[code] OTScanIt logfile created on: 5/11/2008 5:12:45 PM OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Documents and Settings\C. Nash Gems\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 479.39 Mb Total Physical Memory | 205.11 Mb Available Physical Memory | 42.78% Memory free 1.10 Gb Paging File | 0.91 Gb Available in Paging File | 83.13% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 54.79 Gb Free Space | 73.52% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CPQ49229653272 Current User Name: C. Nash Gems Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] smtray.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe -> Analog Devices [Ver = 1, 0, 3037, 0 | Size = 69632 bytes | Modified Date = 10/12/2001 5:45:06 PM | Attr = ] instan~1.exe -> %ProgramFiles%\Canon Creative\TextBridge\Bin\InstantAccess.exe -> [Ver = | Size = 37376 bytes | Modified Date = 12/10/1998 1:57:12 PM | Attr = ] starteak.exe -> %ProgramFiles%\COMPAQ\Easy Access Button Support\STARTEAK.exe -> Compaq Computer Corporation [Ver = 8, 0, 0, 330 | Size = 32768 bytes | Modified Date = 12/14/2001 5:01:24 PM | Attr = ] carpserv.exe -> %SystemRoot%\system32\carpserv.exe -> Conexant Systems [Ver = 4.06.14.00 | Size = 4608 bytes | Modified Date = 7/8/2002 7:37:38 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/19/2007 11:17:39 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ] compaq-rba.exe -> %ProgramFiles%\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -> NeoPlanet [Ver = 1, 0, 0, 653 | Size = 258048 bytes | Modified Date = 3/25/2002 12:34:08 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] atisched.exe -> %ProgramFiles%\ATI Multimedia\main\AtiSched.exe -> ATI Technologies Inc. [Ver = 7.6.002 | Size = 28672 bytes | Modified Date = 1/28/2002 2:00:28 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/22/2008 12:06:06 PM | Attr = ] ixapplet.exe -> %ProgramFiles%\Sierra Imaging\Image Expert\IXApplet.exe -> Sierra Imaging [Ver = 1.9.3 (380) | Size = 103936 bytes | Modified Date = 10/30/2001 1:58:24 PM | Attr = ] googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 4/22/2008 12:05:42 PM | Attr = ] hpobnz08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 323646 bytes | Modified Date = 4/6/2003 1:37:10 AM | Attr = ] hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/6/2003 2:06:58 AM | Attr = ] sonytray.exe -> %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe -> [Ver = | Size = 73728 bytes | Modified Date = 10/16/2002 9:20:20 PM | Attr = ] wkcalrem.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 24633 bytes | Modified Date = 7/13/2000 2:00:00 PM | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 4/22/2008 12:05:45 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 77824 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] cpqeaksystemtray.exe -> %ProgramFiles%\COMPAQ\Easy Access Button Support\CpqEAKSystemTray.exe -> [Ver = 8, 0, 0, 379 | Size = 212992 bytes | Modified Date = 4/8/2002 5:30:12 PM | Attr = ] cpqeadm.exe -> %ProgramFiles%\COMPAQ\Easy Access Button Support\CPQEADM.exe -> Compaq Computer Corporation [Ver = 8.0.0.411 | Size = 438272 bytes | Modified Date = 4/13/2002 11:29:58 PM | Attr = ] eausbkbd.exe -> %SystemDrive%\Compaq\eakdrv\EAUSBKBD.exe -> Compaq [Ver = 6, 0, 0, 445 | Size = 90112 bytes | Modified Date = 11/27/2001 8:38:00 PM | Attr = ] bttnserv.exe -> %ProgramFiles%\COMPAQ\Easy Access Button Support\BttnServ.exe -> Compaq Computer Corporation [Ver = 6.00.448 | Size = 122880 bytes | Modified Date = 3/23/2001 2:34:10 PM | Attr = ] hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 286720 bytes | Modified Date = 4/6/2003 1:45:10 AM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/8/2003 11:31:02 PM | Attr = R ] hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 311296 bytes | Modified Date = 4/6/2003 1:55:04 AM | Attr = ] hpqdirec.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe -> Hewlett-Packard Co. [Ver = 4.2.0.013 | Size = 102400 bytes | Modified Date = 3/31/2003 3:43:08 PM | Attr = ] acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 4.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 4.0.000 | Size = 2316288 bytes | Modified Date = 3/18/1999 6:01:24 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 5/9/2008 9:51:12 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Compaq_RBA) Compaq Advisor [Win32_Own | Auto | Running] -> %ProgramFiles%\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -> NeoPlanet [Ver = 1, 0, 0, 653 | Size = 258048 bytes | Modified Date = 3/25/2002 12:34:08 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 4/22/2008 12:05:45 PM | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 77824 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/8/2003 11:31:02 PM | Attr = R ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 3/28/2008 1:54:34 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdaptecDirectCD -> %ProgramFiles%\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe ["C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> Roxio [Ver = 5.1.1.212 | Size = 675840 bytes | Modified Date = 7/22/2002 8:58:56 PM | Attr = ] CARPService -> %SystemRoot%\system32\carpserv.exe [carpserv.exe] -> Conexant Systems [Ver = 4.06.14.00 | Size = 4608 bytes | Modified Date = 7/8/2002 7:37:38 PM | Attr = ] CPQEASYACC -> %ProgramFiles%\COMPAQ\Easy Access Button Support\STARTEAK.exe [C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe] -> Compaq Computer Corporation [Ver = 8, 0, 0, 330 | Size = 32768 bytes | Modified Date = 12/14/2001 5:01:24 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb05.exe [C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe] -> HP [Ver = 2,121,0,0 | Size = 188416 bytes | Modified Date = 3/28/2002 3:50:30 AM | Attr = ] InstantAccess -> %ProgramFiles%\Canon Creative\TextBridge\Bin\InstantAccess.exe [C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\INSTAN~1.EXE /h] -> [Ver = | Size = 37376 bytes | Modified Date = 12/10/1998 1:57:12 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 4:30:30 PM | Attr = ] Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> Microsoft® Corporation [Ver = 6.00.1902.0 | Size = 311350 bytes | Modified Date = 7/13/2000 2:00:00 PM | Attr = ] Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe [C:\Program Files\Microsoft Works\WkDetect.exe] -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 28739 bytes | Modified Date = 7/13/2000 2:00:00 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 4841472 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 323584 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] RegisterDropHandler -> %ProgramFiles%\Canon Creative\TextBridge\Bin\RegisterDropHandler.exe [C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE] -> [Ver = 1, 0, 0, 1 | Size = 23040 bytes | Modified Date = 12/10/1998 12:33:00 PM | Attr = ] Smapp -> %ProgramFiles%\Analog Devices\SoundMAX\SMTray.exe [C:\Program Files\Analog Devices\SoundMAX\Smtray.exe] -> Analog Devices [Ver = 1, 0, 3037, 0 | Size = 69632 bytes | Modified Date = 10/12/2001 5:45:06 PM | Attr = ] srmclean -> %SystemDrive%\cpqs\scom\srmclean.exe [C:\Cpqs\Scom\srmclean.exe] -> [Ver = | Size = 36864 bytes | Modified Date = 7/24/2001 4:34:26 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 9/19/2007 11:17:39 PM | Attr = ] WARN POP TRUST LIES -> %AllUsersProfile%\Application Data\Camp Mess Warn Pop\CLOSE TRANS.exe [C:\Documents and Settings\All Users\Application Data\Camp Mess Warn Pop\CLOSE TRANS.exe] -> File not found WCOLOREAL -> %ProgramFiles%\COMPAQ\Coloreal\COLOREAL.EXE ["C:\Program Files\COMPAQ\Coloreal\coloreal.exe"] -> [Ver = | Size = 143360 bytes | Modified Date = 2/20/2002 2:40:00 PM | Attr = ] < RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> Compaq_RBA -> %ProgramFiles%\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -z] -> NeoPlanet [Ver = 1, 0, 0, 653 | Size = 258048 bytes | Modified Date = 3/25/2002 12:34:08 PM | Attr = ] < RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> RegisterDropHandler -> %ProgramFiles%\Canon Creative\TextBridge\Bin\RegisterDropHandler.exe [C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE] -> [Ver = 1, 0, 0, 1 | Size = 23040 bytes | Modified Date = 12/10/1998 12:33:00 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ATI Scheduler -> %ProgramFiles%\ATI Multimedia\main\AtiSched.exe [C:\Program Files\ATI Multimedia\main\ATISched.EXE] -> ATI Technologies Inc. [Ver = 7.6.002 | Size = 28672 bytes | Modified Date = 1/28/2002 2:00:28 PM | Attr = ] NVIEW -> %SystemRoot%\system32\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 852038 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 49152 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] Svconr -> %ProgramFiles%\Svconr\Svconr.exe [C:\Program Files\Svconr\Svconr.exe] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/22/2008 12:06:06 PM | Attr = ] Vgachic -> %SystemDrive%\DOCUME~1\CA7BC~1.NAS\APPLIC~1\DRIVEM~1\PURETOOLFLAW.exe [C:\DOCUME~1\CA7BC~1.NAS\APPLIC~1\DRIVEM~1\PURETOOLFLAW.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ATI Scheduler -> %ProgramFiles%\ATI Multimedia\main\AtiSched.exe [C:\Program Files\ATI Multimedia\main\ATISched.EXE] -> ATI Technologies Inc. [Ver = 7.6.002 | Size = 28672 bytes | Modified Date = 1/28/2002 2:00:28 PM | Attr = ] NVIEW -> %SystemRoot%\system32\nview.dll [rundll32.exe nview.dll,nViewLoadHook] -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 852038 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.4523 | Size = 49152 bytes | Modified Date = 7/28/2003 3:19:00 PM | Attr = ] Svconr -> %ProgramFiles%\Svconr\Svconr.exe [C:\Program Files\Svconr\Svconr.exe] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/22/2008 12:06:06 PM | Attr = ] Vgachic -> %SystemDrive%\DOCUME~1\CA7BC~1.NAS\APPLIC~1\DRIVEM~1\PURETOOLFLAW.exe [C:\DOCUME~1\CA7BC~1.NAS\APPLIC~1\DRIVEM~1\PURETOOLFLAW.exe] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Camio Viewer.lnk -> %ProgramFiles%\Sierra Imaging\Image Expert\IXApplet.exe -> Sierra Imaging [Ver = 1.9.3 (380) | Size = 103936 bytes | Modified Date = 10/30/2001 1:58:24 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 4/22/2008 12:05:42 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\hp psc 2000 Series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 323646 bytes | Modified Date = 4/6/2003 1:37:10 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/6/2003 2:06:58 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Image Transfer.lnk -> %ProgramFiles%\Sony Corporation\Image Transfer\SonyTray.exe -> [Ver = | Size = 73728 bytes | Modified Date = 10/16/2002 9:20:20 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 24633 bytes | Modified Date = 7/13/2000 2:00:00 PM | Attr = ] < C. Nash Gems Startup Folder > -> C:\Documents and Settings\C. Nash Gems\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/23/2008 5:15:30 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\\Disabled -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoScrSavPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispApprearancePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoScrSavPage -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispApprearancePage -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 12:59:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomCompaq_CD-ROM_SC-148E___________________B902____\5&26c02f58&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomPIONEER_DVD-RW__DVR-104_________________1.10____\422045473041313137325730204c202020202020 -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: ProxyEnable -> [binary data] -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.grics.net -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\.DEFAULT\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-18\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> HKEY_USERS\S-1-5-19\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-19\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage -> HKEY_USERS\S-1-5-20\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-20\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\] > -> -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: Main\\Start Page -> http://www.grics.net -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 42 domain(s) found. -> .[msn] -> My Computer -> 5 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 23 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 23 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 23 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 23 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 42 domain(s) found. -> .[msn] -> My Computer -> 5 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {5020da05-da58-404e-8966-545305f1f286} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\lvdxvkqt.dll [Reg Error: Value does not exist or could not be read.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/22/2008 12:07:04 PM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 5/1/2008 11:28:42 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/22/2008 12:07:04 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/22/2008 12:07:04 PM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/22/2008 12:07:04 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/22/2008 12:07:04 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\] > -> HKEY_USERS\S-1-5-21-1417066420-2678003418-1157166300-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 4/22/2008 12:07:04 PM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {291058F2-603A-4F32-BFC1-F914526516DC} -> (NVIDIA nForce MCP Networking Adapter) -> {382F2A89-08FC-49E6-B7C1-A7EE3B24ACF4} -> () -> {98C5228B-FF78-4D59-820C-7C854A0747E1} -> (1394 Net Adapter) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[Reg Error: Key does not exist or could not be opened.] -> {3DCEC959-378A-4922-AD7E-FD5C925D927F}[HKEY_LOCAL_MACHINE] -> http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab[Reg Error: Key does not exist or could not be opened.] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DisneyOnlineGames.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DisneyOnlineGames.ocx\\.Owner -> {3DCEC959-378A-4922-AD7E-FD5C925D927F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DisneyOnlineGames.ocx\\{3DCEC959-378A-4922-AD7E-FD5C925D927F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\.Owner -> {193C772A-87BE-4B19-A7BB-445B226FE9A1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\cw -> cw -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> cw -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\cw -> cw -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> cw -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\cw -> cw -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> cw -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MS Manager -> msmgr.exe -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\Ms Processe Manager -> msproc.exe -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\Windows Processe Manager -> mspn32.exe -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 492 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\MS Manager -> msmgr.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Ms Processe Manager -> msproc.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Windows Processe Manager -> mspn32.