PearsonInstallAsst2.ocx\\.Owner -> {95D88B35-A521-472B-A182-BB1A98356421} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PearsonInstallAsst2.ocx\\{95D88B35-A521-472B-A182-BB1A98356421} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx\\.Owner -> {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/securelogin.ocx\\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\] -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 5/11/2007 4:06:38 AM | Attr = ] ashAvast.exe -> G:\Program Files\Alwil Software\Avast4\ashAvast.exe [G:\Program Files\Alwil Software\Avast4] -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 271736 bytes | Modified Date = 12/4/2007 7:52:15 AM | Attr = ] BackItUp.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\BackItUp.exe [C:\Program Files\Nero\Nero8\Nero BackItUp\] -> Nero AG [Ver = 3, 2, 3, 0 | Size = 23635240 bytes | Modified Date = 12/3/2007 3:20:24 PM | Attr = ] cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32] -> File not found firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox] -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 3/27/2008 2:59:26 PM | Attr = ] HijackThis.exe -> I:\HijackThis\HijackThis.exe [I:\HijackThis] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 3/31/2008 11:48:23 AM | Attr = ] hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe [Reg Error: Value Path does not exist or could not be read.] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] ImageDrive.exe -> %ProgramFiles%\Nero\Nero8\Nero ImageDrive\ImageDrive.exe [C:\Program Files\Nero\Nero8\Nero ImageDrive\] -> Nero AG [Ver = 3.7.2.0 | Size = 2266408 bytes | Modified Date = 11/21/2007 6:31:38 PM | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found javaws.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_03\bin] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/25/2007 12:31:42 AM | Attr = ] Launcher1.exe -> %ProgramFiles%\Disney\Disney Online\PiratesOnline\Launcher1.exe [Reg Error: Value Path does not exist or could not be read.] -> Disney [Ver = 1.0.0.1 | Size = 1512960 bytes | Modified Date = 2/26/2008 6:58:30 PM | Attr = ] mohpa.exe -> I:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe [I:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)] -> Electronic Arts Inc. [Ver = 1, 0, 0, 1 | Size = 10913761 bytes | Modified Date = 3/22/2008 11:36:42 PM | Attr = ] mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player"] -> File not found msimn.exe -> [%ProgramFiles%\Outlook Express] -> File not found MSMoney.EXE -> %ProgramFiles%\Microsoft Money 2007\MNYCoreFiles\msmoney.exe [C:\Program Files\Microsoft Money 2007\MNYCoreFiles] -> Microsoft(R) Corporation [Ver = 16.00.1303 | Size = 63280 bytes | Modified Date = 1/10/2007 12:16:36 PM | Attr = ] MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found NCoverEd.exe -> %ProgramFiles%\Nero\Nero8\Nero CoverDesigner\CoverDes.exe [C:\Program Files\Nero\Nero8\Nero CoverDesigner\] -> Nero AG [Ver = 3, 2, 3, 0 | Size = 6391080 bytes | Modified Date = 12/4/2007 10:57:08 AM | Attr = ] Nero.exe -> %ProgramFiles%\Nero\Nero8\Nero Burning Rom\nero.exe [C:\Program Files\Nero\Nero8\Nero Burning Rom\] -> Nero AG [Ver = 8, 2, 8, 0 | Size = 40699176 bytes | Modified Date = 12/17/2007 10:27:26 AM | Attr = ] NeroBurnRights.exe -> %ProgramFiles%\Nero\Nero8\Nero Toolkit\NeroBurnRights.exe [C:\Program Files\Nero\Nero8\Nero Toolkit\] -> Nero AG [Ver = 2.4.3.0 | Size = 1033512 bytes | Modified Date = 12/3/2007 7:04:12 PM | Attr = ] NeroHome.exe -> %ProgramFiles%\Nero\Nero8\Nero Home\NeroHome.exe [C:\Program Files\Nero\Nero8\Nero Home\] -> Nero AG [Ver = 3.2.5.0 | Size = 767272 bytes | Modified Date = 12/13/2007 8:09:24 PM | Attr = ] NeroMediaHome.exe -> %ProgramFiles%\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe [C:\Program Files\Nero\Nero8\Nero MediaHome\] -> Nero AG [Ver = 3.2.5.0 | Size = 5047592 bytes | Modified Date = 12/13/2007 8:09:04 PM | Attr = ] NeroVision.exe -> %ProgramFiles%\Nero\Nero8\Nero Vision\NeroVision.exe [C:\Program Files\Nero\Nero8\Nero Vision\] -> Nero AG [Ver = 5,2,7,0 | Size = 893224 bytes | Modified Date = 12/12/2007 3:02:02 PM | Attr = ] nfs.exe -> G:\Program Files\Electronic Arts\Need for Speed ProStreet\nfs.exe [G:\Program Files\Electronic Arts\Need for Speed ProStreet\] -> [Ver = | Size = 17702912 bytes | Modified Date = 11/13/2007 9:21:41 PM | Attr = ] PhotoSnapViewer.exe -> %ProgramFiles%\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe [C:\Program Files\Nero\Nero8\Nero PhotoSnap\] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 3454248 bytes | Modified Date = 12/10/2007 6:12:32 PM | Attr = ] PictureViewer.exe -> I:\Program Files\QuickTime\PictureViewer.exe [Reg Error: Value Path does not exist or could not be read.] -> Apple Computer, Inc. [Ver = 6.0 | Size = 245760 bytes | Modified Date = 7/10/2002 10:01:41 PM | Attr = ] pinball.exe -> %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE [C:\Program Files\Windows NT\Pinball] -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] QuickTimePlayer.exe -> I:\Program Files\QuickTime\QuickTimePlayer.exe [Reg Error: Value Path does not exist or could not be read.] -> Apple Computer, Inc. [Ver = 6.0 | Size = 988672 bytes | Modified Date = 7/10/2002 10:01:40 PM | Attr = ] QuickTimeUpdater.exe -> I:\Program Files\QuickTime\QuickTimeUpdater.exe [Reg Error: Value Path does not exist or could not be read.] -> Apple Computer, Inc. [Ver = 6.0 | Size = 127488 bytes | Modified Date = 7/10/2002 10:01:41 PM | Attr = ] Recode.exe -> %ProgramFiles%\Nero\Nero8\Nero Recode\Recode.exe [C:\Program Files\Nero\Nero8\Nero Recode\] -> Nero AG [Ver = 3, 0, 3, 0 | Size = 11810088 bytes | Modified Date = 12/4/2007 10:59:20 AM | Attr = ] setup.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found ShowTime.exe -> %ProgramFiles%\Nero\Nero8\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero8\Nero ShowTime\] -> Nero AG [Ver = 4, 2, 3, 0 | Size = 6137128 bytes | Modified Date = 12/3/2007 7:04:12 PM | Attr = ] SoundTrax.exe -> %ProgramFiles%\Nero\Nero8\Nero SoundTrax\SoundTrax.exe [C:\Program Files\Nero\Nero8\Nero SoundTrax\] -> Nero AG [Ver = 3, 2, 3, 0 | Size = 3826984 bytes | Modified Date = 12/5/2007 10:55:10 AM | Attr = ] table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found TheRosettaStone.exe -> I:\Program Files\The Rosetta Stone\The Rosetta Stone\TheRosettaStone.exe [I:\Program Files\The Rosetta Stone\The Rosetta Stone] -> Macromedia, Inc. [Ver = 9.0r383 | Size = 2331402 bytes | Modified Date = 3/31/2003 11:44:58 AM | Attr = ] wab.exe -> [%ProgramFiles%\Outlook Express] -> File not found wabmig.exe -> [%ProgramFiles%\Outlook Express] -> File not found waveedit.exe -> %ProgramFiles%\Nero\Nero8\Nero WaveEditor\waveedit.exe [C:\Program Files\Nero\Nero8\Nero WaveEditor\] -> Nero AG [Ver = 4, 2, 3, 0 | Size = 83240 bytes | Modified Date = 12/5/2007 10:52:20 AM | Attr = ] winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value Path does not exist or could not be read.] -> File not found WinRAR.exe -> g:\Program Files\WinRAR\WinRAR.exe [g:\Program Files\WinRAR] -> [Ver = | Size = 936960 bytes | Modified Date = 9/20/2007 7:34:22 PM | Attr = ] WORDPAD.EXE -> [Reg Error: Value Path does not exist or could not be read.] -> File not found WRITE.EXE -> [Reg Error: Value Path does not exist or could not be read.] -> File not found < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] C:\WINDOWS\system32\mllji -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 780 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1152 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dxdiag.exe -> C:\WINDOWS\system32\dxdiag.exe [C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1298432 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\America's Army\System\ArmyOps.exe -> F:\Program Files\America's Army\System\ArmyOps.exe [F:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps] -> [Ver = | Size = 131072 bytes | Modified Date = 1/25/2008 11:49:16 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\Azureus\Azureus.exe -> G:\Program Files\Azureus\Azureus.exe [G:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 3/5/2008 11:54:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\Microsoft Games\Halo\halo.exe -> G:\Program Files\Microsoft Games\Halo\halo.exe [G:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo] -> Microsoft Corporation [Ver = 01.00.00.0564 | Size = 2793472 bytes | Modified Date = 9/4/2003 7:16:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\toorent\halo\Halo\halo.exe -> H:\toorent\halo\Halo\halo.exe [H:\toorent\halo\Halo\halo.exe:*:Disabled:Halo] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe -> G:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe [G:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Enabled:sof3] -> [Ver = | Size = 61440 bytes | Modified Date = 11/14/2007 2:54:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 4:32:57 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/27/2006 4:16:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe -> I:\Program Files\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe [I:\Program Files\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe:*:Enabled:Conflict: Denied Ops] -> Pivotal Games [Ver = 1, 0, 0, 1 | Size = 2387456 bytes | Modified Date = 2/6/2008 5:16:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\Sega\The Club\Launcher.exe -> I:\Program Files\Sega\The Club\Launcher.exe [I:\Program Files\Sega\The Club\Launcher.exe:*:Enabled:The Club Launcher] -> Bizarre Creations [Ver = 1, 0, 0, 1 | Size = 9745898 bytes | Modified Date = 2/14/2008 6:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\Sega\The Club\TheClub.exe -> I:\Program Files\Sega\The Club\TheClub.exe [I:\Program Files\Sega\The Club\TheClub.exe:*:Enabled:The Club] -> Bizarre Creations [Ver = 1, 0, 0, 1 | Size = 7810104 bytes | Modified Date = 1/21/2008 1:40:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\Sierra Entertainment\World In Conflict\wic.exe -> G:\Program Files\Sierra Entertainment\World In Conflict\wic.exe [G:\Program Files\Sierra Entertainment\World In Conflict\wic.exe:*:Enabled:World in Conflict] -> Massive Entertainment AB [Ver = 1.0.0.0 (b80) | Size = 9755136 bytes | Modified Date = 9/19/2007 9:35:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\Sierra Entertainment\World In Conflict\wic_online.exe -> G:\Program Files\Sierra Entertainment\World In Conflict\wic_online.exe [G:\Program Files\Sierra Entertainment\World In Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only] -> Massive Entertainment AB [Ver = 1.0.0.1 (b81) | Size = 13763888 bytes | Modified Date = 10/5/2007 9:26:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Program Files\Sierra Entertainment\World In Conflict\wic_ds.exe -> G:\Program Files\Sierra Entertainment\World In Conflict\wic_ds.exe [G:\Program Files\Sierra Entertainment\World In Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server] -> [Ver = | Size = 7529472 bytes | Modified Date = 9/19/2007 9:35:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\I:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe -> I:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe [I:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)] -> Electronic Arts Inc. [Ver = 1, 0, 0, 1 | Size = 10913761 bytes | Modified Date = 3/22/2008 11:36:42 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^don^Start Menu^Programs^Startup^Kuma_Tray.lnk -> %ProgramFiles%\Kuma Games\kgsystray\Kuma_tray.exe -> [Ver = 0.0.54 | Size = 33992 bytes | Modified Date = 9/26/2007 4:57:16 PM | Attr = ] C:^Documents and Settings^don^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> %ProgramFiles%\LimeWire\LimeWire.exe -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 4:32:57 PM | Attr = ] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ] BMc376d3ca hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\yalxhfst.DLL -> File not found [Files/Folders - Created Within 90 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 1/27/2008 9:03:10 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Created Date = 1/27/2008 2:52:09 PM | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/27/2008 9:03:10 PM | Attr = ] DELL -> %SystemDrive%\DELL -> [Folder | Created Date = 1/27/2008 9:03:28 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 1/27/2008 2:52:51 PM | Attr = ] drivers -> %SystemDrive%\drivers -> [Folder | Created Date = 3/23/2008 12:28:57 AM | Attr = ] Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 1/27/2008 9:20:06 PM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/27/2008 9:03:10 PM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/27/2008 9:03:10 PM | Attr = RHS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 2/25/2008 3:15:09 PM | Attr = RH ] My Money Backup_2008-03-27_233415.mbf -> %SystemDrive%\My Money Backup_2008-03-27_233415.mbf -> [Ver = | Size = 372687 bytes | Created Date = 3/27/2008 11:34:16 PM | Attr = R ] Program Files -> %ProgramFiles% -> [Folder | Created Date = 1/27/2008 2:53:43 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 1/27/2008 9:51:44 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 1/27/2008 2:52:50 PM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 3/31/2008 12:45:24 PM | Attr = ] wic -> %SystemDrive%\wic -> [Folder | Created Date = 3/20/2008 12:05:16 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 1/27/2008 9:04:22 PM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 1/27/2008 9:04:23 PM | Attr = ] cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/27/2008 9:04:30 PM | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 1/27/2008 9:04:32 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 1/27/2008 9:04:23 PM | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 1/27/2008 9:04:23 PM | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 1/27/2008 9:04:23 PM | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:23 PM | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:38 PM | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:38 PM | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:40 PM | Attr = ] c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:24 PM | Attr = ] c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 1/27/2008 9:04:25 PM | Attr = ] c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:32 PM | Attr = ] c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:26 PM | Attr = ] c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 1/27/2008 9:04:27 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:35 PM | Attr = ] c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:38 PM | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:37 PM | Attr = ] c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:40 PM | Attr = ] c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:42 PM | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 9:04:28 PM | Attr = ] c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:35 PM | Attr = ] c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:40 PM | Attr = ] c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 9:04:29 PM | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 9:04:29 PM | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 9:04:29 PM | Attr = ] c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:35 PM | Attr = ] c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 9:04:29 PM | Attr = ] c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] ehcir.ird -> %SystemRoot%\System32\dllcache\ehcir.ird -> [Ver = | Size = 10604352 bytes | Created Date = 1/27/2008 8:58:08 PM | Attr = ] eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/27/2008 9:04:40 PM | Attr = ] esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/27/2008 9:04:40 PM | Attr = ] esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/27/2008 9:04:40 PM | Attr = ] FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 1/27/2008 9:04:42 PM | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 1/27/2008 9:04:46 PM | Attr = ] HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/27/2008 8:57:47 PM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 1/27/2008 9:04:50 PM | Attr = ] IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 1/27/2008 9:04:59 PM | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 1/27/2008 9:05:01 PM | Attr = ] IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 1/27/2008 9:05:02 PM | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/27/2008 9:00:48 PM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 1/27/2008 9:05:09 PM | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 1/27/2008 9:05:10 PM | Attr = ] ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 1/27/2008 2:53:44 PM | Attr = ] MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat -> [Ver = | Size = 130715 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 1/27/2008 9:04:16 PM | Attr = ] msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/27/2008 9:00:50 PM | Attr = ] MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 1/27/2008 9:01:46 PM | Attr = ] NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT -> [Ver = | Size = 2008817 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT -> [Ver = | Size = 505647 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7710 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/27/2008 8:57:22 PM | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 1/27/2008 9:05:26 PM | Attr = ] plus.cat -> %SystemRoot%\System32\dllcache\plus.cat -> [Ver = | Size = 77881 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 1/27/2008 9:05:27 PM | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 1/27/2008 9:05:28 PM | Attr = ] r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 1/27/2008 2:53:44 PM | Attr = ] rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/27/2008 9:05:32 PM | Attr = ] rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/27/2008 9:05:32 PM | Attr = ] rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/27/2008 9:05:32 PM | Attr = ] sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 1/27/2008 2:53:44 PM | Attr = ] sam.spd -> %SystemRoot%\System32\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 1/27/2008 2:53:44 PM | Attr = ] sonic.cat -> %SystemRoot%\System32\dllcache\sonic.cat -> [Ver = | Size = 17916 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 106147 bytes | Created Date = 1/27/2008 2:53:23 PM | Attr = ] spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 1/27/2008 9:01:11 PM | Attr = ] tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 1/27/2008 9:05:56 PM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 1/27/2008 9:39:28 PM | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 1/27/2008 9:39:27 PM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 1/27/2008 9:39:27 PM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 1/27/2008 9:39:28 PM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 1/27/2008 9:39:28 PM | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] omci.sys -> %SystemRoot%\System32\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Created Date = 1/27/2008 9:32:05 PM | Attr = ] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Created Date = 1/27/2008 11:16:23 PM | Attr = ] pxhelp20.sys -> %SystemRoot%\System32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.26a | Size = 20576 bytes | Created Date = 1/27/2008 8:58:58 PM | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 716272 bytes | Created Date = 1/28/2008 11:28:42 PM | Attr = ] sthda.sys -> %SystemRoot%\System32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4946.0 nd412 cp1 | Size = 1106888 bytes | Created Date = 1/27/2008 10:13:47 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 2/25/2008 11:38:17 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 2/25/2008 11:38:21 PM | Attr = H ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 237 bytes | Created Date = 1/27/2008 2:52:08 PM | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 1/27/2008 9:39:21 PM | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 1/27/2008 9:03:05 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 1/27/2008 9:31:18 PM | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 1/27/2008 9:39:21 PM | Attr = ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 1/27/2008 2:53:29 PM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 95608 bytes | Created Date = 1/27/2008 9:39:28 PM | Attr = ] bbeeg.ini -> %SystemRoot%\System32\bbeeg.ini -> [Ver = | Size = 326121 bytes | Created Date = 3/28/2008 5:50:08 AM | Attr = HS] bbeeg.ini2 -> %SystemRoot%\System32\bbeeg.ini2 -> [Ver = | Size = 326121 bytes | Created Date = 3/28/2008 5:50:08 AM | Attr = HS] bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Created Date = 1/27/2008 2:53:15 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 1/27/2008 2:53:15 PM | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/27/2008 9:01:56 PM | Attr = RH ] CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,222,0 | Size = 107888 bytes | Created Date = 2/1/2008 12:07:58 PM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Created Date = 1/27/2008 8:57:17 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Created Date = 1/27/2008 9:03:10 PM | Attr = ] c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:38 PM | Attr = ] c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:38 PM | Attr = ] c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:40 PM | Attr = ] c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:32 PM | Attr = ] C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:35 PM | Attr = ] C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:38 PM | Attr = ] C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:37 PM | Attr = ] c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:40 PM | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:42 PM | Attr = ] c_737.nls -> %SystemRoot%\System32\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] c_852.nls -> %SystemRoot%\System32\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:33 PM | Attr = ] c_855.nls -> %SystemRoot%\System32\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:35 PM | Attr = ] c_857.nls -> %SystemRoot%\System32\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:40 PM | Attr = ] c_866.nls -> %SystemRoot%\System32\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:35 PM | Attr = ] c_869.nls -> %SystemRoot%\System32\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] c_875.nls -> %SystemRoot%\System32\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/27/2008 2:53:36 PM | Attr = ] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 1324 bytes | Created Date = 1/27/2008 9:44:13 PM | Attr = ] Dell -> %SystemRoot%\System32\Dell -> [Folder | Created Date = 1/27/2008 10:27:57 PM | Attr = ] desktop.ini -> %SystemRoot%\System32\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 1/27/2008 9:01:16 PM | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Created Date = 1/27/2008 9:01:38 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 1/27/2008 8:59:40 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 2/2/2008 7:46:16 AM | Attr = ] EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 268600 bytes | Created Date = 1/27/2008 2:52:50 PM | Attr = ] gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] gebcywu.dll -> %SystemRoot%\System32\gebcywu.dll -> [Ver = | Size = 37888 bytes | Created Date = 3/27/2008 5:48:48 AM | Attr = ] H@tKeysH@@k.DLL -> %SystemRoot%\System32\H@tKeysH@@k.DLL -> [Ver = | Size = 20480 bytes | Created Date = 3/13/2008 10:30:55 PM | Attr = ] hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/27/2008 8:57:47 PM | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 1/27/2008 8:57:21 PM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] IME -> %SystemRoot%\System32\IME -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/27/2008 9:00:48 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/28/2008 11:02:31 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/28/2008 11:02:31 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/28/2008 11:02:31 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/28/2008 11:02:31 PM | Attr = ] kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] kill.vbs -> %SystemRoot%\System32\kill.vbs -> [Ver = | Size = 2644 bytes | Created Date = 3/27/2008 5:50:18 AM | Attr = ] korean.uce -> %SystemRoot%\System32\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 1/27/2008 11:16:00 PM | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 1/27/2008 9:02:02 PM | Attr = RH ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 1/27/2008 9:01:02 PM | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Created Date = 1/27/2008 9:07:12 PM | Attr = S] mivthihe.ini -> %SystemRoot%\System32\mivthihe.ini -> [Ver = | Size = 1583511 bytes | Created Date = 3/28/2008 5:53:19 AM | Attr = HS] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Created Date = 1/27/2008 8:57:18 PM | Attr = ] msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 1/27/2008 8:57:38 PM | Attr = ] msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 1/27/2008 8:57:38 PM | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] mypixdx.chm -> %SystemRoot%\System32\mypixdx.chm -> [Ver = | Size = 11452 bytes | Created Date = 1/27/2008 8:59:04 PM | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/27/2008 9:01:56 PM | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 1/27/2008 9:03:05 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 138893 bytes | Created Date = 1/27/2008 9:52:50 PM | Attr = ] nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 17525 bytes | Created Date = 1/27/2008 9:52:16 PM | Attr = ] nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 1/27/2008 9:52:16 PM | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/27/2008 9:01:56 PM | Attr = RH ] Odbcjet.cnt -> %SystemRoot%\System32\Odbcjet.cnt -> [Ver = | Size = 7348 bytes | Created Date = 1/27/2008 9:32:08 PM | Attr = ] Odbcjet.hlp -> %SystemRoot%\System32\Odbcjet.hlp -> [Ver = | Size = 171967 bytes | Created Date = 1/27/2008 9:32:08 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] OpenAL32.dll -> %SystemRoot%\System32\OpenAL32.dll -> Portions (C) Creative Labs Inc. and NVIDIA Corp. [Ver = 6.14.0357.22 | Size = 115432 bytes | Created Date = 2/25/2008 11:30:32 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 516804 bytes | Created Date = 1/27/2008 2:53:46 PM | Attr = ] PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Created Date = 1/27/2008 11:16:00 PM | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Created Date = 1/27/2008 11:16:06 PM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 1/27/2008 9:42:03 PM | Attr = ] QuickTime -> %SystemRoot%\System32\QuickTime -> [Folder | Created Date = 2/29/2008 8:00:11 AM | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Created Date = 1/27/2008 9:49:44 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Created Date = 1/27/2008 9:00:49 PM | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/27/2008 9:01:56 PM | Attr = RH ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] SetupBD.din -> %SystemRoot%\System32\SetupBD.din -> [Ver = | Size = 1904 bytes | Created Date = 1/27/2008 9:35:54 PM | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 1/27/2008 9:40:04 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/27/2008 2:53:31 PM | Attr = ] stacapi.dll -> %SystemRoot%\System32\stacapi.dll -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 | Size = 200704 bytes | Created Date = 1/27/2008 10:13:46 PM | Attr = ] stacgui.cpl -> %SystemRoot%\System32\stacgui.cpl -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 | Size = 3592192 bytes | Created Date = 1/27/2008 10:14:00 PM | Attr = ] staco.dll -> %SystemRoot%\System32\staco.dll -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 built by: WinDDK | Size = 112128 bytes | Created Date = 1/27/2008 10:13:58 PM | Attr = ] stlang.dll -> %SystemRoot%\System32\stlang.dll -> SigmaTel, Inc. [Ver = 1.2.4995.0 nd229 cp1 | Size = 1052672 bytes | Created Date = 1/27/2008 10:14:00 PM | Attr = ] subrange.uce -> %SystemRoot%\System32\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 1/27/2008 8:57:41 PM | Attr = ] tslabels.h -> %SystemRoot%\System32\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 1/27/2008 8:57:39 PM | Attr = ] tslabels.ini -> %SystemRoot%\System32\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 1/27/2008 8:57:39 PM | Attr = ] URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Created Date = 1/27/2008 9:14:08 PM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 1/27/2008 8:57:39 PM | Attr = ] vmm32 -> %SystemRoot%\System32\vmm32 -> [Folder | Created Date = 1/27/2008 10:11:18 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 1/27/2008 9:02:02 PM | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 1/27/2008 8:57:32 PM | Attr = ] wrap_oal.dll -> %SystemRoot%\System32\wrap_oal.dll -> Creative Labs [Ver = 2.1.8.1 | Size = 418480 bytes | Created Date = 2/25/2008 11:30:32 PM | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 1/27/2008 9:01:56 PM | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 1/27/2008 9:04:03 PM | Attr = ] xlive -> %SystemRoot%\System32\xlive -> [Folder | Created Date = 3/14/2008 10:45:15 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 2/27/2008 6:54:48 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 1/27/2008 9:03:20 PM | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 1/27/2008 9:41:55 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2/2/2008 7:45:53 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2/2/2008 7:45:40 AM | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 1/27/2008 8:59:59 PM | Attr = R S] Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 1/27/2008 9:06:22 PM | Attr = S] Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 1/27/2008 9:03:10 PM | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] dell -> %SystemRoot%\dell -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 1/27/2008 9:01:16 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 1/27/2008 9:02:02 PM | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = R S] Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2/2/2008 7:46:03 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2/2/2008 7:46:35 AM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 1/27/2008 2:53:49 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 1/27/2008 2:53:46 PM | Attr = HS] Irremote.ini -> %SystemRoot%\Irremote.ini -> [Ver = | Size = 0 bytes | Created Date = 3/27/2008 11:18:44 PM | Attr = ] java -> %SystemRoot%\java -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> [Ver = | Size = 327 bytes | Created Date = 2/4/2008 2:44:39 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 1/27/2008 8:59:23 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 3/20/2008 7:53:38 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 679 bytes | Created Date = 2/14/2008 10:19:21 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] MyDrivers.ini -> %SystemRoot%\MyDrivers.ini -> [Ver = | Size = 160 bytes | Created Date = 1/27/2008 10:56:48 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 2/29/2008 12:47:42 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2/2/2008 7:44:47 AM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 1/27/2008 10:03:18 PM | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 1/27/2008 2:53:46 PM | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 1/27/2008 9:02:02 PM | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 1/27/2008 9:07:12 PM | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 3/28/2008 5:50:47 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 3/28/2008 5:36:08 PM | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 1/27/2008 9:17:05 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 1/27/2008 8:59:37 PM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 1/27/2008 9:07:01 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 2/25/2008 3:15:57 PM | Attr = ] Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 1/27/2008 9:07:16 PM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 1/27/2008 9:01:03 PM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4682.0 nd267 cp1 | Size = 393216 bytes | Created Date = 1/27/2008 10:14:00 PM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 1/28/2008 11:02:39 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 1/27/2008 9:01:07 PM | Attr = S] Tcsofla.INI -> %SystemRoot%\Tcsofla.INI -> [Ver = | Size = 643 bytes | Created Date = 1/31/2008 11:23:42 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.926.0 | Size = 299520 bytes | Created Date = 2/4/2008 2:44:11 PM | Attr = ] unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.6.1 | Size = 90112 bytes | Created Date = 2/29/2008 8:00:52 AM | Attr = ] unvise32qt.exe -> %SystemRoot%\unvise32qt.exe -> MindVision [Ver = 2.8.3 | Size = 86016 bytes | Created Date = 2/29/2008 8:00:48 AM | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 1/27/2008 8:59:38 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 1/27/2008 8:59:38 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2/2/2008 7:46:17 AM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = R ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 1/27/2008 9:01:56 PM | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 1/27/2008 9:01:16 PM | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 