[code] OTScanIt logfile created on: 6/20/2008 2:58:46 PM OTScanIt by OldTimer - Version 1.0.15.16 Folder = C:\Documents and Settings\Tam\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.25 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 64.30% Memory free 1.48 Gb Paging File | 1.24 Gb Available in Paging File | 83.70% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.56 Gb Total Space | 6.44 Gb Free Space | 8.64% Space Free | Partition Type: NTFS Drive D: | 189.92 Gb Total Space | 15.04 Gb Free Space | 7.92% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PHAN Current User Name: Tam Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 2/22/2005 10:33:35 PM | Attr = ] wbload.exe -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\wbload.exe -> Stardock Systems, Inc [Ver = 4.4 | Size = 426496 bytes | Modified Date = 1/25/2005 7:44:50 PM | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 7:06:57 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 2/22/2005 10:33:35 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ] runservice.exe -> %SystemRoot%\Runservice.exe -> [Ver = | Size = 2560 bytes | Modified Date = 10/10/2006 7:31:13 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 2/22/2005 10:05:00 PM | Attr = ] daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 6:05:02 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3249 | Size = 180269 bytes | Modified Date = 5/3/2005 9:47:40 PM | Attr = ] winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 10/25/2006 1:37:54 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/15/2007 12:43:10 AM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 2:11:04 PM | Attr = ] clonecdtray.exe -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe -> SlySoft, Inc. [Ver = 5, 3, 0, 0 | Size = 57344 bytes | Modified Date = 9/28/2006 3:21:04 PM | Attr = ] aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 6:50:04 PM | Attr = ] popupstopperprofessional.exe -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe -> Panicware, Inc. [Ver = 1, 60, 0, 1002 | Size = 507904 bytes | Modified Date = 2/2/2006 12:28:25 AM | Attr = ] nkbmonitor.exe -> D:\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 6, 1, 3000 | Size = 118784 bytes | Modified Date = 9/7/2005 5:45:16 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 2:10:54 PM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:18 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.16 | Size = 397312 bytes | Modified Date = 6/20/2008 1:47:40 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 3/19/2005 9:44:15 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 7:06:57 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 2/22/2005 10:33:35 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0023 | Size = 516096 bytes | Modified Date = 2/22/2005 10:05:00 PM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 181112 bytes | Modified Date = 5/15/2008 7:19:24 PM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 283512 bytes | Modified Date = 5/15/2008 7:19:00 PM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 7:16:59 PM | Attr = ] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 5/14/2008 4:10:47 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 11/15/2007 2:10:54 PM | Attr = ] (LicCtrlService) LicCtrl Service [Win32_Own | Auto | Running] -> %SystemRoot%\Runservice.exe -> [Ver = | Size = 2560 bytes | Modified Date = 10/10/2006 7:31:13 PM | Attr = ] (npkcsvc) npkcsvc [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\npkcsvc.exe -> File not found (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] (PowerManager) Power Manager [Win32_Own | Auto | Stopped] -> %SystemRoot%\svchost.exe -> [Ver = | Size = 36352 bytes | Modified Date = 8/24/2001 2:00:00 PM | Attr = S] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 2/22/2005 10:05:00 PM | Attr = ] CloneCDTray -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe ["C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s] -> SlySoft, Inc. [Ver = 5, 3, 0, 0 | Size = 57344 bytes | Modified Date = 9/28/2006 3:21:04 PM | Attr = ] DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe ["C:\Program Files\D-Tools\daemon.exe" -lang 1033] -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 6:05:02 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 11/15/2007 2:11:04 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 11/15/2007 12:43:10 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> [Ver = | Size = 180112 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3249 | Size = 180269 bytes | Modified Date = 5/3/2005 9:47:40 PM | Attr = ] WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Program Files\Winamp\winampa.exe] -> [Ver = | Size = 35328 bytes | Modified Date = 10/25/2006 1:37:54 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found PopUpStopperProfessional -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe ["C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"] -> Panicware, Inc. [Ver = 1, 60, 0, 1002 | Size = 507904 bytes | Modified Date = 2/2/2006 12:28:25 AM | Attr = ] Steam -> H:\Valve\Steam\Steam.exe ["H:\Valve\Steam\Steam.exe" -silent] -> File not found < Run [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found PopUpStopperProfessional -> %ProgramFiles%\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe ["C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe"] -> Panicware, Inc. [Ver = 1, 60, 0, 1002 | Size = 507904 bytes | Modified Date = 2/2/2006 12:28:25 AM | Attr = ] Steam -> H:\Valve\Steam\Steam.exe ["H:\Valve\Steam\Steam.exe" -silent] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NkbMonitor.exe.lnk -> D:\Nikon\PictureProject\NkbMonitor.exe -> Nikon Corporation [Ver = 1, 6, 1, 3000 | Size = 118784 bytes | Modified Date = 9/7/2005 5:45:16 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Tam Startup Folder > -> C:\Documents and Settings\Tam\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 2/22/2005 10:33:40 PM | Attr = ] WB -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/20/2001 11:34:52 PM | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:59:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_DVD-ROM_SD-816B_________________H000____\5&d2a479a&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomPIONEER_DVD-RW__DVR-108_________________1.10____\44_044473143353136395734204c202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&0&000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\3 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&0&010 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2/26/2005 2:21:00 PM | Attr = ] AUTORUN.INF [[AutoRun] | open=setup.exe | icon=setup.exe,0 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |  | ] -> F:\AUTORUN.INF [ CDFS ] -> [Ver = | Size = 110 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = R ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 2/26/2005 2:58:09 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 2/26/2005 2:58:09 PM | Attr = ] WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 2/26/2005 2:58:09 PM | Attr = ] WebBrowser\\{E1BACF55-35E1-4E47-9247-2D48660E5545} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {13C1DBF6-7535-495c-91F6-8C13714ED485}:Exec -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk [Absolute Poker] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 6:50:04 PM | Attr = ] {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk [Absolute Poker] -> File not found CmdMapping\\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 6:50:04 PM | Attr = ] CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 2/26/2005 2:58:09 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk [Absolute Poker] -> File not found CmdMapping\\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 6:50:04 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk [Absolute Poker] -> File not found CmdMapping\\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 6:50:04 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] &Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 8:05:30 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ -> {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %AllUsersProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk [Absolute Poker] -> File not found CmdMapping\\{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 6:50:04 PM | Attr = ] CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1409082233-492894223-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 2/26/2005 2:58:09 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {130E8D6C-DEE2-402E-9919-A29AF0EC5730} -> () -> {8FBE1A77-A05E-4A48-88AB-2185F4AF590D} -> (D-Link DL10050-based Ethernet Adapter (Generic)) -> {EDCA8DD6-6B6E-4299-8D28-D34B13E5DD82} -> (RCA USB Cable Modem) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00B71CFB-6864-4346-A978-C0A14556272C}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[Checkers Class] -> {14B87622-7E19-4EA8-93B3-97215F77A6BC}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab[MessengerStatsClient Class] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {18CD2FD8-81CE-44C3-99E1-0822E1C7116C}[HKEY_LOCAL_MACHINE] -> http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab[EARTPatch8X Class] -> {2917297F-F02B-4B9D-81DF-494B6333150B}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[Minesweeper Flags Class] -> {2931566C-B8A6-46C5-BF4D-E6AB9251E953}[HKEY_LOCAL_MACHINE] -> http://s.nx.com/activex/public_new/nxpm.cab[Nexon Package Manager Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {3695B964-7E17-4B45-AF5F-666C3D84CD4D}[HKEY_LOCAL_MACHINE] -> http://qplay.nx.com/ActiveX/Public/QxConn.cab[Qplay Connection Control] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://spaces.msn.com//PhotoUpload/MsnPUpld.cab[MSN Photo Upload