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 10 2C 69 C1 EF BB DA 8C EB B8 A6 C1 CB 17 27 45 62 31 65 36 61 31 35 63 00 00 00 00 01 00 00 00 BC 01 00 00 C0 01 00 00 40 CA 06 00 5B A5 BF 71 04 00 00 00 10 00 00 00 00 00 00 00 CA 91 8C 7D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> BB 6C FA 78 BB D8 B6 D9 40 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 18 BE 2F B1 3F 10 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> BD 6F 33 F3 F1 4C E8 22 8C 5A 03 32 E7 0D 4A A8 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 68 00 E8 E9 9C B3 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11487 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:FrostWire 4.13.2.0] -> FrostWire Group [Ver = 1.0.0.2 | Size = 114688 bytes | Modified Date = 3/6/2007 8:38:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16640 (vista_gdr.080213-1606) | Size = 625664 bytes | Modified Date = 2/29/2008 3:55:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 4/18/2008 2:21:09 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 4/23/2008 5:15:27 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware] -> Malwarebytes [Ver = 1.11 | Size = 1175160 bytes | Modified Date = 4/7/2008 8:17:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\54009:TCP -> 54009:TCP:*:Enabled:SolidNetworkManager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\54009:UDP -> 54009:UDP:*:Enabled:SolidNetworkManager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\43251:TCP -> 43251:TCP:*:Disabled:SolidNetworkManager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\43251:UDP -> 43251:UDP:*:Disabled:SolidNetworkManager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{28A7EEA5-B114-4C1D-B258-19EC81C6AB27} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{98C5228B-FF78-4D59-820C-7C854A0747E1} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6738A6BA-A6AF-4A8C-A3EB-B596FEBB2CBC} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{20AE00DC-54E4-40E7-ABFC-0B011407CD80} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> "C: hkey= key= -> -> File not found bO²ù4g’ywæ^ÜœMÅC: hkey= key= -> -> File not found bO²ùõö/ØG%)ßfÏNb½¾C: hkey= key= -> -> File not found uDWDqV÷h$æÆõö/ØG%)C: hkey= key= -> -> File not found [Files/Folders - Created Within 90 days] av350 -> %SystemDrive%\av350 -> [Folder | Created Date = 4/22/2008 1:17:04 AM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 4/23/2008 5:44:31 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502751232 bytes | Created Date = 3/28/2008 3:58:05 PM | Attr = HS] My Download Files -> %SystemDrive%\My Download Files -> [Folder | Created Date = 4/10/2008 5:38:56 PM | Attr = ] My Games -> %SystemDrive%\My Games -> [Folder | Created Date = 4/10/2008 5:39:05 PM | Attr = ] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 4/22/2008 4:06:08 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 5/10/2008 2:10:46 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 5/11/2008 3:58:48 PM | Attr = HS] spywarebegone -> %SystemDrive%\spywarebegone -> [Folder | Created Date = 4/22/2008 4:30:23 AM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 4/21/2008 11:34:18 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4/25/2008 9:59:32 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 5/10/2008 2:06:06 PM | Attr = ] apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 3/31/2008 6:12:31 PM | Attr = ] apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 3/31/2008 6:12:31 PM | Attr = ] sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 3/31/2008 6:12:31 PM | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 4/14/2008 10:52:13 AM | Attr = H ] Msft_Kernel_xusb21_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_xusb21_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 4/14/2008 10:52:16 AM | Attr = H ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 3/31/2008 6:09:34 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 3/31/2008 6:09:37 PM | Attr = H ] Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 3/31/2008 6:19:20 PM | Attr = H ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 4/22/2008 1:15:21 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> g50.exe -> %SystemRoot%\System32\g50.exe -> [Ver = | Size = 400030 bytes | Created Date = 4/22/2008 11:06:43 AM | Attr = ] gside.exe -> %SystemRoot%\System32\gside.exe -> [Ver = | Size = 298311 bytes | Created Date = 4/22/2008 8:18:38 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/2/2008 7:00:32 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/2/2008 7:00:32 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 5/2/2008 7:00:32 AM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 3/31/2008 6:09:34 PM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 3 , 8 , 0 | Size = 442368 bytes | Created Date = 4/22/2008 4:07:00 AM | Attr = ] OEMINFO.PNF -> %SystemRoot%\System32\OEMINFO.PNF -> [Ver = | Size = 3268 bytes | Created Date = 4/22/2008 3:14:02 PM | Attr = ] .compaq.bak -> %SystemRoot%\.compaq.bak -> [Ver = | Size = 4643 bytes | Created Date = 4/23/2008 6:45:15 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 4/22/2008 1:06:03 PM | Attr = R S] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BM2bcd254b.xml -> %SystemRoot%\BM2bcd254b.xml -> [Ver = | Size = 109738 bytes | Created Date = 4/22/2008 11:41:33 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 4/23/2008 5:44:49 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 5/10/2008 2:19:12 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 5/10/2008 2:19:13 PM | Attr = ] hpothb07.dat -> %SystemRoot%\hpothb07.dat -> [Ver = | Size = 16082 bytes | Created Date = 5/3/2008 3:50:33 AM | Attr = H ] hpothb07.tif -> %SystemRoot%\hpothb07.tif -> [Ver = | Size = 321399 bytes | Created Date = 5/3/2008 3:50:31 AM | Attr = H ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.2 | Size = 724992 bytes | Created Date = 4/22/2008 4:30:23 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 4/22/2008 12:56:40 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 5/10/2008 2:19:13 PM | Attr = ] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 19 bytes | Created Date = 4/10/2008 6:34:04 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 5/10/2008 2:19:13 PM | Attr = ] spywarebegone-fullversion-installed.html -> %SystemRoot%\spywarebegone-fullversion-installed.html -> [Ver = | Size = 170 bytes | Created Date = 4/22/2008 4:30:21 AM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 5/10/2008 2:19:13 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 5/10/2008 2:19:12 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 5/10/2008 2:19:12 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 5/11/2008 2:37:00 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 5/10/2008 2:19:12 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 5/10/2008 2:19:13 PM | Attr = ] Antispyware Scheduled Scan.job -> %SystemRoot%\tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 522 bytes | Created Date = 4/22/2008 4:21:25 AM | Attr = ] FRU Task #Hewlett-Packard#hp psc 2170 series#1209835093.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1209835093.job -> [Ver = | Size = 356 bytes | Created Date = 5/4/2008 8:44:24 AM | Attr = ] FRU Task $ContextID$.job -> %SystemRoot%\tasks\FRU Task $ContextID$.job -> [Ver = | Size = 334 bytes | Created Date = 5/3/2008 12:18:46 PM | Attr = ] ParetoLogic Registration.job -> %SystemRoot%\tasks\ParetoLogic Registration.job -> [Ver = | Size = 456 bytes | Created Date = 4/26/2008 9:24:44 AM | Attr = ] ParetoLogic Update Version2.job -> %SystemRoot%\tasks\ParetoLogic Update Version2.job -> [Ver = | Size = 430 bytes | Created Date = 4/26/2008 9:24:37 AM | Attr = ] WebReg 20080504084627.job -> %SystemRoot%\tasks\WebReg 20080504084627.job -> [Ver = | Size = 458 bytes | Created Date = 5/4/2008 8:46:28 AM | Attr = ] WebReg 20080506193726.job -> %SystemRoot%\tasks\WebReg 20080506193726.job -> [Ver = | Size = 458 bytes | Created Date = 5/6/2008 7:37:26 PM | Attr = ] WebReg 20080506203000.job -> %SystemRoot%\tasks\WebReg 20080506203000.job -> [Ver = | Size = 458 bytes | Created Date = 5/6/2008 8:30:01 PM | Attr = ] WebReg 20080507100635.job -> %SystemRoot%\tasks\WebReg 20080507100635.job -> [Ver = | Size = 458 bytes | Created Date = 5/7/2008 10:06:35 AM | Attr = ] WebReg 20080509024159.job -> %SystemRoot%\tasks\WebReg 20080509024159.job -> [Ver = | Size = 458 bytes | Created Date = 5/9/2008 2:42:00 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Downloaded Installations -> %AllUsersProfile%\Application Data\Downloaded Installations -> [Folder | Created Date = 4/26/2008 9:24:07 AM | Attr = ] 2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Created Date = 4/22/2008 12:05:53 PM | Attr = ] hpothb07.dat -> %AllUsersProfile%\Application Data\hpothb07.dat -> [Ver = | Size = 543 bytes | Created Date = 5/3/2008 3:51:04 AM | Attr = H ] hpothb07.tif -> %AllUsersProfile%\Application Data\hpothb07.tif -> [Ver = | Size = 745 bytes | Created Date = 5/3/2008 3:51:04 AM | Attr = H ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/23/2008 2:00:16 PM | Attr = ] ParetoLogic -> %AllUsersProfile%\Application Data\ParetoLogic -> [Folder | Created Date = 4/26/2008 9:24:32 AM | Attr = ] PopCap -> %AllUsersProfile%\Application Data\PopCap -> [Folder | Created Date = 3/24/2008 5:29:07 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 3/28/2008 3:27:13 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 3/28/2008 1:12:41 PM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [Folder | Created Date = 3/23/2008 4:02:43 PM | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Created Date = 3/23/2008 11:20:28 PM | Attr = ] Antispyware -> %AppData%\Antispyware -> [Folder | Created Date = 4/22/2008 4:21:24 AM | Attr = ] ArcSoft -> %AppData%\ArcSoft -> [Folder | Created Date = 3/31/2008 6:19:32 PM | Attr = ] Ewen Chia's My Free Website Builder -> %AppData%\Ewen Chia's My Free Website Builder -> [Folder | Created Date = 4/22/2008 1:46:11 AM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 4/24/2008 7:04:24 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/23/2008 2:00:23 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 4/22/2008 1:46:12 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 3/28/2008 3:27:00 PM | Attr = ] SpookyManor -> %UserProfile%\Local Settings\Application Data\SpookyManor -> [Folder | Created Date = 4/12/2008 3:41:31 PM | Attr = ] microsoft -> %AllUsersProfile%\Documents\microsoft -> [Folder | Created Date = 4/22/2008 1:43:19 PM | Attr = ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Created Date = 3/31/2008 6:27:21 PM | Attr = R ] Thumbs.db -> %AllUsersProfile%\Documents\Thumbs.db -> [Ver = | Size = 3072 bytes | Created Date = 5/9/2008 7:51:03 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Documents\Thumbs.db:encryptable ArcSoft MediaConverter -> %UserProfile%\My Documents\ArcSoft MediaConverter -> [Folder | Created Date = 3/31/2008 6:19:45 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 4/24/2008 7:04:34 PM | Attr = ] Launch Data Recovery.lnk -> %AllUsersProfile%\Desktop\Launch Data Recovery.lnk -> [Ver = | Size = 2467 bytes | Created Date = 4/26/2008 9:24:34 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 4/23/2008 2:00:16 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 4/23/2008 4:55:27 PM | Attr = ] backups -> %UserProfile%\Desktop\backups -> [Folder | Created Date = 5/10/2008 2:02:23 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1895716 bytes | Created Date = 5/10/2008 2:18:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 5/10/2008 1:54:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier LimeWire 4.16.7.lnk -> %UserProfile%\Desktop\LimeWire 4.16.7.lnk -> [Ver = | Size = 1580 bytes | Created Date = 4/24/2008 7:04:16 PM | Attr = ] My Free Web Site Builder.lnk -> %UserProfile%\Desktop\My Free Web Site Builder.lnk -> [Ver = | Size = 939 bytes | Created Date = 4/22/2008 1:45:31 AM | Attr = ] My Free Website Builder video tutorials -> %UserProfile%\Desktop\My Free Website Builder video tutorials -> [Folder | Created Date = 4/22/2008 2:37:03 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Created Date = 5/10/2008 2:04:13 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 5/11/2008 5:08:25 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543023 bytes | Created Date = 5/11/2008 5:06:04 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> [Ver = | Size = 920 bytes | Created Date = 4/22/2008 12:06:01 PM | Attr = ] ParetoLogic -> %CommonProgramFiles%\ParetoLogic -> [Folder | Created Date = 4/26/2008 9:24:32 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 4/25/2008 9:59:37 AM | Attr = ] BitDownload -> %ProgramFiles%\BitDownload -> [Folder | Created Date = 4/26/2008 10:01:37 AM | Attr = ] Disney -> %ProgramFiles%\Disney -> [Folder | Created Date = 4/20/2008 10:10:35 AM | Attr = ] Drivemeta -> %ProgramFiles%\Drivemeta -> [Folder | Created Date = 4/26/2008 10:01:51 AM | Attr = ] Easy SpyRemover -> %ProgramFiles%\Easy SpyRemover -> [Folder | Created Date = 4/22/2008 12:41:50 AM | Attr = ] Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [Folder | Created Date = 3/28/2008 3:02:27 PM | Attr = ] hpothb07.dat -> %ProgramFiles%\hpothb07.dat -> [Ver = | Size = 840 bytes | Created Date = 5/3/2008 3:32:49 AM | Attr = H ] hpothb07.tif -> %ProgramFiles%\hpothb07.tif -> [Ver = | Size = 47593 bytes | Created Date = 5/3/2008 3:32:49 AM | Attr = H ] iWin -> %ProgramFiles%\iWin -> [Folder | Created Date = 3/23/2008 2:33:45 PM | Attr = ] LimeWire -> %ProgramFiles%\LimeWire -> [Folder | Created Date = 4/24/2008 7:04:04 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 4/23/2008 2:00:15 PM | Attr = ] My Free Web Site Builder -> %ProgramFiles%\My Free Web Site Builder -> [Folder | Created Date = 4/22/2008 1:44:39 AM | Attr = ] ParetoLogic -> %ProgramFiles%\ParetoLogic -> [Folder | Created Date = 4/26/2008 9:24:32 AM | Attr = ] Philips -> %ProgramFiles%\Philips -> [Folder | Created Date = 3/31/2008 6:13:34 PM | Attr = ] RngInterstitial.dll -> %ProgramFiles%\RngInterstitial.dll -> RealNetworks, Inc. [Ver = 1, 0, 1, 6 | Size = 774144 bytes | Created Date = 4/10/2008 5:37:11 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 3/28/2008 3:27:00 PM | Attr = ] VestGame -> %ProgramFiles%\VestGame -> [Folder | Created Date = 4/12/2008 4:57:08 PM | Attr = ] Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center -> [Folder | Created Date = 4/22/2008 12:20:31 PM | Attr = ] Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [Folder | Created Date = 3/31/2008 6:11:42 PM | Attr = ] XoftSpySE -> %ProgramFiles%\XoftSpySE -> [Folder | Created Date = 3/28/2008 1:26:41 PM | Attr = ] [Files/Folders - Modified Within 90 days] av350 -> %SystemDrive%\av350 -> [Folder | Modified Date = 4/30/2008 4:24:18 AM | Attr = ] Cakewalk Projects -> %SystemDrive%\Cakewalk Projects -> [Folder | Modified Date = 4/30/2008 4:24:27 AM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/11/2008 5:04:35 PM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 4/23/2008 5:44:31 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/30/2008 4:22:46 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 502751232 bytes | Modified Date = 5/11/2008 4:57:31 PM | Attr = HS] hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 488 bytes | Modified Date = 5/2/2008 6:58:32 AM | Attr = ] hpothb07.dat -> %SystemDrive%\hpothb07.dat -> [Ver = | Size = 1183 bytes | Modified Date = 5/9/2008 8:14:40 PM | Attr = H ] hpothb07.tif -> %SystemDrive%\hpothb07.tif -> [Ver = | Size = 20579 bytes | Modified Date = 5/9/2008 8:12:56 PM | Attr = H ] i386 -> %SystemDrive%\i386 -> [Folder | Modified Date = 5/3/2008 5:48:24 AM | Attr = ] Mineral Search 2000 -> %SystemDrive%\Mineral Search 2000 -> [Folder | Modified Date = 3/23/2008 2:17:27 AM | Attr = ] My Download Files -> %SystemDrive%\My Download Files -> [Folder | Modified Date = 5/3/2008 5:37:39 AM | Attr = ] My Games -> %SystemDrive%\My Games -> [Folder | Modified Date = 4/12/2008 3:35:42 PM | Attr = ] My Music -> %SystemDrive%\My Music -> [Folder | Modified Date = 5/9/2008 7:40:04 PM | Attr = ] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 4/22/2008 4:06:08 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/11/2008 4:42:49 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 5/11/2008 2:36:43 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 5/11/2008 3:58:48 PM | Attr = HS] spywarebegone -> %SystemDrive%\spywarebegone -> [Folder | Modified Date = 5/3/2008 5:37:33 AM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/11/2008 4:42:49 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 4/25/2008 9:59:32 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/11/2008 4:57:41 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 5/10/2008 2:06:06 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/11/2008 4:41:06 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 5/11/2008 2:26:47 PM | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 4/14/2008 10:52:13 AM | Attr = H ] Msft_Kernel_xusb21_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_xusb21_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 4/14/2008 10:52:16 AM | Attr = H ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 3/31/2008 6:19:20 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 3/31/2008 6:09:37 PM | Attr = H ] Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 3/31/2008 6:19:20 PM | Attr = H ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 3/31/2008 6:12:04 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 4/22/2008 1:14:52 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 4/22/2008 8:11:48 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/11/2008 4:58:11 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/11/2008 2:25:15 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 4/22/2008 11:27:40 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/22/2008 1:14:53 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/11/2008 2:37:18 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 4/25/2008 9:59:33 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 284520 bytes | Modified Date = 4/23/2008 6:45:07 PM | Attr = ] g50.exe -> %SystemRoot%\System32\g50.exe -> [Ver = | Size = 400030 bytes | Modified Date = 4/22/2008 11:06:44 AM | Attr = ] gside.exe -> %SystemRoot%\System32\gside.exe -> [Ver = | Size = 298311 bytes | Modified Date = 4/22/2008 8:18:40 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 3/31/2008 6:09:34 PM | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 4/22/2008 1:49:37 PM | Attr = S] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 4/22/2008 12:56:58 PM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 3/31/2008 6:12:04 PM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 3 , 8 , 0 | Size = 442368 bytes | Modified Date = 3/24/2008 11:27:40 AM | Attr = ] OEMINFO.PNF -> %SystemRoot%\System32\OEMINFO.PNF -> [Ver = | Size = 3268 bytes | Modified Date = 4/22/2008 3:14:02 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59780 bytes | Modified Date = 4/22/2008 8:21:02 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 397560 bytes | Modified Date = 4/22/2008 8:21:02 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 443590 bytes | Modified Date = 4/22/2008 8:21:02 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/25/2008 9:55:52 AM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 4/22/2008 2:22:04 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 5/11/2008 2:26:31 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/22/2008 1:14:11 PM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 4/22/2008 2:14:22 AM | Attr = H ] .compaq.bak -> %SystemRoot%\.compaq.bak -> [Ver = | Size = 4643 bytes | Modified Date = 5/11/2008 4:57:41 PM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/31/2008 6:17:28 PM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/22/2008 8:50:28 PM | Attr = R S] BM2bcd254b.xml -> %SystemRoot%\BM2bcd254b.xml -> [Ver = | Size = 109738 bytes | Modified Date = 4/26/2008 10:24:11 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/11/2008 4:57:32 PM | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 2191 bytes | Modified Date = 3/23/2008 11:29:41 PM | Attr = ] compaq.reg -> %SystemRoot%\compaq.reg -> [Ver = | Size = 4643 bytes | Modified Date = 5/11/2008 4:57:42 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/23/2008 6:33:18 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/23/2008 5:45:37 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 5/11/2008 2:24:50 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/11/2008 2:26:47 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/31/2008 6:11:36 PM | Attr = ] hpothb07.dat -> %SystemRoot%\hpothb07.dat -> [Ver = | Size = 16082 bytes | Modified Date = 5/3/2008 5:45:55 AM | Attr = H ] hpothb07.tif -> %SystemRoot%\hpothb07.tif -> [Ver = | Size = 321399 bytes | Modified Date = 5/3/2008 5:45:55 AM | Attr = H ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/3/2008 12:15:15 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/11/2008 5:04:35 PM | Attr = HS] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.2 | Size = 724992 bytes | Modified Date = 4/22/2008 4:30:12 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/22/2008 8:50:32 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 4/23/2008 6:33:18 PM | Attr = ] msdownld.tmp -> %SystemRoot%\msdownld.tmp -> [Folder | Modified Date = 4/22/2008 11:26:36 AM | Attr = H ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 5/2/2008 7:11:28 PM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 4/22/2008 3:52:19 AM | Attr = ] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 19 bytes | Modified Date = 4/10/2008 6:34:04 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/11/2008 5:06:32 PM | Attr = ] pwrd.ini -> %SystemRoot%\pwrd.ini -> [Ver = | Size = 167 bytes | Modified Date = 4/24/2008 12:44:48 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 4/22/2008 2:17:53 AM | Attr = ] spywarebegone-fullversion-installed.html -> %SystemRoot%\spywarebegone-fullversion-installed.html -> [Ver = | Size = 170 bytes | Modified Date = 4/22/2008 4:30:21 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 5/11/2008 2:27:17 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 5/11/2008 4:42:49 PM | Attr = HS] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/11/2008 4:42:50 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 5/11/2008 4:58:08 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 854 bytes | Modified Date = 5/11/2008 5:04:35 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/25/2008 9:59:13 AM | Attr = ] Antispyware Scheduled Scan.job -> %SystemRoot%\tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 522 bytes | Modified Date = 5/9/2008 3:00:00 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/21/2008 8:36:03 AM | Attr = ] FRU Task #Hewlett-Packard#hp psc 2170 series#1202514853.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1202514853.job -> [Ver = | Size = 404 bytes | Modified Date = 4/19/2008 5:54:06 PM | Attr = ] FRU Task #Hewlett-Packard#hp psc 2170 series#1209835093.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1209835093.job -> [Ver = | Size = 356 bytes | Modified Date = 5/7/2008 10:06:43 AM | Attr = ] FRU Task $ContextID$.job -> %SystemRoot%\tasks\FRU Task $ContextID$.job -> [Ver = | Size = 334 bytes | Modified Date = 5/3/2008 12:18:47 PM | Attr = ] ParetoLogic Registration.job -> %SystemRoot%\tasks\ParetoLogic Registration.job -> [Ver = | Size = 456 bytes | Modified Date = 5/9/2008 6:00:01 PM | Attr = ] ParetoLogic Update Version2.job -> %SystemRoot%\tasks\ParetoLogic Update Version2.job -> [Ver = | Size = 430 bytes | Modified Date = 5/7/2008 12:33:02 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/11/2008 4:57:36 PM | Attr = H ] WebReg 20080504084627.job -> %SystemRoot%\tasks\WebReg 20080504084627.job -> [Ver = | Size = 458 bytes | Modified Date = 5/4/2008 8:46:29 AM | Attr = ] WebReg 20080506193726.job -> %SystemRoot%\tasks\WebReg 20080506193726.job -> [Ver = | Size = 458 bytes | Modified Date = 5/6/2008 7:37:27 PM | Attr = ] WebReg 20080506203000.job -> %SystemRoot%\tasks\WebReg 20080506203000.job -> [Ver = | Size = 458 bytes | Modified Date = 5/6/2008 8:30:03 PM | Attr = ] WebReg 20080507100635.job -> %SystemRoot%\tasks\WebReg 20080507100635.job -> [Ver = | Size = 458 bytes | Modified Date = 5/7/2008 10:06:36 AM | Attr = ] WebReg 20080509024159.job -> %SystemRoot%\tasks\WebReg 20080509024159.job -> [Ver = | Size = 458 bytes | Modified Date = 5/9/2008 2:42:03 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache -> [Folder | Modified Date = 1/21/2008 9:27:18 PM | Attr = ] about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\about.dat -> [Ver = | Size = 1877 bytes | Modified Date = 7/25/2001 12:00:00 PM | Attr = ] college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\college.dat -> [Ver = | Size = 335916 bytes | Modified Date = 7/25/2001 12:00:00 PM | Attr = ] ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\ylpgscat.dat -> [Ver = | Size = 12283223 bytes | Modified Date = 7/25/2001 12:00:00 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 9/30/2002 2:31:41 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5551 bytes | Modified Date = 5/11/2008 4:58:46 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5551 bytes | Modified Date = 5/11/2008 4:58:47 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/8/2003 9:58:53 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11070 bytes | Modified Date = 11/8/2003 10:12:03 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 5/11/2008 4:57:52 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/26/2002 3:19:55 AM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 452240 bytes | Modified Date = 10/27/2003 11:19:36 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 452240 bytes | Modified Date = 10/27/2003 11:19:36 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Downloaded Installations -> %AllUsersProfile%\Application Data\Downloaded Installations -> [Folder | Modified Date = 4/26/2008 9:24:07 AM | Attr = ] 2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 4/22/2008 11:59:58 AM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 5/11/2008 2:52:53 PM | Attr = ] hpothb07.dat -> %AllUsersProfile%\Application Data\hpothb07.dat -> [Ver = | Size = 543 bytes | Modified Date = 5/3/2008 3:51:04 AM | Attr = H ] hpothb07.tif -> %AllUsersProfile%\Application Data\hpothb07.tif -> [Ver = | Size = 745 bytes | Modified Date = 5/3/2008 3:51:04 AM | Attr = H ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/23/2008 2:00:16 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 4/23/2008 12:28:35 AM | Attr = S] ParetoLogic -> %AllUsersProfile%\Application Data\ParetoLogic -> [Folder | Modified Date = 4/26/2008 9:24:32 AM | Attr = ] PopCap -> %AllUsersProfile%\Application Data\PopCap -> [Folder | Modified Date = 3/24/2008 5:29:07 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 3/28/2008 3:27:13 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 4/22/2008 12:27:37 AM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [Folder | Modified Date = 3/23/2008 4:02:44 PM | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Modified Date = 3/24/2008 3:51:18 PM | Attr = ] Antispyware -> %AppData%\Antispyware -> [Folder | Modified Date = 4/22/2008 4:21:29 AM | Attr = ] ArcSoft -> %AppData%\ArcSoft -> [Folder | Modified Date = 3/31/2008 6:19:44 PM | Attr = ] Ewen Chia's My Free Website Builder -> %AppData%\Ewen Chia's My Free Website Builder -> [Folder | Modified Date = 4/22/2008 1:46:20 AM | Attr = ] FrostWire -> %AppData%\FrostWire -> [Folder | Modified Date = 4/26/2008 10:21:45 AM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 4/26/2008 10:34:21 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/23/2008 2:00:23 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 4/22/2008 3:07:58 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 4/22/2008 1:46:12 AM | Attr = ] MSN6 -> %AppData%\MSN6 -> [Folder | Modified Date = 4/29/2008 4:45:31 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 2/23/2008 12:25:57 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 4/23/2008 4:55:18 PM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 3/28/2008 2:16:46 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 4/12/2008 5:36:53 PM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 3/24/2008 3:51:18 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 31744 bytes | Modified Date = 4/25/2008 8:55:08 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 77000 bytes | Modified Date = 4/26/2008 9:24:40 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2114128 bytes | Modified Date = 4/24/2008 10:15:29 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 4/22/2008 3:52:15 AM | Attr = ] SpookyManor -> %UserProfile%\Local Settings\Application Data\SpookyManor -> [Folder | Modified Date = 4/12/2008 3:42:09 PM | Attr = ] hpothb07.dat -> %AllUsersProfile%\Documents\hpothb07.dat -> [Ver = | Size = 191 bytes | Modified Date = 5/9/2008 4:24:38 AM | Attr = H ] hpothb07.tif -> %AllUsersProfile%\Documents\hpothb07.tif -> [Ver = | Size = 271 bytes | Modified Date = 5/3/2008 3:31:16 AM | Attr = H ] microsoft -> %AllUsersProfile%\Documents\microsoft -> [Folder | Modified Date = 4/22/2008 1:43:19 PM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 5/9/2008 7:51:03 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 4/23/2008 6:54:53 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 3/31/2008 6:27:21 PM | Attr = R ] Thumbs.db -> %AllUsersProfile%\Documents\Thumbs.db -> [Ver = | Size = 3072 bytes | Modified Date = 5/9/2008 7:51:03 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Documents\Thumbs.db:encryptable ArcSoft MediaConverter -> %UserProfile%\My Documents\ArcSoft MediaConverter -> [Folder | Modified Date = 3/31/2008 6:19:45 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 5/3/2008 3:32:04 AM | Attr = ] hpothb07.dat -> %UserProfile%\My Documents\hpothb07.dat -> [Ver = | Size = 1708 bytes | Modified Date = 5/9/2008 4:24:50 AM | Attr = H ] hpothb07.tif -> %UserProfile%\My Documents\hpothb07.tif -> [Ver = | Size = 17733 bytes | Modified Date = 5/3/2008 3:31:38 AM | Attr = H ] Image Expert Images -> %UserProfile%\My Documents\Image Expert Images -> [Folder | Modified Date = 5/3/2008 6:15:35 AM | Attr = ] Incomplete -> %UserProfile%\My Documents\Incomplete -> [Folder | Modified Date = 5/3/2008 3:32:07 AM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 4/24/2008 7:07:18 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/9/2008 7:46:59 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/9/2008 8:12:34 PM | Attr = ] Launch Data Recovery.lnk -> %AllUsersProfile%\Desktop\Launch Data Recovery.lnk -> [Ver = | Size = 2467 bytes | Modified Date = 5/9/2008 1:02:14 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 4/23/2008 2:00:16 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 4/23/2008 6:23:57 PM | Attr = ] backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 5/10/2008 2:02:23 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1895716 bytes | Modified Date = 5/10/2008 2:18:57 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 5/10/2008 1:54:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier LimeWire 4.16.7.lnk -> %UserProfile%\Desktop\LimeWire 4.16.7.lnk -> [Ver = | Size = 1580 bytes | Modified Date = 4/24/2008 7:04:16 PM | Attr = ] My Free Web Site Builder.lnk -> %UserProfile%\Desktop\My Free Web Site Builder.lnk -> [Ver = | Size = 939 bytes | Modified Date = 4/22/2008 1:45:31 AM | Attr = ] My Free Website Builder video tutorials -> %UserProfile%\Desktop\My Free Website Builder video tutorials -> [Folder | Modified Date = 4/22/2008 2:38:21 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 291840 bytes | Modified Date = 5/10/2008 2:04:14 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 5/11/2008 5:08:25 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 543023 bytes | Modified Date = 5/11/2008 5:06:06 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 4/22/2008 12:06:01 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 4/22/2008 4:07:51 AM | Attr = ] ParetoLogic -> %CommonProgramFiles%\ParetoLogic -> [Folder | Modified Date = 4/26/2008 9:24:32 AM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 3/28/2008 2:59:11 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/25/2008 9:59:37 AM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] 2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Application Data -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 5/11/2008 4:54:49 PM | Attr = RH ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 11/27/2007 10:48:54 AM | Attr = ] Installer Cache -> C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache -> [Folder | Modified Date = 11/27/2007 10:48:55 AM | Attr = ] Apple Software Update 2.0.2.92 -> C:\Documents and Settings\All Users\Application Data\Apple\Installer Cache\Apple Software Update 2.0.2.92 -> [Folder | Modified Date = 11/27/2007 10:48:55 AM | Attr = ] ATI MMC -> C:\Documents and Settings\All Users\Application Data\ATI MMC -> [Folder | Modified Date = 3/31/2005 1:32:16 AM | Attr = ] Downloaded