1/27/2008 9:01:16 PM | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 1/27/2008 2:46:19 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 1/27/2008 9:03:04 PM | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Created Date = 2/4/2008 5:02:28 PM | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 1/27/2008 8:57:42 PM | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 1/27/2008 9:01:07 PM | Attr = RH ] Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 404 bytes | Created Date = 3/4/2008 5:25:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 1/27/2008 9:07:12 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 2/25/2008 4:50:26 PM | Attr = ] Azureus -> %AllUsersProfile%\Application Data\Azureus -> [Folder | Created Date = 1/28/2008 11:03:38 PM | Attr = ] Cabela's Trophy Bucks Saves -> %AllUsersProfile%\Application Data\Cabela's Trophy Bucks Saves -> [Folder | Created Date = 2/24/2008 10:12:34 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = HS] DIGStream -> %AllUsersProfile%\Application Data\DIGStream -> [Folder | Created Date = 1/27/2008 9:12:33 PM | Attr = ] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Created Date = 2/14/2008 11:58:47 PM | Attr = ] InstallShield -> %AllUsersProfile%\Application Data\InstallShield -> [Folder | Created Date = 1/29/2008 8:04:25 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Created Date = 1/27/2008 2:53:09 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 2/25/2008 3:15:28 PM | Attr = ] MumboJumbo -> %AllUsersProfile%\Application Data\MumboJumbo -> [Folder | Created Date = 3/20/2008 11:30:01 AM | Attr = ] Nero -> %AllUsersProfile%\Application Data\Nero -> [Folder | Created Date = 2/23/2008 1:18:39 PM | Attr = ] QuickTime -> %AllUsersProfile%\Application Data\QuickTime -> [Folder | Created Date = 2/29/2008 7:59:57 AM | Attr = ] Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [Folder | Created Date = 3/20/2008 11:29:44 AM | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 1/27/2008 9:44:49 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 1/28/2008 12:24:25 AM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Created Date = 1/28/2008 11:03:37 PM | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Created Date = 1/28/2008 11:30:24 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 1/27/2008 9:07:49 PM | Attr = HS] Help -> %AppData%\Help -> [Folder | Created Date = 3/3/2008 9:24:26 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 1/27/2008 9:18:55 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 3/20/2008 7:48:39 PM | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 2/26/2008 6:03:28 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 2/12/2008 1:45:07 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 1/28/2008 12:24:25 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 1/27/2008 9:07:49 PM | Attr = S] Move Networks -> %AppData%\Move Networks -> [Folder | Created Date = 1/28/2008 12:24:53 AM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 1/27/2008 10:03:12 PM | Attr = ] Nero -> %AppData%\Nero -> [Folder | Created Date = 2/23/2008 1:20:48 PM | Attr = ] RipIt4Me -> %AppData%\RipIt4Me -> [Folder | Created Date = 2/14/2008 11:56:23 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 1/28/2008 11:02:03 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 2/4/2008 4:55:01 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 1/28/2008 11:07:12 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 2/25/2008 4:50:46 PM | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 2/23/2008 1:21:30 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Created Date = 1/27/2008 9:12:28 PM | Attr = ] Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations -> [Folder | Created Date = 2/25/2008 11:37:29 PM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 126 bytes | Created Date = 1/27/2008 9:12:29 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 69624 bytes | Created Date = 1/27/2008 9:43:31 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 3/3/2008 9:24:26 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2645842 bytes | Created Date = 1/27/2008 9:34:15 PM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 1/31/2008 12:21:12 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 1/27/2008 9:07:49 PM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 2/25/2008 3:15:38 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 1/27/2008 10:03:12 PM | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 3/27/2008 5:49:33 AM | Attr = ] World in Conflict -> %UserProfile%\Local Settings\Application Data\World in Conflict -> [Folder | Created Date = 3/20/2008 7:25:03 PM | Attr = ] Xenocode -> %UserProfile%\Local Settings\Application Data\Xenocode -> [Folder | Created Date = 3/15/2008 4:12:50 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 138 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = HS] make it work -> %AllUsersProfile%\Documents\make it work -> [Folder | Created Date = 2/25/2008 5:25:12 PM | Attr = ] MCE Logs -> %AllUsersProfile%\Documents\MCE Logs -> [Folder | Created Date = 3/10/2008 10:33:33 AM | Attr = HS] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Created Date = 1/27/2008 9:00:31 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Created Date = 1/27/2008 8:58:13 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Created Date = 1/27/2008 8:57:04 PM | Attr = R ] Recorded TV -> %AllUsersProfile%\Documents\Recorded TV -> [Folder | Created Date = 1/27/2008 9:07:22 PM | Attr = ] The Club Game Save Data -> %AllUsersProfile%\Documents\The Club Game Save Data -> [Folder | Created Date = 3/14/2008 10:46:08 PM | Attr = ] 25 to Life -> %UserProfile%\My Documents\25 to Life -> [Folder | Created Date = 1/29/2008 7:21:05 PM | Attr = ] 1 C:\Documents and Settings\don\My Documents\*.tmp files -> C:\Documents and Settings\don\My Documents\*.tmp -> Ashley Arnold.docx -> %UserProfile%\My Documents\Ashley Arnold.docx -> [Ver = | Size = 13675 bytes | Created Date = 3/1/2008 2:31:34 AM | Attr = ] Azureus Downloads -> %UserProfile%\My Documents\Azureus Downloads -> [Folder | Created Date = 1/28/2008 11:03:42 PM | Attr = ] car ad.htm -> %UserProfile%\My Documents\car ad.htm -> [Ver = | Size = 92050 bytes | Created Date = 3/4/2008 7:22:24 PM | Attr = ] car ad2.jpg -> %UserProfile%\My Documents\car ad2.jpg -> [Ver = | Size = 40993 bytes | Created Date = 3/4/2008 7:29:31 PM | Attr = ] car ad3.jpg -> %UserProfile%\My Documents\car ad3.jpg -> [Ver = | Size = 110236 bytes | Created Date = 3/4/2008 7:29:53 PM | Attr = ] car ad_files -> %UserProfile%\My Documents\car ad_files -> [Folder | Created Date = 3/4/2008 7:21:59 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 74 bytes | Created Date = 1/27/2008 9:18:51 PM | Attr = HS] DVDFab -> %UserProfile%\My Documents\DVDFab -> [Folder | Created Date = 2/15/2008 12:04:07 AM | Attr = ] EA Games -> %UserProfile%\My Documents\EA Games -> [Folder | Created Date = 3/22/2008 8:23:30 PM | Attr = ] Eidos -> %UserProfile%\My Documents\Eidos -> [Folder | Created Date = 2/25/2008 11:41:13 PM | Attr = ] essay 3.docx -> %UserProfile%\My Documents\essay 3.docx -> [Ver = | Size = 16043 bytes | Created Date = 3/12/2008 4:37:05 PM | Attr = ] housecleaning.rtf -> %UserProfile%\My Documents\housecleaning.rtf -> [Ver = | Size = 764 bytes | Created Date = 3/14/2008 6:56:09 AM | Attr = ] images.jpg -> %UserProfile%\My Documents\images.jpg -> [Ver = | Size = 1013 bytes | Created Date = 3/13/2008 8:57:49 PM | Attr = ] jennifer lopez see thru nipples on stage hothotdog resize.jpg -> %UserProfile%\My Documents\jennifer lopez see thru nipples on stage hothotdog resize.jpg -> [Ver = | Size = 104058 bytes | Created Date = 3/27/2008 11:23:43 PM | Attr = ] Jessica_Biel-SeeThru.jpg -> %UserProfile%\My Documents\Jessica_Biel-SeeThru.jpg -> [Ver = | Size = 23762 bytes | Created Date = 3/27/2008 11:22:33 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 2/12/2008 1:45:12 PM | Attr = ] lindsay boobs.jpg -> %UserProfile%\My Documents\lindsay boobs.jpg -> [Ver = | Size = 44211 bytes | Created Date = 2/24/2008 11:26:27 PM | Attr = ] lindsay boobs2.jpg -> %UserProfile%\My Documents\lindsay boobs2.jpg -> [Ver = | Size = 43675 bytes | Created Date = 2/24/2008 11:26:51 PM | Attr = ] lindsay boobs3.jpg -> %UserProfile%\My Documents\lindsay boobs3.jpg -> [Ver = | Size = 34564 bytes | Created Date = 2/24/2008 11:27:14 PM | Attr = ] lindsay boobs4.jpg -> %UserProfile%\My Documents\lindsay boobs4.jpg -> [Ver = | Size = 31849 bytes | Created Date = 2/24/2008 11:27:40 PM | Attr = ] lindsay boobs5.jpg -> %UserProfile%\My Documents\lindsay boobs5.jpg -> [Ver = | Size = 28988 bytes | Created Date = 2/24/2008 11:28:00 PM | Attr = ] lindsay.jpg -> %UserProfile%\My Documents\lindsay.jpg -> [Ver = | Size = 58778 bytes | Created Date = 2/24/2008 11:25:14 PM | Attr = ] lindsay_lohan_seethru.jpg -> %UserProfile%\My Documents\lindsay_lohan_seethru.jpg -> [Ver = | Size = 56531 bytes | Created Date = 3/27/2008 11:22:19 PM | Attr = ] monroeout5.jpg -> %UserProfile%\My Documents\monroeout5.jpg -> [Ver = | Size = 21562 bytes | Created Date = 2/24/2008 11:23:58 PM | Attr = ] My Games -> %UserProfile%\My Documents\My Games -> [Folder | Created Date = 2/1/2008 2:23:14 PM | Attr = ] My Money Backup_2008-03-27_233347.mbf -> %UserProfile%\My Documents\My Money Backup_2008-03-27_233347.mbf -> [Ver = | Size = 373067 bytes | Created Date = 3/27/2008 11:33:49 PM | Attr = R ] My Money.mny -> %UserProfile%\My Documents\My Money.mny -> [Ver = | Size = 3538944 bytes | Created Date = 3/27/2008 11:26:02 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 1/27/2008 9:18:51 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 1/27/2008 9:18:51 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 2/8/2008 5:57:23 PM | Attr = R ] NFS ProStreet -> %UserProfile%\My Documents\NFS ProStreet -> [Folder | Created Date = 3/7/2008 7:49:27 PM | Attr = ] sm-spears-see-thru-001.jpg -> %UserProfile%\My Documents\sm-spears-see-thru-001.jpg -> [Ver = | Size = 106290 bytes | Created Date = 3/27/2008 11:23:05 PM | Attr = ] TCNYC -> %UserProfile%\My Documents\TCNYC -> [Folder | Created Date = 3/20/2008 9:44:21 PM | Attr = ] test.jpg -> %UserProfile%\My Documents\test.jpg -> [Ver = | Size = 3542 bytes | Created Date = 3/26/2008 10:27:02 PM | Attr = ] turtle ad 1.jpg -> %UserProfile%\My Documents\turtle ad 1.jpg -> [Ver = | Size = 46779 bytes | Created Date = 3/4/2008 7:36:20 PM | Attr = ] turtlead2.jpg -> %UserProfile%\My Documents\turtlead2.jpg -> [Ver = | Size = 40955 bytes | Created Date = 3/4/2008 8:37:23 PM | Attr = ] World in Conflict -> %UserProfile%\My Documents\World in Conflict -> [Folder | Created Date = 3/20/2008 7:24:46 PM | Attr = ] ~$ssay 3.docx -> %UserProfile%\My Documents\~$ssay 3.docx -> [Ver = | Size = 162 bytes | Created Date = 3/13/2008 11:44:46 AM | Attr = H ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 2/25/2008 4:50:32 PM | Attr = ] avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 797 bytes | Created Date = 1/27/2008 9:39:28 PM | Attr = ] Conflict Denied Ops.lnk -> %AllUsersProfile%\Desktop\Conflict Denied Ops.lnk -> [Ver = | Size = 2323 