[code] OTScanIt logfile created on: 03/05/2008 21:28:50 OTScanIt by OldTimer - Version 1.0.11.12 Folder = C:\Documents and Settings\user\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 479.36 Mb Total Physical Memory | 250.22 Mb Available Physical Memory | 52.20% Memory free 738.09 Mb Paging File | 256.55 Mb Available in Paging File | 34.76% Paging File free Paging file location(s): C:\pagefile.sys 336 672; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 27.35 Gb Total Space | 15.22 Gb Free Space | 55.65% Space Free | Partition Type: NTFS Drive D: | 48.97 Gb Total Space | 26.11 Gb Free Space | 53.31% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-68183406DC Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 24/03/2006 17:14:58 | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 24/03/2006 17:14:52 | Attr = ] spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 17:13:38 | Attr = ] brsvc01a.exe -> %SystemRoot%\system32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 | Attr = R ] brss01a.exe -> %SystemRoot%\system32\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 00:01:00 | Attr = R ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 31472 bytes | Modified Date = 15/06/2006 01:40:16 | Attr = ] richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 13:54:00 | Attr = ] saservice.exe -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 17/12/2007 15:58:14 | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 1805552 bytes | Modified Date = 15/06/2006 01:40:24 | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 54 | Size = 577536 bytes | Modified Date = 21/06/2006 00:42:44 | Attr = R ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 07/12/2005 22:57:00 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 24/03/2006 17:14:48 | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 124656 bytes | Modified Date = 15/06/2006 01:40:34 | Attr = ] siteadv.exe -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 13/08/2007 21:05:44 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 14/12/2007 03:42:38 | Attr = ] nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 0, 1, 5 | Size = 94208 bytes | Modified Date = 28/10/2005 16:25:44 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = HS] sistray.exe -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3750 | Size = 262144 bytes | Modified Date = 29/06/2006 03:04:38 | Attr = ] jucheck.exe -> %ProgramFiles%\Java\jre1.6.0_04\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 329104 bytes | Modified Date = 14/12/2007 03:42:37 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.12 | Size = 371712 bytes | Modified Date = 01/05/2008 16:35:22 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 07/11/2007 20:32:38 | Attr = ] (Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 | Attr = R ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 192160 bytes | Modified Date = 24/03/2006 17:14:52 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.8.3 | Size = 169632 bytes | Modified Date = 24/03/2006 17:14:58 | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 31472 bytes | Modified Date = 15/06/2006 01:40:16 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 22:26:50 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 03:24:18 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 23/02/2006 11:41:02 | Attr = ] (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 08/08/2005 13:54:00 | Attr = ] (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.4.4000 | Size = 115952 bytes | Modified Date = 15/06/2006 01:40:28 | Attr = ] (SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6253\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 17/12/2007 15:58:14 | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 24/01/2006 20:06:58 | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.7 | Size = 1160848 bytes | Modified Date = 11/04/2006 17:13:38 | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 1805552 bytes | Modified Date = 15/06/2006 01:40:24 | Attr = ] [Driver Services - Non-Microsoft Only] (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcan5wn.sys -> THOMSON [Ver = 301.0.0.12 | Size = 53600 bytes | Modified Date = 08/12/2003 11:53:48 | Attr = ] (alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\alcaudsl.sys -> THOMSON [Ver = 301.0.0.12 | Size = 70688 bytes | Modified Date = 08/12/2003 11:53:46 | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\alcxwdm.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.6120 built by: WinDDK | Size = 3972672 bytes | Modified Date = 27/06/2006 12:42:14 | Attr = R ] (AR5416) D-Link RangeBooster N Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ar5416.sys -> D-Link [Ver = 6.0.1.75 | Size = 1037088 bytes | Modified Date = 25/09/2006 06:44:12 | Attr = R ] (BANTExt) Belarc SMBios Access [Kernel | System | Running] -> %SystemRoot%\system32\drivers\BANTExt.sys -> [Ver = | Size = 3840 bytes | Modified Date = 07/04/2005 17:18:34 | Attr = ] (BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,1,1 | Size = 15263 bytes | Modified Date = 19/12/2003 21:15:50 | Attr = R ] (BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrSerIf.sys -> Brother Industries Ltd. [Ver = 1.0.1.9 built by: WinDDK | Size = 51712 bytes | Modified Date = 12/06/2004 05:27:18 | Attr = R ] (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,0,7 built by: WinDDK | Size = 11648 bytes | Modified Date = 10/01/2004 04:28:18 | Attr = R ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 20:37:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 20:37:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23/08/2001 15:00:00 | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\eengine\eectrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 22/01/2008 12:00:00 | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\eengine\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 22/01/2008 12:00:00 | Attr = ] (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFBS2S2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Modified Date = 04/08/2004 01:41:48 | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFDPSP2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Modified Date = 04/08/2004 01:41:56 | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Modified Date = 04/08/2004 01:41:56 | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080502.004\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 18/03/2008 11:00:00 | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080502.004\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 18/03/2008 11:00:00 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23/08/2001 15:00:00 | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16/02/2006 16:51:08 | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 27/02/2007 11:39:26 | Attr = ] (SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.7.1.4 | Size = 337592 bytes | Modified Date = 19/12/2005 20:41:56 | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.7.1.4 | Size = 54968 bytes | Modified Date = 19/12/2005 20:41:58 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 17/07/2004 09:06:38 | Attr = ] (SiS315) SiS315 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3750 | Size = 258560 bytes | Modified Date = 29/06/2006 05:21:38 | Attr = R ] (SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srvkp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3750 | Size = 16768 bytes | Modified Date = 28/06/2006 22:27:00 | Attr = R ] (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.00 built by: WinDDK | Size = 32256 bytes | Modified Date = 10/07/2002 18:39:34 | Attr = R ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 2.2.0.7 | Size = 389776 bytes | Modified Date = 11/04/2006 17:13:34 | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.3.1 | Size = 107696 bytes | Modified Date = 05/05/2006 16:19:50 | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 24768 bytes | Modified Date = 24/01/2006 20:06:32 | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 6.0.2.211 | Size = 195776 bytes | Modified Date = 24/01/2006 20:06:36 | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFCXTS2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Modified Date = 04/08/2004 01:41:50 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:55 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 104.0.8.3 | Size = 53408 bytes | Modified Date = 24/03/2006 17:14:48 | Attr = ] Itch ford four knob -> %AllUsersProfile%\Application Data\third lies itch ford\start amok.exe [C:\Documents and Settings\All Users\Application Data\third lies itch ford\start amok.exe] -> File not found LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 13/04/2006 11:09:00 | Attr = ] MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [Ver = | Size = 59392 bytes | Modified Date = 03/08/2004 20:01:50 | Attr = ] NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 07/12/2005 22:57:00 | Attr = ] SiSPower -> %SystemRoot%\system32\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3750 | Size = 49152 bytes | Modified Date = 28/06/2006 22:05:20 | Attr = R ] SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.exe [C:\Program Files\SiteAdvisor\6253\SiteAdv.exe] -> [Ver = | Size = 36640 bytes | Modified Date = 13/08/2007 21:05:44 | Attr = ] SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 54 | Size = 577536 bytes | Modified Date = 21/06/2006 00:42:44 | Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_04\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 144784 bytes | Modified Date = 14/12/2007 03:42:38 | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 124656 bytes | Modified Date = 15/06/2006 01:40:34 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 01/03/2007 10:37:52 | Attr = R ] BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 0, 1, 5 | Size = 94208 bytes | Modified Date = 28/10/2005 16:25:44 | Attr = ] BitDownload -> %ProgramFiles%\BitDownload\BitDownload.exe ["C:\Program Files\BitDownload\BitDownload.exe" /minimized] -> File not found SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28/01/2008 11:43:40 | Attr = HS] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Utility Tray.lnk -> %SystemRoot%\system32\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3750 | Size = 262144 bytes | Modified Date = 29/06/2006 03:04:38 | Attr = ] < user Startup Folder > -> C:\Documents and Settings\user\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.1.4.4000 | Size = 43760 bytes | Modified Date = 15/06/2006 01:40:42 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 20:29:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_DVD-ROM_SD-816B_________________H000____\5&32406926&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSAMSUNG_CD-R/RW_SW-248F_________________R602____\5&32406926&0&0.1.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 28/08/2007 16:11:14 | Attr = ] < HOSTS File > (4216 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 48 domain(s) found. -> 36 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 47 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ] {089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 05/12/2007 00:02:24 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_04\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 509328 bytes | Modified Date = 14/12/2007 03:42:36 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 05/12/2007 00:02:24 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {6DB3A339-20D2-407B-910F-16BD2DA127BC} -> (D-Link RangeBooster N) -> {929CF4A2-8728-4C77-B559-5CA5C3580528} -> (SiS 900 PCI Fast Ethernet Adapter) -> {A4E2D09B-FACD-4B2A-A588-E5DC02C7AAA9} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2t | Size = 106496 bytes | Modified Date = 04/06/2007 17:41:12 | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6253\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 05/12/2007 00:02:24 | Attr = ] skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 25/08/2007 21:54:38 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab[Java Plug-in 1.6.0_04] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 22:26:44 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 03/08/2004 22:26:44 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 03/08/2004 22:26:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 03/08/2004 22:26:46 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 03/08/2004 22:26:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 656 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 03/08/2004 22:26:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 03/08/2004 22:26:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 58 40 21 FE 8A F5 AC 53 7A DF 61 8B 6B B3 19 ED 30 33 36 34 37 36 62 37 00 FD 07 00 D6 10 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 56 EE 1C 5E 24 F6 64 8B FB 66 6A 03 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> B6 3B AA 1B 46 74 91 6A 05 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 76 4B A9 6C 84 52 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23/08/2001 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 83 2C 86 A8 F8 00 BA EB 38 7D 86 3F C1 D6 9F 77 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 5C EF 39 0C 1A AD C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 F2 64 CF 8F 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 F2 64 CF 8F 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 F2 64 CF 8F 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 22:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11480 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 03/08/2004 22:26:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 03/08/2004 22:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 03/08/2004 22:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3000 | Size = 1667584 bytes | Modified Date = 04/08/2004 01:06:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.229 | Size = 23090984 bytes | Modified Date = 25/08/2007 21:54:38 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 22:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 03/08/2004 22:26:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 03/08/2004 22:26:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 03/08/2004 22:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 03/08/2004 22:26:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 03/08/2004 22:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 03/08/2004 22:26:46 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < MountsPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d3cd4e-556e-11dc-9174-00192175f7b1}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d3cd4e-556e-11dc-9174-00192175f7b1}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31d3cd4e-556e-11dc-9174-00192175f7b1}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 01 01 FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 09 03 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\\_LabelFromReg -> Caitlin's -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\\ -> Open -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\Autoplay\\MUIVerb -> @shell32.dll -> -> File not found -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\AutoRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\AutoRun\\Extended -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\AutoRun\command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\AutoRun\command\\ -> H:\usdeiect.com [H:\usdeiect.com] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\explore\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\explore\Command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\explore\Command\\ -> H:\usdeiect.com [H:\usdeiect.com] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\open\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\open\Command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\open\Command\\ -> H:\usdeiect.com [H:\usdeiect.com] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\open\Default\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c044ebe-75b3-11dc-a015-000e507e6d13}\Shell\open\Default\\ -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53963508-5a00-11dc-9fe6-00192175f7b1}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53963508-5a00-11dc-9fe6-00192175f7b1}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\shell\Autoplay\\MUIVerb -> @shell32.dll -> -> File not found -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f5865d8-934e-11dc-a03d-00192175f7b1}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\shell\Autoplay\\MUIVerb -> @shell32.dll -> -> File not found -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b35e2c5c-5aae-11dc-9fe8-000e507e6d13}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2a-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2a-555f-11dc-a644-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2b-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2b-555f-11dc-a644-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2b-555f-11dc-a644-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF CF CF 5F 5F CF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F DF DF 5F 5F 5F 5F CF CF CF CF CF 01 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2b-555f-11dc-a644-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2b-555f-11dc-a644-806d6172696f}\_Autorun\DefaultIcon\ -> -> ** -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2b-555f-11dc-a644-806d6172696f}\_Autorun\DefaultIcon\\ -> E:\SETUP.exe -> E:\SETUP.exe -> File not found 0 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2c-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2c-555f-11dc-a644-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2d-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2d-555f-11dc-a644-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d532db2d-555f-11dc-a644-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 00 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 01 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5e-5588-11dc-9fe3-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5e-5588-11dc-9fe3-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5f-5588-11dc-9fe3-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5f-5588-11dc-9fe3-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5f-5588-11dc-9fe3-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF CF CF 5F 5F CF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F DF DF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF DF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 60 00 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5f-5588-11dc-9fe3-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5f-5588-11dc-9fe3-806d6172696f}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee087b5f-5588-11dc-9fe3-806d6172696f}\_Autorun\DefaultIcon\\ -> F:\system\autorun.ico [F:\system\autorun.ico] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2a-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2a-555f-11dc-a644-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2a-555f-11dc-a644-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2c-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2c-555f-11dc-a644-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2c-555f-11dc-a644-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2d-555f-11dc-a644-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2d-555f-11dc-a644-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d532db2d-555f-11dc-a644-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ee087b5e-5588-11dc-9fe3-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ee087b5e-5588-11dc-9fe3-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ee087b5e-5588-11dc-9fe3-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ee087b5f-5588-11dc-9fe3-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ee087b5f-5588-11dc-9fe3-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{ee087b5f-5588-11dc-9fe3-806d6172696f}\\Generation -> 1 -> [Files/Folders - Created Within 90 days] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 02/05/2008 11:06:58 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 03/05/2008 14:23:22 | Attr = HS] $$$mclip.cfg -> %SystemRoot%\System32\$$$mclip.cfg -> [Ver = | Size = 2764 bytes | Created Date = 01/03/2008 14:39:12 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 05/04/2008 09:02:11 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 05/04/2008 09:13:22 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 69632 bytes | Created Date = 05/04/2008 08:23:05 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 135168 bytes | Created Date = 05/04/2008 09:13:22 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.40.12 | Size = 139264 bytes | Created Date = 05/04/2008 09:13:22 | Attr = ] Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [Ver = | Size = 5120 bytes | Created Date = 05/04/2008 10:52:44 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 02/05/2008 11:07:54 | Attr = ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 16/04/2008 15:52:44 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 03/05/2008 12:18:23 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2549 bytes | Created Date = 16/04/2008 23:41:34 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 16/04/2008 23:41:34 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 02/05/2008 11:06:54 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 02/05/2008 17:15:45 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 02/05/2008 17:58:30 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 02/05/2008 17:16:16 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 02/05/2008 17:57:58 | Attr = ] Doc1.doc -> %UserProfile%\My Documents\Doc1.doc -> [Ver = | Size = 1674240 bytes | Created Date = 03/05/2008 20:54:32 | Attr = ] ~$Doc1.doc -> %UserProfile%\My Documents\~$Doc1.doc -> [Ver = | Size = 162 bytes | Created Date = 03/05/2008 20:54:33 | Attr = H ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 02/05/2008 17:15:46 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 02/05/2008 17:58:00 | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 02/05/2008 17:05:39 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1780380 bytes | Created Date = 02/05/2008 11:04:19 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier Hijackthis logs -> %UserProfile%\Desktop\Hijackthis logs -> [Folder | Created Date = 03/05/2008 15:31:34 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 03/05/2008 15:19:13 | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Created Date = 13/04/2008 21:01:19 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 03/05/2008 21:21:37 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 542733 bytes | Created Date = 03/05/2008 21:19:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Created Date = 02/05/2008 17:55:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier Swirls copy.jpg -> %UserProfile%\Desktop\Swirls copy.jpg -> [Ver = | Size = 5110674 bytes | Created Date = 10/04/2008 14:06:56 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 22016 bytes | Created Date = 05/04/2008 10:30:12 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable Untitled-6 copy.jpg -> %UserProfile%\Desktop\Untitled-6 copy.jpg -> [Ver = | Size = 3336122 bytes | Created Date = 10/04/2008 14:06:56 | Attr = ] ~$kbx_bc.dot -> %UserProfile%\Desktop\~$kbx_bc.dot -> [Ver = | Size = 162 bytes | Created Date = 03/05/2008 20:49:25 | Attr = H ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 02/05/2008 17:14:43 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 05/04/2008 09:11:12 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 02/05/2008 17:56:03 | Attr = ] Draw Roam Mix -> %ProgramFiles%\Draw Roam Mix -> [Folder | Created Date = 12/04/2008 13:52:46 | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 05/04/2008 09:12:28 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 02/05/2008 17:15:43 | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 02/05/2008 13:31:38 | Attr = ] RSPCA_Installer_cat.exe -> %ProgramFiles%\RSPCA_Installer_cat.exe -> [Ver = | Size = 2929367 bytes | Created Date = 10/04/2008 17:14:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %ProgramFiles%\RSPCA_Installer_cat.exe:Zone.Identifier SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 02/05/2008 17:57:58 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 03/05/2008 15:19:13 | Attr = ] [Files/Folders - Modified Within 90 days] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 03/05/2008 15:19:13 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 03/05/2008 12:18:17 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 03/05/2008 14:23:22 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 03/05/2008 12:18:23 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 02/05/2008 11:36:57 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 4216 bytes | Modified Date = 02/05/2008 11:36:57 | Attr = R ] hosts.20080417-000421.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080417-000421.backup -> [Ver = | Size = 180860 bytes | Modified Date = 12/04/2008 13:54:32 | Attr = ] hosts.20080502-113657.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080502-113657.backup -> [Ver = | Size = 241949 bytes | Modified Date = 17/04/2008 00:04:59 | Attr = ] hosts.qav -> %SystemRoot%\System32\drivers\etc\hosts.qav -> [Ver = | Size = 241949 bytes | Modified Date = 17/04/2008 00:04:59 | Attr = ] $$$mclip.cfg -> %SystemRoot%\System32\$$$mclip.cfg -> [Ver = | Size = 2764 bytes | Modified Date = 01/03/2008 14:39:12 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 05/04/2008 09:02:11 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 03/05/2008 12:16:42 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 03/05/2008 12:09:57 | Attr = ] Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 05/04/2008 10:52:44 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 02/05/2008 10:35:56 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 03/05/2008 15:34:36 | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 02/05/2008 13:30:19 | Attr = S] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 02/05/2008 11:07:54 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 02/05/2008 13:31:38 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 02/05/2008 17:58:04 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 16/04/2008 15:52:45 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 03/05/2008 15:41:27 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 492 bytes | Modified Date = 03/03/2008 15:15:33 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 03/05/2008 21:21:25 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 05/04/2008 10:52:40 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 435 bytes | Modified Date = 03/05/2008 12:13:36 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 03/05/2008 12:18:30 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 25/04/2008 14:38:55 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 03/05/2008 15:43:20 | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 44544 bytes | Modified Date = 03/05/2008 15:41:27 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2549 bytes | Modified Date = 16/04/2008 23:41:41 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 16/04/2008 23:38:30 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 05/04/2008 10:52:45 | Attr = R ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 03/05/2008 15:34:51 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 06/04/2008 15:32:08 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4096 bytes | Modified Date = 06/04/2008 18:32:29 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4096 bytes | Modified Date = 06/04/2008 18:32:29 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 28/08/2007 18:18:43 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 28/08/2007 18:18:43 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 02/05/2008 17:15:45 | Attr = ] SiteAdvisor -> %AllUsersProfile%\Application