Installations -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations -> [Folder | Modified Date = 4/26/2008 9:24:07 AM | Attr = ] {DA1E475C-041E-4621-8A28-36E4C7815E6F} -> C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{DA1E475C-041E-4621-8A28-36E4C7815E6F} -> [Folder | Modified Date = 4/26/2008 9:24:07 AM | Attr = ] Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater -> [Folder | Modified Date = 5/11/2008 2:52:53 PM | Attr = ] cache -> C:\Documents and Settings\All Users\Application Data\Google Updater\cache -> [Folder | Modified Date = 4/22/2008 12:07:29 PM | Attr = ] history -> C:\Documents and Settings\All Users\Application Data\Google Updater\history -> [Folder | Modified Date = 4/22/2008 12:07:27 PM | Attr = ] icons -> C:\Documents and Settings\All Users\Application Data\Google Updater\icons -> [Folder | Modified Date = 4/22/2008 12:06:36 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 4/22/2008 11:59:58 AM | Attr = ] Custom Buttons -> C:\Documents and Settings\All Users\Application Data\Google\Custom Buttons -> [Folder | Modified Date = 9/2/2007 8:03:14 PM | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 11/26/2007 10:28:17 PM | Attr = ] UpdateService -> C:\Documents and Settings\All Users\Application Data\InstallShield\UpdateService -> [Folder | Modified Date = 11/26/2007 10:28:17 PM | Attr = ] Database -> C:\Documents and Settings\All Users\Application Data\InstallShield\UpdateService\Database -> [Folder | Modified Date = 11/27/2007 2:38:06 AM | Attr = ] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [Folder | Modified Date = 4/23/2008 2:00:16 PM | Attr = ] Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 4/27/2008 3:18:28 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 4/23/2008 12:28:35 AM | Attr = S] Crypto -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = S] DSS -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = S] MachineKeys -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = S] RSA -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = S] MachineKeys -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys -> [Folder | Modified Date = 4/23/2008 12:29:19 AM | Attr = S] S-1-5-18 -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 -> [Folder | Modified Date = 6/12/2005 4:43:04 AM | Attr = S] Dr Watson -> C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson -> [Folder | Modified Date = 4/23/2008 6:33:18 PM | Attr = ] HTML Help -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = ] Media Index -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index -> [Folder | Modified Date = 8/23/2007 8:49:36 PM | Attr = ] Media Player -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 8/23/2007 8:49:36 PM | Attr = ] Money -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money -> [Folder | Modified Date = 7/22/2002 9:03:54 PM | Attr = ] 10.0 -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0 -> [Folder | Modified Date = 7/22/2002 9:03:54 PM | Attr = ] BDS -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\BDS -> [Folder | Modified Date = 7/22/2002 9:03:54 PM | Attr = ] DynUpdate -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\DynUpdate -> [Folder | Modified Date = 9/30/2002 2:30:05 PM | Attr = ] PreCopy -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\DynUpdate\PreCopy -> [Folder | Modified Date = 9/30/2002 2:30:05 PM | Attr = ] Update -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Update -> [Folder | Modified Date = 7/22/2002 9:03:54 PM | Attr = ] Webcache -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache -> [Folder | Modified Date = 1/21/2008 9:27:18 PM | Attr = ] Images -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\10.0\Webcache\Images -> [Folder | Modified Date = 7/22/2002 9:03:54 PM | Attr = ] MSDAIPP -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP -> [Folder | Modified Date = 11/8/2003 9:58:53 PM | Attr = ] OFFLINE -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\OFFLINE -> [Folder | Modified Date = 11/8/2003 9:58:53 PM | Attr = ] Network -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = ] Connections -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections -> [Folder | Modified Date = 8/23/2007 8:49:57 PM | Attr = ] Cm -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm -> [Folder | Modified Date = 8/23/2007 8:49:57 PM | Attr = ] Pbk -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = ] Downloader -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 9/30/2002 2:31:41 PM | Attr = ] OFFICE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE -> [Folder | Modified Date = 11/8/2003 9:58:53 PM | Attr = ] DATA -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/8/2003 9:58:53 PM | Attr = ] OneCare Protection -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection -> [Folder | Modified Date = 4/23/2008 12:27:08 AM | Attr = ] Quarantine -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine -> [Folder | Modified Date = 4/22/2008 2:25:36 PM | Attr = ] Entries -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Entries -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] ResourceData -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData -> [Folder | Modified Date = 4/22/2008 7:54:17 PM | Attr = ] 00 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\00 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 03 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\03 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 0B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\0B -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 0E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\0E -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 0F -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\0F -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 10 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\10 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] 13 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\13 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 14 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\14 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 15 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\15 -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] 1E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\1E -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 1F -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\1F -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] 22 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\22 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 25 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\25 -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] 2A -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\2A -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 2C -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\2C -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 38 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\38 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 3A -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\3A -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] 3B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\3B -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 42 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\42 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 46 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\46 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 48 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\48 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 4C -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\4C -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 4E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\4E -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 55 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\55 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 57 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\57 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 58 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\58 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 59 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\59 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 5B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\5B -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] 62 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\62 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 65 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\65 -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 68 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\68 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 76 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\76 -> [Folder | Modified Date = 4/22/2008 9:36:02 PM | Attr = ] 77 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\77 -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] 7F -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\7F -> [Folder | Modified Date = 4/22/2008 9:36:02 PM | Attr = ] 81 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\81 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 83 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\83 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] 87 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\87 -> [Folder | Modified Date = 4/22/2008 9:36:02 PM | Attr = ] 8B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\8B -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 8E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\8E -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 90 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\90 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 91 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\91 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 92 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\92 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 99 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\99 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] A2 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\A2 -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] A5 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\A5 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] A6 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\A6 -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] A7 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\A7 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] AC -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\AC -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] AD -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\AD -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] B7 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\B7 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] BB -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\BB -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] C9 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\C9 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] CF -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\CF -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] D6 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\D6 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] DB -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\DB -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] DC -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\DC -> [Folder | Modified Date = 4/22/2008 9:36:03 PM | Attr = ] DE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\DE -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] E6 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\E6 -> [Folder | Modified Date = 4/22/2008 9:36:04 PM | Attr = ] E9 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\E9 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] EA -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\EA -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] EB -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\EB -> [Folder | Modified Date = 4/22/2008 9:36:04 PM | Attr = ] EC -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\EC -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] ED -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\ED -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] EF -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\EF -> [Folder | Modified Date = 4/22/2008 9:36:04 PM | Attr = ] F0 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\F0 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] FD -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\FD -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] FE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\ResourceData\FE -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] Resources -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources -> [Folder | Modified Date = 4/22/2008 7:54:17 PM | Attr = ] 00 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\00 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 03 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\03 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 0B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\0B -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 0E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\0E -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 0F -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\0F -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 10 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\10 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] 13 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\13 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 14 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\14 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 15 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\15 -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] 1E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\1E -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 1F -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\1F -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] 22 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\22 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 25 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\25 -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] 2A -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\2A -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 2C -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\2C -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 38 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\38 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 3A -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\3A -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] 3B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\3B -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 42 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\42 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 46 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\46 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 48 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\48 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 4C -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\4C -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 4E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\4E -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 55 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\55 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 57 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\57 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 58 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\58 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 59 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\59 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 