[code] OTScanIt logfile created on: 2008/04/06 22:53:37 OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\User\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000411 | Country: Japan | Language: JPN | Date Format: yyyy/MM/dd 447.48 Mb Total Physical Memory | 90.74 Mb Available Physical Memory | 20.28% Memory free 1.03 Gb Paging File | 0.73 Gb Available in Paging File | 70.68% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48.83 Gb Total Space | 2.56 Gb Free Space | 5.24% Space Free | Partition Type: NTFS Drive D: | 141.08 Gb Total Space | 3.11 Gb Free Space | 2.20% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 481.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 1.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: PC Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 2007/12/04 22:36:33 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 2007/12/04 21:00:16 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 2007/12/04 21:00:23 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 2008/02/17 12:21:57 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007/11/01 2:09:16 | Attr = ] pdagent.exe -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 414984 bytes | Modified Date = 2007/11/06 8:37:48 | Attr = ] starwindservice.exe -> D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 2005/04/02 1:51:48 | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 2007/01/05 5:38:08 | Attr = ] pdengine.exe -> %ProgramFiles%\Raxco\PerfectDisk\PDEngine.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 734472 bytes | Modified Date = 2007/11/06 8:37:56 | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 2007/01/05 5:38:18 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 2007/12/04 20:59:53 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 2007/12/04 20:59:01 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.13: 2008031114 | Size = 7660656 bytes | Modified Date = 2008/03/26 20:50:12 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 2008/04/04 12:24:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2006/02/13 19:04:25 | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 4.0.0.0 | Size = 46680 bytes | Modified Date = 2005/04/19 2:38:59 | Attr = R ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007/11/01 2:09:16 | Attr = ] (AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 2007/03/20 9:19:14 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 2007/12/04 22:36:33 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 2007/12/04 21:00:16 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 2007/12/04 20:59:53 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 2007/12/04 20:59:01 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004/08/04 20:00:00 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2008/02/14 22:26:36 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 2005/11/14 1:06:04 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 2007/11/03 6:36:32 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found (PDAgent) PDAgent [Win32_Own | Auto | Running] -> %ProgramFiles%\Raxco\PerfectDisk\PDAgent.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 414984 bytes | Modified Date = 2007/11/06 8:37:48 | Attr = ] (PDEngine) PDEngine [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Raxco\PerfectDisk\PDEngine.exe -> Raxco Software, Inc. [Ver = 8, 0, 0, 67 | Size = 734472 bytes | Modified Date = 2007/11/06 8:37:56 | Attr = ] (StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Running] -> D:\Programz\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -> Rocket Division Software [Ver = 2.6.1 Build 0x20050401 | Size = 217600 bytes | Modified Date = 2005/04/02 1:51:48 | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 2007/01/05 5:38:08 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 2007/12/04 21:00:23 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 2008/02/17 12:21:57 | Attr = ] < RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> FFTI -> %AppData%\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe [C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"] -> File not found < RunOnce [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> FFTI -> %AppData%\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe [C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles/l7zreii0.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"] -> File not found < Administrator.PC Startup Folder > -> C:\Documents and Settings\Administrator.PC\Start Menu\Programs\Startup -> < Administrator.PC.000 Startup Folder > -> C:\Documents and Settings\Administrator.PC.000\Start Menu\Programs\Startup -> < Administrator.PC.001 Startup Folder > -> C:\Documents and Settings\Administrator.PC.001\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < asder Startup Folder > -> C:\Documents and Settings\asder\Start Menu\Programs\Startup -> < Asder.PC Startup Folder > -> C:\Documents and Settings\Asder.PC\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [0aMCPClient] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> (binary data) -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006/10/26 22:28:40 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006/10/26 22:28:40 | Attr = ] HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3523 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3525 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3525 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3525 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3525 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3523 domain(s) found. -> 131 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\orbitcth.dll [Octh Class] -> Orbitdownloader.com [Ver = 2, 4, 0, 1 | Size = 187512 bytes | Modified Date = 2008/02/25 11:27:08 | Attr = ] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006/10/26 22:28:40 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006/10/22 23:08:42 | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.45 | Size = 370296 bytes | Modified Date = 2008/02/17 12:22:29 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008/01/28 11:43:28 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006/11/01 3:29:16 | Attr = ] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.0.0.56 | Size = 611584 bytes | Modified Date = 2005/06/27 9:49:06 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2008/02/22 4:25:19 | Attr = ] {A7327C09-B521-4EDB-8509-7D2660C9EC98} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [Viewpoint Toolbar BHO] -> Viewpoint Corporation [Ver = 3, 8, 0, 73 | Size = 32867 bytes | Modified Date = 2007/11/29 7:51:55 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] {B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> GuideWorks Pty. Ltd. [Ver = 3.0.0.255 | Size = 671392 bytes | Modified Date = 2005/03/09 9:55:46 | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 2005/12/14 15:29:40 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 2005/12/14 15:29:40 | Attr = ] < Internet Explorer Bars [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 2005/12/14 15:29:40 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] {83ef376d-8874-4769-a2e7-7096480e7def} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blueserver\tbblue.dll [blueserver toolbar] -> Platforma Online Ltd. [Ver = 4, 5, 88, 0 | Size = 741376 bytes | Modified Date = 2005/12/16 0:56:32 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006/10/26 22:28:40 | Attr = ] {F8AD5AA5-D966-4667-9DAF-2561D68B2012} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [Viewpoint Toolbar] -> Viewpoint Corporation [Ver = 3, 8, 0, 73 | Size = 327759 bytes | Modified Date = 2007/11/29 7:58:26 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] WebBrowser\\{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{83EF376D-8874-4769-A2E7-7096480E7DEF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blueserver\tbblue.dll [blueserver toolbar] -> Platforma Online Ltd. [Ver = 4, 5, 88, 0 | Size = 741376 bytes | Modified Date = 2005/12/16 0:56:32 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006/10/26 22:28:40 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] WebBrowser\\{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{83EF376D-8874-4769-A2E7-7096480E7DEF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\blueserver\tbblue.dll [blueserver toolbar] -> Platforma Online Ltd. [Ver = 4, 5, 88, 0 | Size = 741376 bytes | Modified Date = 2005/12/16 0:56:32 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 2006/10/26 22:28:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2008/02/22 4:25:19 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2008/02/22 4:25:19 | Attr = ] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> GuideWorks Pty. Ltd. [Ver = 3.0.0.255 | Size = 671392 bytes | Modified Date = 2005/03/09 9:55:46 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006/11/01 3:29:16 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008/01/28 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> GuideWorks Pty. Ltd. [Ver = 3.0.0.255 | Size = 671392 bytes | Modified Date = 2005/03/09 9:55:46 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006/11/01 3:29:16 | Attr = ] CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008/01/28 11:43:28 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download All with FlashGet -> %ProgramFiles%\FlashGet\jc_all.htm -> File not found &Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] &Download with FlashGet -> %ProgramFiles%\FlashGet\jc_link.htm -> File not found &Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] &Yahoo! Search -> -> File not found + &Download Express: download this file -> %ProgramFiles%\Download Express\add_url.htm -> [Ver = | Size = 1028 bytes | Modified Date = 2002/07/09 2:10:10 | Attr = ] Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\aol\aol toolbar 2.0\resources\en-US\local\search.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> GuideWorks Pty. Ltd. [Ver = 3.0.0.255 | Size = 671392 bytes | Modified Date = 2005/03/09 9:55:46 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006/11/01 3:29:16 | Attr = ] CmdMapping\\{9455301C-CF6B-11D3-A266-00C04F689C50} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008/01/28 11:43:28 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\] > -> HKEY_USERS\S-1-5-21-515967899-2025429265-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download All with FlashGet -> %ProgramFiles%\FlashGet\jc_all.htm -> File not found &Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] &Download with FlashGet -> %ProgramFiles%\FlashGet\jc_link.htm -> File not found &Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] &Yahoo! Search -> -> File not found + &Download Express: download this file -> %ProgramFiles%\Download Express\add_url.htm -> [Ver = | Size = 1028 bytes | Modified Date = 2002/07/09 2:10:10 | Attr = ] Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007/05/10 22:47:03 | Attr = ] Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/07/13 17:23:42 | Attr = ] Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {06C02C13-C144-472C-A38C-5743DA7CEB8B} -> (VIA Rhine II Fast Ethernet Adapter) -> {074F5554-0D56-4C28-A5B5-DA42D04261AC} -> () -> {251FA663-B99B-408A-B455-F02D0C77DCD6} -> (Sony Ericsson Device 0A1 USB Ethernet Emulation (NDIS 5)) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2007/12/07 15:08:02 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {48884C41-EFAC-433D-958A-9FADAC41408E}[HKEY_LOCAL_MACHINE] -> https://www.e-games.com.my/com/EGamesPlugin.cab[EGamesPlugin Class] -> {5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EGamesPlugin.