Tool] -> {5F5F9FB8-878E-4455-95E0-F64B2314288A}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab[ijjiPlugin2 Class] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109448086562[WUWebControl Class] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173847895750[MUWebControl Class] -> {745395C8-D0E1-4227-8586-624CA9A10A8D}[HKEY_LOCAL_MACHINE] -> http://217.71.245.166/activex/AMC.cab[AxisMediaControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[MessengerStatsClient Class] -> {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}[HKEY_LOCAL_MACHINE] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab[BatchDownloader Class] -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[ZoneIntro Class] -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}[HKEY_LOCAL_MACHINE] -> http://ax.emsisoft.com/asquared.cab[a-squared Scanner] -> {BE833F39-1E0C-468C-BA70-25AAEE55775E}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab.cab[System Requirements Lab Class] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[HGPlugin9USA Class] -> {CEA3052D-65B9-44E2-A501-5E14024BC66F}[HKEY_LOCAL_MACHINE] -> http://www.tricksteronline.com/control/tricksterActiveX.cab[TricksterActiveX Control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09}[HKEY_LOCAL_MACHINE] -> http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab[Reg Error: Key does not exist or could not be opened.] -> {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D}[HKEY_LOCAL_MACHINE] -> http://www.gamengame.com/KALogoutComponent.cab[Logout Class] -> {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab[Solitaire Showdown Class] -> {FA3662C3-B8E8-11D6-A667-0010B556D978}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[IWinAmpActiveX Class] -> {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6}[HKEY_LOCAL_MACHINE] -> http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab[IWinAmpActiveX Class] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asquared.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asquared.ocx\\.Owner -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asquared.ocx\\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigWXMSN.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigWXMSN.dll\\.Owner -> {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DigWXMSN.dll\\{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EARTP8X.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EARTP8X.dll\\.Owner -> {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/EARTP8X.dll\\{18CD2FD8-81CE-44C3-99E1-0822E1C7116C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGPlugin9USA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGPlugin9USA.dll\\.Owner -> {CD995117-98E5-4169-9920-6C12D4C0B548} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGPlugin9USA.dll\\{CD995117-98E5-4169-9920-6C12D4C0B548} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGStart9USA.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGStart9USA.exe\\.Owner -> {CD995117-98E5-4169-9920-6C12D4C0B548} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGStart9USA.exe\\{CD995117-98E5-4169-9920-6C12D4C0B548} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiNotify2.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiNotify2.exe\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiNotify2.exe\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPlugin2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPlugin2.dll\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPlugin2.dll\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreNotify2.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreNotify2.exe\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreNotify2.exe\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreStarter2.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreStarter2.exe\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjiPreStarter2.exe\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter2.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter2.exe\\.Owner -> {5F5F9FB8-878E-4455-95E0-F64B2314288A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijjistarter2.exe\\{5F5F9FB8-878E-4455-95E0-F64B2314288A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\\.Owner -> {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {14B87622-7E19-4EA8-93B3-97215F77A6BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/minesweeper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/minesweeper.dll\\.Owner -> {2917297F-F02B-4B9D-81DF-494B6333150B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/minesweeper.dll\\{2917297F-F02B-4B9D-81DF-494B6333150B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {00B71CFB-6864-4346-A978-C0A14556272C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{00B71CFB-6864-4346-A978-C0A14556272C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\.Owner -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnMessengerSetupDownloader.ocx\\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solitaireshowdown.