5B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\5B -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] 62 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\62 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 65 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\65 -> [Folder | Modified Date = 4/22/2008 9:36:05 PM | Attr = ] 68 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\68 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 76 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\76 -> [Folder | Modified Date = 4/22/2008 9:36:02 PM | Attr = ] 77 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\77 -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] 7F -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\7F -> [Folder | Modified Date = 4/22/2008 9:36:02 PM | Attr = ] 81 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\81 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 83 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\83 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] 87 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\87 -> [Folder | Modified Date = 4/22/2008 9:36:02 PM | Attr = ] 8B -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\8B -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 8E -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\8E -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] 90 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\90 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 91 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\91 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] 92 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\92 -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] 99 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\99 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] A2 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\A2 -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] A5 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\A5 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] A6 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\A6 -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] A7 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\A7 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] AC -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\AC -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] AD -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\AD -> [Folder | Modified Date = 4/22/2008 9:36:01 PM | Attr = ] B7 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\B7 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] BB -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\BB -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] C9 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\C9 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] CF -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\CF -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] D6 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\D6 -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] DB -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\DB -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] DC -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\DC -> [Folder | Modified Date = 4/22/2008 9:36:03 PM | Attr = ] DE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\DE -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] E6 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\E6 -> [Folder | Modified Date = 4/22/2008 9:36:04 PM | Attr = ] E9 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\E9 -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] EA -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\EA -> [Folder | Modified Date = 4/22/2008 3:05:13 PM | Attr = ] EB -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\EB -> [Folder | Modified Date = 4/22/2008 9:36:04 PM | Attr = ] EC -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\EC -> [Folder | Modified Date = 4/22/2008 9:36:07 PM | Attr = ] ED -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\ED -> [Folder | Modified Date = 4/22/2008 9:36:06 PM | Attr = ] EF -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\EF -> [Folder | Modified Date = 4/22/2008 9:36:04 PM | Attr = ] F0 -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\F0 -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] FD -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\FD -> [Folder | Modified Date = 4/22/2008 9:36:08 PM | Attr = ] FE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\Resources\FE -> [Folder | Modified Date = 4/22/2008 9:36:09 PM | Attr = ] User Account Pictures -> C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures -> [Folder | Modified Date = 3/28/2008 3:33:04 PM | Attr = ] Default Pictures -> C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures -> [Folder | Modified Date = 9/17/2001 3:14:20 PM | Attr = ] Works -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 5/11/2008 4:57:52 PM | Attr = ] Portfolio -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Portfolio -> [Folder | Modified Date = 7/22/2002 9:09:52 PM | Attr = ] Update -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Update -> [Folder | Modified Date = 10/1/2002 12:51:21 AM | Attr = ] Cache -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\Update\Cache -> [Folder | Modified Date = 10/1/2002 12:51:28 AM | Attr = ] WPD -> C:\Documents and Settings\All Users\Application Data\Microsoft\WPD -> [Folder | Modified Date = 3/31/2008 6:19:21 PM | Attr = ] MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 -> [Folder | Modified Date = 9/30/2002 2:36:50 PM | Attr = ] MSScanAppDataDir -> C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir -> [Folder | Modified Date = 8/12/2007 9:25:15 PM | Attr = ] ParetoLogic -> C:\Documents and Settings\All Users\Application Data\ParetoLogic -> [Folder | Modified Date = 4/26/2008 9:24:32 AM | Attr = ] UUS2 -> C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2 -> [Folder | Modified Date = 5/7/2008 12:33:01 AM | Attr = ] Data Recovery -> C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Data Recovery -> [Folder | Modified Date = 5/7/2008 12:33:02 AM | Attr = ] Temp -> C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Data Recovery\Temp -> [Folder | Modified Date = 5/7/2008 12:33:02 AM | Attr = ] Temp -> C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Temp -> [Folder | Modified Date = 5/7/2008 12:33:01 AM | Attr = ] PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap -> [Folder | Modified Date = 3/24/2008 5:29:07 PM | Attr = ] PopCapLoader -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader -> [Folder | Modified Date = 3/24/2008 5:29:07 PM | Attr = ] Oberon -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon -> [Folder | Modified Date = 3/24/2008 5:29:07 PM | Attr = ] bejeweled2 -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2 -> [Folder | Modified Date = 3/24/2008 5:41:48 PM | Attr = ] data -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\data -> [Folder | Modified Date = 3/24/2008 5:29:09 PM | Attr = ] images -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\images -> [Folder | Modified Date = 3/24/2008 5:29:14 PM | Attr = ] backdrops -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\images\backdrops -> [Folder | Modified Date = 3/24/2008 5:29:13 PM | Attr = ] mainmenubkg -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\images\mainmenubkg -> [Folder | Modified Date = 3/24/2008 5:29:11 PM | Attr = ] upsell -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\images\upsell -> [Folder | Modified Date = 3/24/2008 5:29:14 PM | Attr = ] puzzles -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\puzzles -> [Folder | Modified Date = 3/24/2008 5:29:12 PM | Attr = ] sounds -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\sounds -> [Folder | Modified Date = 3/24/2008 5:29:11 PM | Attr = ] stream -> C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Oberon\bejeweled2\sounds\stream -> [Folder | Modified Date = 3/24/2008 5:29:12 PM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 3/28/2008 3:27:13 PM | Attr = ] SUPERAntiSpyware -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware -> [Folder | Modified Date = 3/28/2008 3:27:13 PM | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 4/22/2008 12:27:37 AM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:A11F741D @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [Folder | Modified Date = 3/23/2008 4:02:44 PM | Attr = ] data -> C:\Documents and Settings\All Users\Application Data\Trymedia\data -> [Folder | Modified Date = 4/10/2008 4:27:51 PM | Attr = H ] licenses -> C:\Documents and Settings\All Users\Application Data\Trymedia\licenses -> [Folder | Modified Date = 3/23/2008 4:02:43 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 8/24/2007 4:38:27 PM | Attr = ] data -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data -> [Folder | Modified Date = 8/24/2007 4:38:27 PM | Attr = ] Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! -> [Folder | Modified Date = 3/24/2008 3:51:18 PM | Attr = ] Messenger -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger -> [Folder | Modified Date = 3/23/2008 11:32:12 PM | Attr = ] Plugin -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin -> [Folder | Modified Date = 3/23/2008 11:32:13 PM | Attr = ] 4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin -> [Folder | Modified Date = 3/23/2008 11:32:13 PM | Attr = ] MANIFEST -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST -> [Folder | Modified Date = 3/23/2008 11:32:13 PM | Attr = ] Application Data -> C:\Documents and Settings\C. Nash Gems\Application Data -> [Folder | Modified Date = 5/11/2008 4:42:50 PM | Attr = H ] Adobe -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe -> [Folder | Modified Date = 12/17/2007 9:01:16 AM | Attr = ] Acrobat -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 8/5/2003 4:57:57 PM | Attr = ] 6.0 -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Acrobat\6.0 -> [Folder | Modified Date = 8/5/2003 5:05:01 PM | Attr = ] AcroForm -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Acrobat\6.0\AcroForm -> [Folder | Modified Date = 8/5/2003 5:04:01 PM | Attr = ] Collab -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Acrobat\6.0\Collab -> [Folder | Modified Date = 8/5/2003 5:04:01 PM | Attr = ] eBooks -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Acrobat\6.0\eBooks -> [Folder | Modified Date = 8/5/2003 4:58:02 PM | Attr = ] Preferences -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Acrobat\6.0\Preferences -> [Folder | Modified Date = 8/5/2003 4:58:02 PM | Attr = ] Flash Player -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Flash Player -> [Folder | Modified Date = 12/17/2007 9:01:16 AM | Attr = ] AssetCache -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Flash Player\AssetCache -> [Folder | Modified Date = 12/17/2007 9:01:16 AM | Attr = ] MHF54CQC -> C:\Documents and Settings\C. Nash Gems\Application Data\Adobe\Flash Player\AssetCache\MHF54CQC -> [Folder | Modified Date = 12/17/2007 9:01:16 AM | Attr = ] Antispyware -> C:\Documents and Settings\C. Nash Gems\Application Data\Antispyware -> [Folder | Modified Date = 4/22/2008 4:21:29 AM | Attr = ] Log -> C:\Documents and Settings\C. Nash Gems\Application Data\Antispyware\Log -> [Folder | Modified Date = 4/22/2008 4:21:24 AM | Attr = ] Settings -> C:\Documents and Settings\C. Nash Gems\Application Data\Antispyware\Settings -> [Folder | Modified Date = 4/22/2008 4:24:34 AM | Attr = ] ArcSoft -> C:\Documents and Settings\C. Nash Gems\Application Data\ArcSoft -> [Folder | Modified Date = 3/31/2008 6:19:44 PM | Attr = ] ArcSoft Registration -> C:\Documents and Settings\C. Nash Gems\Application Data\ArcSoft\ArcSoft Registration -> [Folder | Modified Date = 3/31/2008 6:19:32 PM | Attr = ] Media Converter for Philips -> C:\Documents and Settings\C. Nash Gems\Application Data\ArcSoft\Media Converter for Philips -> [Folder | Modified Date = 3/31/2008 6:19:44 PM | Attr = ] 2.0.2 -> C:\Documents and Settings\C. Nash Gems\Application Data\ArcSoft\Media Converter for Philips\2.0.2 -> [Folder | Modified Date = 3/31/2008 6:19:44 PM | Attr = ] Ewen Chia's My Free Website Builder -> C:\Documents and Settings\C. Nash Gems\Application Data\Ewen Chia's My Free Website Builder -> [Folder | Modified Date = 4/22/2008 1:46:20 AM | Attr = ] Profiles -> C:\Documents and Settings\C. Nash Gems\Application Data\Ewen Chia's My Free Website Builder\Profiles -> [Folder | Modified Date = 4/22/2008 1:46:20 AM | Attr = ] 0w863mrk.default -> C:\Documents and Settings\C. Nash Gems\Application Data\Ewen Chia's My Free Website Builder\Profiles\0w863mrk.default -> [Folder | Modified Date = 4/25/2008 9:56:17 AM | Attr = ] chrome -> C:\Documents and Settings\C. Nash Gems\Application Data\Ewen Chia's My Free Website Builder\Profiles\0w863mrk.default\chrome -> [Folder | Modified Date = 4/22/2008 1:47:06 AM | Attr = ] extensions -> C:\Documents and Settings\C. Nash Gems\Application Data\Ewen Chia's My Free Website Builder\Profiles\0w863mrk.default\extensions -> [Folder | Modified Date = 4/22/2008 1:47:11 AM | Attr = ] US -> C:\Documents and Settings\C. Nash Gems\Application Data\Ewen Chia's My Free Website Builder\Profiles\0w863mrk.default\US -> [Folder | Modified Date = 4/22/2008 1:46:21 AM | Attr = ] FrostWire -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire -> [Folder | Modified Date = 4/26/2008 10:21:45 AM | Attr = ] .NetworkShare -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\.NetworkShare -> [Folder | Modified Date = 4/1/2008 6:42:25 PM | Attr = ] Incomplete -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\.NetworkShare\Incomplete -> [Folder | Modified Date = 4/1/2008 6:42:25 PM | Attr = ] themes -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\themes -> [Folder | Modified Date = 4/22/2008 3:28:04 AM | Attr = ] frostwire_theme -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\themes\frostwire_theme -> [Folder | Modified Date = 4/22/2008 3:28:04 AM | Attr = ] xml -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\xml -> [Folder | Modified Date = 8/7/2007 12:09:26 AM | Attr = ] data -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\xml\data -> [Folder | Modified Date = 9/3/2007 7:08:56 PM | Attr = ] misc -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\xml\misc -> [Folder | Modified Date = 8/7/2007 12:09:26 AM | Attr = ] schemas -> C:\Documents and Settings\C. Nash Gems\Application Data\FrostWire\xml\schemas -> [Folder | Modified Date = 8/7/2007 12:09:26 AM | Attr = ] Google -> C:\Documents and Settings\C. Nash Gems\Application Data\Google -> [Folder | Modified Date = 9/2/2007 8:03:47 PM | Attr = ] Local Search History -> C:\Documents and Settings\C. Nash Gems\Application Data\Google\Local Search History -> [Folder | Modified Date = 5/4/2008 6:14:38 PM | Attr = ] Help -> C:\Documents and Settings\C. Nash Gems\Application Data\Help -> [Folder | Modified Date = 9/26/2002 10:56:45 PM | Attr = ] Hewlett-Packard -> C:\Documents and Settings\C. Nash Gems\Application Data\Hewlett-Packard -> [Folder | Modified Date = 3/28/2004 7:48:29 PM | Attr = ] Digital Imaging -> C:\Documents and Settings\C. Nash Gems\Application Data\Hewlett-Packard\Digital Imaging -> [Folder | Modified Date = 3/28/2004 7:48:32 PM | Attr = ] icons -> C:\Documents and Settings\C. Nash Gems\Application Data\icons -> [Folder | Modified Date = 1/16/2003 11:58:23 PM | Attr = ] Identities -> C:\Documents and Settings\C. Nash Gems\Application Data\Identities -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] {7176B1A0-2E5F-493B-84A7-FFC7B4773D24} -> C:\Documents and Settings\C. Nash Gems\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24} -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] LimeWire -> C:\Documents and Settings\C. Nash Gems\Application Data\LimeWire -> [Folder | Modified Date = 4/26/2008 10:34:21 AM | Attr = ] .AppSpecialShare -> C:\Documents and Settings\C. Nash Gems\Application Data\LimeWire\.AppSpecialShare -> [Folder | Modified Date = 4/25/2008 9:59:50 AM | Attr = ] themes -> C:\Documents and Settings\C. Nash Gems\Application Data\LimeWire\themes -> [Folder | Modified Date = 4/24/2008 7:04:30 PM | Attr = ] windows_theme -> C:\Documents and Settings\C. Nash Gems\Application Data\LimeWire\themes\windows_theme -> [Folder | Modified Date = 4/24/2008 7:51:20 PM | Attr = ] Macromedia -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia -> [Folder | Modified Date = 8/7/2007 3:26:32 AM | Attr = ] Flash Player -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 4/25/2008 9:59:49 AM | Attr = ] #SharedObjects -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 4/23/2008 7:53:55 PM | Attr = ] R7DKPCVT -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT -> [Folder | Modified Date = 4/30/2008 4:02:56 AM | Attr = ] bin.clearspring.