bytes | Created Date = 2/25/2008 11:37:09 PM | Attr = ] DAEMON Tools Lite.lnk -> %AllUsersProfile%\Desktop\DAEMON Tools Lite.lnk -> [Ver = | Size = 621 bytes | Created Date = 1/28/2008 11:30:24 PM | Attr = ] ESPN Motion.lnk -> %AllUsersProfile%\Desktop\ESPN Motion.lnk -> [Ver = | Size = 1637 bytes | Created Date = 1/27/2008 9:12:33 PM | Attr = ] Lexmark Z600 Series Solution Center.lnk -> %AllUsersProfile%\Desktop\Lexmark Z600 Series Solution Center.lnk -> [Ver = | Size = 753 bytes | Created Date = 2/4/2008 2:45:53 PM | Attr = ] Medal of Honor Pacific Assault(tm).lnk -> %AllUsersProfile%\Desktop\Medal of Honor Pacific Assault(tm).lnk -> [Ver = | Size = 935 bytes | Created Date = 3/22/2008 8:22:39 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 1/27/2008 9:38:09 PM | Attr = ] Need for Speed™ ProStreet.lnk -> %AllUsersProfile%\Desktop\Need for Speed™ ProStreet.lnk -> [Ver = | Size = 1705 bytes | Created Date = 3/7/2008 7:43:54 PM | Attr = ] Norton Security Scan.lnk -> %AllUsersProfile%\Desktop\Norton Security Scan.lnk -> [Ver = | Size = 2359 bytes | Created Date = 3/4/2008 5:25:01 PM | Attr = ] Pirates of the Caribbean Online.lnk -> %AllUsersProfile%\Desktop\Pirates of the Caribbean Online.lnk -> [Ver = | Size = 959 bytes | Created Date = 3/22/2008 11:54:33 PM | Attr = ] Play More Great Games!.url -> %AllUsersProfile%\Desktop\Play More Great Games!.url -> [Ver = | Size = 162 bytes | Created Date = 1/31/2008 12:00:47 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 605 bytes | Created Date = 2/29/2008 8:00:17 AM | Attr = ] World in Conflict - Online Only.lnk -> %AllUsersProfile%\Desktop\World in Conflict - Online Only.lnk -> [Ver = | Size = 930 bytes | Created Date = 3/20/2008 3:01:53 PM | Attr = ] World in Conflict.lnk -> %AllUsersProfile%\Desktop\World in Conflict.lnk -> [Ver = | Size = 889 bytes | Created Date = 3/20/2008 3:01:53 PM | Attr = ] Zuma Deluxe.lnk -> %AllUsersProfile%\Desktop\Zuma Deluxe.lnk -> [Ver = | Size = 840 bytes | Created Date = 1/31/2008 12:00:47 PM | Attr = ] 3119048.pdf -> %UserProfile%\Desktop\3119048.pdf -> [Ver = | Size = 170689 bytes | Created Date = 2/25/2008 4:47:04 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\3119048.pdf:Zone.Identifier Advanced Business Card Maker.lnk -> %UserProfile%\Desktop\Advanced Business Card Maker.lnk -> [Ver = | Size = 612 bytes | Created Date = 3/26/2008 10:12:00 PM | Attr = ] Always Current Business Card.lnk -> %UserProfile%\Desktop\Always Current Business Card.lnk -> [Ver = | Size = 1812 bytes | Created Date = 3/26/2008 10:12:18 PM | Attr = ] America's Army Mission Editor.lnk -> %UserProfile%\Desktop\America's Army Mission Editor.lnk -> [Ver = | Size = 1716 bytes | Created Date = 1/27/2008 10:00:02 PM | Attr = ] America's Army.lnk -> %UserProfile%\Desktop\America's Army.lnk -> [Ver = | Size = 1794 bytes | Created Date = 1/27/2008 10:00:02 PM | Attr = ] Azureus Vuze.lnk -> %UserProfile%\Desktop\Azureus Vuze.lnk -> [Ver = | Size = 646 bytes | Created Date = 1/29/2008 10:39:11 PM | Attr = ] Azureus_3.0.4.2_windows.exe -> %UserProfile%\Desktop\Azureus_3.0.4.2_windows.exe -> Azureus, Inc. [Ver = Vuze | Size = 7792648 bytes | Created Date = 1/28/2008 10:55:21 PM | Attr = ] Belltech Business Card Designer Pro.lnk -> %UserProfile%\Desktop\Belltech Business Card Designer Pro.lnk -> [Ver = | Size = 587 bytes | Created Date = 3/27/2008 5:43:36 AM | Attr = ] ChipUtil.exe -> %UserProfile%\Desktop\ChipUtil.exe -> Intel® Corporation [Ver = 3.22 | Size = 221184 bytes | Created Date = 1/27/2008 10:04:39 PM | Attr = ] daemon4120-lite.exe -> %UserProfile%\Desktop\daemon4120-lite.exe -> DT Soft Ltd. [Ver = 4.12.0.0.0 | Size = 3657160 bytes | Created Date = 1/28/2008 11:28:12 PM | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 631 bytes | Created Date = 2/14/2008 10:19:38 PM | Attr = ] DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk -> [Ver = | Size = 731 bytes | Created Date = 2/14/2008 11:59:47 PM | Attr = ] DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [Ver = | Size = 556 bytes | Created Date = 2/14/2008 11:58:46 PM | Attr = ] DVDFab HD Decrypter 4.lnk -> %UserProfile%\Desktop\DVDFab HD Decrypter 4.lnk -> [Ver = | Size = 598 bytes | Created Date = 2/15/2008 12:01:49 AM | Attr = ] Elf Bowling 7.lnk -> %UserProfile%\Desktop\Elf Bowling 7.lnk -> [Ver = | Size = 702 bytes | Created Date = 3/20/2008 11:29:38 AM | Attr = ] GameShadow.lnk -> %UserProfile%\Desktop\GameShadow.lnk -> [Ver = | Size = 1832 bytes | Created Date = 2/25/2008 11:37:37 PM | Attr = ] GameSpy Arcade.lnk -> %UserProfile%\Desktop\GameSpy Arcade.lnk -> [Ver = | Size = 683 bytes | Created Date = 2/1/2008 2:31:42 PM | Attr = ] Halo.lnk -> %UserProfile%\Desktop\Halo.lnk -> [Ver = | Size = 806 bytes | Created Date = 2/1/2008 2:31:35 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 537 bytes | Created Date = 3/31/2008 11:48:23 AM | Attr = ] install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1491592 bytes | Created Date = 1/28/2008 12:23:43 AM | Attr = ] jre-6u3-windows-i586-p-s.exe -> %UserProfile%\Desktop\jre-6u3-windows-i586-p-s.exe -> [Ver = | Size = 14603672 bytes | Created Date = 1/28/2008 11:01:04 PM | Attr = ] Kuma Games.lnk -> %UserProfile%\Desktop\Kuma Games.lnk -> [Ver = | Size = 1542 bytes | Created Date = 3/15/2008 4:12:19 PM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1580 bytes | Created Date = 2/12/2008 1:45:01 PM | Attr = ] MagicISO.lnk -> %UserProfile%\Desktop\MagicISO.lnk -> [Ver = | Size = 595 bytes | Created Date = 2/28/2008 5:47:17 PM | Attr = ] Media Center.lnk -> %UserProfile%\Desktop\Media Center.lnk -> [Ver = | Size = 1394 bytes | Created Date = 1/27/2008 9:15:13 PM | Attr = ] MoveMediaPlayer_07076007.exe -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe -> [Ver = | Size = 779536 bytes | Created Date = 3/21/2008 6:02:50 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe:Zone.Identifier My Drivers.lnk -> %UserProfile%\Desktop\My Drivers.lnk -> [Ver = | Size = 541 bytes | Created Date = 1/27/2008 10:56:17 PM | Attr = ] my music -> %UserProfile%\Desktop\my music -> [Folder | Created Date = 2/12/2008 2:04:14 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 3/31/2008 1:45:57 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541278 bytes | Created Date = 3/31/2008 1:45:39 PM | Attr = ] Play True Crime® New York City.lnk -> %UserProfile%\Desktop\Play True Crime® New York City.lnk -> [Ver = | Size = 850 bytes | Created Date = 1/28/2008 11:36:09 PM | Attr = ] ProStreet Trainer.exe -> %UserProfile%\Desktop\ProStreet Trainer.exe -> [Ver = | Size = 180736 bytes | Created Date = 3/13/2008 10:34:25 PM | Attr = ] R108276.EXE -> %UserProfile%\Desktop\R108276.EXE -> [Ver = 1.3.1.12 | Size = 5703920 bytes | Created Date = 1/27/2008 10:13:16 PM | Attr = ] RipIt4Me.exe -> %UserProfile%\Desktop\RipIt4Me.exe -> [Ver = 1, 7, 1, 0 | Size = 643072 bytes | Created Date = 2/14/2008 11:56:54 PM | Attr = ] rld-nyca.rar -> %UserProfile%\Desktop\rld-nyca.rar -> [Ver = | Size = 5944670 bytes | Created Date = 1/28/2008 10:53:29 PM | Attr = ] SF A-Team Videos.lnk -> %UserProfile%\Desktop\SF A-Team Videos.lnk -> [Ver = | Size = 1805 bytes | Created Date = 1/27/2008 10:00:02 PM | Attr = ] Shortcut to halo.exe.lnk -> %UserProfile%\Desktop\Shortcut to halo.exe.lnk -> [Ver = | Size = 576 bytes | Created Date = 2/1/2008 2:23:06 PM | Attr = ] Soldier of Fortune Payback.lnk -> %UserProfile%\Desktop\Soldier of Fortune Payback.lnk -> [Ver = | Size = 1733 bytes | Created Date = 2/7/2008 11:37:22 PM | Attr = ] Soldier of Fortune Trainer.exe -> %UserProfile%\Desktop\Soldier of Fortune Trainer.exe -> [Ver = | Size = 183296 bytes | Created Date = 2/7/2008 11:41:20 PM | Attr = ] sound-pqg32-hd-xpmce-51049460.zip -> %UserProfile%\Desktop\sound-pqg32-hd-xpmce-51049460.zip -> [Ver = | Size = 12250547 bytes | Created Date = 1/27/2008 10:25:43 PM | Attr = ] The Club.lnk -> %UserProfile%\Desktop\The Club.lnk -> [Ver = | Size = 676 bytes | Created Date = 3/14/2008 10:46:04 PM | Attr = ] The Rosetta Stone.lnk -> %UserProfile%\Desktop\The Rosetta Stone.lnk -> [Ver = | Size = 893 bytes | Created Date = 2/29/2008 7:59:38 AM | Attr = ] trainer.exe -> %UserProfile%\Desktop\trainer.exe -> [Ver = | Size = 33280 bytes | Created Date = 2/10/2008 10:48:41 PM | Attr = ] TratBHO Remover.exe -> %UserProfile%\Desktop\TratBHO Remover.exe -> [Ver = | Size = 924672 bytes | Created Date = 3/27/2008 10:36:59 PM | Attr = ] True Crime - Streets of LA.lnk -> %UserProfile%\Desktop\True Crime - Streets of LA.lnk -> [Ver = | Size = 611 bytes | Created Date = 1/31/2008 11:34:09 PM | Attr = ] True_Crime_trn.exe -> %UserProfile%\Desktop\True_Crime_trn.exe -> [Ver = | Size = 19680 bytes | Created Date = 2/1/2008 12:38:37 AM | Attr = ] Visual Business Cards 4.lnk -> %UserProfile%\Desktop\Visual Business Cards 4.lnk -> [Ver = | Size = 550 bytes | Created Date = 3/26/2008 10:11:39 PM | Attr = ] win2k_xp14323.exe -> %UserProfile%\Desktop\win2k_xp14323.exe -> Intel Corporation [Ver = null | Size = 18116088 bytes | Created Date = 1/27/2008 10:05:17 PM | Attr = ] WinDriverExpert.zip -> %UserProfile%\Desktop\WinDriverExpert.zip -> [Ver = | Size = 999207 bytes | Created Date = 1/27/2008 10:55:51 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 1/27/2008 2:53:24 PM | Attr = HS] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 1/27/2008 9:07:49 PM | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2/25/2008 4:50:18 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 2/25/2008 3:18:00 PM | Attr = ] DirectX -> %CommonProgramFiles%\DirectX -> [Folder | Created Date = 3/20/2008 9:44:21 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 1/27/2008 9:20:50 PM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 1/28/2008 11:02:16 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Created Date = 1/27/2008 2:53:43 PM | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Created Date = 1/27/2008 9:01:06 PM | Attr = ] Nero -> %CommonProgramFiles%\Nero -> [Folder | Created Date = 2/23/2008 1:18:39 PM | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Created Date = 1/27/2008 2:53:46 PM | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Created Date = 1/27/2008 9:01:09 PM | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Created Date = 1/27/2008 2:53:43 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 3/9/2008 6:01:37 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Created Date = 1/27/2008 9:00:36 PM | Attr = ] [Files/Folders - Modified Within 30 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 3/31/2008 11:31:26 AM | Attr = HS] drivers -> %SystemDrive%\drivers -> [Folder | Modified Date = 3/23/2008 12:28:57 AM | Attr = ] My Money Backup_2008-03-27_233415.mbf -> %SystemDrive%\My Money Backup_2008-03-27_233415.mbf -> [Ver = | Size = 372687 bytes | Modified Date = 3/27/2008 11:34:16 PM | Attr = R ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/27/2008 11:20:52 PM | Attr = R ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/31/2008 11:34:24 AM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 3/31/2008 12:45:24 PM | Attr = ] wic -> %SystemDrive%\wic -> [Folder | Modified Date = 3/20/2008 12:21:33 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/31/2008 