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EGamesPlugin.dll\\.Owner -> {48884C41-EFAC-433D-958A-9FADAC41408E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EGamesPlugin.dll\\{48884C41-EFAC-433D-958A-9FADAC41408E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/egames.ico\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/egames.ico\\.Owner -> {48884C41-EFAC-433D-958A-9FADAC41408E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/egames.ico\\{48884C41-EFAC-433D-958A-9FADAC41408E} -> -> [Files/Folders - Created Within 90 days] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 2008/03/22 10:55:54 | Attr = RHS] autoruns.exe -> %SystemDrive%\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.13 | Size = 603176 bytes | Created Date = 2008/03/13 0:53:04 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008/04/04 8:51:02 | Attr = ] ijji -> %SystemDrive%\ijji -> [Folder | Created Date = 2008/03/26 11:39:36 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008/04/06 8:55:09 | Attr = ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Created Date = 2008/02/11 9:18:15 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Created Date = 2008/03/15 21:19:43 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 2008/02/11 9:18:15 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 2008/03/15 21:19:43 | Attr = H ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008/04/05 22:03:35 | Attr = ] sea1bus.sys -> %SystemRoot%\System32\drivers\sea1bus.sys -> MCCI [Ver = V4.34 | Size = 61536 bytes | Created Date = 2008/03/08 17:47:32 | Attr = R ] sea1cm.sys -> %SystemRoot%\System32\drivers\sea1cm.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 2008/03/08 17:47:36 | Attr = R ] sea1cmnt.sys -> %SystemRoot%\System32\drivers\sea1cmnt.sys -> MCCI [Ver = V4.34 | Size = 6240 bytes | Created Date = 2008/03/08 17:47:36 | Attr = R ] sea1cr.sys -> %SystemRoot%\System32\drivers\sea1cr.sys -> MCCI [Ver = V4.34 | Size = 4128 bytes | Created Date = 2008/03/08 17:47:49 | Attr = R ] sea1mdfl.sys -> %SystemRoot%\System32\drivers\sea1mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Created Date = 2008/03/08 17:47:36 | Attr = R ] sea1mdm.sys -> %SystemRoot%\System32\drivers\sea1mdm.sys -> MCCI [Ver = V4.34 | Size = 97088 bytes | Created Date = 2008/03/08 17:47:36 | Attr = R ] sea1mgmt.sys -> %SystemRoot%\System32\drivers\sea1mgmt.sys -> MCCI [Ver = V4.34 | Size = 88624 bytes | Created Date = 2008/03/08 17:47:48 | Attr = R ] sea1nd5.sys -> %SystemRoot%\System32\drivers\sea1nd5.sys -> MCCI [Ver = V4.34 | Size = 18704 bytes | Created Date = 2008/03/08 17:47:56 | Attr = R ] sea1obex.sys -> %SystemRoot%\System32\drivers\sea1obex.sys -> MCCI [Ver = V4.34 | Size = 86432 bytes | Created Date = 2008/03/08 17:47:44 | Attr = R ] sea1unic.sys -> %SystemRoot%\System32\drivers\sea1unic.sys -> MCCI [Ver = V4.34 | Size = 90800 bytes | Created Date = 2008/03/08 17:47:49 | Attr = R ] sea1wh.sys -> %SystemRoot%\System32\drivers\sea1wh.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 2008/03/08 17:47:32 | Attr = R ] sea1whnt.sys -> %SystemRoot%\System32\drivers\sea1whnt.sys -> MCCI [Ver = V4.34 | Size = 5872 bytes | Created Date = 2008/03/08 17:47:32 | Attr = R ] tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 2008/03/31 10:25:10 | Attr = ] 3gpcore.dll -> %SystemRoot%\System32\3gpcore.dll -> [Ver = | Size = 7277568 bytes | Created Date = 2008/03/19 23:26:42 | Attr = ] avsplugin -> %SystemRoot%\System32\avsplugin -> [Folder | Created Date = 2008/03/21 22:37:39 | Attr = ] 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 2008/03/30 0:34:47 | Attr = ] config.gms -> %SystemRoot%\System32\config.gms -> [Ver = | Size = 645120 bytes | Created Date = 2008/04/05 19:02:47 | Attr = ] DSE2_DFT.dll -> %SystemRoot%\System32\DSE2_DFT.dll -> [Ver = | Size = 4874240 bytes | Created Date = 2008/02/16 21:55:23 | Attr = ] ImageOle.dll -> %SystemRoot%\System32\ImageOle.dll -> TODO: [Ver = 1.0.0.1 | Size = 53248 bytes | Created Date = 2008/03/24 0:07:58 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 2008/03/22 22:26:59 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 2008/03/22 22:26:59 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 2008/03/22 22:26:59 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2008/03/29 18:59:56 | Attr = ] libguide40.dll -> %SystemRoot%\System32\libguide40.dll -> Intel Corporation [Ver = 4, 0, 2006, 612 | Size = 200704 bytes | Created Date = 2008/02/16 21:55:25 | Attr = ] PDBootState -> %SystemRoot%\System32\PDBootState -> [Ver = | Size = 280 bytes | Created Date = 2008/01/18 21:03:30 | Attr = ] pthreadGC2.dll -> %SystemRoot%\System32\pthreadGC2.dll -> Open Source Software community project [Ver = 2, 8, 0, 0 | Size = 60273 bytes | Created Date = 2008/03/19 23:26:44 | Attr = ] SkinMagic.dll -> %SystemRoot%\System32\SkinMagic.dll -> Appspeed Inc. [Ver = 2, 5, 1, 1 | Size = 487479 bytes | Created Date = 2008/03/19 23:26:46 | Attr = ] Wnaspint.dll -> %SystemRoot%\System32\Wnaspint.dll -> NexiTech, Inc. [Ver = V1.18 | Size = 57344 bytes | Created Date = 2008/02/19 18:53:37 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2008/04/04 8:51:48 | Attr = ] 12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 39 bytes | Created Date = 2008/03/26 13:05:52 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 2008/02/13 23:33:18 | Attr = ] jfct.dfc -> %SystemRoot%\jfct.dfc -> [Ver = | Size = 8 bytes | Created Date = 2008/02/10 11:49:22 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008/04/06 8:55:09 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008/04/06 22:27:19 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 2008/03/24 0:03:25 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008/04/06 8:55:09 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2536 bytes | Created Date = 2008/03/11 11:47:42 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2008/03/11 11:47:43 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008/04/06 8:55:08 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Acoustica -> %AllUsersProfile%\Application Data\Acoustica -> [Folder | Created Date = 2008/02/19 18:53:20 | Attr = ] ezsid.dat -> %AllUsersProfile%\Application Data\ezsid.dat -> [Ver = | Size = 32 bytes | Created Date = 2008/01/17 2:00:42 | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Created Date = 2008/02/14 22:26:49 | Attr = ] GRETECH -> %AllUsersProfile%\Application Data\GRETECH -> [Folder | Created Date = 2008/02/18 21:50:40 | Attr = ] IJJIGame -> %AllUsersProfile%\Application Data\IJJIGame -> [Folder | Created Date = 2008/03/26 13:03:42 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2008/03/29 18:59:58 | Attr = ] Protexis -> %AllUsersProfile%\Application Data\Protexis -> [Folder | Created Date = 2008/01/17 21:16:14 | Attr = ] Raxco -> %AllUsersProfile%\Application Data\Raxco -> [Folder | Created Date = 2008/01/17 21:19:01 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Created Date = 2008/03/08 17:34:27 | Attr = ] Teleca -> %AllUsersProfile%\Application Data\Teleca -> [Folder | Created Date = 2008/03/08 17:33:51 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 2008/01/26 15:53:46 | Attr = ] Acoustica -> %AppData%\Acoustica -> [Folder | Created Date = 2008/02/19 18:53:57 | Attr = ] Flock -> %AppData%\Flock -> [Folder | Created Date = 2008/03/23 23:57:48 | Attr = ] fretsonfire -> %AppData%\fretsonfire -> [Folder | Created Date = 2008/02/17 21:36:30 | Attr = ] GRETECH -> %AppData%\GRETECH -> [Folder | Created Date = 2008/02/18 21:50:04 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Created Date = 2008/01/15 8:14:06 | Attr = ] ijjigame -> %AppData%\ijjigame -> [Folder | Created Date = 2008/03/29 18:23:30 | Attr = H ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 2008/03/24 0:07:16 | Attr = ] MathWorks -> %AppData%\MathWorks -> [Folder | Created Date = 2008/04/05 22:08:24 | Attr = ] Orbit -> %AppData%\Orbit -> [Folder | Created Date = 2008/02/17 16:33:12 | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Created Date = 2008/01/17 2:00:42 | Attr = ] Sony Ericsson -> %AppData%\Sony Ericsson -> [Folder | Created Date = 2008/03/08 17:39:02 | Attr = ] Teleca -> %AppData%\Teleca -> [Folder | Created Date = 2008/03/08 17:48:18 | Attr = ] Flock -> %UserProfile%\Local Settings\Application Data\Flock -> [Folder | Created Date = 2008/03/23 23:57:48 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3704304 bytes | Created Date = 2008/03/10 12:45:27 | Attr = H ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 2008/03/02 1:04:35 | Attr = ] Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson -> [Folder | Created Date = 2008/03/08 18:51:47 | Attr = ] EGE182%20Lab-3%20%282008-01%29.pdf -> %UserProfile%\My Documents\EGE182%20Lab-3%20%282008-01%29.pdf -> [Ver = | Size = 104600 bytes | Created Date = 2008/03/22 12:24:39 | Attr = ] GomPlayer -> %UserProfile%\My Documents\GomPlayer -> [Folder | Created Date = 2008/02/18 21:50:09 | Attr = ] Gunz -> %UserProfile%\My Documents\Gunz -> [Folder | Created Date = 2008/03/26 13:06:56 | Attr = ] MATLAB -> %UserProfile%\My Documents\MATLAB -> [Folder | Created Date = 2008/04/05 22:08:15 | Attr = ] My Recordings -> %UserProfile%\My Documents\My Recordings -> [Folder | Created Date = 2008/02/19 18:56:17 | Attr = ] Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Created Date = 2008/02/14 8:58:17 | Attr = ] eMule.lnk -> %AllUsersProfile%\Desktop\eMule.lnk -> [Ver = | Size = 528 bytes | Created Date = 2008/03/23 15:49:32 | Attr = ] Flock.lnk -> %AllUsersProfile%\Desktop\Flock.lnk -> [Ver = | Size = 710 bytes | Created Date = 2008/03/23 23:57:26 | Attr = ] Garena.lnk -> %AllUsersProfile%\Desktop\Garena.lnk -> [Ver = | Size = 1339 bytes | Created Date = 2008/03/24 0:07:56 | Attr = ] MATLAB R2007b.lnk -> %AllUsersProfile%\Desktop\MATLAB R2007b.lnk -> [Ver = | Size = 847 bytes | Created Date = 2008/04/05 22:02:27 | Attr = ] O2Jam (e-Games).lnk -> %AllUsersProfile%\Desktop\O2Jam (e-Games).lnk -> [Ver = | Size = 588 bytes | Created Date = 2008/03/23 19:24:24 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 2008/02/17 12:22:30 | Attr = ] Sony Ericsson PC Suite.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite.lnk -> [Ver = | Size = 2046 bytes | Created Date = 2008/03/08 17:34:41 | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 719 bytes | Created Date = 2008/01/14 12:14:19 | Attr = ] VOCALOID2 Editor.lnk -> %AllUsersProfile%\Desktop\VOCALOID2 Editor.lnk -> [Ver = | Size = 1566 bytes | Created Date = 2008/02/16 21:58:15 | Attr = ] 1207 - Megaman Zero 2 (U).sav -> %UserProfile%\Desktop\1207 - Megaman Zero 2 (U).sav -> [Ver = | Size = 65536 bytes | Created Date = 2008/04/05 17:51:37 | Attr = ] 1207 - Megaman Zero 2 (U).sgm -> %UserProfile%\Desktop\1207 - Megaman Zero 2 (U).sgm -> [Ver = | Size = 95879 bytes | Created Date = 2008/04/05 18:05:48 | Attr = ] 4983164735758_b copy.png -> %UserProfile%\Desktop\4983164735758_b copy.png -> [Ver = | Size = 1415627 bytes | Created Date = 2008/03/30 15:17:12 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1612984 bytes | Created Date = 2008/04/06 8:49:44 | Attr = ] copy lab -> %UserProfile%\Desktop\copy lab -> [Folder | Created Date = 2008/04/06 14:50:40 | Attr = ] CSC 282 -> %UserProfile%\Desktop\CSC 282 -> [Folder | Created Date = 2008/04/06 14:49:50 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 2008/04/04 8:35:50 | Attr = ] EGR 175 -> %UserProfile%\Desktop\EGR 175 -> [Folder | Created Date = 2008/04/06 14:50:39 | Attr = ] ff(1).PNG -> %UserProfile%\Desktop\ff(1).PNG -> [Ver = | Size = 2227239 bytes | Created Date = 2008/04/06 14:22:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ff(1).PNG:Zone.Identifier FF.PNG -> %UserProfile%\Desktop\FF.PNG -> [Ver = | Size = 59911 bytes | Created Date = 2008/04/06 14:14:15 | Attr = ] FF1.PNG -> %UserProfile%\Desktop\FF1.PNG -> [Ver = | Size = 85650 bytes | Created Date = 2008/04/06 14:15:37 | Attr = ] fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 135 bytes | Created Date = 2008/04/06 9:25:02 | Attr = ] fix.png -> %UserProfile%\Desktop\fix.png -> [Ver = | Size = 17404 bytes | Created Date = 2008/04/06 9:26:13 | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe -> [Ver = | Size = 103802 bytes | Created Date = 2008/04/06 8:48:17 | Attr = ] FLV Player.lnk -> %UserProfile%\Desktop\FLV Player.lnk -> [Ver = | Size = 701 bytes | Created Date = 2008/02/17 16:31:38 | Attr = ] FLVExtract.exe -> %UserProfile%\Desktop\FLVExtract.exe -> [Ver = 1.3.0.0 | Size = 49152 bytes | Created Date = 2008/02/28 22:35:14 | Attr = ] Freez 3GP Video Converter.lnk -> %UserProfile%\Desktop\Freez 3GP Video Converter.lnk -> [Ver = | Size = 856 bytes | Created Date = 2008/03/19 23:26:48 | Attr = ] Garena_setup.exe -> %UserProfile%\Desktop\Garena_setup.