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\bin.clearspring.com -> [Folder | Modified Date = 5/7/2008 7:30:25 PM | Attr = ] cdn.widgetserver.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\cdn.widgetserver.com -> [Folder | Modified Date = 4/30/2008 4:02:57 AM | Attr = ] flash.quantserve.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\flash.quantserve.com -> [Folder | Modified Date = 4/29/2008 4:16:16 PM | Attr = ] interclick.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\interclick.com -> [Folder | Modified Date = 5/6/2008 9:31:15 PM | Attr = ] login.yahoo.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\login.yahoo.com -> [Folder | Modified Date = 4/23/2008 7:58:51 PM | Attr = ] media.scanscout.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\media.scanscout.com -> [Folder | Modified Date = 4/27/2008 6:22:55 PM | Attr = ] media.tattomedia.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\media.tattomedia.com -> [Folder | Modified Date = 5/11/2008 2:38:17 PM | Attr = ] pub.widgetbox.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\pub.widgetbox.com -> [Folder | Modified Date = 4/30/2008 4:02:49 AM | Attr = ] secureinclude.ebaystatic.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\secureinclude.ebaystatic.com -> [Folder | Modified Date = 5/1/2008 4:44:48 AM | Attr = ] stuff.pyzam.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\stuff.pyzam.com -> [Folder | Modified Date = 4/29/2008 4:16:17 PM | Attr = ] suitesmart.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\suitesmart.com -> [Folder | Modified Date = 5/2/2008 7:05:12 AM | Attr = ] _f5e.swf -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\suitesmart.com\_f5e.swf -> [Folder | Modified Date = 5/2/2008 7:05:12 AM | Attr = ] www.bigpoint.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.bigpoint.com -> [Folder | Modified Date = 4/24/2008 5:14:51 PM | Attr = ] bpid -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.bigpoint.com\bpid -> [Folder | Modified Date = 4/24/2008 5:14:51 PM | Attr = ] bpid.swf -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.bigpoint.com\bpid\bpid.swf -> [Folder | Modified Date = 4/24/2008 5:14:51 PM | Attr = ] www.heavy.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.heavy.com -> [Folder | Modified Date = 5/4/2008 9:28:01 AM | Attr = ] flash -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.heavy.com\flash -> [Folder | Modified Date = 4/26/2008 4:47:02 PM | Attr = ] 7440 -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.heavy.com\flash\7440 -> [Folder | Modified Date = 4/26/2008 4:47:02 PM | Attr = ] hp_video_player.swf -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.heavy.com\flash\7440\hp_video_player.swf -> [Folder | Modified Date = 4/26/2008 4:47:02 PM | Attr = ] 7477.1 -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.heavy.com\flash\7477.1 -> [Folder | Modified Date = 5/4/2008 9:28:04 AM | Attr = ] HeavyVideoPlayer.swf -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.heavy.com\flash\7477.1\HeavyVideoPlayer.swf -> [Folder | Modified Date = 5/4/2008 9:28:04 AM | Attr = ] www.payones.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.payones.com -> [Folder | Modified Date = 5/2/2008 5:55:49 PM | Attr = ] beta -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.payones.com\beta -> [Folder | Modified Date = 5/2/2008 5:55:49 PM | Attr = ] flash -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.payones.com\beta\flash -> [Folder | Modified Date = 5/2/2008 5:57:26 PM | Attr = ] metaFlashVisitorPlayer.swf -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.payones.com\beta\flash\metaFlashVisitorPlayer.swf -> [Folder | Modified Date = 5/2/2008 5:55:49 PM | Attr = ] www.vistaprint.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.vistaprint.com -> [Folder | Modified Date = 5/7/2008 10:19:23 PM | Attr = ] www.youtube.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\www.youtube.com -> [Folder | Modified Date = 4/26/2008 4:39:47 PM | Attr = ] yieldmanager.edgesuite.net -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\yieldmanager.edgesuite.net -> [Folder | Modified Date = 4/26/2008 5:09:36 PM | Attr = ] atoms -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\yieldmanager.edgesuite.net\atoms -> [Folder | Modified Date = 4/26/2008 5:09:36 PM | Attr = ] d6 -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\yieldmanager.edgesuite.net\atoms\d6 -> [Folder | Modified Date = 4/26/2008 5:09:36 PM | Attr = ] f3 -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\yieldmanager.edgesuite.net\atoms\d6\f3 -> [Folder | Modified Date = 4/26/2008 5:09:36 PM | Attr = ] d6f34ebc818a0c5b53a4d4916a1282fd.swf -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\yieldmanager.edgesuite.net\atoms\d6\f3\d6f34ebc818a0c5b53a4d4916a1282fd.swf -> [Folder | Modified Date = 4/26/2008 5:09:36 PM | Attr = ] youtube.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\#SharedObjects\R7DKPCVT\youtube.com -> [Folder | Modified Date = 4/26/2008 11:01:19 AM | Attr = ] macromedia.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com -> [Folder | Modified Date = 4/25/2008 9:59:49 AM | Attr = ] support -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support -> [Folder | Modified Date = 4/25/2008 9:59:49 AM | Attr = ] flashplayer -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer -> [Folder | Modified Date = 4/25/2008 9:59:49 AM | Attr = ] sys -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys -> [Folder | Modified Date = 5/7/2008 10:19:23 PM | Attr = ] #bin.clearspring.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com -> [Folder | Modified Date = 4/26/2008 4:30:24 PM | Attr = ] #cdn.widgetserver.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com -> [Folder | Modified Date = 4/30/2008 4:02:56 AM | Attr = ] #flash.quantserve.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com -> [Folder | Modified Date = 4/29/2008 4:16:16 PM | Attr = ] #interclick.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com -> [Folder | Modified Date = 5/6/2008 9:31:15 PM | Attr = ] #login.yahoo.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com -> [Folder | Modified Date = 4/23/2008 7:58:51 PM | Attr = ] #media.scanscout.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com -> [Folder | Modified Date = 4/27/2008 6:12:01 PM | Attr = ] #media.tattomedia.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.tattomedia.com -> [Folder | Modified Date = 4/26/2008 4:35:43 PM | Attr = ] #pub.widgetbox.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com -> [Folder | Modified Date = 4/30/2008 4:02:49 AM | Attr = ] #secureinclude.ebaystatic.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secureinclude.ebaystatic.com -> [Folder | Modified Date = 5/1/2008 4:44:48 AM | Attr = ] #stuff.pyzam.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stuff.pyzam.com -> [Folder | Modified Date = 4/29/2008 4:16:17 PM | Attr = ] #suitesmart.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#suitesmart.com -> [Folder | Modified Date = 5/2/2008 7:05:12 AM | Attr = ] #www.bigpoint.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.bigpoint.com -> [Folder | Modified Date = 4/24/2008 5:14:51 PM | Attr = ] #www.heavy.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.heavy.com -> [Folder | Modified Date = 4/26/2008 4:47:02 PM | Attr = ] #www.payones.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.payones.com -> [Folder | Modified Date = 5/2/2008 5:55:49 PM | Attr = ] #www.vistaprint.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.vistaprint.com -> [Folder | Modified Date = 5/7/2008 10:19:23 PM | Attr = ] #www.youtube.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com -> [Folder | Modified Date = 4/26/2008 4:38:34 PM | Attr = ] #yieldmanager.edgesuite.net -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#yieldmanager.edgesuite.net -> [Folder | Modified Date = 4/26/2008 5:09:36 PM | Attr = ] #youtube.com -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#youtube.com -> [Folder | Modified Date = 4/26/2008 11:01:19 AM | Attr = ] Shockwave Player -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player -> [Folder | Modified Date = 4/17/2008 12:19:52 PM | Attr = ] DswMedia -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\DswMedia -> [Folder | Modified Date = 8/7/2007 3:26:32 AM | Attr = ] Prefs -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\Prefs -> [Folder | Modified Date = 8/7/2007 3:26:32 AM | Attr = ] M3U62JNX -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\Prefs\M3U62JNX -> [Folder | Modified Date = 3/23/2008 2:09:00 PM | Attr = ] xtras -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras -> [Folder | Modified Date = 8/7/2007 3:26:37 AM | Attr = ] download -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download -> [Folder | Modified Date = 1/17/2008 9:42:28 PM | Attr = ] AndradeArts -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts -> [Folder | Modified Date = 1/17/2008 9:42:28 PM | Attr = ] MoveCursorw32 -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\MoveCursorw32 -> [Folder | Modified Date = 1/17/2008 9:42:28 PM | Attr = ] MacromediaInc -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc -> [Folder | Modified Date = 1/17/2008 9:42:29 PM | Attr = ] AnimatedGIFAsset -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\AnimatedGIFAsset -> [Folder | Modified Date = 1/17/2008 9:42:29 PM | Attr = ] DirectSound -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound -> [Folder | Modified Date = 8/7/2007 3:26:39 AM | Attr = ] FlashAsset -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset -> [Folder | Modified Date = 8/7/2007 3:26:46 AM | Attr = ] FontAsset -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset -> [Folder | Modified Date = 8/7/2007 3:26:43 AM | Attr = ] FontXtra -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra -> [Folder | Modified Date = 8/7/2007 3:26:44 AM | Attr = ] Havok -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Havok -> [Folder | Modified Date = 8/24/2007 5:56:00 PM | Attr = ] MacroMix -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix -> [Folder | Modified Date = 8/7/2007 3:26:38 AM | Attr = ] MixServices -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices -> [Folder | Modified Date = 8/24/2007 5:56:01 PM | Attr = ] PNGImportExport -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\PNGImportExport -> [Folder | Modified Date = 1/17/2008 9:42:29 PM | Attr = ] Shockwave3dAsset -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset -> [Folder | Modified Date = 8/24/2007 5:56:02 PM | Attr = ] SoundControl -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl -> [Folder | Modified Date = 8/7/2007 3:26:39 AM | Attr = ] SWA -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA -> [Folder | Modified Date = 8/7/2007 3:26:38 AM | Attr = ] TextAsset -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset -> [Folder | Modified Date = 8/7/2007 3:26:40 AM | Attr = ] TextXtra -> C:\Documents and Settings\C. Nash Gems\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra -> [Folder | Modified Date = 8/7/2007 3:26:42 AM | Attr = ] Malwarebytes -> C:\Documents and Settings\C. Nash Gems\Application Data\Malwarebytes -> [Folder | Modified Date = 4/23/2008 2:00:23 PM | Attr = ] Malwarebytes' Anti-Malware -> C:\Documents and Settings\C. Nash Gems\Application Data\Malwarebytes\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 4/25/2008 9:59:35 AM | Attr = ] Logs -> C:\Documents and Settings\C. Nash Gems\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> [Folder | Modified Date = 5/9/2008 4:19:01 PM | Attr = ] Quarantine -> C:\Documents and Settings\C. Nash Gems\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine -> [Folder | Modified Date = 4/27/2008 3:09:55 PM | Attr = ] Microsoft -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft -> [Folder | Modified Date = 4/22/2008 3:07:58 PM | Attr = S] AddIns -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\AddIns -> [Folder | Modified Date = 11/8/2003 10:09:23 PM | Attr = ] Address Book -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Address Book -> [Folder | Modified Date = 9/30/2002 10:36:57 PM | Attr = ] Clip Organizer -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Clip Organizer -> [Folder | Modified Date = 11/17/2003 8:55:29 PM | Attr = ] Credentials -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 9/26/2002 3:19:16 AM | Attr = S] S-1-5-21-1417066420-2678003418-1157166300-1006 -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Credentials\S-1-5-21-1417066420-2678003418-1157166300-1006 -> [Folder | Modified Date = 9/26/2002 3:19:16 AM | Attr = S] S-1-5-21-725345543-1085031214-682003330-1003 -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Credentials\S-1-5-21-725345543-1085031214-682003330-1003 -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] S-1-5-21-784950871-2247778763-3148463538-1003 -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Credentials\S-1-5-21-784950871-2247778763-3148463538-1003 -> [Folder | Modified Date = 7/22/2002 8:54:14 PM | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 8/24/2007 5:01:39 AM | Attr = S] Content -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 4/23/2008 5:46:50 PM | Attr = S] MetaData -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 4/23/2008 5:46:50 PM | Attr = S] Crypto -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 2/7/2004 10:33:46 PM | Attr = S] RSA -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 2/7/2004 10:33:46 PM | Attr = S] S-1-5-21-1417066420-2678003418-1157166300-1006 -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1417066420-2678003418-1157166300-1006 -> [Folder | Modified Date = 5/1/2008 11:28:39 PM | Attr = S] HTML Help -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 9/27/2002 1:10:33 AM | Attr = ] Installer -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Installer -> [Folder | Modified Date = 12/30/2007 8:52:40 PM | Attr = ] {405D218C-1749-44A7-8DBF-E0A09FF470BE} -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Installer\{405D218C-1749-44A7-8DBF-E0A09FF470BE} -> [Folder | Modified Date = 12/30/2007 9:13:38 PM | Attr = ] Internet Explorer -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] Quick Launch -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 4/22/2008 3:33:41 AM | Attr = R ] Media Player -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 12/27/2007 6:13:37 PM | Attr = ] MMC -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\MMC -> [Folder | Modified Date = 11/27/2007 6:03:01 AM | Attr = ] Movie Maker -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Movie Maker -> [Folder | Modified Date = 12/8/2002 11:13:50 PM | Attr = ] OC -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\OC -> [Folder | Modified Date = 4/25/2008 9:59:33 AM | Attr = H ] OneCare -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\OC\OneCare -> [Folder | Modified Date = 4/22/2008 3:14:13 PM | Attr = ] Office -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Office -> [Folder | Modified Date = 11/19/2003 7:46:31 PM | Attr = ] Recent -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Office\Recent -> [Folder | Modified Date = 5/9/2008 4:17:20 AM | Attr = S] OIS -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\OIS -> [Folder | Modified Date = 11/9/2003 2:57:27 AM | Attr = ] Proof -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Proof -> [Folder | Modified Date = 10/17/2002 2:30:13 PM | Attr = ] Protect -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Protect -> [Folder | Modified Date = 2/7/2004 10:33:46 PM | Attr = S] S-1-5-21-1417066420-2678003418-1157166300-1006 -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Protect\S-1-5-21-1417066420-2678003418-1157166300-1006 -> [Folder | Modified Date = 5/3/2008 12:17:09 PM | Attr = S] Publisher -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Publisher -> [Folder | Modified Date = 11/19/2003 8:44:14 PM | Attr = ] Shoebox -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Shoebox -> [Folder | Modified Date = 10/22/2003 9:01:59 PM | Attr = ] Speech -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Speech -> [Folder | Modified Date = 4/22/2008 1:20:32 PM | Attr = ] Files -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Speech\Files -> [Folder | Modified Date = 4/22/2008 1:20:32 PM | Attr = ] UserLexicons -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Speech\Files\UserLexicons -> [Folder | Modified Date = 4/22/2008 1:20:32 PM | Attr = ] SystemCertificates -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 3/21/2003 4:12:03 AM | Attr = S] My -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Certificates -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] CRLs -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] CTLs -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Request -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\Request -> [Folder | Modified Date = 3/21/2003 4:12:03 AM | Attr = S] Certificates -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\Request\Certificates -> [Folder | Modified Date = 3/21/2003 4:12:03 AM | Attr = S] CRLs -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\Request\CRLs -> [Folder | Modified Date = 3/21/2003 4:12:03 AM | Attr = S] CTLs -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\SystemCertificates\Request\CTLs -> [Folder | Modified Date = 3/21/2003 4:12:03 AM | Attr = S] Templates -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Templates -> [Folder | Modified Date = 11/8/2003 10:09:23 PM | Attr = ] Windows -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Windows -> [Folder | Modified Date = 4/27/2008 1:56:23 PM | Attr = ] Themes -> C:\Documents and Settings\C. Nash Gems\Application Data\Microsoft\Windows\Themes -> [Folder | Modified Date = 4/22/2008 3:54:26 AM | Attr = ] Mozilla -> C:\Documents and Settings\C. Nash Gems\Application Data\Mozilla -> [Folder | Modified Date = 4/22/2008 1:46:12 AM | Attr = ] MSN6 -> C:\Documents and Settings\C. Nash Gems\Application Data\MSN6 -> [Folder | Modified Date = 4/29/2008 4:45:31 PM | Attr = ] Real -> C:\Documents and Settings\C. Nash Gems\Application Data\Real -> [Folder | Modified Date = 2/23/2008 12:25:57 AM | Attr = ] Msg -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg -> [Folder | Modified Date = 3/3/2008 9:28:19 AM | Attr = ] 104_1204251146 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg\104_1204251146 -> [Folder | Modified Date = 2/27/2008 11:36:11 PM | Attr = ] 104_1204678225 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg\104_1204678225 -> [Folder | Modified Date = 3/3/2008 9:28:18 AM | Attr = ] 3115_1204667723 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg\3115_1204667723 -> [Folder | Modified Date = 3/3/2008 9:28:18 AM | Attr = ] 4155_1204076520 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg\4155_1204076520 -> [Folder | Modified Date = 2/27/2008 11:36:11 PM | Attr = ] 4155_1204324247 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg\4155_1204324247 -> [Folder | Modified Date = 2/27/2008 11:36:11 PM | Attr = ] 4155_1204676066 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Msg\4155_1204676066 -> [Folder | Modified Date = 3/3/2008 9:28:18 AM | Attr = ] RealMediaSDK -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealMediaSDK -> [Folder | Modified Date = 2/23/2003 4:53:37 AM | Attr = ] RealOne Player -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player -> [Folder | Modified Date = 5/9/2008 7:40:04 PM | Attr = ] cd -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\cd -> [Folder | Modified Date = 10/3/2007 12:02:27 AM | Attr = ] CDBurning -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\CDBurning -> [Folder | Modified Date = 10/12/2007 2:49:20 PM | Attr = ] DataCache -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] Channels -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Channels -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] Devices -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Devices -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] Formats -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Formats -> [Folder | Modified Date = 9/19/2007 7:19:31 PM | Attr = ] GetMedia -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\GetMedia -> [Folder | Modified Date = 10/17/2002 4:09:45 PM | Attr = ] GPFeat -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\GPFeat -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] DevicesOffline -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\GPFeat\DevicesOffline -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] pics -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\GPFeat\DevicesOffline\pics -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] Help -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Help -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] howto -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\howto -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] keywords -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\keywords -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] Login -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] css -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login\css -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] data -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login\data -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] images -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login\images -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] btns -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login\images\btns -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] js -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login\js -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] templates -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Login\templates -> [Folder | Modified Date = 10/17/2002 4:09:45 PM | Attr = ] Radio -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\Radio -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] search -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DataCache\search -> [Folder | Modified Date = 10/17/2002 4:09:46 PM | Attr = ] db -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\db -> [Folder | Modified Date = 5/9/2008 7:40:04 PM | Attr = ] Backup -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\db\Backup -> [Folder | Modified Date = 10/17/2002 4:15:33 PM | Attr = ] 000 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\db\Backup\000 -> [Folder | Modified Date = 11/20/2007 7:36:56 PM | Attr = ] PendingCDs -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\db\PendingCDs -> [Folder | Modified Date = 4/22/2008 11:00:20 AM | Attr = ] Devices -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Devices -> [Folder | Modified Date = 5/9/2008 3:56:09 AM | Attr = ] DRM -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\DRM -> [Folder | Modified Date = 10/3/2007 12:02:31 AM | Attr = ] ErrorLogs -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\ErrorLogs -> [Folder | Modified Date = 5/9/2008 7:36:41 PM | Attr = ] Favorites -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Favorites -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] Audio -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Favorites\Audio -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] Radio -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Favorites\Radio -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] Video -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Favorites\Video -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] Web Pages -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Favorites\Web Pages -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] History -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\History -> [Folder | Modified Date = 5/9/2008 7:36:39 PM | Attr = ] library -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\library -> [Folder | Modified Date = 10/3/2007 12:02:31 AM | Attr = ] PMP -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\PMP -> [Folder | Modified Date = 10/17/2002 4:14:49 PM | Attr = ] skins -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\skins -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] data -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\skins\data -> [Folder | Modified Date = 9/19/2007 11:18:37 PM | Attr = ] normal -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\skins\data\normal -> [Folder | Modified Date = 9/19/2007 11:19:30 PM | Attr = ] Temp -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Temp -> [Folder | Modified Date = 9/19/2007 11:16:26 PM | Attr = ] ~rjbtemp0 -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealOne Player\Temp\~rjbtemp0 -> [Folder | Modified Date = 8/12/2003 6:42:52 PM | Attr = ] RealPlayer -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealPlayer -> [Folder | Modified Date = 2/23/2008 12:25:59 AM | Attr = ] temp -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealPlayer\temp -> [Folder | Modified Date = 11/1/2007 6:41:42 PM | Attr = ] Update -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\RealPlayer\Update -> [Folder | Modified Date = 2/23/2008 12:25:59 AM | Attr = ] rnadmin -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\rnadmin -> [Folder | Modified Date = 7/22/2002 9:08:16 PM | Attr = ] Update -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Update -> [Folder | Modified Date = 2/23/2008 12:25:57 AM | Attr = ] temp -> C:\Documents and Settings\C. Nash Gems\Application Data\Real\Update\temp -> [Folder | Modified Date = 2/23/2008 12:25:59 AM | Attr = ] Sun -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun -> [Folder | Modified Date = 8/7/2007 12:08:08 AM | Attr = ] Java -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java -> [Folder | Modified Date = 11/9/2007 5:28:15 PM | Attr = ] Deployment -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment -> [Folder | Modified Date = 4/12/2008 9:07:17 AM | Attr = ] cache -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 6.0 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0 -> [Folder | Modified Date = 5/11/2008 2:56:39 PM | Attr = ] 0 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\0 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 1 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\1 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 10 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\10 -> [Folder | Modified Date = 5/11/2008 2:56:47 PM | Attr = ] 11 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\11 -> [Folder | Modified Date = 5/11/2008 2:56:46 PM | Attr = ] 12 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\12 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 13 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\13 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 14 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\14 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 15 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\15 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 16 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\16 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 17 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\17 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 18 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\18 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 19 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\19 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 2 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\2 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 20 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\20 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 21 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\21 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 22 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\22 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 23 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\23 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 24 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\24 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 25 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\25 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 26 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\26 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 27 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\27 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 28 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\28 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 29 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\29 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 3 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\3 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 30 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\30 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 31 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\31 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 32 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\32 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 33 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\33 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 34 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\34 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 35 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\35 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 36 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\36 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 37 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\37 -> [Folder | Modified Date = 5/11/2008 3:23:19 PM | Attr = ] 38 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\38 -> [Folder | Modified Date = 5/11/2008 3:23:21 PM | Attr = ] 39 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\39 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 4 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\4 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 40 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\40 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 41 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\41 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 42 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\42 -> [Folder | Modified Date = 5/11/2008 3:23:22 PM | Attr = ] 43 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\43 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 44 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\44 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 45 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\45 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 46 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\46 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 47 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\47 -> [Folder | Modified Date = 5/11/2008 3:23:17 PM | Attr = ] 48 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\48 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 49 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\49 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 5 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\5 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 50 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\50 