Data\SiteAdvisor -> [Folder | Modified Date = 03/05/2008 11:05:11 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 16/04/2008 23:56:55 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/05/2008 17:58:30 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 02/05/2008 17:16:16 | Attr = ] SiteAdvisor -> %AppData%\SiteAdvisor -> [Folder | Modified Date = 22/04/2008 20:17:52 | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 16/04/2008 23:05:40 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/05/2008 17:57:58 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1644080 bytes | Modified Date = 14/02/2008 17:31:52 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 16/04/2008 19:20:26 | Attr = ] Doc1.doc -> %UserProfile%\My Documents\Doc1.doc -> [Ver = | Size = 1674240 bytes | Modified Date = 03/05/2008 20:54:33 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 08/02/2008 20:25:25 | Attr = R ] ~$Doc1.doc -> %UserProfile%\My Documents\~$Doc1.doc -> [Ver = | Size = 162 bytes | Modified Date = 03/05/2008 20:54:33 | Attr = H ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 02/05/2008 17:15:46 | Attr = ] Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [Ver = | Size = 2257 bytes | Modified Date = 16/04/2008 17:24:08 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 02/05/2008 17:58:00 | Attr = ] Thumbs.db -> %AllUsersProfile%\Desktop\Thumbs.db -> [Ver = | Size = 6144 bytes | Modified Date = 02/05/2008 21:30:31 | Attr = HS] @Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Desktop\Thumbs.db:encryptable ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 02/05/2008 17:05:41 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1780380 bytes | Modified Date = 02/05/2008 11:04:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier DESS NEWSLETTER -> %UserProfile%\Desktop\DESS NEWSLETTER -> [Folder | Modified Date = 02/05/2008 17:52:56 | Attr = ] Hijackthis logs -> %UserProfile%\Desktop\Hijackthis logs -> [Folder | Modified Date = 03/05/2008 20:48:34 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 03/05/2008 15:19:14 | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 13/04/2008 21:01:30 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 03/05/2008 21:21:37 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 542733 bytes | Modified Date = 03/05/2008 21:19:36 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 16/04/2008 23:51:52 | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 02/05/2008 17:55:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SUPERAntiSpyware.exe:Zone.Identifier Swirls copy.jpg -> %UserProfile%\Desktop\Swirls copy.jpg -> [Ver = | Size = 5110674 bytes | Modified Date = 10/04/2008 14:00:16 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 22016 bytes | Modified Date = 03/05/2008 15:46:51 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable Untitled-6 copy.jpg -> %UserProfile%\Desktop\Untitled-6 copy.jpg -> [Ver = | Size = 3336122 bytes | Modified Date = 10/04/2008 13:58:24 | Attr = ] ~$kbx_bc.dot -> %UserProfile%\Desktop\~$kbx_bc.dot -> [Ver = | Size = 162 bytes | Modified Date = 03/05/2008 20:49:25 | Attr = H ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 02/05/2008 17:14:43 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 05/04/2008 09:11:12 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 02/05/2008 17:56:03 | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] Application Data -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 02/05/2008 22:31:51 | Attr = RH ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 07/11/2007 20:33:59 | Attr = ] Product licenses -> C:\Documents and Settings\All Users\Application Data\Adobe Systems\Product licenses -> [Folder | Modified Date = 07/11/2007 20:33:59 | Attr = ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 07/11/2007 20:29:42 | Attr = ] Acrobat -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 12/09/2007 10:10:18 | Attr = ] 8.0 -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0 -> [Folder | Modified Date = 12/09/2007 10:10:18 | Attr = ] Replicate -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate -> [Folder | Modified Date = 12/09/2007 10:10:18 | Attr = ] Security -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate\Security -> [Folder | Modified Date = 12/09/2007 10:10:18 | Attr = ] Photoshop Album -> C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album -> [Folder | Modified Date = 24/09/2007 11:23:38 | Attr = ] 3.2 -> C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\3.2 -> [Folder | Modified Date = 03/10/2007 19:53:06 | Attr = ] Catalog Folders -> C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\Catalog Folders -> [Folder | Modified Date = 24/09/2007 11:21:55 | Attr = ] My Catalog -> C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\Catalog Folders\My Catalog -> [Folder | Modified Date = 24/09/2007 11:21:55 | Attr = ] Catalogs -> C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\Catalogs -> [Folder | Modified Date = 03/10/2007 19:45:43 | Attr = ] Updater -> C:\Documents and Settings\All Users\Application Data\Adobe\Updater -> [Folder | Modified Date = 16/04/2008 23:14:19 | Attr = ] Certs -> C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs -> [Folder | Modified Date = 07/11/2007 22:14:34 | Attr = ] Updater5 -> C:\Documents and Settings\All Users\Application Data\Adobe\Updater5 -> [Folder | Modified Date = 03/10/2007 19:52:58 | Attr = ] Bitstream Font Navigator -> C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator -> [Folder | Modified Date = 03/09/2007 15:17:35 | Attr = ] Cache -> C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator\Cache -> [Folder | Modified Date = 03/09/2007 15:17:35 | Attr = ] Data_NT -> C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator\Data_NT -> [Folder | Modified Date = 03/09/2007 15:24:05 | Attr = ] Groups -> C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator\Groups -> [Folder | Modified Date = 03/09/2007 15:17:35 | Attr = ] CA -> C:\Documents and Settings\All Users\Application Data\CA -> [Folder | Modified Date = 07/11/2007 20:52:34 | Attr = ] CAFW -> C:\Documents and Settings\All Users\Application Data\CA\CAFW -> [Folder | Modified Date = 04/09/2007 07:07:02 | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 03/09/2007 12:57:43 | Attr = ] Custom Buttons -> C:\Documents and Settings\All Users\Application Data\Google\Custom Buttons -> [Folder | Modified Date = 03/09/2007 12:45:45 | Attr = ] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [Folder | Modified Date = 02/05/2008 17:15:45 | Attr = ] Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 02/05/2008 20:38:37 | Attr = ] McAfee -> C:\Documents and Settings\All Users\Application Data\McAfee -> [Folder | Modified Date = 04/09/2007 11:23:24 | Attr = ] MCLOGS -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS -> [Folder | Modified Date = 29/11/2007 13:37:48 | Attr = ] MISP -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\MISP -> [Folder | Modified Date = 04/09/2007 11:23:25 | Attr = ] SAService -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\MISP\SAService -> [Folder | Modified Date = 23/09/2007 08:24:13 | Attr = ] SaSync -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SaSync -> [Folder | Modified Date = 29/11/2007 13:37:48 | Attr = ] SaSync -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\SaSync\SaSync -> [Folder | Modified Date = 29/11/2007 13:37:49 | Attr = ] TestResult -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\TestResult -> [Folder | Modified Date = 04/09/2007 11:23:24 | Attr = ] SAService -> C:\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\TestResult\SAService -> [Folder | Modified Date = 04/09/2007 11:23:24 | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 07/11/2007 19:31:57 | Attr = S] Crypto -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] DSS -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] MachineKeys -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] RSA -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 28/08/2007 16:17:13 | Attr = S] MachineKeys -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] S-1-5-18 -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 -> [Folder | Modified Date = 07/11/2007 20:50:05 | Attr = S] Dr Watson -> C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson -> [Folder | Modified Date = 10/09/2007 20:01:42 | Attr = ] Encarta Reference Library -> C:\Documents and Settings\All Users\Application Data\Microsoft\Encarta Reference Library -> [Folder | Modified Date = 28/08/2007 19:35:10 | Attr = ] 2007 -> C:\Documents and Settings\All Users\Application Data\Microsoft\Encarta Reference Library\2007 -> [Folder | Modified Date = 28/08/2007 19:35:10 | Attr = ] A -> C:\Documents and Settings\All Users\Application Data\Microsoft\Encarta Reference Library\2007\A -> [Folder | Modified Date = 28/08/2007 19:35:10 | Attr = ] Updates -> C:\Documents and Settings\All Users\Application Data\Microsoft\Encarta Reference Library\2007\A\Updates -> [Folder | Modified Date = 10/04/2008 17:35:06 | Attr = ] Encarta Web Companion -> C:\Documents and Settings\All Users\Application Data\Microsoft\Encarta Web Companion -> [Folder | Modified Date = 28/08/2007 19:35:09 | Attr = ] 2007 -> C:\Documents and Settings\All Users\Application Data\Microsoft\Encarta Web Companion\2007 -> [Folder | Modified Date = 28/08/2007 19:35:10 | Attr = ] HTML Help -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 28/08/2007 16:11:39 | Attr = ] Media Index -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index -> [Folder | Modified Date = 28/08/2007 16:11:02 | Attr = ] Media Player -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 28/08/2007 16:11:09 | Attr = ] MSDAIPP -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP -> [Folder | Modified Date = 28/08/2007 17:54:04 | Attr = ] OFFLINE -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\OFFLINE -> [Folder | Modified Date = 28/08/2007 17:54:04 | Attr = ] Network -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network -> [Folder | Modified Date = 06/04/2008 15:32:08 | Attr = ] Connections -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections -> [Folder | Modified Date = 28/08/2007 16:05:01 | Attr = ] Cm -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm -> [Folder | Modified Date = 28/08/2007 16:05:01 | Attr = ] Pbk -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk -> [Folder | Modified Date = 28/08/2007 16:25:49 | Attr = ] Downloader -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 06/04/2008 15:32:08 | Attr = ] OFFICE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE -> [Folder | Modified Date = 28/08/2007 17:54:04 | Attr = ] DATA -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 28/08/2007 18:18:43 | Attr = ] Provisioning -> C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning -> [Folder | Modified Date = 07/11/2007 19:31:57 | Attr = ] User Account Pictures -> C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures -> [Folder | Modified Date = 02/05/2008 22:18:25 | Attr = ] Default Pictures -> C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures -> [Folder | Modified Date = 28/08/2007 16:07:51 | Attr = ] SiteAdvisor -> C:\Documents and Settings\All Users\Application Data\SiteAdvisor -> [Folder | Modified Date = 03/05/2008 11:05:11 | Attr = ] Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [Folder | Modified Date = 03/09/2007 13:00:25 | Attr = ] {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> C:\Documents and Settings\All Users\Application Data\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> [Folder | Modified Date = 03/09/2007 12:59:57 | Attr = ] Pictures -> C:\Documents and Settings\All Users\Application Data\Skype\Pictures -> [Folder | Modified Date = 03/09/2007 13:00:25 | Attr = ] Plugins -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins -> [Folder | Modified Date = 03/09/2007 17:35:50 | Attr = ] Local Cache -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache -> [Folder | Modified Date = 03/09/2007 13:00:27 | Attr = ] Categories -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\Categories -> [Folder | Modified Date = 03/09/2007 13:00:27 | Attr = ] Plugins -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins -> [Folder | Modified Date = 12/04/2008 13:25:42 | Attr = ] F57B48ADF2224F088EDD1A2B9BAD84E8 -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8 -> [Folder | Modified Date = 03/09/2007 13:02:47 | Attr = ] Games -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games -> [Folder | Modified Date = 12/04/2008 13:26:37 | Attr = ] Local Cache -> C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache -> [Folder | Modified Date = 12/04/2008 13:26:55 | Attr = ] Wallpapers -> C:\Documents and Settings\All Users\Application Data\Skype\Wallpapers -> [Folder | Modified Date = 03/09/2007 13:00:25 | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 16/04/2008 23:56:55 | Attr = ] Backups -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups -> [Folder | Modified Date = 16/09/2007 15:17:15 | Attr = ] Excludes -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes -> [Folder | Modified Date = 16/09/2007 16:12:40 | Attr = ] Logs -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs -> [Folder | Modified Date = 02/05/2008 13:03:13 | Attr = ] Recovery -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery -> [Folder | Modified Date = 17/04/2008 06:47:48 | Attr = ] Snapshots -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots -> [Folder | Modified Date = 16/04/2008 23:56:55 | Attr = ] Snapshots2 -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 -> [Folder | Modified Date = 02/05/2008 11:06:12 | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/05/2008 17:58:30 | Attr = ] SUPERAntiSpyware -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware -> [Folder | Modified Date = 02/05/2008 17:58:30 | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 07/11/2007 20:56:32 | Attr = ] Common Client -> C:\Documents