12:54:08 PM | Attr = ] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 3/30/2008 12:24:07 AM | Attr = ] bbeeg.ini -> %SystemRoot%\System32\bbeeg.ini -> [Ver = | Size = 326121 bytes | Modified Date = 3/28/2008 7:07:08 PM | Attr = HS] bbeeg.ini2 -> %SystemRoot%\System32\bbeeg.ini2 -> [Ver = | Size = 326121 bytes | Modified Date = 3/28/2008 7:06:36 PM | Attr = HS] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/31/2008 12:54:17 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 3/28/2008 6:53:29 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 3/20/2008 3:02:19 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/27/2008 5:48:48 AM | Attr = RHS] gebcywu.dll -> %SystemRoot%\System32\gebcywu.dll -> [Ver = | Size = 37888 bytes | Modified Date = 3/27/2008 5:48:48 AM | Attr = ] H@tKeysH@@k.DLL -> %SystemRoot%\System32\H@tKeysH@@k.DLL -> [Ver = | Size = 20480 bytes | Modified Date = 3/13/2008 10:30:55 PM | Attr = ] kill.vbs -> %SystemRoot%\System32\kill.vbs -> [Ver = | Size = 2644 bytes | Modified Date = 3/31/2008 12:55:21 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 3/11/2008 8:48:24 PM | Attr = ] mivthihe.ini -> %SystemRoot%\System32\mivthihe.ini -> [Ver = | Size = 1583511 bytes | Modified Date = 3/28/2008 5:53:22 AM | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 70968 bytes | Modified Date = 3/16/2008 12:43:40 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 439264 bytes | Modified Date = 3/16/2008 12:43:40 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 516804 bytes | Modified Date = 3/16/2008 12:43:39 AM | Attr = ] PnkBstrA.exe -> %SystemRoot%\System32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 3/13/2008 9:25:00 PM | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 3/30/2008 12:24:00 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 3/16/2008 12:43:41 AM | Attr = ] xlive -> %SystemRoot%\System32\xlive -> [Folder | Modified Date = 3/14/2008 10:45:15 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/14/2008 10:44:41 PM | Attr = R S] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/31/2008 12:53:56 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/22/2008 11:54:18 PM | Attr = S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/27/2008 11:20:00 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/27/2008 11:19:49 PM | Attr = HS] Irremote.ini -> %SystemRoot%\Irremote.ini -> [Ver = | Size = 0 bytes | Modified Date = 3/27/2008 11:18:44 PM | Attr = ] LEXSTAT.INI -> %SystemRoot%\LEXSTAT.INI -> [Ver = | Size = 327 bytes | Modified Date = 3/26/2008 10:35:47 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/20/2008 7:53:38 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 3/22/2008 12:53:49 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/31/2008 1:46:18 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 3/28/2008 5:51:00 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 3/28/2008 7:07:05 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/31/2008 12:54:16 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 3/27/2008 10:40:11 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/31/2008 11:31:26 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/31/2008 12:59:19 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/4/2008 5:25:00 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/31/2008 1:47:50 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 3/31/2008 11:31:26 AM | Attr = ] Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 404 bytes | Modified Date = 3/30/2008 8:34:15 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/31/2008 12:54:00 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 9204 bytes | Modified Date = 3/31/2008 12:54:57 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9204 bytes | Modified Date = 3/31/2008 12:54:57 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8308 bytes | Modified Date = 3/28/2008 7:20:30 PM | Attr = ] DXSETUP.exe -> C:\Documents and Settings\don\Local Settings\Temp\DXSETUP.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 503144 bytes | Modified Date = 9/18/2007 3:59:50 PM | Attr = ] i4jdel0.exe -> C:\Documents and Settings\don\Local Settings\Temp\i4jdel0.exe -> [Ver = | Size = 4608 bytes | Modified Date = 2/25/2008 2:38:27 PM | Attr = ] SPTDinst-x64.exe -> C:\Documents and Settings\don\Local Settings\Temp\SPTDinst-x64.exe -> Duplex Secure Ltd. [Ver = 1.55.0.0 built by: WinDDK | Size = 1092080 bytes | Modified Date = 1/3/2008 9:55:33 AM | Attr = ] 459 C:\Documents and Settings\don\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\don\Local Settings\Temp\*.tmp -> ArcadeInstallMOHPA14d.exe -> C:\Documents and Settings\don\Local Settings\Temp\{45BC0E8C-5819-4F72-B7DB-32634A33B954}\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\ArcadeInstallMOHPA14d.exe -> [Ver = | Size = 5737744 bytes | Modified Date = 9/9/2004 5:17:18 PM | Attr = R ] xfire_mohpa_installer.exe -> C:\Documents and Settings\don\Local Settings\Temp\{45BC0E8C-5819-4F72-B7DB-32634A33B954}\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\xfire_mohpa_installer.exe -> [Ver = | Size = 922456 bytes | Modified Date = 9/1/2004 9:40:46 PM | Attr = R ] i4jdel.exe -> C:\Documents and Settings\don\Local Settings\Temp\e4j1C3.tmp_dir2910\i4jdel.exe -> [Ver = | Size = 4608 bytes | Modified Date = 2/1/2008 1:12:51 AM | Attr = ] NeroBar.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\NeroBar.exe -> Nero AG [Ver = 2, 1, 0, 3 | Size = 2282792 bytes | Modified Date = 12/7/2007 12:18:51 PM | Attr = ] SetupX.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\SetupX.exe -> Nero AG [Ver = 1, 9, 6, 0 | Size = 2553128 bytes | Modified Date = 12/7/2007 11:29:27 AM | Attr = ] Toolbar.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Toolbar.exe -> [Ver = | Size = 483328 bytes | Modified Date = 12/15/2006 9:50:29 AM | Attr = ] NL2WriteThrough.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\NL2WriteThrough.exe -> NERO AG [Ver = 1.0.0.1 | Size = 218408 bytes | Modified Date = 12/7/2007 11:29:27 AM | Attr = ] WindowsInstaller-KB884016-v2-x86.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\WindowsInstaller-KB884016-v2-x86.exe -> Microsoft Corporation [Ver = 6.1.0006.0 built by: main(hemchans) | Size = 2003176 bytes | Modified Date = 2/9/2007 7:59:27 AM | Attr = ] wmfdist.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\wmfdist.exe -> Microsoft Corporation [Ver = 9.00.00.2980 | Size = 4085904 bytes | Modified Date = 12/11/2002 2:11:50 PM | Attr = ] wmfdist95.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\wmfdist95.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 5649648 bytes | Modified Date = 8/10/2004 6:51:20 PM | Attr = ] dxsetup.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\DirectX\dxsetup.exe -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 484632 bytes | Modified Date = 8/14/2006 10:08:04 AM | Attr = ] NeroDelTmp.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Setup\NeroDelTmp.exe -> Nero AG [Ver = 1, 9, 6, 0 | Size = 1500456 bytes | Modified Date = 12/7/2007 11:29:27 AM | Attr = ] UninstallNero.exe -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Setup\UninstallNero.exe -> Nero AG [Ver = 1, 9, 6, 0 | Size = 1647912 bytes | Modified Date = 12/7/2007 11:29:27 AM | Attr = ] Install.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Install.exe -> Hewlett-Packard Development Company, L.P. [Ver = 1.0 | Size = 493055 bytes | Modified Date = 10/26/2004 4:29:40 PM | Attr = ] alcchkid.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\alcchkid.exe -> [Ver = 1, 0, 0, 3 | Size = 110592 bytes | Modified Date = 11/21/2003 4:48:00 PM | Attr = ] alcrmv.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\alcrmv.exe -> Realtek Semiconductor Corp. [Ver = 1, 8, 0, 0 | Size = 139264 bytes | Modified Date = 9/1/2004 9:04:00 PM | Attr = ] alcrmv9x.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\alcrmv9x.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 2 | Size = 126976 bytes | Modified Date = 11/21/2003 5:57:00 PM | Attr = ] alcupd.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\alcupd.exe -> Realtek Semiconductor Corp. [Ver = 1, 9, 0, 0 | Size = 208896 bytes | Modified Date = 9/10/2004 11:12:00 AM | Attr = ] ALCXDEV.EXE -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\ALCXDEV.EXE -> [Ver = | Size = 31388 bytes | Modified Date = 11/4/2003 1:55:00 PM | Attr = ] ChCfg.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\ChCfg.exe -> [Ver = | Size = 40448 bytes | Modified Date = 2/25/2004 7:00:00 PM | Attr = ] GETDXVER.EXE -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\GETDXVER.EXE -> [Ver = | Size = 40448 bytes | Modified Date = 8/8/2003 4:41:00 PM | Attr = ] SetCDfmt.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\SetCDfmt.exe -> [Ver = | Size = 23552 bytes | Modified Date = 12/3/2001 2:27:00 AM | Attr = ] Setup.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\Setup.exe -> InstallShield Software Corporation [Ver = 6, 10, 100, 1281 | Size = 139264 bytes | Modified Date = 1/10/2000 3:52:00 PM | Attr = ] Alcxmntr.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\WDM\Alcxmntr.exe -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 2:47:00 PM | Attr = ] RTLCPL.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\WDM\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.36 | Size = 9196032 bytes | Modified Date = 9/21/2004 12:13:00 PM | Attr = ] SoundMan.exe -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\WDM\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 69632 bytes | Modified Date = 9/16/2004 9:39:00 PM | Attr = ] TrueCrime.exe -> C:\Documents and Settings\don\Local Settings\Temp\Rar$DR01.375\TrueCrime.exe -> [Ver = | Size = 2932736 bytes | Modified Date = 5/31/2004 9:21:10 PM | Attr = R ] setup.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\setup.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 117200 bytes | Modified Date = 3/10/2006 5:41:00 AM | Attr = R ] kb888111srvrtm.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\srvrtm\us\kb888111srvrtm.exe -> Microsoft Corporation [Ver = 6.1.0022.0 (SRV03_QFE.031113-0918) | Size = 771288 bytes | Modified Date = 12/15/2005 12:36:04 AM | Attr = R ] kb835221.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\win2k_xp\us\kb835221.exe -> Microsoft Corporation [Ver = 6.1.0001.0 (srv03_qfe.030918-1543) | Size = 658136 bytes | Modified Date = 12/15/2005 12:36:46 AM | Attr = R ] KB901105.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\win2k3\jpn\KB901105.exe -> Microsoft Corporation [Ver = 3 | Size = 754928 bytes | Modified Date = 12/15/2005 12:36:18 AM | Attr = R ] kb901105.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\win2k3\us\kb901105.exe -> Microsoft Corporation [Ver = 3 | Size = 752368 bytes | Modified Date = 12/15/2005 12:36:30 AM | Attr = R ] kb888111w2ksp4.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\win2ksp4\us\kb888111w2ksp4.exe -> Microsoft Corporation [Ver = 6.1.0022.0 (SRV03_QFE.031113-0918) | Size = 742104 bytes | Modified Date = 12/15/2005 12:37:02 AM | Attr = R ] kb888111xpsp1.