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solitaireshowdown.dll\\.Owner -> {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solitaireshowdown.dll\\{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab.dll\\.Owner -> {BE833F39-1E0C-468C-BA70-25AAEE55775E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab.dll\\{BE833F39-1E0C-468C-BA70-25AAEE55775E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TricksterActiveX.lic\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TricksterActiveX.lic\\.Owner -> {CEA3052D-65B9-44E2-A501-5E14024BC66F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TricksterActiveX.lic\\{CEA3052D-65B9-44E2-A501-5E14024BC66F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TricksterActiveX.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TricksterActiveX.ocx\\.Owner -> {CEA3052D-65B9-44E2-A501-5E14024BC66F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TricksterActiveX.ocx\\{CEA3052D-65B9-44E2-A501-5E14024BC66F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/nxpm.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/nxpm.ocx\\.Owner -> {2931566C-B8A6-46C5-BF4D-E6AB9251E953} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/nxpm.ocx\\{2931566C-B8A6-46C5-BF4D-E6AB9251E953} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/QxConn.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/QxConn.ocx\\.Owner -> {3695B964-7E17-4B45-AF5F-666C3D84CD4D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/QxConn.ocx\\{3695B964-7E17-4B45-AF5F-666C3D84CD4D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\PowerDVD -> PowerDVD -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> PowerDVD -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\PowerDVD -> PowerDVD -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> PowerDVD -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{CEA3052D-65B9-44E2-A501-5E14024BC66F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{CEA3052D-65B9-44E2-A501-5E14024BC66F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkagt.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkagt.exe\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkagt.exe\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.dll\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.dll\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.sys\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.sys\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.vxd\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.vxd\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcrypt.vxd\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcsvc.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcsvc.exe\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcsvc.exe\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcusb.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcusb.sys\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcusb.sys\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcx.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcx.ocx\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkcx.ocx\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkpdb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkpdb.dll\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkpdb.dll\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkuninst.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkuninst.exe\\.Owner -> {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/npkuninst.exe\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{D6FCA8ED-4715-43DE-9BD2-2789778A5B09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{CEA3052D-65B9-44E2-A501-5E14024BC66F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/patchw32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/patchw32.dll\\.Owner -> {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/patchw32.dll\\{18CD2FD8-81CE-44C3-99E1-0822E1C7116C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\PowerDVD -> PowerDVD -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> PowerDVD -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < ControlSets > HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 -> [Files/Folders - Created Within 90 days] als_script.zip -> %SystemDrive%\als_script.zip -> [Ver = | Size = 24310 bytes | Created Date = 5/15/2008 8:39:06 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\als_script.zip:Zone.Identifier beforeafter.html -> %SystemDrive%\beforeafter.html -> [Ver = | Size = 6858 bytes | Created Date = 5/15/2008 11:15:29 PM | Attr = ] BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Created Date = 6/19/2008 8:01:43 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 6/19/2008 8:01:34 PM | Attr = RHS] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 6/19/2008 8:01:38 PM | Attr = RHS] Copy of index.zip -> %SystemDrive%\Copy of index.zip -> [Ver = | Size = 129459 bytes | Created Date = 5/16/2008 2:18:25 PM | Attr = ] custom.gif -> %SystemDrive%\custom.gif -> [Ver = | Size = 1208 bytes | Created Date = 5/15/2008 9:09:13 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/18/2008 10:09:22 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1340985344 bytes | Created Date = 6/20/2008 2:11:53 PM | Attr = HS] images.zip -> %SystemDrive%\images.zip -> [Ver = | Size = 85209372 bytes | Created Date = 5/16/2008 12:55:13 AM | Attr = ] jquery.js -> %SystemDrive%\jquery.js -> [Ver = | Size = 62885 bytes | Created Date = 5/15/2008 4:50:35 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\jquery.js:Zone.Identifier jquery.metadata.js -> %SystemDrive%\jquery.metadata.js -> [Ver = | Size = 3851 bytes | Created Date = 5/15/2008 4:50:35 PM | Attr = ] jquery.validate.js -> %SystemDrive%\jquery.validate.js -> [Ver = | Size = 49440 bytes | Created Date = 5/15/2008 4:50:35 PM | Attr = ] jquery.validate.min.js -> %SystemDrive%\jquery.validate.min.js -> [Ver = | Size = 13270 bytes | Created Date = 5/15/2008 4:50:35 PM | Attr = ] jquery.validate.pack.js -> %SystemDrive%\jquery.validate.pack.js -> [Ver = | Size = 7803 bytes | Created Date = 5/15/2008 4:50:35 PM | Attr = ] Picture -> %SystemDrive%\Picture -> [Folder | Created Date = 5/15/2008 1:51:02 PM | Attr = ] Picture 001.zip -> %SystemDrive%\Picture 001.zip -> [Ver = | Size = 1031937 bytes | Created Date = 5/14/2008 3:32:53 PM | Attr = ] Picture.zip -> %SystemDrive%\Picture.zip -> [Ver = | Size = 5768929 bytes | Created Date = 5/15/2008 12:37:56 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/19/2008 8:02:58 PM | Attr = ] temp.html -> %SystemDrive%\temp.html -> [Ver = | Size = 720 bytes | Created Date = 5/14/2008 6:18:56 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/14/2008 1:18:03 AM | Attr = ] XDVDMulleterBeta10[1].1 -> %SystemDrive%\XDVDMulleterBeta10[1].1 -> [Folder | Created Date = 5/12/2008 4:56:45 PM | Attr = ] XDVDMulleterBeta10[1].1.rar -> %SystemDrive%\XDVDMulleterBeta10[1].1.rar -> [Ver = | Size = 4930311 bytes | Created Date = 5/12/2008 4:56:23 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\XDVDMulleterBeta10[1].1.rar:Zone.Identifier _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/19/2008 7:55:26 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 5/14/2008 3:21:20 PM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Created Date = 6/19/2008 7:51:15 PM | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Created Date = 6/19/2008 7:51:13 PM | Attr = ] aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 6/19/2008 7:51:13 PM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Created Date = 6/19/2008 7:51:13 PM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Created Date = 6/19/2008 7:51:17 PM | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Created Date = 6/19/2008 7:51:13 PM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Created Date = 6/19/2008 7:51:16 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 6/13/2008 12:54:11 AM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 6/13/2008 12:54:11 AM | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Created Date = 6/19/2008 7:50:48 PM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Created Date = 6/19/2008 7:51:14 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/19/2008 7:50:18 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 6/19/2008 7:50:18 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/19/2008 7:50:18 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 6/19/2008 7:50:18 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/18/2008 10:09:51 PM | Attr = ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] Jump Shot Basketball Uninstaller.exe -> %SystemRoot%\Jump Shot Basketball Uninstaller.exe -> [Ver = | Size = 186034 bytes | Created Date = 4/17/2008 11:44:21 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 6/19/2008 8:01:32 PM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Created Date = 6/19/2008 8:01:20 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 6/19/2008 8:02:54 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] .zreglib -> %AllUsersProfile%\Application Data\.zreglib -> [Ver = | Size = 41 bytes | Created Date = 5/12/2008 5:05:15 PM | Attr = HS] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Created Date = 5/14/2008 4:29:15 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/13/2008 12:54:11 AM | Attr = ] SlySoft -> %AllUsersProfile%\Application Data\SlySoft -> [Folder | Created Date = 6/2/2008 3:58:09 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 6/15/2008 6:53:57 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/13/2008 12:54:15 AM | Attr = ] Deployment -> %UserProfile%\Local Settings\Application Data\Deployment -> [Folder | Created Date = 5/12/2008 4:51:57 AM | Attr = ] MulletPower -> %UserProfile%\Local Settings\Application