and Settings\All Users\Application Data\Symantec\Common Client -> [Folder | Modified Date = 03/05/2008 15:34:49 | Attr = ] Temp -> C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Temp -> [Folder | Modified Date = 07/11/2007 20:56:15 | Attr = ] LiveUpdate -> C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate -> [Folder | Modified Date = 02/05/2008 21:22:53 | Attr = ] Downloads -> C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads -> [Folder | Modified Date = 02/05/2008 21:22:53 | Attr = ] Symantec AntiVirus Corporate Edition -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition -> [Folder | Modified Date = 07/11/2007 20:56:15 | Attr = ] 7.5 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 -> [Folder | Modified Date = 03/05/2008 15:40:41 | Attr = ] APTemp -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp -> [Folder | Modified Date = 30/01/2008 19:00:05 | Attr = ] BadPatts -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\BadPatts -> [Folder | Modified Date = 07/11/2007 20:56:15 | Attr = ] I2_LDVP.TMP -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.TMP -> [Folder | Modified Date = 03/05/2008 15:40:41 | Attr = ] I2_LDVP.VDB -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB -> [Folder | Modified Date = 07/11/2007 20:56:15 | Attr = ] Logs -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs -> [Folder | Modified Date = 03/05/2008 11:05:58 | Attr = ] Quarantine -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine -> [Folder | Modified Date = 02/05/2008 20:58:19 | Attr = ] 09D40000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09D40000 -> [Folder | Modified Date = 02/05/2008 20:58:20 | Attr = ] 0B400000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B400000 -> [Folder | Modified Date = 02/05/2008 19:44:23 | Attr = ] 0B500000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B500000 -> [Folder | Modified Date = 08/12/2007 19:47:16 | Attr = ] 0B580000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B580000 -> [Folder | Modified Date = 02/05/2008 16:41:52 | Attr = ] 0BD80000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BD80000 -> [Folder | Modified Date = 30/01/2008 19:00:05 | Attr = ] 0C880000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C880000 -> [Folder | Modified Date = 02/05/2008 15:08:08 | Attr = ] 0ED80000 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0ED80000 -> [Folder | Modified Date = 25/04/2008 14:40:17 | Attr = ] xfer_tmp -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp -> [Folder | Modified Date = 07/11/2007 20:56:15 | Attr = ] Application Data -> C:\Documents and Settings\user\Application Data -> [Folder | Modified Date = 02/05/2008 22:31:25 | Attr = H ] Adobe -> C:\Documents and Settings\user\Application Data\Adobe -> [Folder | Modified Date = 10/11/2007 19:39:43 | Attr = ] Acrobat -> C:\Documents and Settings\user\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 12/09/2007 10:14:46 | Attr = ] 8.0 -> C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0 -> [Folder | Modified Date = 11/10/2007 09:22:52 | Attr = ] Collab -> C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\Collab -> [Folder | Modified Date = 12/09/2007 10:15:01 | Attr = ] JavaScripts -> C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\JavaScripts -> [Folder | Modified Date = 24/09/2007 12:56:48 | Attr = ] Preferences -> C:\Documents and Settings\user\Application Data\Adobe\Acrobat\8.0\Preferences -> [Folder | Modified Date = 12/09/2007 10:15:01 | Attr = ] Color -> C:\Documents and Settings\user\Application Data\Adobe\Color -> [Folder | Modified Date = 10/11/2007 19:35:06 | Attr = ] Proofing -> C:\Documents and Settings\user\Application Data\Adobe\Color\Proofing -> [Folder | Modified Date = 10/11/2007 19:35:06 | Attr = ] Settings -> C:\Documents and Settings\user\Application Data\Adobe\Color\Settings -> [Folder | Modified Date = 10/11/2007 19:35:06 | Attr = ] ImageReady -> C:\Documents and Settings\user\Application Data\Adobe\ImageReady -> [Folder | Modified Date = 03/09/2007 16:51:20 | Attr = ] CSME -> C:\Documents and Settings\user\Application Data\Adobe\ImageReady\CSME -> [Folder | Modified Date = 03/09/2007 16:51:20 | Attr = ] Settings -> C:\Documents and Settings\user\Application Data\Adobe\ImageReady\CSME\Settings -> [Folder | Modified Date = 13/09/2007 17:38:22 | Attr = ] ImageReady Actions -> C:\Documents and Settings\user\Application Data\Adobe\ImageReady\CSME\Settings\ImageReady Actions -> [Folder | Modified Date = 03/09/2007 16:51:35 | Attr = ] Workspaces -> C:\Documents and Settings\user\Application Data\Adobe\ImageReady\CSME\Settings\Workspaces -> [Folder | Modified Date = 03/09/2007 16:51:35 | Attr = ] Linguistics -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics -> [Folder | Modified Date = 12/09/2007 10:15:23 | Attr = ] Dictionaries -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries -> [Folder | Modified Date = 12/09/2007 10:15:23 | Attr = ] Adobe Custom Dictionary -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary -> [Folder | Modified Date = 25/09/2007 15:41:34 | Attr = ] all -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all -> [Folder | Modified Date = 12/09/2007 10:15:23 | Attr = ] brt -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt -> [Folder | Modified Date = 12/09/2007 10:15:27 | Attr = ] brz -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz -> [Folder | Modified Date = 24/09/2007 12:57:37 | Attr = ] bul -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul -> [Folder | Modified Date = 24/09/2007 12:57:39 | Attr = ] can -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can -> [Folder | Modified Date = 12/09/2007 10:15:27 | Attr = ] cfr -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr -> [Folder | Modified Date = 24/09/2007 12:57:37 | Attr = ] ctl -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl -> [Folder | Modified Date = 24/09/2007 12:57:38 | Attr = ] cze -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze -> [Folder | Modified Date = 24/09/2007 12:57:39 | Attr = ] dan -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan -> [Folder | Modified Date = 24/09/2007 12:57:35 | Attr = ] dut -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut -> [Folder | Modified Date = 24/09/2007 12:57:36 | Attr = ] eng -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng -> [Folder | Modified Date = 12/09/2007 10:15:26 | Attr = ] est -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est -> [Folder | Modified Date = 25/09/2007 15:41:33 | Attr = ] fin -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin -> [Folder | Modified Date = 24/09/2007 12:57:38 | Attr = ] frn -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn -> [Folder | Modified Date = 24/09/2007 12:57:34 | Attr = ] gre -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre -> [Folder | Modified Date = 25/09/2007 15:41:31 | Attr = ] grm -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm -> [Folder | Modified Date = 24/09/2007 12:57:33 | Attr = ] hrv -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv -> [Folder | Modified Date = 25/09/2007 15:41:33 | Attr = ] hun -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun -> [Folder | Modified Date = 25/09/2007 15:41:32 | Attr = ] itl -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl -> [Folder | Modified Date = 24/09/2007 12:57:34 | Attr = ] lav -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav -> [Folder | Modified Date = 25/09/2007 15:41:34 | Attr = ] lit -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit -> [Folder | Modified Date = 25/09/2007 15:41:34 | Attr = ] nrw -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw -> [Folder | Modified Date = 24/09/2007 12:57:36 | Attr = ] nyn -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn -> [Folder | Modified Date = 24/09/2007 12:57:38 | Attr = ] pol -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol -> [Folder | Modified Date = 24/09/2007 12:57:40 | Attr = ] prt -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt -> [Folder | Modified Date = 24/09/2007 12:57:36 | Attr = ] rum -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum -> [Folder | Modified Date = 25/09/2007 15:41:31 | Attr = ] rus -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus -> [Folder | Modified Date = 24/09/2007 12:57:39 | Attr = ] sgr -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr -> [Folder | Modified Date = 24/09/2007 12:57:37 | Attr = ] slo -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo -> [Folder | Modified Date = 25/09/2007 15:41:33 | Attr = ] slv -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv -> [Folder | Modified Date = 25/09/2007 15:41:34 | Attr = ] spn -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn -> [Folder | Modified Date = 24/09/2007 12:57:34 | Attr = ] swd -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd -> [Folder | Modified Date = 24/09/2007 12:57:35 | Attr = ] tur -> C:\Documents and Settings\user\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur -> [Folder | Modified Date = 25/09/2007 15:41:32 | Attr = ] Online Services -> C:\Documents and Settings\user\Application Data\Adobe\Online Services -> [Folder | Modified Date = 24/09/2007 11:22:10 | Attr = ] Photoshop Album Starter Edition -> C:\Documents and Settings\user\Application Data\Adobe\Online Services\Photoshop Album Starter Edition -> [Folder | Modified Date = 24/09/2007 11:22:10 | Attr = ] cache -> C:\Documents and Settings\user\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\cache -> [Folder | Modified Date = 24/09/2007 11:24:26 | Attr = ] clients -> C:\Documents and Settings\user\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients -> [Folder | Modified Date = 24/09/2007 11:22:10 | Attr = ] Photoshop Album Starter Edition -> C:\Documents and Settings\user\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients\Photoshop Album Starter Edition -> [Folder | Modified Date = 24/09/2007 11:24:26 | Attr = ] sessions -> C:\Documents and Settings\user\Application Data\Adobe\Online Services\Photoshop Album Starter Edition\clients\Photoshop Album Starter Edition\sessions -> [Folder | Modified Date = 24/09/2007 11:22:10 | Attr = ] Photoshop Album -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop Album -> [Folder | Modified Date = 24/09/2007 00:27:12 | Attr = ] 3.2 -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop Album\3.2 -> [Folder | Modified Date = 24/09/2007 11:24:26 | Attr = ] Photoshop -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop -> [Folder | Modified Date = 10/11/2007 19:34:21 | Attr = ] 8.0 ME -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop\8.0 ME -> [Folder | Modified Date = 28/08/2007 19:51:37 | Attr = ] Adobe Photoshop CS Settings -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop\8.0 ME\Adobe Photoshop CS Settings -> [Folder | Modified Date = 05/11/2007 16:05:48 | Attr = ] WorkSpaces -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop\8.0 ME\Adobe Photoshop CS Settings\WorkSpaces -> [Folder | Modified Date = 28/08/2007 19:52:04 | Attr = ] 9.0 -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop\9.0 -> [Folder | Modified Date = 10/11/2007 19:34:21 | Attr = ] Adobe Photoshop CS2 Settings -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop\9.0\Adobe Photoshop CS2 Settings -> [Folder | Modified Date = 16/04/2008 23:14:37 | Attr = ] WorkSpaces -> C:\Documents and Settings\user\Application Data\Adobe\Photoshop\9.0\Adobe Photoshop CS2 Settings\WorkSpaces -> [Folder | Modified Date = 10/11/2007 19:34:55 | Attr = ] Save For Web -> C:\Documents and Settings\user\Application Data\Adobe\Save For Web -> [Folder | Modified Date = 12/09/2007 15:14:31 | Attr = ] 8.0 ME -> C:\Documents and Settings\user\Application Data\Adobe\Save For Web\8.0 ME -> [Folder | Modified Date = 12/09/2007 15:19:13 | Attr = ] Updater -> C:\Documents and Settings\user\Application Data\Adobe\Updater -> [Folder | Modified Date = 16/04/2008 17:28:30 | Attr = ] Data -> C:\Documents and Settings\user\Application Data\Adobe\Updater\Data -> [Folder | Modified Date = 16/04/2008 17:28:27 | Attr = ] Workflow -> C:\Documents and Settings\user\Application Data\Adobe\Workflow -> [Folder | Modified Date = 13/11/2007 12:16:44 | Attr = ] XMP -> C:\Documents and Settings\user\Application Data\Adobe\XMP -> [Folder | Modified Date = 23/09/2007 11:22:21 | Attr = ] Custom File Info Panels -> C:\Documents and Settings\user\Application Data\Adobe\XMP\Custom File Info Panels -> [Folder | Modified Date = 23/09/2007 11:22:21 | Attr = ] Ahead -> C:\Documents and Settings\user\Application Data\Ahead -> [Folder | Modified Date = 28/08/2007 17:47:32 | Attr = ] Nero BackItUp -> C:\Documents and Settings\user\Application Data\Ahead\Nero BackItUp -> [Folder | Modified Date = 28/08/2007 17:47:32 | Attr = ] Cache -> C:\Documents and Settings\user\Application Data\Ahead\Nero BackItUp\Cache -> [Folder | Modified Date = 28/08/2007 17:47:32 | Attr = ] Brother -> C:\Documents and Settings\user\Application Data\Brother -> [Folder | Modified Date = 04/10/2007 08:08:01 | Attr = R ] PrtDrv -> C:\Documents and Settings\user\Application Data\Brother\PrtDrv -> [Folder | Modified Date = 04/10/2007 08:08:01 | Attr = R ] Canon -> C:\Documents and Settings\user\Application Data\Canon -> [Folder | Modified Date = 19/09/2007 08:05:15 | Attr = ] Genzo -> C:\Documents and Settings\user\Application Data\Canon\Genzo -> [Folder | Modified Date = 23/09/2007 09:51:22 | Attr = ] CopyTrans -> C:\Documents and Settings\user\Application Data\CopyTrans -> [Folder | Modified Date = 16/09/2007 08:51:12 | Attr = ] Logs -> C:\Documents and Settings\user\Application Data\CopyTrans\Logs -> [Folder | Modified Date = 16/09/2007 08:47:13 | Attr = ] Corel -> C:\Documents and Settings\user\Application Data\Corel -> [Folder | Modified Date = 03/09/2007 15:15:31 | Attr = ] Graphics11 -> C:\Documents and Settings\user\Application Data\Corel\Graphics11 -> [Folder | Modified Date = 20/10/2007 14:11:17 | Attr = ] PaperTypes -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\PaperTypes -> [Folder | Modified Date = 20/10/2007 14:11:13 | Attr = ] User Color -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Color -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] User Config -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Config -> [Folder | Modified Date = 18/09/2007 21:20:24 | Attr = ] User CorelPHOTO-PAINT -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User CorelPHOTO-PAINT -> [Folder | Modified Date = 20/10/2007 14:08:10 | Attr = ] User Brushtxr -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User CorelPHOTO-PAINT\User Brushtxr -> [Folder | Modified Date = 20/10/2007 14:08:10 | Attr = ] User Presets -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User CorelPHOTO-PAINT\User Presets -> [Folder | Modified Date = 18/09/2007 21:20:16 | Attr = ] User Brush -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User CorelPHOTO-PAINT\User Presets\User Brush -> [Folder | Modified Date = 18/09/2007 21:20:16 | Attr = ] User Dropshadow -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User CorelPHOTO-PAINT\User Presets\User Dropshadow -> [Folder | Modified Date = 18/09/2007 21:20:16 | Attr = ] User Custom Data -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data -> [Folder | Modified Date = 03/11/2007 13:24:57 | Attr = ] Palettes -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes -> [Folder | Modified Date = 18/09/2007 21:20:23 | Attr = ] CMYK -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\CMYK -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] Misc -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\CMYK\Misc -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] Nature -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\CMYK\Nature -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] People -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\CMYK\People -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] Things -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\CMYK\Things -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] RGB -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\RGB -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] Misc -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\RGB\Misc -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] Nature -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\RGB\Nature -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] People -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\RGB\People -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] Things -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Custom Data\Palettes\RGB\Things -> [Folder | Modified Date = 03/09/2007 15:15:34 | Attr = ] User Draw -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Draw -> [Folder | Modified Date = 20/10/2007 14:11:32 | Attr = ] Presets -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Draw\Presets -> [Folder | Modified Date = 20/10/2007 14:11:24 | Attr = ] HTML Export -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Draw\Presets\HTML Export -> [Folder | Modified Date = 20/10/2007 14:11:24 | Attr = ] TextOnPath -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Draw\Presets\TextOnPath -> [Folder | Modified Date = 20/10/2007 14:11:24 | Attr = ] User Workspace -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace -> [Folder | Modified Date = 20/10/2007 14:11:25 | Attr = ] Corel PHOTO-PAINT11 -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Corel PHOTO-PAINT11 -> [Folder | Modified Date = 18/09/2007 21:20:15 | Attr = ] _default -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Corel PHOTO-PAINT11\_default -> [Folder | Modified Date = 20/10/2007 14:05:26 | Attr = ] adobe(r)photoshop(r) -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Corel PHOTO-PAINT11\adobe(r)photoshop(r) -> [Folder | Modified Date = 18/09/2007 21:20:14 | Attr = ] Corel PHOTO-PAINT 10 -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Corel PHOTO-PAINT11\Corel PHOTO-PAINT 10 -> [Folder | Modified Date = 18/09/2007 21:20:14 | Attr = ] Picture Publisher(R) 10 -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Corel PHOTO-PAINT11\Picture Publisher(R) 10 -> [Folder | Modified Date = 18/09/2007 21:20:15 | Attr = ] CorelDRAW11 -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\CorelDRAW11 -> [Folder | Modified Date = 20/10/2007 14:11:13 | Attr = ] _default -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\CorelDRAW11\_default -> [Folder | Modified Date = 20/10/2007 14:16:12 | Attr = ] Adobe(R)Illustrator(R) -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\CorelDRAW11\Adobe(R)Illustrator(R) -> [Folder | Modified Date = 20/10/2007 14:11:13 | Attr = ] Trace11 -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Trace11 -> [Folder | Modified Date = 20/10/2007 14:11:25 | Attr = ] _default -> C:\Documents and Settings\user\Application Data\Corel\Graphics11\User Workspace\Trace11\_default -> [Folder | Modified Date = 20/10/2007 14:15:23 | Attr = ] Google -> C:\Documents and Settings\user\Application Data\Google -> [Folder | Modified Date = 28/08/2007 19:17:19 | Attr = ] GoogleEarth -> C:\Documents and Settings\user\Application Data\Google\GoogleEarth -> [Folder | Modified Date = 20/09/2007 22:33:12 | Attr = ] Help -> C:\Documents and Settings\user\Application Data\Help -> [Folder | Modified Date = 05/09/2007 10:49:40 | Attr = ] Identities -> C:\Documents and Settings\user\Application Data\Identities -> [Folder | Modified Date = 28/08/2007 16:18:25 | Attr = ] {4079A860-697F-43AE-B1CD-14D5C77E1EAD} -> C:\Documents and Settings\user\Application Data\Identities\{4079A860-697F-43AE-B1CD-14D5C77E1EAD} -> [Folder | Modified Date = 28/08/2007 16:18:25 | Attr = ] Leadertech -> C:\Documents and Settings\user\Application Data\Leadertech -> [Folder | Modified Date = 03/10/2007 19:52:46 | Attr = ] PowerRegister -> C:\Documents and Settings\user\Application Data\Leadertech\PowerRegister -> [Folder | Modified Date = 03/10/2007 19:52:46 | Attr = ] Macromedia -> C:\Documents and Settings\user\Application Data\Macromedia -> [Folder | Modified Date = 14/09/2007 13:18:44 | Attr = ] Flash Player -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 03/09/2007 17:00:48 | Attr = ] #SharedObjects -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 03/09/2007 17:00:48 | Attr = ] V87VY8B7 -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7 -> [Folder | Modified Date = 02/05/2008 11:10:48 | Attr = ] adcontent.videoegg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\adcontent.videoegg.com -> [Folder | Modified Date = 17/09/2007 22:07:44 | Attr = ] atdmt.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\atdmt.com -> [Folder | Modified Date = 26/10/2007 19:18:43 | Attr = ] barbie.everythinggirl.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\barbie.everythinggirl.com -> [Folder | Modified Date = 14/11/2007 15:33:50 | Attr = ] activities -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\barbie.everythinggirl.com\activities -> [Folder | Modified Date = 14/11/2007 14:43:38 | Attr = ] fashion -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\barbie.everythinggirl.com\activities\fashion -> [Folder | Modified Date = 14/11/2007 14:43:38 | Attr = ] styledbyme -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\barbie.everythinggirl.com\activities\fashion\styledbyme -> [Folder | Modified Date = 14/11/2007 14:43:38 | Attr = ] styledbyme.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\barbie.everythinggirl.com\activities\fashion\styledbyme\styledbyme.swf -> [Folder | Modified Date = 14/11/2007 14:43:38 | Attr = ] battleon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\battleon.com -> [Folder | Modified Date = 18/04/2008 18:51:48 | Attr = ] bbc.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\bbc.co.uk -> [Folder | Modified Date = 11/04/2008 10:44:44 | Attr = ] food -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\bbc.co.uk\food -> [Folder | Modified Date = 11/04/2008 10:44:44 | Attr = ] bin.clearspring.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\bin.clearspring.com -> [Folder | Modified Date = 12/11/2007 19:10:43 | Attr = ] cdn.mileyworld.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cdn.mileyworld.com -> [Folder | Modified Date = 14/11/2007 16:47:25 | Attr = ] cdn.stardoll.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cdn.stardoll.com -> [Folder | Modified Date = 17/11/2007 11:16:49 | Attr = ] flash -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cdn.stardoll.com\flash -> [Folder | Modified Date = 17/11/2007 11:18:11 | Attr = ] medoll -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cdn.stardoll.com\flash\medoll -> [Folder | Modified Date = 17/11/2007 11:18:11 | Attr = ] me_doll.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cdn.stardoll.com\flash\medoll\me_doll.swf -> [Folder | Modified Date = 30/01/2008 18:46:34 | Attr = ] starPlaza.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cdn.stardoll.com\flash\starPlaza.swf -> [Folder | Modified Date = 30/01/2008 17:23:44 | Attr = ] clubpenguin.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\clubpenguin.com -> [Folder | Modified Date = 25/04/2008 23:07:38 | Attr = ] cosmos.bcst.yahoo.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\cosmos.bcst.yahoo.com -> [Folder | Modified Date = 20/10/2007 14:28:56 | Attr = ] dragonfable.battleon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\dragonfable.battleon.com -> [Folder | Modified Date = 07/10/2007 14:53:17 | Attr = ] game -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\dragonfable.battleon.com\game -> [Folder | Modified Date = 05/09/2007 15:37:35 | Attr = ] gamefiles -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\dragonfable.battleon.com\game\gamefiles -> [Folder | Modified Date = 05/09/2007 15:37:35 | Attr = ] IGA -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\dragonfable.battleon.com\game\gamefiles\IGA -> [Folder | Modified Date = 22/09/2007 14:15:43 | Attr = ] AdViewer.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\dragonfable.battleon.com\game\gamefiles\IGA\AdViewer.swf -> [Folder | Modified Date = 05/09/2007 15:37:35 | Attr = ] IGAViewer.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\dragonfable.battleon.com\game\gamefiles\IGA\IGAViewer.swf -> [Folder | Modified Date = 22/09/2007 14:15:43 | Attr = ] earth.google.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\earth.google.com -> [Folder | Modified Date = 22/09/2007 23:18:44 | Attr = ] datastore.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\earth.google.com\datastore.swf -> [Folder | Modified Date = 22/09/2007 23:18:44 | Attr = ] ebilgames.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ebilgames.com -> [Folder | Modified Date = 16/02/2008 20:55:20 | Attr = ] games -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ebilgames.com\games -> [Folder | Modified Date = 16/02/2008 20:55:20 | Attr = ] moglinpunter -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ebilgames.com\games\moglinpunter -> [Folder | Modified Date = 16/02/2008 20:55:20 | Attr = ] MoglinPunter_V10.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ebilgames.com\games\moglinpunter\MoglinPunter_V10.swf -> [Folder | Modified Date = 16/02/2008 20:55:20 | Attr = ] estb.msn.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\estb.msn.com -> [Folder | Modified Date = 20/09/2007 21:56:06 | Attr = ] everythinggirl.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com -> [Folder | Modified Date = 14/11/2007 14:39:55 | Attr = ] activities -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities -> [Folder | Modified Date = 14/11/2007 14:53:20 | Attr = ] fashion -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities\fashion -> [Folder | Modified Date = 14/11/2007 14:53:20 | Attr = ] makeover -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities\fashion\makeover -> [Folder | Modified Date = 14/11/2007 14:53:20 | Attr = ] makeover.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities\fashion\makeover\makeover.swf -> [Folder | Modified Date = 14/11/2007 15:13:14 | Attr = ] friends -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities\friends -> [Folder | Modified Date = 14/11/2007 14:39:55 | Attr = ] radiobarbie -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities\friends\radiobarbie -> [Folder | Modified Date = 14/11/2007 14:39:55 | Attr = ] loader.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\activities\friends\radiobarbie\loader.swf -> [Folder | Modified Date = 14/11/2007 14:46:03 | Attr = ] common -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\common -> [Folder | Modified Date = 19/10/2007 21:18:38 | Attr = ] myscene_gamesNav.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\everythinggirl.com\common\myscene_gamesNav.swf -> [Folder | Modified Date = 19/10/2007 21:18:38 | Attr = ] flashtalking.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\flashtalking.com -> [Folder | Modified Date = 29/09/2007 08:20:01 | Attr = ] flickr.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\flickr.com -> [Folder | Modified Date = 10/09/2007 13:04:05 | Attr = ] slideShow -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\flickr.com\slideShow -> [Folder | Modified Date = 10/09/2007 13:04:05 | Attr = ] slideShow.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\flickr.com\slideShow\slideShow.swf -> [Folder | Modified Date = 10/09/2007 13:04:05 | Attr = ] graphics.millsberry.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com -> [Folder | Modified Date = 08/11/2007 21:42:38 | Attr = ] buddy -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\buddy -> [Folder | Modified Date = 10/11/2007 13:49:22 | Attr = ] buddy_edit_v17.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\buddy\buddy_edit_v17.swf -> [Folder | Modified Date = 04/04/2008 12:51:15 | Attr = ] buddy_featured.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\buddy\buddy_featured.swf -> [Folder | Modified Date = 13/04/2008 21:15:19 | Attr = ] buddy_nav_v16.