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 51 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\51 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 52 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\52 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 53 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\53 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 54 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\54 -> [Folder | Modified Date = 5/11/2008 2:56:48 PM | Attr = ] 55 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\55 -> [Folder | Modified Date = 5/11/2008 3:23:18 PM | Attr = ] 56 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\56 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 57 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\57 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 58 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\58 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 59 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\59 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 6 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\6 -> [Folder | Modified Date = 5/11/2008 2:56:39 PM | Attr = ] 60 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\60 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 61 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\61 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 62 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\62 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 63 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\63 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 7 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\7 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 8 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\8 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] 9 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\9 -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] host -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\host -> [Folder | Modified Date = 5/11/2008 3:23:16 PM | Attr = ] muffin -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\muffin -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] tmp -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\cache\6.0\tmp -> [Folder | Modified Date = 5/11/2008 2:56:21 PM | Attr = ] ext -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\ext -> [Folder | Modified Date = 11/9/2007 5:28:16 PM | Attr = ] log -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\log -> [Folder | Modified Date = 11/9/2007 5:28:16 PM | Attr = ] security -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\security -> [Folder | Modified Date = 11/9/2007 5:28:17 PM | Attr = ] tmp -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\tmp -> [Folder | Modified Date = 4/12/2008 9:07:17 AM | Attr = ] si -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\Deployment\tmp\si -> [Folder | Modified Date = 4/12/2008 9:07:24 AM | Attr = ] jre1.6.0_02 -> C:\Documents and Settings\C. Nash Gems\Application Data\Sun\Java\jre1.6.0_02 -> [Folder | Modified Date = 8/7/2007 12:08:08 AM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\C. Nash Gems\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 4/23/2008 4:55:18 PM | Attr = ] SUPERAntiSpyware -> C:\Documents and Settings\C. Nash Gems\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware -> [Folder | Modified Date = 5/9/2008 2:19:25 PM | Attr = ] AppLogs -> C:\Documents and Settings\C. Nash Gems\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs -> [Folder | Modified Date = 5/10/2008 2:12:40 PM | Attr = ] Logs -> C:\Documents and Settings\C. Nash Gems\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs -> [Folder | Modified Date = 5/9/2008 2:28:42 PM | Attr = ] Quarantine -> C:\Documents and Settings\C. Nash Gems\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine -> [Folder | Modified Date = 5/9/2008 3:37:24 PM | Attr = ] Symantec -> C:\Documents and Settings\C. Nash Gems\Application Data\Symantec -> [Folder | Modified Date = 3/28/2008 2:16:46 PM | Attr = ] Cleanup -> C:\Documents and Settings\C. Nash Gems\Application Data\Symantec\Cleanup -> [Folder | Modified Date = 3/28/2008 2:16:46 PM | Attr = ] NPMDataStore -> C:\Documents and Settings\C. Nash Gems\Application Data\Symantec\NPMDataStore -> [Folder | Modified Date = 3/28/2008 2:59:07 PM | Attr = ] Template -> C:\Documents and Settings\C. Nash Gems\Application Data\Template -> [Folder | Modified Date = 10/17/2002 2:30:13 PM | Attr = ] Uniblue -> C:\Documents and Settings\C. Nash Gems\Application Data\Uniblue -> [Folder | Modified Date = 12/3/2007 11:25:34 AM | Attr = ] Registry Booster2 -> C:\Documents and Settings\C. Nash Gems\Application Data\Uniblue\Registry Booster2 -> [Folder | Modified Date = 12/3/2007 11:26:22 AM | Attr = ] uTorrent -> C:\Documents and Settings\C. Nash Gems\Application Data\uTorrent -> [Folder | Modified Date = 4/12/2008 5:36:53 PM | Attr = ] Yahoo! -> C:\Documents and Settings\C. Nash Gems\Application Data\Yahoo! -> [Folder | Modified Date = 3/24/2008 3:51:18 PM | Attr = ] Browser -> C:\Documents and Settings\C. Nash Gems\Application Data\Yahoo!\Browser -> [Folder | Modified Date = 2/7/2004 11:09:04 PM | Attr = ] Companion -> C:\Documents and Settings\C. Nash Gems\Application Data\Yahoo!\Companion -> [Folder | Modified Date = 3/23/2008 11:21:24 PM | Attr = ] Buttons -> C:\Documents and Settings\C. Nash Gems\Application Data\Yahoo!\Companion\Buttons -> [Folder | Modified Date = 3/23/2008 11:21:24 PM | Attr = ] Application Data -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 5/3/2008 3:49:51 AM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] {7176B1A0-2E5F-493B-84A7-FFC7B4773D24} -> C:\Documents and Settings\Default User\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24} -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Credentials -> C:\Documents and Settings\Default User\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] S-1-5-21-725345543-1085031214-682003330-1003 -> C:\Documents and Settings\Default User\Application Data\Microsoft\Credentials\S-1-5-21-725345543-1085031214-682003330-1003 -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] S-1-5-21-784950871-2247778763-3148463538-1003 -> C:\Documents and Settings\Default User\Application Data\Microsoft\Credentials\S-1-5-21-784950871-2247778763-3148463538-1003 -> [Folder | Modified Date = 7/22/2002 8:54:14 PM | Attr = S] Internet Explorer -> C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] Quick Launch -> C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 8/23/2007 8:49:41 PM | Attr = R ] SystemCertificates -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] My -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Certificates -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] CRLs -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] CTLs -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Real -> C:\Documents and Settings\Default User\Application Data\Real -> [Folder | Modified Date = 7/22/2002 9:08:16 PM | Attr = ] rnadmin -> C:\Documents and Settings\Default User\Application Data\Real\rnadmin -> [Folder | Modified Date = 7/22/2002 9:08:16 PM | Attr = ] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 4/21/2008 11:34:38 PM | Attr = ] Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [Folder | Modified Date = 4/22/2008 3:21:34 AM | Attr = ] Flash Player -> C:\Documents and Settings\LocalService\Application Data\Adobe\Flash Player -> [Folder | Modified Date = 4/22/2008 3:21:34 AM | Attr = ] AssetCache -> C:\Documents and Settings\LocalService\Application Data\Adobe\Flash Player\AssetCache -> [Folder | Modified Date = 4/22/2008 3:21:34 AM | Attr = ] QPHARABH -> C:\Documents and Settings\LocalService\Application Data\Adobe\Flash Player\AssetCache\QPHARABH -> [Folder | Modified Date = 4/22/2008 3:21:34 AM | Attr = ] Google -> C:\Documents and Settings\LocalService\Application Data\Google -> [Folder | Modified Date = 4/22/2008 3:57:21 AM | Attr = ] Local Search History -> C:\Documents and Settings\LocalService\Application Data\Google\Local Search History -> [Folder | Modified Date = 4/22/2008 3:57:21 AM | Attr = ] Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] Flash Player -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] #SharedObjects -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] XXH7Z2ET -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\XXH7Z2ET -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] macromedia.com -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\macromedia.com -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] support -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\macromedia.com\support -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] flashplayer -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] sys -> C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys -> [Folder | Modified Date = 4/22/2008 3:57:10 AM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 4/22/2008 1:45:37 PM | Attr = S] Credentials -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] S-1-5-19 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19 -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] Internet Explorer -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = ] OC -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC -> [Folder | Modified Date = 4/22/2008 1:45:37 PM | Attr = H ] Channels -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC\Channels -> [Folder | Modified Date = 4/25/2008 9:59:25 AM | Attr = H ] ch1 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC\Channels\ch1 -> [Folder | Modified Date = 4/22/2008 1:45:37 PM | Attr = H ] ch2 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC\Channels\ch2 -> [Folder | Modified Date = 4/22/2008 1:49:12 PM | Attr = H ] ch3 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC\Channels\ch3 -> [Folder | Modified Date = 4/22/2008 1:50:13 PM | Attr = H ] ch4 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC\Channels\ch4 -> [Folder | Modified Date = 4/22/2008 7:43:04 PM | Attr = H ] ch5 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\OC\Channels\ch5 -> [Folder | Modified Date = 4/25/2008 9:59:25 AM | Attr = H ] SystemCertificates -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] My -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] Certificates -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] CRLs -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] CTLs -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 9/17/2001 3:14:10 PM | Attr = S] UPnP Device Host -> C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host -> [Folder | Modified Date = 3/13/2005 4:53:52 AM | Attr = ] Description Documents -> C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\Description Documents -> [Folder | Modified Date = 8/21/2005 4:16:49 AM | Attr = ] upnphost -> C:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost -> [Folder | Modified Date = 3/13/2005 4:53:52 AM | Attr = ] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] Credentials -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] S-1-5-20 -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20 -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] Internet Explorer -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = ] SystemCertificates -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] My -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] Certificates -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] CRLs -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] CTLs -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 9/17/2001 3:14:08 PM | Attr = S] Application Data -> C:\Documents and Settings\Owner\Application Data -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = RH ] Identities -> C:\Documents and Settings\Owner\Application Data\Identities -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] {7176B1A0-2E5F-493B-84A7-FFC7B4773D24} -> C:\Documents and Settings\Owner\Application Data\Identities\{7176B1A0-2E5F-493B-84A7-FFC7B4773D24} -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] Microsoft -> C:\Documents and Settings\Owner\Application Data\Microsoft -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Credentials -> C:\Documents and Settings\Owner\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] S-1-5-21-725345543-1085031214-682003330-1003 -> C:\Documents and Settings\Owner\Application Data\Microsoft\Credentials\S-1-5-21-725345543-1085031214-682003330-1003 -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] S-1-5-21-784950871-2247778763-3148463538-1003 -> C:\Documents and Settings\Owner\Application Data\Microsoft\Credentials\S-1-5-21-784950871-2247778763-3148463538-1003 -> [Folder | Modified Date = 7/22/2002 8:54:14 PM | Attr = S] Internet Explorer -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = ] Quick Launch -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 9/19/2007 11:17:46 PM | Attr = R ] SystemCertificates -> C:\Documents and Settings\Owner\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] My -> C:\Documents and Settings\Owner\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Certificates -> C:\Documents and Settings\Owner\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] CRLs -> C:\Documents and Settings\Owner\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] CTLs -> C:\Documents and Settings\Owner\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 9/17/2001 3:14:06 PM | Attr = S] Real -> C:\Documents and Settings\Owner\Application Data\Real -> [Folder | Modified Date = 7/22/2002 9:08:16 PM | Attr = ] rnadmin -> C:\Documents and Settings\Owner\Application Data\Real\rnadmin -> [Folder | Modified Date = 9/26/2005 4:10:34 AM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 5/11/2008 4:42:50 PM | Attr = S] Antispyware Scheduled Scan.job -> C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 522 bytes | Modified Date = 5/9/2008 3:00:00 AM | Attr = ] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/21/2008 8:36:03 AM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/18/2001 9:00:00 AM | Attr = RH ] FRU Task #Hewlett-Packard#hp psc 2170 series#1080521008.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1080521008.job -> [Ver = | Size = 356 bytes | Modified Date = 5/4/2006 6:48:07 PM | Attr = ] FRU Task #Hewlett-Packard#hp psc 2170 series#1202514853.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1202514853.job -> [Ver = | Size = 404 bytes | Modified Date = 4/19/2008 5:54:06 PM | Attr = ] FRU Task #Hewlett-Packard#hp psc 2170 series#1209835093.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1209835093.job -> [Ver = | Size = 356 bytes | Modified Date = 5/7/2008 10:06:43 AM | Attr = ] FRU Task $ContextID$.job -> C:\WINDOWS\Tasks\FRU Task $ContextID$.job -> [Ver = | Size = 334 bytes | Modified Date = 5/3/2008 12:18:47 PM | Attr = ] ParetoLogic Registration.job -> C:\WINDOWS\Tasks\ParetoLogic Registration.job -> [Ver = | Size = 456 bytes | Modified Date = 5/9/2008 6:00:01 PM | Attr = ] ParetoLogic Update Version2.job -> C:\WINDOWS\Tasks\ParetoLogic Update Version2.job -> [Ver = | Size = 430 bytes | Modified Date = 5/7/2008 12:33:02 AM | Attr = ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/11/2008 4:57:36 PM | Attr = H ] WebReg 20080504084627.job -> C:\WINDOWS\Tasks\WebReg 20080504084627.job -> [Ver = | Size = 458 bytes | Modified Date = 5/4/2008 8:46:29 AM | Attr = ] WebReg 20080506193726.job -> C:\WINDOWS\Tasks\WebReg 20080506193726.job -> [Ver = | Size = 458 bytes | Modified Date = 5/6/2008 7:37:27 PM | Attr = ] WebReg 20080506203000.job -> C:\WINDOWS\Tasks\WebReg 20080506203000.job -> [Ver = | Size = 458 bytes | Modified Date = 5/6/2008 8:30:03 PM | Attr = ] WebReg 20080507100635.job -> C:\WINDOWS\Tasks\WebReg 20080507100635.job -> [Ver = | Size = 458 bytes | Modified Date = 5/7/2008 10:06:36 AM | Attr = ] WebReg 20080509024159.job -> C:\WINDOWS\Tasks\WebReg 20080509024159.job -> [Ver = | Size = 458 bytes | Modified Date = 5/9/2008 2:42:03 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]