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 12660754 bytes | Created Date = 2008/04/06 9:20:53 | Attr = ] Gunz.lnk -> %UserProfile%\Desktop\Gunz.lnk -> [Ver = | Size = 701 bytes | Created Date = 2008/03/26 11:41:27 | Attr = ] Hatsune Miku -> %UserProfile%\Desktop\Hatsune Miku -> [Folder | Created Date = 2008/02/17 11:08:57 | Attr = ] Heroes Season 2 [mininova].torrent -> %UserProfile%\Desktop\Heroes Season 2 [mininova].torrent -> [Ver = | Size = 21941 bytes | Created Date = 2008/03/28 15:25:22 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2008/03/30 8:58:23 | Attr = ] MatLab -> %UserProfile%\Desktop\MatLab -> [Folder | Created Date = 2008/04/04 8:39:03 | Attr = ] MATLAB.doc -> %UserProfile%\Desktop\MATLAB.doc -> [Ver = | Size = 71680 bytes | Created Date = 2008/04/06 13:36:38 | Attr = ] Mixcraft 3.lnk -> %UserProfile%\Desktop\Mixcraft 3.lnk -> [Ver = | Size = 1553 bytes | Created Date = 2008/02/19 18:53:40 | Attr = ] o2mania.exe.lnk -> %UserProfile%\Desktop\o2mania.exe.lnk -> [Ver = | Size = 541 bytes | Created Date = 2008/02/20 19:37:52 | Attr = ] Ocean homework 8.doc -> %UserProfile%\Desktop\Ocean homework 8.doc -> [Ver = | Size = 81408 bytes | Created Date = 2008/03/06 12:50:18 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 290816 bytes | Created Date = 2008/04/05 11:19:56 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008/04/06 22:41:18 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 2008/04/06 22:40:24 | Attr = ] Pepakura Designer2.lnk -> %UserProfile%\Desktop\Pepakura Designer2.lnk -> [Ver = | Size = 933 bytes | Created Date = 2008/03/22 0:20:07 | Attr = ] Pop-Up Card Designer.lnk -> %UserProfile%\Desktop\Pop-Up Card Designer.lnk -> [Ver = | Size = 867 bytes | Created Date = 2008/01/16 11:12:49 | Attr = ] Project 64k -> %UserProfile%\Desktop\Project 64k -> [Folder | Created Date = 2008/03/30 11:55:23 | Attr = ] Random Downloaded Vids -> %UserProfile%\Desktop\Random Downloaded Vids -> [Folder | Created Date = 2008/02/17 16:37:15 | Attr = ] Super_Robot_Wars_Alpha_2_Dvd_jap-[cdcovers_cc]-front.jpg -> %UserProfile%\Desktop\Super_Robot_Wars_Alpha_2_Dvd_jap-[cdcovers_cc]-front.jpg -> [Ver = | Size = 374106 bytes | Created Date = 2008/03/28 12:49:47 | Attr = ] Themes Creator.lnk -> %UserProfile%\Desktop\Themes Creator.lnk -> [Ver = | Size = 911 bytes | Created Date = 2008/03/10 8:34:37 | Attr = ] Touhou -> %UserProfile%\Desktop\Touhou -> [Folder | Created Date = 2008/02/08 10:08:40 | Attr = ] Utawarerumono English.lnk -> %UserProfile%\Desktop\Utawarerumono English.lnk -> [Ver = | Size = 805 bytes | Created Date = 2008/03/02 16:02:36 | Attr = ] utorrent-1.8-alpha-8855.uncompressed.exe -> %UserProfile%\Desktop\utorrent-1.8-alpha-8855.uncompressed.exe -> BitTorrent, Inc. [Ver = 1.8.0.8855 | Size = 566576 bytes | Created Date = 2008/03/06 22:00:13 | Attr = ] Zoom Player.lnk -> %UserProfile%\Desktop\Zoom Player.lnk -> [Ver = | Size = 970 bytes | Created Date = 2008/03/28 22:35:17 | Attr = ] INCA Shared -> %CommonProgramFiles%\INCA Shared -> [Folder | Created Date = 2008/03/29 18:23:30 | Attr = ] Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [Folder | Created Date = 2008/02/14 22:26:36 | Attr = ] ParallelGraphics -> %CommonProgramFiles%\ParallelGraphics -> [Folder | Created Date = 2008/03/24 2:43:54 | Attr = ] Raxco -> %CommonProgramFiles%\Raxco -> [Folder | Created Date = 2008/01/23 22:18:05 | Attr = ] Skype -> %CommonProgramFiles%\Skype -> [Folder | Created Date = 2008/01/23 22:17:57 | Attr = ] Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Created Date = 2008/03/08 17:34:05 | Attr = ] Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Created Date = 2008/03/08 17:33:54 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 2008/01/26 15:54:27 | Attr = HS] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 2008/02/17 12:22:39 | Attr = ] [Files/Folders - Modified Within 90 days] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Modified Date = 2008/03/22 10:55:54 | Attr = RHS] autoruns.exe -> %SystemDrive%\autoruns.exe -> Sysinternals - www.sysinternals.com [Ver = 9.13 | Size = 603176 bytes | Modified Date = 2008/02/25 11:44:22 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2008/03/30 15:45:53 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008/04/05 17:57:45 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008/04/04 8:51:02 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2008/02/19 22:59:37 | Attr = ] Games -> %SystemDrive%\Games -> [Folder | Modified Date = 2008/03/03 13:48:04 | Attr = ] ijji -> %SystemDrive%\ijji -> [Folder | Modified Date = 2008/03/26 11:39:36 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008/04/05 18:32:19 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008/04/06 22:27:15 | Attr = ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2008/02/11 9:18:15 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2008/03/15 21:19:43 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2008/02/11 9:18:15 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2008/03/15 21:19:43 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008/04/06 22:27:19 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008/04/05 22:03:35 | Attr = ] tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2008/03/31 10:19:04 | Attr = ] avsplugin -> %SystemRoot%\System32\avsplugin -> [Folder | Modified Date = 2008/03/21 22:37:39 | Attr = ] 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008/02/14 16:23:19 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008/04/06 17:18:54 | Attr = ] CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 2008/03/30 0:34:47 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008/03/29 18:24:36 | Attr = ] config.gms -> %SystemRoot%\System32\config.gms -> [Ver = | Size = 645120 bytes | Modified Date = 2008/04/05 19:02:47 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 2008/03/19 12:52:12 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008/02/24 20:02:30 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008/04/06 22:20:43 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008/03/08 17:37:28 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 355360 bytes | Modified Date = 2008/03/05 21:20:55 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2008/02/22 1:23:35 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2008/02/22 2:33:31 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2008/02/22 1:23:39 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2008/02/22 2:33:32 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2008/03/29 18:59:56 | Attr = ] PDBootState -> %SystemRoot%\System32\PDBootState -> [Ver = | Size = 280 bytes | Modified Date = 2008/01/19 10:54:12 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72522 bytes | Modified Date = 2008/01/23 21:13:20 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 427590 bytes | Modified Date = 2008/01/23 21:13:20 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 488068 bytes | Modified Date = 2008/01/23 21:13:20 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 2008/02/17 12:22:03 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 2008/02/17 12:22:07 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 2008/02/17 12:22:07 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.45 | Size = 185944 bytes | Modified Date = 2008/02/17 12:22:17 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008/03/29 18:24:05 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2228 bytes | Modified Date = 2008/04/06 12:43:17 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008/02/14 16:24:00 | Attr = H ] 12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2008/04/05 18:32:51 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008/04/05 19:03:01 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008/04/06 12:41:02 | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 1065 bytes | Modified Date = 2008/01/28 11:53:06 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008/02/13 23:36:54 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 2008/03/08 17:33:06 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008/04/04 8:55:14 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2008/04/06 8:55:37 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008/03/02 16:00:54 | Attr = R S] GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 39 bytes | Modified Date = 2008/03/30 10:44:46 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2008/02/13 23:34:19 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2008/02/13 23:35:24 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008/03/29 18:59:56 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008/04/05 18:22:51 | Attr = HS] jfct.dfc -> %SystemRoot%\jfct.dfc -> [Ver = | Size = 8 bytes | Modified Date = 2008/02/10 11:49:45 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2008/01/24 0:13:17 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 5593 bytes | Modified Date = 2008/03/24 2:43:58 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 2008/03/31 11:49:36 | Attr = ] option.ini -> %SystemRoot%\option.ini -> [Ver = | Size = 183 bytes | Modified Date = 2008/02/28 22:07:12 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008/04/06 22:41:38 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008/04/06 22:27:19 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 2008/03/28 18:29:51 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008/03/31 21:51:18 | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2008/03/29 18:24:04 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2008/01/16 23:06:16 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 346 bytes | Modified Date = 2008/04/06 22:21:09 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008/04/06 22:28:01 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008/04/06 22:27:37 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2536 bytes | Modified Date = 2008/03/11 11:47:43 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008/03/11 11:42:16 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1486 bytes | Modified Date = 2008/03/30 15:45:53 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008/04/05 17:57:43 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 2008/03/31 17:36:07 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008/04/06 12:41:05 | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8130 bytes | Modified Date = 2007/09/01 23:00:23 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5779 bytes | Modified Date = 2008/04/06 12:42:53 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5779 bytes | Modified Date = 2008/04/06 12:42:53 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2006/02/14 17:57:22 | Attr = ] Perflib_Perfdata_5d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008/04/06 12:41:06 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Acoustica -> %AllUsersProfile%\Application Data\Acoustica -> [Folder | Modified Date = 2008/02/19 18:53:20 | Attr = ] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2008/02/14 22:26:34 | Attr = ] ezsid.dat -> %AllUsersProfile%\Application Data\ezsid.dat -> [Ver = | Size = 32 bytes | Modified Date = 2008/01/17 2:00:42 | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Modified Date = 2008/02/14 22:34:14 | Attr = ] GRETECH -> %AllUsersProfile%\Application Data\GRETECH -> [Folder | Modified Date = 2008/02/18 21:50:40 | Attr = ] IJJIGame -> %AllUsersProfile%\Application Data\IJJIGame -> [Folder | Modified Date = 2008/03/29 18:23:30 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2008/03/29 18:59:58 | Attr = ] Protexis -> %AllUsersProfile%\Application Data\Protexis -> [Folder | Modified Date = 2008/01/17 21:16:15 | Attr = ] Raxco -> %AllUsersProfile%\Application Data\Raxco -> [Folder | Modified Date = 2008/01/17 21:19:01 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Modified Date = 2008/03/08 17:34:35 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008/03/11 22:19:06 | Attr = ] Teleca -> %AllUsersProfile%\Application Data\Teleca -> [Folder | Modified Date = 2008/03/08 17:34:39 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2008/01/16 20:50:19 | Attr = ] @Alternate Data Stream - 368 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:B63300D1 WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 2008/03/02 1:06:28 | Attr = ] Acoustica -> %AppData%\Acoustica -> [Folder | Modified Date = 2008/02/19 18:53:57 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008/02/14 22:33:11 | Attr = ] Flock -> %AppData%\Flock -> [Folder | Modified Date = 2008/03/23 23:57:48 | Attr = ] fretsonfire -> %AppData%\fretsonfire -> [Folder | Modified Date = 2008/02/17 21:37:05 | Attr = ] GRETECH -> %AppData%\GRETECH -> [Folder | Modified Date = 2008/02/18 21:50:04 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Modified Date = 2008/01/15 8:14:06 | Attr = ] ijjigame -> %AppData%\ijjigame -> [Folder | Modified Date = 2008/03/29 18:23:45 | Attr = H ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 2008/03/24 0:07:16 | Attr = ] MathWorks -> %AppData%\MathWorks -> [Folder | Modified Date = 2008/04/05 22:08:24 | Attr = ] Orbit -> %AppData%\Orbit -> [Folder | Modified Date = 2008/03/21 0:27:02 | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 2008/03/26 21:48:39 | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 2008/04/06 22:53:10 | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Modified Date = 2008/04/06 22:36:29 | Attr = ] Sony Ericsson -> %AppData%\Sony Ericsson -> [Folder | Modified Date = 2008/03/08 17:39:02 | Attr = ] Teleca -> %AppData%\Teleca -> [Folder | Modified Date = 2008/03/08 18:51:40 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 2008/04/06 22:16:18 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 2008/02/14 22:33:12 | Attr = ] Ares -> %UserProfile%\Local Settings\Application Data\Ares -> [Folder | Modified Date = 2008/03/29 18:23:29 | Attr = ] Flock -> %UserProfile%\Local Settings\Application Data\Flock -> [Folder | Modified Date = 2008/03/23 23:57:48 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 98760 bytes | Modified Date = 2008/03/02 20:17:36 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3704304 bytes | Modified Date = 2008/03/30 15:38:08 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008/03/24 14:01:41 | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 2008/03/02 1:04:35 | Attr = ] Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson -> [Folder | Modified Date = 2008/03/08 18:51:47 | Attr = ] Adobe -> %UserProfile%\My Documents\Adobe -> [Folder | Modified Date = 2008/02/14 8:55:49 | Attr = ] EGE182%20Lab-3%20%282008-01%29.pdf -> %UserProfile%\My Documents\EGE182%20Lab-3%20%282008-01%29.pdf -> [Ver = | Size = 104600 bytes | Modified Date = 2008/03/22 12:24:39 | Attr = ] GomPlayer -> %UserProfile%\My Documents\GomPlayer -> [Folder | Modified Date = 2008/02/18 21:50:09 | Attr = ] Gunz -> %UserProfile%\My Documents\Gunz -> [Folder | Modified Date = 2008/03/26 13:06:56 | Attr = ] MATLAB -> %UserProfile%\My Documents\MATLAB -> [Folder | Modified Date = 2008/04/06 16:48:01 | Attr = ] My Chat Logs -> %UserProfile%\My Documents\My Chat Logs -> [Folder | Modified Date = 2008/04/01 1:35:48 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008/02/24 10:11:08 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008/01/28 9:52:39 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 2008/03/24 1:35:19 | Attr = ] My Recordings -> %UserProfile%\My Documents\My Recordings -> [Folder | Modified Date = 2008/02/19 18:56:17 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 591 bytes | Modified Date = 2008/04/06 14:09:29 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2008/02/17 13:39:10 | Attr = R ] Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Modified Date = 2008/02/14 8:58:17 | Attr = ] eMule.lnk -> %AllUsersProfile%\Desktop\eMule.lnk -> [Ver = | Size = 528 bytes | Modified Date = 2008/03/23 15:49:32 | Attr = ] Flock.lnk -> %AllUsersProfile%\Desktop\Flock.lnk -> [Ver = | Size = 710 bytes | Modified Date = 2008/03/23 23:57:26 | Attr = ] Garena.lnk -> %AllUsersProfile%\Desktop\Garena.lnk -> [Ver = | Size = 1339 bytes | Modified Date = 2008/03/24 0:07:56 | Attr = ] MATLAB R2007b.lnk -> %AllUsersProfile%\Desktop\MATLAB R2007b.lnk -> [Ver = | Size = 847 bytes | Modified Date = 2008/04/05 22:02:27 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 2008/01/22 17:32:07 | Attr = ] O2Jam (e-Games).lnk -> %AllUsersProfile%\Desktop\O2Jam (e-Games).lnk -> [Ver = | Size = 588 bytes | Modified Date = 2008/03/23 19:24:24 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Modified Date = 2008/02/17 12:22:30 | Attr = ] Sony Ericsson PC Suite.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite.lnk -> [Ver = | Size = 2046 bytes | Modified Date = 2008/03/08 17:34:41 | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 719 bytes | Modified Date = 2008/01/14 12:14:19 | Attr = ] VOCALOID2 Editor.lnk -> %AllUsersProfile%\Desktop\VOCALOID2 Editor.lnk -> [Ver = | Size = 1566 bytes | Modified Date = 2008/02/16 21:58:15 | Attr = ] 1207 - Megaman Zero 2 (U).sav -> %UserProfile%\Desktop\1207 - Megaman Zero 2 (U).sav -> [Ver = | Size = 65536 bytes | Modified Date = 2008/04/05 17:51:41 | Attr = ] 1207 - Megaman Zero 2 (U).sgm -> %UserProfile%\Desktop\1207 - Megaman Zero 2 (U).sgm -> [Ver = | Size = 95879 bytes | Modified Date = 2008/04/05 18:05:51 | Attr = ] 4983164735758_b copy.png -> %UserProfile%\Desktop\4983164735758_b copy.png -> [Ver = | Size = 1415627 bytes | Modified Date = 2008/03/30 15:17:26 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1612984 bytes | Modified Date = 2008/04/06 8:50:03 | Attr = ] copy lab -> %UserProfile%\Desktop\copy lab -> [Folder | Modified Date = 2008/04/06 14:50:42 | Attr = ] CSC 282 -> %UserProfile%\Desktop\CSC 282 -> [Folder | Modified Date = 2008/04/06 14:50:22 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2008/04/04 8:35:10 | Attr = ] EGR 175 -> %UserProfile%\Desktop\EGR 175 -> [Folder | Modified Date = 2008/04/06 14:50:40 | Attr = ] ff(1).PNG -> %UserProfile%\Desktop\ff(1).PNG -> [Ver = | Size = 2227239 bytes | Modified Date = 2008/04/06 14:23:50 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ff(1).PNG:Zone.Identifier FF.PNG -> %UserProfile%\Desktop\FF.PNG -> [Ver = | Size = 59911 bytes | Modified Date = 2008/04/06 14:18:23 | Attr = ] FF1.PNG -> %UserProfile%\Desktop\FF1.PNG -> [Ver = | Size = 85650 bytes | Modified Date = 2008/04/06 14:15:37 | Attr = ] fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 135 bytes | Modified Date = 2008/04/06 9:25:02 | Attr = ] fix.png -> %UserProfile%\Desktop\fix.png -> [Ver = | Size = 17404 bytes | Modified Date = 2008/04/06 9:27:28 | Attr = ] Flash_Disinfector.exe -> %UserProfile%\Desktop\Flash_Disinfector.exe -> [Ver = | Size = 103802 bytes | Modified Date = 2008/04/06 8:48:11 | Attr = ] FLV Player.lnk -> %UserProfile%\Desktop\FLV Player.lnk -> [Ver = | Size = 701 bytes | Modified Date = 2008/02/17 16:31:38 | Attr = ] FLVExtract.exe -> %UserProfile%\Desktop\FLVExtract.exe -> [Ver = 1.3.0.0 | Size = 49152 bytes | Modified Date = 2008/02/26 13:44:56 | Attr = ] Freez 3GP Video Converter.lnk -> %UserProfile%\Desktop\Freez 3GP Video Converter.lnk -> [Ver = | Size = 856 bytes | Modified Date = 2008/03/19 23:26:48 | Attr = ] Garena_setup.exe -> %UserProfile%\Desktop\Garena_setup.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 12660754 bytes | Modified Date = 2008/04/06 9:23:20 | Attr = ] Gunz.lnk -> %UserProfile%\Desktop\Gunz.lnk -> [Ver = | Size = 701 bytes | Modified Date = 2008/03/26 11:41:29 | Attr = ] Hatsune Miku -> %UserProfile%\Desktop\Hatsune Miku -> [Folder | Modified Date = 2008/03/16 0:01:48 | Attr = ] Heroes Season 2 [mininova].torrent -> %UserProfile%\Desktop\Heroes Season 2 [mininova].torrent -> [Ver = | Size = 21941 bytes | Modified Date = 2008/03/28 15:24:54 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008/03/30 8:58:23 | Attr = ] MatLab -> %UserProfile%\Desktop\MatLab -> [Folder | Modified Date = 2008/04/06 17:01:40 | Attr = ] MATLAB.doc -> %UserProfile%\Desktop\MATLAB.doc -> [Ver = | Size = 71680 bytes | Modified Date = 2008/04/06 17:01:45 | Attr = ] Mixcraft 3.lnk -> %UserProfile%\Desktop\Mixcraft 3.lnk -> [Ver = | Size = 1553 bytes | Modified Date = 2008/02/19 18:53:40 | Attr = ] o2mania.exe.lnk -> %UserProfile%\Desktop\o2mania.exe.lnk -> [Ver = | Size = 541 bytes | Modified Date = 2008/02/20 19:37:52 | Attr = ] Ocean homework 8.doc -> %UserProfile%\Desktop\Ocean homework 8.doc -> [Ver = | Size = 81408 bytes | Modified Date = 2008/03/06 12:50:22 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.0 | Size = 290816 bytes | Modified Date = 2008/04/05 11:19:54 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008/04/06 22:41:18 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 2008/04/06 22:40:26 | Attr = ] Pepakura Designer2.lnk -> %UserProfile%\Desktop\Pepakura Designer2.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2008/03/22 0:20:07 | Attr = ] Pop-Up Card Designer.lnk -> %UserProfile%\Desktop\Pop-Up Card Designer.lnk -> [Ver = | Size = 867 bytes | Modified Date = 2008/01/16 11:12:49 | Attr = ] Project 64k -> %UserProfile%\Desktop\Project 64k -> [Folder | Modified Date = 2008/03/29 20:25:25 | Attr = ] Random Downloaded Vids -> %UserProfile%\Desktop\Random Downloaded Vids -> [Folder | Modified Date = 2008/04/02 12:24:26 | Attr = ] Shortcuts -> %UserProfile%\Desktop\Shortcuts -> [Folder | Modified Date = 2008/03/28 19:13:42 | Attr = ] Stuff I Need and stuff -> %UserProfile%\Desktop\Stuff I Need and stuff -> [Folder | Modified Date = 2008/04/06 8:47:31 | Attr = ] Super_Robot_Wars_Alpha_2_Dvd_jap-[cdcovers_cc]-front.jpg -> %UserProfile%\Desktop\Super_Robot_Wars_Alpha_2_Dvd_jap-[cdcovers_cc]-front.jpg -> [Ver = | Size = 374106 bytes | Modified Date = 2008/03/28 12:49:49 | Attr = ] Themes Creator.lnk -> %UserProfile%\Desktop\Themes Creator.lnk -> [Ver = | Size = 911 bytes | Modified Date = 2008/03/10 8:33:40 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 92672 bytes | Modified Date = 2008/04/02 1:16:19 | Attr = HS] Touhou -> %UserProfile%\Desktop\Touhou -> [Folder | Modified Date = 2008/03/03 1:19:06 | Attr = ] Utawarerumono English.lnk -> %UserProfile%\Desktop\Utawarerumono English.lnk -> [Ver = | Size = 805 bytes | Modified Date = 2008/03/02 16:02:36 | Attr = ] utorrent-1.8-alpha-8855.uncompressed.exe -> %UserProfile%\Desktop\utorrent-1.8-alpha-8855.uncompressed.exe -> BitTorrent, Inc. [Ver = 1.8.0.8855 | Size = 566576 bytes | Modified Date = 2008/03/06 22:00:22 | Attr = ] Zoom Player.lnk -> %UserProfile%\Desktop\Zoom Player.lnk -> [Ver = | Size = 970 bytes | Modified Date = 2008/03/09 18:10:45 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2008/02/14 22:20:39 | Attr = ] INCA Shared -> %CommonProgramFiles%\INCA Shared -> [Folder | Modified Date = 2008/03/29 18:23:30 | Attr = ] Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [Folder | Modified Date = 2008/02/14 22:26:36 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2008/04/05 17:57:43 | Attr = ] ParallelGraphics -> %CommonProgramFiles%\ParallelGraphics -> [Folder | Modified Date = 2008/03/24 2:43:54 | Attr = ] Raxco -> %CommonProgramFiles%\Raxco -> [Folder | Modified Date = 2008/01/23 22:18:05 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 2008/02/17 12:22:24 | Attr = ] Skype -> %CommonProgramFiles%\Skype -> [Folder | Modified Date = 2008/01/23 22:17:57 | Attr = ] Sony Ericsson Shared -> %CommonProgramFiles%\Sony Ericsson Shared -> [Folder | Modified Date = 2008/03/08 17:34:33 | Attr = ] Teleca Shared -> %CommonProgramFiles%\Teleca Shared -> [Folder | Modified Date = 2008/03/08 17:34:34 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 2008/01/26 16:10:51 | Attr = HS] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 2008/02/17 12:22:39 | Attr = ] < End of report > [/code]