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\buddy\buddy_nav_v16.swf -> [Folder | Modified Date = 13/04/2008 21:25:49 | Attr = ] buddy_print_v11.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\buddy\buddy_print_v11.swf -> [Folder | Modified Date = 10/11/2007 13:49:26 | Attr = ] flashgames -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\flashgames -> [Folder | Modified Date = 08/11/2007 21:42:38 | Attr = ] g440_v18.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\flashgames\g440_v18.swf -> [Folder | Modified Date = 08/11/2007 21:42:38 | Attr = ] #millsberry -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\flashgames\g440_v18.swf\#millsberry -> [Folder | Modified Date = 08/11/2007 21:42:38 | Attr = ] bumperboats -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\flashgames\g440_v18.swf\#millsberry\bumperboats -> [Folder | Modified Date = 08/11/2007 21:42:38 | Attr = ] home -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\home -> [Folder | Modified Date = 03/09/2007 19:50:51 | Attr = ] home_v79.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\home\home_v79.swf -> [Folder | Modified Date = 06/09/2007 13:38:54 | Attr = ] site_gfx -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\site_gfx -> [Folder | Modified Date = 15/09/2007 13:42:32 | Attr = ] interiors -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\site_gfx\interiors -> [Folder | Modified Date = 15/09/2007 13:42:32 | Attr = ] home.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\graphics.millsberry.com\site_gfx\interiors\home.swf -> [Folder | Modified Date = 04/04/2008 11:52:25 | Attr = ] hairmakeover.instyle.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\hairmakeover.instyle.com -> [Folder | Modified Date = 16/03/2008 18:33:32 | Attr = ] makeover -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\hairmakeover.instyle.com\makeover -> [Folder | Modified Date = 16/03/2008 18:33:32 | Attr = ] index.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\hairmakeover.instyle.com\makeover\index.swf -> [Folder | Modified Date = 16/03/2008 18:33:32 | Attr = ] i.newsvine.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\i.newsvine.com -> [Folder | Modified Date = 12/09/2007 11:28:10 | Attr = ] images.neopets.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.neopets.com -> [Folder | Modified Date = 19/04/2008 13:08:42 | Attr = ] images.soapbox.msn.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.soapbox.msn.com -> [Folder | Modified Date = 12/04/2008 14:06:48 | Attr = ] flash -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.soapbox.msn.com\flash -> [Folder | Modified Date = 12/04/2008 14:06:48 | Attr = ] soapbox1_1.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.soapbox.msn.com\flash\soapbox1_1.swf -> [Folder | Modified Date = 12/04/2008 14:07:58 | Attr = ] images.video.msn.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.video.msn.com -> [Folder | Modified Date = 20/10/2007 09:32:54 | Attr = ] flash -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.video.msn.com\flash -> [Folder | Modified Date = 20/10/2007 09:32:54 | Attr = ] soapbox1_1.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\images.video.msn.com\flash\soapbox1_1.swf -> [Folder | Modified Date = 20/10/2007 09:32:54 | Attr = ] l.yimg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com -> [Folder | Modified Date = 06/09/2007 20:00:25 | Attr = ] us.yimg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] i -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com\i -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] ligans -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com\i\ligans -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] kids -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com\i\ligans\kids -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] common -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com\i\ligans\kids\common -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] flash -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com\i\ligans\kids\common\flash -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] nav-1.8.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\l.yimg.com\us.yimg.com\i\ligans\kids\common\flash\nav-1.8.swf -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] localhost -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\localhost -> [Folder | Modified Date = 28/10/2007 20:29:54 | Attr = ] shared -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\localhost\shared -> [Folder | Modified Date = 28/10/2007 20:29:54 | Attr = ] players -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\localhost\shared\players -> [Folder | Modified Date = 28/10/2007 20:29:54 | Attr = ] IAFPlayer -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\localhost\shared\players\IAFPlayer -> [Folder | Modified Date = 28/10/2007 20:29:54 | Attr = ] base.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\localhost\shared\players\IAFPlayer\base.swf -> [Folder | Modified Date = 28/10/2007 20:29:54 | Attr = ] m.uk.2mdn.net -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\m.uk.2mdn.net -> [Folder | Modified Date = 16/09/2007 07:26:20 | Attr = ] mea.nokia.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\mea.nokia.com -> [Folder | Modified Date = 05/12/2007 18:44:20 | Attr = ] resfnc -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\mea.nokia.com\resfnc -> [Folder | Modified Date = 05/12/2007 18:44:20 | Attr = ] phonegallery.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\mea.nokia.com\resfnc\phonegallery.swf -> [Folder | Modified Date = 05/12/2007 18:44:20 | Attr = ] mechquest.battleon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\mechquest.battleon.com -> [Folder | Modified Date = 16/11/2007 11:07:16 | Attr = ] mechquest.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\mechquest.com -> [Folder | Modified Date = 26/10/2007 12:19:23 | Attr = ] millsberry.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\millsberry.com -> [Folder | Modified Date = 19/11/2007 20:25:39 | Attr = ] gamingsystem -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\millsberry.com\gamingsystem -> [Folder | Modified Date = 19/11/2007 20:25:39 | Attr = ] flash_loader_v10_18.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\millsberry.com\gamingsystem\flash_loader_v10_18.swf -> [Folder | Modified Date = 19/11/2007 20:25:39 | Attr = ] #gmi -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\millsberry.com\gamingsystem\flash_loader_v10_18.swf\#gmi -> [Folder | Modified Date = 19/11/2007 20:25:39 | Attr = ] homerun_derby -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\millsberry.com\gamingsystem\flash_loader_v10_18.swf\#gmi\homerun_derby -> [Folder | Modified Date = 04/04/2008 12:23:52 | Attr = ] mpsnare.iesnare.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\mpsnare.iesnare.com -> [Folder | Modified Date = 25/04/2008 10:09:08 | Attr = ] musicbrigade.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\musicbrigade.com -> [Folder | Modified Date = 25/10/2007 16:34:45 | Attr = ] MSNUKFlashOverlay -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\musicbrigade.com\MSNUKFlashOverlay -> [Folder | Modified Date = 25/10/2007 16:34:45 | Attr = ] musicbrigade.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\musicbrigade.com\MSNUKFlashOverlay\musicbrigade.swf -> [Folder | Modified Date = 25/10/2007 16:34:45 | Attr = ] myscene.everythinggirl.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\myscene.everythinggirl.com -> [Folder | Modified Date = 20/10/2007 15:07:05 | Attr = ] oddcast.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\oddcast.com -> [Folder | Modified Date = 01/03/2008 08:57:45 | Attr = ] ctc.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\oddcast.com\ctc.swf -> [Folder | Modified Date = 04/04/2008 12:15:14 | Attr = ] ctc_player.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\oddcast.com\ctc_player.swf -> [Folder | Modified Date = 01/03/2008 08:57:54 | Attr = ] pagead2.googlesyndication.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\pagead2.googlesyndication.com -> [Folder | Modified Date = 23/09/2007 08:34:32 | Attr = ] pagead -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\pagead2.googlesyndication.com\pagead -> [Folder | Modified Date = 23/09/2007 08:34:32 | Attr = ] googleadplayer.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\pagead2.googlesyndication.com\pagead\googleadplayer.swf -> [Folder | Modified Date = 23/09/2007 08:34:32 | Attr = ] playforyourclub.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\playforyourclub.com -> [Folder | Modified Date = 08/09/2007 21:25:04 | Attr = ] skype.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\skype.com -> [Folder | Modified Date = 04/09/2007 21:02:03 | Attr = ] #ui -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\skype.com\#ui -> [Folder | Modified Date = 04/09/2007 21:02:03 | Attr = ] spe.atdmt.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\spe.atdmt.com -> [Folder | Modified Date = 27/10/2007 07:47:31 | Attr = ] ssl-images-amazon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ssl-images-amazon.com -> [Folder | Modified Date = 18/03/2008 18:43:19 | Attr = ] images -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ssl-images-amazon.com\images -> [Folder | Modified Date = 18/03/2008 18:43:19 | Attr = ] I -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ssl-images-amazon.com\images\I -> [Folder | Modified Date = 18/03/2008 18:43:19 | Attr = ] 01PH5-tUHPL.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\ssl-images-amazon.com\images\I\01PH5-tUHPL.swf -> [Folder | Modified Date = 18/03/2008 18:43:19 | Attr = ] suitesmart.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\suitesmart.com -> [Folder | Modified Date = 26/09/2007 12:51:22 | Attr = ] _f5e.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\suitesmart.com\_f5e.swf -> [Folder | Modified Date = 26/09/2007 12:51:24 | Attr = ] twitter.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\twitter.com -> [Folder | Modified Date = 07/09/2007 20:05:54 | Attr = ] flash -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\twitter.com\flash -> [Folder | Modified Date = 07/09/2007 20:05:54 | Attr = ] twitter_badge.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\twitter.com\flash\twitter_badge.swf -> [Folder | Modified Date = 07/09/2007 20:05:54 | Attr = ] uk.2mdn.net -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\uk.2mdn.net -> [Folder | Modified Date = 22/04/2008 18:35:30 | Attr = ] update.videoegg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\update.videoegg.com -> [Folder | Modified Date = 06/09/2007 14:52:19 | Attr = ] flash -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\update.videoegg.com\flash -> [Folder | Modified Date = 06/09/2007 14:52:19 | Attr = ] player -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\update.videoegg.com\flash\player -> [Folder | Modified Date = 06/09/2007 14:52:19 | Attr = ] player.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\update.videoegg.com\flash\player\player.swf -> [Folder | Modified Date = 06/09/2007 14:52:19 | Attr = ] us.i1.yimg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\us.i1.yimg.com -> [Folder | Modified Date = 21/10/2007 08:38:37 | Attr = ] cosmos.bcst.yahoo.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\us.i1.yimg.com\cosmos.bcst.yahoo.com -> [Folder | Modified Date = 06/09/2007 15:48:50 | Attr = ] player -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\us.i1.yimg.com\cosmos.bcst.yahoo.com\player -> [Folder | Modified Date = 06/09/2007 15:48:50 | Attr = ] embed-2-0-2007-01-30-1601 -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\us.i1.yimg.com\cosmos.bcst.yahoo.com\player\embed-2-0-2007-01-30-1601 -> [Folder | Modified Date = 06/09/2007 15:48:50 | Attr = ] swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\us.i1.yimg.com\cosmos.bcst.yahoo.com\player\embed-2-0-2007-01-30-1601\swf -> [Folder | Modified Date = 06/09/2007 15:48:50 | Attr = ] yup_embed_module.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\us.i1.yimg.com\cosmos.bcst.yahoo.com\player\embed-2-0-2007-01-30-1601\swf\yup_embed_module.swf -> [Folder | Modified Date = 06/09/2007 15:48:50 | Attr = ] video.flashtalking.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\video.flashtalking.com -> [Folder | Modified Date = 13/04/2008 14:36:47 | Attr = ] void.snocap.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\void.snocap.com -> [Folder | Modified Date = 07/09/2007 20:05:20 | Attr = ] s -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\void.snocap.com\s -> [Folder | Modified Date = 07/09/2007 20:05:33 | Attr = ] store.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\void.snocap.com\s\store.swf -> [Folder | Modified Date = 03/10/2007 07:46:58 | Attr = ] storefront.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\void.snocap.com\s\storefront.swf -> [Folder | Modified Date = 07/09/2007 20:05:33 | Attr = ] www.bbc.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.bbc.co.uk -> [Folder | Modified Date = 05/12/2007 19:55:45 | Attr = ] cbeebies -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.bbc.co.uk\cbeebies -> [Folder | Modified Date = 07/09/2007 17:04:51 | Attr = ] charlieandlola -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.bbc.co.uk\cbeebies\charlieandlola -> [Folder | Modified Date = 07/09/2007 17:04:51 | Attr = ] funandgames -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.bbc.co.uk\cbeebies\charlieandlola\funandgames -> [Folder | Modified Date = 07/09/2007 17:04:51 | Attr = ] butterflygame -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.bbc.co.uk\cbeebies\charlieandlola\funandgames\butterflygame -> [Folder | Modified Date = 07/09/2007 17:04:51 | Attr = ] butterflies.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.bbc.co.uk\cbeebies\charlieandlola\funandgames\butterflygame\butterflies.swf -> [Folder | Modified Date = 20/10/2007 12:37:04 | Attr = ] www.ebilgames.