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\xpsp1\us\kb888111xpsp1.exe -> Microsoft Corporation [Ver = 6.1.0022.0 (SRV03_QFE.031113-0918) | Size = 774360 bytes | Modified Date = 12/15/2005 12:37:28 AM | Attr = R ] kb888111xpsp2.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\HDAQFE\xpsp2\us\kb888111xpsp2.exe -> Microsoft Corporation [Ver = 6.1.0022.0 (SRV03_QFE.031113-0918) | Size = 720088 bytes | Modified Date = 12/15/2005 12:37:40 AM | Attr = R ] stacsv.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\stacsv.exe -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 | Size = 77824 bytes | Modified Date = 2/14/2006 4:25:42 AM | Attr = R ] suhlp.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\suhlp.exe -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 built by: WinDDK | Size = 27136 bytes | Modified Date = 2/14/2006 4:24:02 AM | Attr = R ] mydrivers.exe -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for WinDriverExpert.zip\mydrivers.exe -> [Ver = | Size = 1010798 bytes | Modified Date = 7/14/2004 5:23:14 PM | Attr = ] CH.dll -> C:\Documents and Settings\don\Local Settings\Temp\CH.dll -> [Ver = | Size = 3072 bytes | Modified Date = 3/28/2008 11:39:10 PM | Attr = ] comver.dll -> C:\Documents and Settings\don\Local Settings\Temp\comver.dll -> [Ver = | Size = 40960 bytes | Modified Date = 6/1/2003 4:16:36 PM | Attr = ] drm_dialogs.dll -> C:\Documents and Settings\don\Local Settings\Temp\drm_dialogs.dll -> Sony DADC Austria AG [Ver = 1, 2, 0, 1 | Size = 46596 bytes | Modified Date = 3/20/2008 9:42:51 PM | Attr = ] drm_dyndata_7350007.dll -> C:\Documents and Settings\don\Local Settings\Temp\drm_dyndata_7350007.dll -> Sony DADC Austria AG [Ver = 1, 0, 0, 3 | Size = 212992 bytes | Modified Date = 2/25/2008 11:40:38 PM | Attr = ] DSETUP.dll -> C:\Documents and Settings\don\Local Settings\Temp\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 77160 bytes | Modified Date = 9/18/2007 3:59:50 PM | Attr = ] dsetup32.dll -> C:\Documents and Settings\don\Local Settings\Temp\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 1673576 bytes | Modified Date = 9/18/2007 3:59:50 PM | Attr = ] swt-awt-win32-3346.dll -> C:\Documents and Settings\don\Local Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 32768 bytes | Modified Date = 2/12/2008 2:00:49 PM | Attr = ] swt-gdip-win32-3347.dll -> C:\Documents and Settings\don\Local Settings\Temp\swt-gdip-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 77824 bytes | Modified Date = 1/29/2008 1:17:34 AM | Attr = ] swt-gdip-win32-3430.dll -> C:\Documents and Settings\don\Local Settings\Temp\swt-gdip-win32-3430.dll -> Eclipse Foundation [Ver = 3.430 | Size = 77824 bytes | Modified Date = 3/5/2008 11:54:11 PM | Attr = ] swt-win32-3346.dll -> C:\Documents and Settings\don\Local Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 2/12/2008 2:00:48 PM | Attr = ] swt-win32-3347.dll -> C:\Documents and Settings\don\Local Settings\Temp\swt-win32-3347.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 1/28/2008 11:03:38 PM | Attr = ] swt-win32-3430.dll -> C:\Documents and Settings\don\Local Settings\Temp\swt-win32-3430.dll -> Eclipse Foundation [Ver = 3.430 | Size = 323584 bytes | Modified Date = 3/5/2008 11:54:07 PM | Attr = ] 459 C:\Documents and Settings\don\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\don\Local Settings\Temp\*.tmp -> isrt.dll -> C:\Documents and Settings\don\Local Settings\Temp\{767721FA-56AB-4542-90AB-C43CDD22B3F6}\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\isrt.dll -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 409600 bytes | Modified Date = 7/16/2004 1:21:22 AM | Attr = ] _IsRes.dll -> C:\Documents and Settings\don\Local Settings\Temp\{767721FA-56AB-4542-90AB-C43CDD22B3F6}\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\_IsRes.dll -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 540772 bytes | Modified Date = 7/16/2004 2:30:54 AM | Attr = ] CTCabEx.DLL -> C:\Documents and Settings\don\Local Settings\Temp\{E644C6D2-0BA5-4C48-88E9-A1568FC154CB}\{2100B63A-F9E0-4D03-84C5-060DAB1D4FE9}\CTCabEx.DLL -> Creative Technology Ltd. [Ver = 1.0.1.0 | Size = 286720 bytes | Modified Date = 3/25/2004 2:10:00 AM | Attr = ] _ISUSER.DLL -> C:\Documents and Settings\don\Local Settings\Temp\{E644C6D2-0BA5-4C48-88E9-A1568FC154CB}\{2100B63A-F9E0-4D03-84C5-060DAB1D4FE9}\_ISUSER.DLL -> Creative Technology Ltd. [Ver = 2, 0, 60, 0 | Size = 131072 bytes | Modified Date = 9/1/2005 3:00:00 AM | Attr = ] i4jinst.dll -> C:\Documents and Settings\don\Local Settings\Temp\e4j1C3.tmp_dir2910\i4jinst.dll -> [Ver = | Size = 106496 bytes | Modified Date = 2/1/2008 1:12:51 AM | Attr = ] unicows.dll -> C:\Documents and Settings\don\Local Settings\Temp\e4j1C3.tmp_dir2910\unicows.dll -> Microsoft Corporation [Ver = 1.0.4018.0 | Size = 245408 bytes | Modified Date = 2/1/2008 1:12:51 AM | Attr = ] _shfoldr.dll -> C:\Documents and Settings\don\Local Settings\Temp\e4j1C3.tmp_dir2910\_shfoldr.dll -> Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 22528 bytes | Modified Date = 2/1/2008 1:12:51 AM | Attr = ] _Setup.dll -> C:\Documents and Settings\don\Local Settings\Temp\isp2E.tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 380928 bytes | Modified Date = 1/27/2008 10:34:21 PM | Attr = ] _Setup.dll -> C:\Documents and Settings\don\Local Settings\Temp\isp5EC.tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 147456 bytes | Modified Date = 3/22/2008 7:51:55 PM | Attr = ] AdvrCntr3.dll -> C:\Documents and Settings\don\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.89_14399\AdvrCntr3.dll -> Nero AG [Ver = 2,4,1, 312 | Size = 3429672 bytes | Modified Date = 12/13/2007 11:25:30 PM | Attr = ] ShellManager3.dll -> C:\Documents and Settings\don\Local Settings\Temp\nero.tmp\8.2.8.0_8.2.89_14399\ShellManager3.dll -> Nero AG [Ver = 8.2.4.1 | Size = 1262888 bytes | Modified Date = 12/13/2007 11:25:38 PM | Attr = ] InstGuru.dll -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\InstGuru.dll -> Nero AG [Ver = 1, 0, 0, 0 | Size = 120112 bytes | Modified Date = 12/7/2007 11:29:24 AM | Attr = ] DSETUP.dll -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\DirectX\DSETUP.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 74520 bytes | Modified Date = 8/14/2006 10:08:04 AM | Attr = ] dsetup32.dll -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Data\Redist\DirectX\dsetup32.dll -> Microsoft Corporation [Ver = 4.9.0.0904 | Size = 2248984 bytes | Modified Date = 8/14/2006 10:08:04 AM | Attr = ] NPS.dll -> C:\Documents and Settings\don\Local Settings\Temp\NERO14399\Setup\NPS.dll -> Nero AG [Ver = 1, 9, 6, 0 | Size = 4871464 bytes | Modified Date = 12/7/2007 11:29:27 AM | Attr = ] InstallOptions.dll -> C:\Documents and Settings\don\Local Settings\Temp\nsq3B.tmp\InstallOptions.dll -> [Ver = | Size = 12800 bytes | Modified Date = 1/29/2008 7:51:29 PM | Attr = ] StartMenu.dll -> C:\Documents and Settings\don\Local Settings\Temp\nsq3B.tmp\StartMenu.dll -> [Ver = | Size = 6656 bytes | Modified Date = 1/29/2008 7:51:42 PM | Attr = ] System.dll -> C:\Documents and Settings\don\Local Settings\Temp\nsq3B.tmp\System.dll -> [Ver = | Size = 9216 bytes | Modified Date = 1/29/2008 7:51:29 PM | Attr = ] System.dll -> C:\Documents and Settings\don\Local Settings\Temp\nsz14.tmp\System.dll -> [Ver = | Size = 9216 bytes | Modified Date = 1/29/2008 7:16:41 PM | Attr = ] WBDED44I.DLL -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\WBDED44I.DLL -> Wilson WindowWare, Inc. [Ver = 5.4fed | Size = 371581 bytes | Modified Date = 7/28/2004 12:26:00 PM | Attr = ] RtlCPAPI.dll -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\WDM\RtlCPAPI.dll -> [Ver = 1, 0, 0, 4 | Size = 156672 bytes | Modified Date = 9/7/2004 3:23:00 PM | Attr = ] OSETUP.DLL -> C:\Documents and Settings\don\Local Settings\Temp\Setup00000bac\OSETUP.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 6536992 bytes | Modified Date = 10/26/2006 9:07:04 PM | Attr = ] stacapi.dll -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\stacapi.dll -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 | Size = 200704 bytes | Modified Date = 2/14/2006 4:24:16 AM | Attr = R ] staco.dll -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\staco.dll -> SigmaTel, Inc. [Ver = 1.0.4946.0 nd412 cp1 built by: WinDDK | Size = 112128 bytes | Modified Date = 2/14/2006 4:25:08 AM | Attr = R ] stlang.dll -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\stlang.dll -> SigmaTel, Inc. [Ver = 1.2.4995.0 nd229 cp1 | Size = 1052672 bytes | Modified Date = 3/28/2006 11:02:00 PM | Attr = R ] {AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\don\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 586 bytes | Modified Date = 2/25/2008 4:50:13 PM | Attr = ] 459 C:\Documents and Settings\don\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\don\Local Settings\Temp\*.tmp -> 0x0409.ini -> C:\Documents and Settings\don\Local Settings\Temp\{2BEF8420-2462-48B9-A2BE-ED4A464ABB33}\0x0409.ini -> [Ver = | Size = 6187 bytes | Modified Date = 2/25/2008 11:29:52 PM | Attr = ] 0x040a.ini -> C:\Documents and Settings\don\Local Settings\Temp\{2BEF8420-2462-48B9-A2BE-ED4A464ABB33}\0x040a.ini -> [Ver = | Size = 7079 bytes | Modified Date = 2/25/2008 11:29:52 PM | Attr = ] 0x040c.ini -> C:\Documents and Settings\don\Local Settings\Temp\{2BEF8420-2462-48B9-A2BE-ED4A464ABB33}\0x040c.ini -> [Ver = | Size = 7310 bytes | Modified Date = 2/25/2008 11:29:52 PM | Attr = ] 0x0410.ini -> C:\Documents and Settings\don\Local Settings\Temp\{2BEF8420-2462-48B9-A2BE-ED4A464ABB33}\0x0410.ini -> [Ver = | Size = 6952 bytes | Modified Date = 2/25/2008 11:29:52 PM | Attr = ] Setup.INI -> C:\Documents and Settings\don\Local Settings\Temp\{2BEF8420-2462-48B9-A2BE-ED4A464ABB33}\Setup.INI -> [Ver = | Size = 2977 bytes | Modified Date = 2/25/2008 11:29:52 PM | Attr = ] _ISMSIDEL.INI -> C:\Documents and Settings\don\Local Settings\Temp\{2BEF8420-2462-48B9-A2BE-ED4A464ABB33}\_ISMSIDEL.INI -> [Ver = | Size = 469 bytes | Modified Date = 2/25/2008 11:29:52 PM | Attr = ] corecomp.ini -> C:\Documents and Settings\don\Local Settings\Temp\{767721FA-56AB-4542-90AB-C43CDD22B3F6}\corecomp.ini -> [Ver = | Size = 65503 bytes | Modified Date = 4/15/2002 6:04:36 PM | Attr = ] FontData.ini -> C:\Documents and Settings\don\Local Settings\Temp\{767721FA-56AB-4542-90AB-C43CDD22B3F6}\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\FontData.ini -> [Ver = | Size = 39 bytes | Modified Date = 3/9/2006 6:38:14 PM | Attr = ] setup.ini -> C:\Documents and Settings\don\Local Settings\Temp\iss2B.tmp\setup.ini -> [Ver = | Size = 927 bytes | Modified Date = 1/27/2008 10:34:20 PM | Attr = ] ioSpecial.ini -> C:\Documents and Settings\don\Local Settings\Temp\nsq3B.tmp\ioSpecial.ini -> [Ver = | Size = 743 bytes | Modified Date = 1/29/2008 7:51:34 PM | Attr = ] Setup.ini -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\Setup.ini -> [Ver = | Size = 2187 bytes | Modified Date = 10/11/2004 2:33:00 PM | Attr = ] SetupEx.ini -> C:\Documents and Settings\don\Local Settings\Temp\pft3C.tmp\Source\SetupEx.ini -> [Ver = | Size = 136 bytes | Modified Date = 9/13/2004 2:43:00 PM | Attr = ] Setup.ini -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\Setup.ini -> [Ver = | Size = 927 bytes | Modified Date = 7/6/2006 6:23:40 AM | Attr = R ] Sthda.ini -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\Sthda.ini -> [Ver = | Size = 653 bytes | Modified Date = 7/6/2006 6:23:52 AM | Attr = R ] T0461.INI -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\T0461.INI -> [Ver = | Size = 12243 bytes | Modified Date = 7/6/2006 6:23:50 AM | Attr = R ] T0471.INI -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\T0471.INI -> [Ver = | Size = 12480 bytes | Modified Date = 7/6/2006 6:23:50 AM | Attr = R ] T0471D.INI -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\T0471D.INI -> [Ver = | Size = 14283 bytes | Modified Date = 7/6/2006 6:23:50 AM | Attr = R ] T0472.INI -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\T0472.INI -> [Ver = | Size = 12584 bytes | Modified Date = 7/6/2006 6:23:50 AM | Attr = R ] T04F1.INI -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\T04F1.INI -> [Ver = | Size = 15960 bytes | Modified Date = 7/6/2006 6:23:50 AM | Attr = R ] T04F2.INI -> C:\Documents and Settings\don\Local Settings\Temp\Temporary Directory 1 for sound-pqg32-hd-xpmce-51049460.zip\Sound Driver\WDM\T04F2.INI -> [Ver = | Size = 15931 bytes | Modified Date = 7/6/2006 6:23:50 AM | Attr = R ] hhupd.exe -> C:\WINDOWS\Temp\hhupd.exe -> Microsoft Corporation [Ver = 4.74.8702 | Size = 721384 bytes | Modified Date = 12/3/1999 2:13:22 PM | Attr = ] 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> Perflib_Perfdata_3b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/27/2008 9:11:16 PM | Attr = ] Perflib_Perfdata_560.