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.ebilgames.com -> [Folder | Modified Date = 10/09/2007 15:12:11 | Attr = ] games -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.ebilgames.com\games -> [Folder | Modified Date = 27/10/2007 15:26:31 | Attr = ] JimmyTheEye -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.ebilgames.com\games\JimmyTheEye -> [Folder | Modified Date = 27/10/2007 15:26:31 | Attr = ] JimmyTheEye_FINAL_V8.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.ebilgames.com\games\JimmyTheEye\JimmyTheEye_FINAL_V8.swf -> [Folder | Modified Date = 29/10/2007 20:16:26 | Attr = ] moglinpunter -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.ebilgames.com\games\moglinpunter -> [Folder | Modified Date = 10/09/2007 15:12:11 | Attr = ] MoglinPunter_V10.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.ebilgames.com\games\moglinpunter\MoglinPunter_V10.swf -> [Folder | Modified Date = 21/02/2008 18:04:36 | Attr = ] www.mileyworld.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.mileyworld.com -> [Folder | Modified Date = 14/11/2007 16:51:37 | Attr = ] www.msngamecentre.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.msngamecentre.co.uk -> [Folder | Modified Date = 13/04/2008 14:26:02 | Attr = ] online2 -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.msngamecentre.co.uk\online2 -> [Folder | Modified Date = 13/04/2008 14:26:02 | Attr = ] MSN_INTL_UK -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.msngamecentre.co.uk\online2\MSN_INTL_UK -> [Folder | Modified Date = 13/04/2008 14:26:02 | Attr = ] fish_tycoon -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.msngamecentre.co.uk\online2\MSN_INTL_UK\fish_tycoon -> [Folder | Modified Date = 13/04/2008 14:26:02 | Attr = ] fish2.swf -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.msngamecentre.co.uk\online2\MSN_INTL_UK\fish_tycoon\fish2.swf -> [Folder | Modified Date = 13/04/2008 14:36:57 | Attr = ] www.nseries.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.nseries.com -> [Folder | Modified Date = 05/12/2007 18:44:34 | Attr = ] www.vistaprint.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.vistaprint.co.uk -> [Folder | Modified Date = 21/10/2007 14:35:46 | Attr = ] www.youtube.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects\V87VY8B7\www.youtube.com -> [Folder | Modified Date = 22/02/2008 14:20:04 | Attr = ] macromedia.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com -> [Folder | Modified Date = 03/09/2007 17:00:48 | Attr = ] support -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support -> [Folder | Modified Date = 03/09/2007 17:00:48 | Attr = ] flashplayer -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer -> [Folder | Modified Date = 03/09/2007 17:00:48 | Attr = ] sys -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys -> [Folder | Modified Date = 02/05/2008 11:10:48 | Attr = ] #adcontent.videoegg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adcontent.videoegg.com -> [Folder | Modified Date = 17/09/2007 22:07:44 | Attr = ] #atdmt.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#atdmt.com -> [Folder | Modified Date = 06/09/2007 14:43:05 | Attr = ] #barbie.everythinggirl.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#barbie.everythinggirl.com -> [Folder | Modified Date = 19/10/2007 21:12:18 | Attr = ] #battleon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#battleon.com -> [Folder | Modified Date = 09/09/2007 18:01:13 | Attr = ] #bbc.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bbc.co.uk -> [Folder | Modified Date = 12/10/2007 10:56:50 | Attr = ] #bin.clearspring.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com -> [Folder | Modified Date = 23/09/2007 23:39:09 | Attr = ] #cdn.mileyworld.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.mileyworld.com -> [Folder | Modified Date = 14/11/2007 16:47:23 | Attr = ] #cdn.stardoll.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.stardoll.com -> [Folder | Modified Date = 17/11/2007 11:16:49 | Attr = ] #clubpenguin.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#clubpenguin.com -> [Folder | Modified Date = 06/12/2007 19:38:17 | Attr = ] #cosmos.bcst.yahoo.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cosmos.bcst.yahoo.com -> [Folder | Modified Date = 20/10/2007 14:28:56 | Attr = ] #dragonfable.battleon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dragonfable.battleon.com -> [Folder | Modified Date = 04/09/2007 18:15:06 | Attr = ] #ebilgames.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ebilgames.com -> [Folder | Modified Date = 16/02/2008 20:55:20 | Attr = ] #estb.msn.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#estb.msn.com -> [Folder | Modified Date = 20/09/2007 21:56:04 | Attr = ] #everythinggirl.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#everythinggirl.com -> [Folder | Modified Date = 19/10/2007 21:18:38 | Attr = ] #flashtalking.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flashtalking.com -> [Folder | Modified Date = 28/09/2007 13:04:05 | Attr = ] #flickr.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flickr.com -> [Folder | Modified Date = 10/09/2007 13:04:05 | Attr = ] #graphics.millsberry.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#graphics.millsberry.com -> [Folder | Modified Date = 03/09/2007 17:59:49 | Attr = ] #hairmakeover.instyle.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hairmakeover.instyle.com -> [Folder | Modified Date = 16/03/2008 18:33:32 | Attr = ] #i.newsvine.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i.newsvine.com -> [Folder | Modified Date = 12/09/2007 11:28:08 | Attr = ] #images.neopets.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.neopets.com -> [Folder | Modified Date = 19/04/2008 13:05:25 | Attr = ] #images.soapbox.msn.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.soapbox.msn.com -> [Folder | Modified Date = 12/04/2008 14:06:48 | Attr = ] #images.video.msn.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.video.msn.com -> [Folder | Modified Date = 20/10/2007 09:32:54 | Attr = ] #l.yimg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com -> [Folder | Modified Date = 06/09/2007 15:48:59 | Attr = ] #local -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local -> [Folder | Modified Date = 28/10/2007 20:29:54 | Attr = ] #m.uk.2mdn.net -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#m.uk.2mdn.net -> [Folder | Modified Date = 16/09/2007 07:26:20 | Attr = ] #mea.nokia.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mea.nokia.com -> [Folder | Modified Date = 05/12/2007 18:44:20 | Attr = ] #mechquest.battleon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mechquest.battleon.com -> [Folder | Modified Date = 26/10/2007 12:16:05 | Attr = ] #mechquest.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mechquest.com -> [Folder | Modified Date = 26/10/2007 12:18:23 | Attr = ] #millsberry.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#millsberry.com -> [Folder | Modified Date = 09/11/2007 21:02:31 | Attr = ] #mpsnare.iesnare.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com -> [Folder | Modified Date = 25/04/2008 10:09:07 | Attr = ] #musicbrigade.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#musicbrigade.com -> [Folder | Modified Date = 25/10/2007 16:34:45 | Attr = ] #myscene.everythinggirl.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#myscene.everythinggirl.com -> [Folder | Modified Date = 19/10/2007 21:15:50 | Attr = ] #oddcast.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#oddcast.com -> [Folder | Modified Date = 03/09/2007 19:47:47 | Attr = ] #pagead2.googlesyndication.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com -> [Folder | Modified Date = 23/09/2007 08:34:32 | Attr = ] #playforyourclub.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#playforyourclub.com -> [Folder | Modified Date = 08/09/2007 21:20:47 | Attr = ] #spe.atdmt.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#spe.atdmt.com -> [Folder | Modified Date = 04/09/2007 08:25:52 | Attr = ] #ssl-images-amazon.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ssl-images-amazon.com -> [Folder | Modified Date = 18/03/2008 18:43:19 | Attr = ] #suitesmart.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#suitesmart.com -> [Folder | Modified Date = 26/09/2007 12:51:21 | Attr = ] #twitter.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#twitter.com -> [Folder | Modified Date = 07/09/2007 20:05:54 | Attr = ] #uk.2mdn.net -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#uk.2mdn.net -> [Folder | Modified Date = 22/04/2008 18:35:30 | Attr = ] #update.videoegg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#update.videoegg.com -> [Folder | Modified Date = 06/09/2007 14:52:19 | Attr = ] #us.i1.yimg.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.i1.yimg.com -> [Folder | Modified Date = 06/09/2007 15:48:50 | Attr = ] #video.flashtalking.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.flashtalking.com -> [Folder | Modified Date = 27/09/2007 08:18:23 | Attr = ] #void.snocap.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#void.snocap.com -> [Folder | Modified Date = 07/09/2007 20:05:20 | Attr = ] #www.bbc.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bbc.co.uk -> [Folder | Modified Date = 07/09/2007 17:04:51 | Attr = ] #www.clikpic.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.clikpic.com -> [Folder | Modified Date = 12/09/2007 17:35:39 | Attr = ] #www.ebilgames.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ebilgames.com -> [Folder | Modified Date = 10/09/2007 15:12:11 | Attr = ] #www.mileyworld.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mileyworld.com -> [Folder | Modified Date = 14/11/2007 16:51:37 | Attr = ] #www.msngamecentre.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.msngamecentre.co.uk -> [Folder | Modified Date = 13/04/2008 14:26:02 | Attr = ] #www.nseries.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nseries.com -> [Folder | Modified Date = 05/12/2007 18:44:26 | Attr = ] #www.richard-miles.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.richard-miles.co.uk -> [Folder | Modified Date = 12/09/2007 13:55:24 | Attr = ] #www.vistaprint.co.uk -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.vistaprint.co.uk -> [Folder | Modified Date = 21/10/2007 14:35:46 | Attr = ] #www.youtube.com -> C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com -> [Folder | Modified Date = 03/09/2007 20:32:44 | Attr = ] Shockwave Player -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player -> [Folder | Modified Date = 10/04/2008 17:42:36 | Attr = ] DswMedia -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\DswMedia -> [Folder | Modified Date = 14/09/2007 13:18:45 | Attr = ] Prefs -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs -> [Folder | Modified Date = 14/09/2007 13:18:44 | Attr = ] WQNQR9FD -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\Prefs\WQNQR9FD -> [Folder | Modified Date = 20/10/2007 09:14:30 | Attr = ] xtras -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras -> [Folder | Modified Date = 14/09/2007 13:18:54 | Attr = ] download -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download -> [Folder | Modified Date = 14/09/2007 13:18:54 | Attr = ] MacromediaInc -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc -> [Folder | Modified Date = 20/10/2007 09:14:25 | Attr = ] DirectSound -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound -> [Folder | Modified Date = 14/09/2007 13:18:55 | Attr = ] FlashAsset -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset -> [Folder | Modified Date = 14/09/2007 13:19:04 | Attr = ] FontAsset -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset -> [Folder | Modified Date = 10/10/2007 14:34:23 | Attr = ] FontXtra -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra -> [Folder | Modified Date = 10/10/2007 14:34:23 | Attr = ] MacroMix -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix -> [Folder | Modified Date = 14/09/2007 13:18:54 | Attr = ] Shockwave3dAsset -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset -> [Folder | Modified Date = 20/10/2007 09:14:25 | Attr = ] SoundControl -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl -> [Folder | Modified Date = 14/09/2007 13:18:57 | Attr = ] SWA -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA -> [Folder | Modified Date = 14/09/2007 13:18:57 | Attr = ] TextAsset -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset -> [Folder | Modified Date = 10/10/2007 14:34:20 | Attr = ] TextXtra -> C:\Documents and Settings\user\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra -> [Folder | Modified Date = 10/10/2007 14:34:22 | Attr = ] Malwarebytes -> C:\Documents and Settings\user\Application Data\Malwarebytes -> [Folder | Modified Date = 02/05/2008 17:16:16 | Attr = ] Malwarebytes' Anti-Malware -> C:\Documents and Settings\user\Application Data\Malwarebytes\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 02/05/2008 17:16:26 | Attr = ] Logs -> C:\Documents and Settings\user\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> [Folder | Modified Date = 03/05/2008 15:52:53 | Attr = ] Quarantine -> C:\Documents and Settings\user\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine -> [Folder | Modified Date = 02/05/2008 17:46:28 | Attr = ] Microsoft -> C:\Documents and Settings\user\Application Data\Microsoft -> [Folder | Modified Date = 21/10/2007 14:50:05 | Attr = S] AddIns -> C:\Documents and Settings\user\Application Data\Microsoft\AddIns -> [Folder | Modified Date = 28/08/2007 18:18:41 | Attr = ] Address Book -> C:\Documents and Settings\user\Application Data\Microsoft\Address Book -> [Folder | Modified Date = 04/09/2007 12:55:04 | Attr = ] Clip Organizer -> C:\Documents and Settings\user\Application Data\Microsoft\Clip Organizer -> [Folder | Modified Date = 03/09/2007 17:42:05 | Attr = ] CLR Security Config -> C:\Documents and Settings\user\Application Data\Microsoft\CLR Security Config -> [Folder | Modified Date = 18/09/2007 21:08:03 | Attr = ] v1.1.4322 -> C:\Documents and Settings\user\Application Data\Microsoft\CLR Security Config\v1.1.4322 -> [Folder | Modified Date = 18/09/2007 21:23:26 | Attr = ] Credentials -> C:\Documents and Settings\user\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 28/08/2007 16:18:12 | Attr = S] S-1-5-21-789336058-725345543-682003330-1003 -> C:\Documents and Settings\user\Application Data\Microsoft\Credentials\S-1-5-21-789336058-725345543-682003330-1003 -> [Folder | Modified Date = 08/02/2008 13:01:58 | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 03/09/2007 12:45:21 | Attr = S] Content -> C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 23/11/2007 10:26:47 | Attr = S] MetaData -> C:\Documents and Settings\user\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 23/11/2007 10:26:47 | Attr = S] Crypto -> C:\Documents and Settings\user\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 28/08/2007 16:30:10 | Attr = S] RSA -> C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 28/08/2007 16:30:10 | Attr = S] S-1-5-21-789336058-725345543-682003330-1003 -> C:\Documents and Settings\user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-789336058-725345543-682003330-1003 -> [Folder | Modified Date = 05/04/2008 08:24:01 | Attr = S] Encarta Reference Library -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library -> [Folder | Modified Date = 28/08/2007 19:50:59 | Attr = ] Favorites -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\Favorites -> [Folder | Modified Date = 03/11/2007 19:30:03 | Attr = ] K07ADXRC -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\K07ADXRC -> [Folder | Modified Date = 28/08/2007 19:50:59 | Attr = ] SQM -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\K07ADXRC\SQM -> [Folder | Modified Date = 10/04/2008 17:35:00 | Attr = ] Kids -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\Kids -> [Folder | Modified Date = 28/08/2007 19:49:47 | Attr = ] Favorites -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\Kids\Favorites -> [Folder | Modified Date = 06/09/2007 15:35:23 | Attr = ] photography -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\Kids\Favorites\photography -> [Folder | Modified Date = 05/09/2007 18:37:25 | Attr = ] L07AXLRD -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\L07AXLRD -> [Folder | Modified Date = 16/09/2007 18:45:40 | Attr = ] PushpinDB -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\L07AXLRD\PushpinDB -> [Folder | Modified Date = 16/09/2007 18:45:40 | Attr = ] SQM -> C:\Documents and Settings\user\Application Data\Microsoft\Encarta Reference Library\L07AXLRD\SQM -> [Folder | Modified Date = 17/04/2008 13:35:00 | Attr = ] Excel -> C:\Documents and Settings\user\Application Data\Microsoft\Excel -> [Folder | Modified Date = 07/09/2007 18:43:08 | Attr = ] XLSTART -> C:\Documents and Settings\user\Application Data\Microsoft\Excel\XLSTART -> [Folder | Modified Date = 07/09/2007 18:41:19 | Attr = ] HTML Help -> C:\Documents and Settings\user\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 12/09/2007 15:02:39 | Attr = ] IMJP8_1 -> C:\Documents and Settings\user\Application Data\Microsoft\IMJP8_1 -> [Folder | Modified Date = 28/08/2007 16:23:46 | Attr = ] InfoPath -> C:\Documents and Settings\user\Application Data\Microsoft\InfoPath -> [Folder | Modified Date = 12/10/2007 09:45:03 | Attr = ] Installer -> C:\Documents and Settings\user\Application Data\Microsoft\Installer -> [Folder | Modified Date = 18/09/2007 21:08:16 | Attr = ] {2E5A5B57-57FC-4C79-A239-9DB280ADEC2A} -> C:\Documents and Settings\user\Application Data\Microsoft\Installer\{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A} -> [Folder | Modified Date = 18/09/2007 21:08:16 | Attr = ] {42A4EC40-09BC-427C-B657-67978B784058} -> C:\Documents and Settings\user\Application Data\Microsoft\Installer\{42A4EC40-09BC-427C-B657-67978B784058} -> [Folder | Modified Date = 28/08/2007 19:15:14 | Attr = ] Internet Explorer -> C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 28/08/2007 16:18:25 | Attr = ] Quick Launch -> C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 12/04/2008 13:54:27 | Attr = R ] Learning Essentials -> C:\Documents and Settings\user\Application Data\Microsoft\Learning Essentials -> [Folder | Modified Date = 03/11/2007 11:35:58 | Attr = ] 1.0 -> C:\Documents and Settings\user\Application Data\Microsoft\Learning Essentials\1.0 -> [Folder | Modified Date = 28/08/2007 19:31:31 | Attr = ] Media Player -> C:\Documents and Settings\user\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 12/04/2008 19:37:34 | Attr = ] Skins -> C:\Documents and Settings\user\Application Data\Microsoft\Media Player\Skins -> [Folder | Modified Date = 20/10/2007 14:16:21 | Attr = ] MMC -> C:\Documents and Settings\user\Application Data\Microsoft\MMC -> [Folder | Modified Date = 28/08/2007 16:26:18 | Attr = ] Office -> C:\Documents and Settings\user\Application Data\Microsoft\Office -> [Folder | Modified Date = 22/11/2007 15:12:53 | Attr = ] Recent -> C:\Documents and Settings\user\Application Data\Microsoft\Office\Recent -> [Folder | Modified Date = 03/05/2008 20:51:48 | Attr = S] OIS -> C:\Documents and Settings\user\Application Data\Microsoft\OIS -> [Folder | Modified Date = 21/10/2007 14:50:44 | Attr = ] Outlook -> C:\Documents and Settings\user\Application Data\Microsoft\Outlook -> [Folder | Modified Date = 12/10/2007 09:48:14 | Attr = ] PowerPoint -> C:\Documents and Settings\user\Application Data\Microsoft\PowerPoint -> [Folder | Modified Date = 06/09/2007 15:10:48 | Attr = ] Proof -> C:\Documents and Settings\user\Application Data\Microsoft\Proof -> [Folder | Modified Date = 03/05/2008 20:52:27 | Attr = ] Protect -> C:\Documents and Settings\user\Application Data\Microsoft\Protect -> [Folder | Modified Date = 28/08/2007 16:30:10 | Attr = S] S-1-5-21-789336058-725345543-682003330-1003 -> C:\Documents and Settings\user\Application Data\Microsoft\Protect\S-1-5-21-789336058-725345543-682003330-1003 -> [Folder | Modified Date = 08/02/2008 13:01:58 | Attr = S] Publisher -> C:\Documents and Settings\user\Application Data\Microsoft\Publisher -> [Folder | Modified Date = 04/11/2007 19:38:19 | Attr = ] Speech -> C:\Documents and Settings\user\Application Data\Microsoft\Speech -> [Folder | Modified Date = 28/08/2007 19:40:28 | Attr = ] Files -> C:\Documents and Settings\user\Application Data\Microsoft\Speech\Files -> [Folder | Modified Date = 28/08/2007 19:40:28 | Attr = ] UserLexicons -> C:\Documents and Settings\user\Application Data\Microsoft\Speech\Files\UserLexicons -> [Folder | Modified Date = 28/08/2007 19:40:28 | Attr = ] SystemCertificates -> C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] My -> C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] Certificates -> C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] CRLs -> C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] CTLs -> C:\Documents and Settings\user\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 28/08/2007 18:59:52 | Attr = S] Templates -> C:\Documents and Settings\user\Application Data\Microsoft\Templates -> [Folder | Modified Date = 13/09/2007 14:32:31 | Attr = ] Windows -> C:\Documents and Settings\user\Application Data\Microsoft\Windows -> [Folder | Modified Date = 28/08/2007 18:34:47 | Attr = ] Themes -> C:\Documents and Settings\user\Application Data\Microsoft\Windows\Themes -> [Folder | Modified Date = 02/05/2008 10:51:08 | Attr = ] Word -> C:\Documents and Settings\user\Application Data\Microsoft\Word -> [Folder | Modified Date = 05/12/2007 18:12:51 | Attr = ] STARTUP -> C:\Documents and Settings\user\Application Data\Microsoft\Word\STARTUP -> [Folder | Modified Date = 28/08/2007 18:18:42 | Attr = ] Pixmantec -> C:\Documents and Settings\user\Application Data\Pixmantec -> [Folder | Modified Date = 04/10/2007 10:40:08 | Attr = ] Real -> C:\Documents and Settings\user\Application Data\Real -> [Folder | Modified Date = 28/08/2007 17:01:38 | Attr = ] Msg -> C:\Documents and Settings\user\Application Data\Real\Msg -> [Folder | Modified Date = 24/11/2007 18:33:20 | Attr = ] 104_1195697050 -> C:\Documents and Settings\user\Application Data\Real\Msg\104_1195697050 -> [Folder | Modified Date = 22/11/2007 14:52:22 | Attr = ] 20_1193343740 -> C:\Documents and Settings\user\Application Data\Real\Msg\20_1193343740 -> [Folder | Modified Date = 05/11/2007 20:13:15 | Attr = ] 4155_1195078543 -> C:\Documents and Settings\user\Application Data\Real\Msg\4155_1195078543 -> [Folder | Modified Date = 17/11/2007 22:43:48 | Attr = ] 4155_1195674941 -> C:\Documents and Settings\user\Application Data\Real\Msg\4155_1195674941 -> [Folder | Modified Date = 22/11/2007 14:52:22 | Attr = ] 5_1193851154 -> C:\Documents and Settings\user\Application Data\Real\Msg\5_1193851154 -> [Folder | Modified Date = 05/11/2007 20:13:15 | Attr = ] 5_1193852754 -> C:\Documents and Settings\user\Application Data\Real\Msg\5_1193852754 -> [Folder | Modified Date = 09/11/2007 20:13:27 | Attr = ] RealMediaSDK -> C:\Documents and Settings\user\Application Data\Real\RealMediaSDK -> [Folder | Modified Date = 27/10/2007 13:52:02 | Attr = ] RealPlayer -> C:\Documents and Settings\user\Application Data\Real\RealPlayer -> [Folder | Modified Date = 06/12/2007 19:13:23 | Attr = ] cd -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\cd -> [Folder | Modified Date = 21/09/2007 12:16:41 | Attr = ] db -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\db -> [Folder | Modified Date = 22/09/2007 20:08:20 | Attr = ] Backup -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\db\Backup -> [Folder | Modified Date = 28/08/2007 17:01:38 | Attr = ] PendingCDs -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\db\PendingCDs -> [Folder | Modified Date = 22/09/2007 20:08:13 | Attr = ] DRM -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\DRM -> [Folder | Modified Date = 22/09/2007 20:08:13 | Attr = ] ErrorLogs -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\ErrorLogs -> [Folder | Modified Date = 20/10/2007 14:18:11 | Attr = ] Favorites -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\Favorites -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] Audio -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\Favorites\Audio -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] Radio -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\Favorites\Radio -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] Video -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\Favorites\Video -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] Web Pages -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\Favorites\Web Pages -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] History -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\History -> [Folder | Modified Date = 24/11/2007 18:33:24 | Attr = ] library -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\library -> [Folder | Modified Date = 22/09/2007 20:08:13 | Attr = ] PMP -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\PMP -> [Folder | Modified Date = 22/09/2007 20:08:13 | Attr = ] skins -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\skins -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] data -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\skins\data -> [Folder | Modified Date = 28/08/2007 17:01:17 | Attr = ] normal -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\skins\data\normal -> [Folder | Modified Date = 28/08/2007 17:01:25 | Attr = ] Temp -> C:\Documents and Settings\user\Application Data\Real\RealPlayer\Temp -> [Folder | Modified Date = 06/12/2007 19:13:43 | Attr = ] rnadmin -> C:\Documents and Settings\user\Application Data\Real\rnadmin -> [Folder | Modified Date = 28/08/2007 17:00:44 | Attr = ] SiteAdvisor -> C:\Documents and Settings\user\Application Data\SiteAdvisor -> [Folder | Modified Date = 22/04/2008 20:17:52 | Attr = ] Skype -> C:\Documents and Settings\user\Application Data\Skype -> [Folder | Modified Date = 16/04/2008 23:05:40 | Attr = ] amandamikedillon -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon -> [Folder | Modified Date = 16/04/2008 23:05:40 | Attr = ] chatsync -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\chatsync -> [Folder | Modified Date = 12/04/2008 13:00:04 | Attr = ] 2c -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\chatsync\2c -> [Folder | Modified Date = 02/02/2008 12:09:58 | Attr = ] 47 -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\chatsync\47 -> [Folder | Modified Date = 02/02/2008 17:17:22 | Attr = ] 49 -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\chatsync\49 -> [Folder | Modified Date = 02/02/2008 13:06:10 | Attr = ] a3 -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\chatsync\a3 -> [Folder | Modified Date = 12/04/2008 13:00:04 | Attr = ] dyncontent -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\dyncontent -> [Folder | Modified Date = 16/04/2008 23:05:37 | Attr = ] httpfe -> C:\Documents and Settings\user\Application Data\Skype\amandamikedillon\httpfe -> [Folder | Modified Date = 28/10/2007 00:10:38 | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 02/05/2008 17:57:58 | Attr = ] SUPERAntiSpyware -> C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware -> [Folder | Modified Date = 02/05/2008 18:01:25 | Attr = ] Logs -> C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs -> [Folder | Modified Date = 02/05/2008 20:23:40 | Attr = ] Quarantine -> C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine -> [Folder | Modified Date = 02/05/2008 18:01:25 | Attr = ] vlc -> C:\Documents and Settings\user\Application Data\vlc -> [Folder | Modified Date = 28/08/2007 16:55:06 | Attr = ] cache -> C:\Documents and Settings\user\Application Data\vlc\cache -> [Folder | Modified Date = 28/08/2007 16:55:06 | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 25/04/2008 14:38:55 | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 23/08/2001 15:00:00 | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 03/05/2008 15:34:51 | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]