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_560.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/15/2008 4:38:48 PM | Attr = ] Perflib_Perfdata_5b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/20/2008 7:32:29 PM | Attr = ] Perflib_Perfdata_5c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/27/2008 8:35:47 AM | Attr = ] Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/29/2008 4:08:59 AM | Attr = ] Perflib_Perfdata_5ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/31/2008 12:54:00 PM | Attr = ] Perflib_Perfdata_5f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/28/2008 8:40:09 AM | Attr = ] Perflib_Perfdata_5f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/13/2008 12:42:40 PM | Attr = ] Perflib_Perfdata_600.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_600.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/26/2008 3:14:47 PM | Attr = ] Perflib_Perfdata_610.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_610.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/2/2008 7:57:59 AM | Attr = ] Perflib_Perfdata_630.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_630.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/31/2008 11:32:48 AM | Attr = ] 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Modified Date = 3/26/2008 12:39:35 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 3/27/2008 11:19:58 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 3/26/2008 10:39:15 PM | Attr = ] MumboJumbo -> %AllUsersProfile%\Application Data\MumboJumbo -> [Folder | Modified Date = 3/20/2008 11:30:01 AM | Attr = ] Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [Folder | Modified Date = 3/20/2008 11:29:44 AM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Modified Date = 3/28/2008 9:03:07 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 3/3/2008 9:24:26 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 3/20/2008 7:48:39 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 3/28/2008 5:45:27 AM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 3/11/2008 8:47:14 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 3/26/2008 10:39:15 PM | Attr = S] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 3/21/2008 6:03:03 AM | Attr = ] RipIt4Me -> %AppData%\RipIt4Me -> [Folder | Modified Date = 3/2/2008 4:54:12 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 3/24/2008 12:22:25 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/27/2008 11:18:21 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 3/3/2008 9:24:26 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2645842 bytes | Modified Date = 3/30/2008 10:49:38 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/27/2008 11:20:50 PM | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 3/27/2008 5:49:33 AM | Attr = ] World in Conflict -> %UserProfile%\Local Settings\Application Data\World in Conflict -> [Folder | Modified Date = 3/20/2008 7:25:03 PM | Attr = ] Xenocode -> %UserProfile%\Local Settings\Application Data\Xenocode -> [Folder | Modified Date = 3/15/2008 4:12:50 PM | Attr = ] MCE Logs -> %AllUsersProfile%\Documents\MCE Logs -> [Folder | Modified Date = 3/10/2008 10:33:33 AM | Attr = HS] The Club Game Save Data -> %AllUsersProfile%\Documents\The Club Game Save Data -> [Folder | Modified Date = 3/14/2008 10:46:10 PM | Attr = ] car ad.htm -> %UserProfile%\My Documents\car ad.htm -> [Ver = | Size = 92050 bytes | Modified Date = 3/4/2008 7:22:24 PM | Attr = ] car ad2.jpg -> %UserProfile%\My Documents\car ad2.jpg -> [Ver = | Size = 40993 bytes | Modified Date = 3/4/2008 7:29:31 PM | Attr = ] car ad3.jpg -> %UserProfile%\My Documents\car ad3.jpg -> [Ver = | Size = 110236 bytes | Modified Date = 3/4/2008 7:29:53 PM | Attr = ] car ad_files -> %UserProfile%\My Documents\car ad_files -> [Folder | Modified Date = 3/4/2008 7:22:24 PM | Attr = ] 1 C:\Documents and Settings\don\My Documents\*.tmp files -> C:\Documents and Settings\don\My Documents\*.tmp -> EA Games -> %UserProfile%\My Documents\EA Games -> [Folder | Modified Date = 3/22/2008 8:23:30 PM | Attr = ] essay 3.docx -> %UserProfile%\My Documents\essay 3.docx -> [Ver = | Size = 16043 bytes | Modified Date = 3/13/2008 12:57:35 PM | Attr = ] housecleaning.rtf -> %UserProfile%\My Documents\housecleaning.rtf -> [Ver = | Size = 764 bytes | Modified Date = 3/14/2008 6:56:09 AM | Attr = ] images.jpg -> %UserProfile%\My Documents\images.jpg -> [Ver = | Size = 1013 bytes | Modified Date = 3/13/2008 8:57:49 PM | Attr = ] jennifer lopez see thru nipples on stage hothotdog resize.jpg -> %UserProfile%\My Documents\jennifer lopez see thru nipples on stage hothotdog resize.jpg -> [Ver = | Size = 104058 bytes | Modified Date = 3/27/2008 11:23:43 PM | Attr = ] Jessica_Biel-SeeThru.jpg -> %UserProfile%\My Documents\Jessica_Biel-SeeThru.jpg -> [Ver = | Size = 23762 bytes | Modified Date = 3/27/2008 11:22:33 PM | Attr = ] lindsay_lohan_seethru.jpg -> %UserProfile%\My Documents\lindsay_lohan_seethru.jpg -> [Ver = | Size = 56531 bytes | Modified Date = 3/27/2008 11:22:19 PM | Attr = ] My Money Backup_2008-03-27_233347.mbf -> %UserProfile%\My Documents\My Money Backup_2008-03-27_233347.mbf -> [Ver = | Size = 373067 bytes | Modified Date = 3/27/2008 11:33:49 PM | Attr = R ] My Money.mny -> %UserProfile%\My Documents\My Money.mny -> [Ver = | Size = 3538944 bytes | Modified Date = 3/27/2008 11:34:17 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 3/10/2008 10:36:26 AM | Attr = R ] NFS ProStreet -> %UserProfile%\My Documents\NFS ProStreet -> [Folder | Modified Date = 3/7/2008 7:49:53 PM | Attr = ] sm-spears-see-thru-001.jpg -> %UserProfile%\My Documents\sm-spears-see-thru-001.jpg -> [Ver = | Size = 106290 bytes | Modified Date = 3/27/2008 11:23:05 PM | Attr = ] TCNYC -> %UserProfile%\My Documents\TCNYC -> [Folder | Modified Date = 3/20/2008 9:44:54 PM | Attr = ] test.jpg -> %UserProfile%\My Documents\test.jpg -> [Ver = | Size = 3542 bytes | Modified Date = 3/26/2008 10:27:02 PM | Attr = ] turtle ad 1.jpg -> %UserProfile%\My Documents\turtle ad 1.jpg -> [Ver = | Size = 46779 bytes | Modified Date = 3/4/2008 7:36:21 PM | Attr = ] turtlead2.jpg -> %UserProfile%\My Documents\turtlead2.jpg -> [Ver = | Size = 40955 bytes | Modified Date = 3/4/2008 8:37:24 PM | Attr = ] World in Conflict -> %UserProfile%\My Documents\World in Conflict -> [Folder | Modified Date = 3/20/2008 7:25:04 PM | Attr = ] ~$ssay 3.docx -> %UserProfile%\My Documents\~$ssay 3.docx -> [Ver = | Size = 162 bytes | Modified Date = 3/13/2008 11:44:46 AM | Attr = H ] Medal of Honor Pacific Assault(tm).lnk -> %AllUsersProfile%\Desktop\Medal of Honor Pacific Assault(tm).lnk -> [Ver = | Size = 935 bytes | Modified Date = 3/22/2008 11:37:54 PM | Attr = ] Need for Speed™ ProStreet.lnk -> %AllUsersProfile%\Desktop\Need for Speed™ ProStreet.lnk -> [Ver = | Size = 1705 bytes | Modified Date = 3/7/2008 7:43:54 PM | Attr = ] Norton Security Scan.lnk -> %AllUsersProfile%\Desktop\Norton Security Scan.lnk -> [Ver = | Size = 2359 bytes | Modified Date = 3/4/2008 5:25:01 PM | Attr = ] Pirates of the Caribbean Online.lnk -> %AllUsersProfile%\Desktop\Pirates of the Caribbean Online.lnk -> [Ver = | Size = 959 bytes | Modified Date = 3/22/2008 11:54:33 PM | Attr = ] World in Conflict - Online Only.lnk -> %AllUsersProfile%\Desktop\World in Conflict - Online Only.lnk -> [Ver = | Size = 930 bytes | Modified Date = 3/20/2008 3:01:53 PM | Attr = ] World in Conflict.lnk -> %AllUsersProfile%\Desktop\World in Conflict.lnk -> [Ver = | Size = 889 bytes | Modified Date = 3/20/2008 3:01:53 PM | Attr = ] Advanced Business Card Maker.lnk -> %UserProfile%\Desktop\Advanced Business Card Maker.lnk -> [Ver = | Size = 612 bytes | Modified Date = 3/26/2008 10:12:00 PM | Attr = ] Always Current Business Card.lnk -> %UserProfile%\Desktop\Always Current Business Card.lnk -> [Ver = | Size = 1812 bytes | Modified Date = 3/26/2008 10:12:18 PM | Attr = ] Belltech Business Card Designer Pro.lnk -> %UserProfile%\Desktop\Belltech Business Card Designer Pro.lnk -> [Ver = | Size = 587 bytes | Modified Date = 3/27/2008 5:43:36 AM | Attr = ] Elf Bowling 7.lnk -> %UserProfile%\Desktop\Elf Bowling 7.lnk -> [Ver = | Size = 702 bytes | Modified Date = 3/20/2008 11:29:38 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 537 bytes | Modified Date = 3/31/2008 11:48:23 AM | Attr = ] Kuma Games.lnk -> %UserProfile%\Desktop\Kuma Games.lnk -> [Ver = | Size = 1542 bytes | Modified Date = 3/15/2008 4:12:19 PM | Attr = ] Media Center.lnk -> %UserProfile%\Desktop\Media Center.lnk -> [Ver = | Size = 1394 bytes | Modified Date = 3/10/2008 10:33:22 AM | Attr = ] MoveMediaPlayer_07076007.exe -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe -> [Ver = | Size = 779536 bytes | Modified Date = 3/21/2008 6:02:59 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 3/31/2008 1:45:57 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541278 bytes | Modified Date = 3/31/2008 1:45:22 PM | Attr = ] The Club.lnk -> %UserProfile%\Desktop\The Club.lnk -> [Ver = | Size = 676 bytes | Modified Date = 3/14/2008 10:44:18 PM | Attr = ] TratBHO Remover.exe -> %UserProfile%\Desktop\TratBHO Remover.exe -> [Ver = | Size = 924672 bytes | Modified Date = 3/18/2008 11:04:47 AM | Attr = ] Visual Business Cards 4.lnk -> %UserProfile%\Desktop\Visual Business Cards 4.lnk -> [Ver = | Size = 550 bytes | Modified Date = 3/26/2008 10:11:39 PM | Attr = ] DirectX -> %CommonProgramFiles%\DirectX -> [Folder | Modified Date = 3/20/2008 9:44:21 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/27/2008 11:20:17 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 3/26/2008 3:14:40 PM | Attr = ] < End of report > [/code]