Data\MulletPower -> [Folder | Created Date = 5/12/2008 4:57:04 PM | Attr = ] RapidShare -> %UserProfile%\Local Settings\Application Data\RapidShare -> [Folder | Created Date = 5/12/2008 4:54:41 AM | Attr = ] BillpaymentMC.doc -> %UserProfile%\My Documents\BillpaymentMC.doc -> [Ver = | Size = 36352 bytes | Created Date = 4/22/2008 3:44:37 AM | Attr = ] Downloaded Installations -> %UserProfile%\My Documents\Downloaded Installations -> [Folder | Created Date = 5/14/2008 4:02:55 PM | Attr = ] Receipt.doc -> %UserProfile%\My Documents\Receipt.doc -> [Ver = | Size = 43008 bytes | Created Date = 4/22/2008 5:00:00 PM | Attr = ] references.doc -> %UserProfile%\My Documents\references.doc -> [Ver = | Size = 25600 bytes | Created Date = 4/27/2008 11:51:04 PM | Attr = ] Unnamed Site 2 -> %UserProfile%\My Documents\Unnamed Site 2 -> [Folder | Created Date = 5/14/2008 6:27:50 PM | Attr = ] View Results.doc -> %UserProfile%\My Documents\View Results.doc -> [Ver = | Size = 587264 bytes | Created Date = 4/14/2008 10:08:41 PM | Attr = ] ac?d.doc -> %UserProfile%\My Documents\ąĉіđ.doc -> [Ver = | Size = 24064 bytes | Modified Date = 4/3/2007 11:52:27 AM | Attr = ] avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1741 bytes | Created Date = 6/19/2008 7:51:17 PM | Attr = ] CloneCD.lnk -> %AllUsersProfile%\Desktop\CloneCD.lnk -> [Ver = | Size = 798 bytes | Created Date = 5/12/2008 5:00:35 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 728 bytes | Created Date = 6/13/2008 12:54:12 AM | Attr = ] 041508 -> %UserProfile%\Desktop\041508 -> [Folder | Created Date = 4/17/2008 11:42:01 PM | Attr = ] 1188605469.ppt -> %UserProfile%\Desktop\1188605469.ppt -> [Ver = | Size = 82944 bytes | Created Date = 4/27/2008 7:49:16 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\1188605469.ppt:Zone.Identifier 57110-Itazurana Kiss v.04.zip -> %UserProfile%\Desktop\57110-Itazurana Kiss v.04.zip -> [Ver = | Size = 38190020 bytes | Created Date = 4/6/2008 11:39:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\57110-Itazurana Kiss v.04.zip:Zone.Identifier 81828-Soul Eater Volume 4.zip -> %UserProfile%\Desktop\81828-Soul Eater Volume 4.zip -> [Ver = | Size = 62769739 bytes | Created Date = 4/30/2008 2:01:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\81828-Soul Eater Volume 4.zip:Zone.Identifier ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/13/2008 12:50:21 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier balmoral_d.zip -> %UserProfile%\Desktop\balmoral_d.zip -> [Ver = | Size = 44058 bytes | Created Date = 5/14/2008 7:00:00 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\balmoral_d.zip:Zone.Identifier Claymore_79_[FH] -> %UserProfile%\Desktop\Claymore_79_[FH] -> [Folder | Created Date = 5/4/2008 4:30:37 PM | Attr = ] clone[1].ccd5302.rar -> %UserProfile%\Desktop\clone[1].ccd5302.rar -> [Ver = | Size = 2590649 bytes | Created Date = 6/2/2008 3:53:34 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\clone[1].ccd5302.rar:Zone.Identifier ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2026645 bytes | Created Date = 6/19/2008 8:02:22 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier Dexter -> %UserProfile%\Desktop\Dexter -> [Folder | Created Date = 5/27/2008 10:21:49 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 722982 bytes | Created Date = 6/18/2008 10:09:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 157 bytes | Created Date = 6/20/2008 2:39:03 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1766 bytes | Created Date = 6/11/2008 3:31:45 PM | Attr = ] jquery-1[1].2.3.min.js -> %UserProfile%\Desktop\jquery-1[1].2.3.min.js -> [Ver = | Size = 54075 bytes | Created Date = 5/14/2008 3:53:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jquery-1[1].2.3.min.js:Zone.Identifier jsbfree.exe -> %UserProfile%\Desktop\jsbfree.exe -> [Ver = | Size = 7974354 bytes | Created Date = 4/17/2008 11:43:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jsbfree.exe:Zone.Identifier Lineup.xls -> %UserProfile%\Desktop\Lineup.xls -> [Ver = | Size = 843776 bytes | Created Date = 4/1/2008 12:10:54 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Lineup.xls:Zone.Identifier Manga 4 -> %UserProfile%\Desktop\Manga 4 -> [Folder | Created Date = 4/18/2008 2:33:22 PM | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Created Date = 5/3/2008 1:54:32 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> [Ver = | Size = 326656 bytes | Created Date = 6/19/2008 7:44:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/20/2008 2:56:30 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Created Date = 6/20/2008 2:40:44 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier RapidShare Manager.lnk -> %UserProfile%\Desktop\RapidShare Manager.lnk -> [Ver = | Size = 2590 bytes | Created Date = 5/12/2008 4:52:25 AM | Attr = ] receipt.htm -> %UserProfile%\Desktop\receipt.htm -> [Ver = | Size = 24339 bytes | Created Date = 5/26/2008 2:00:07 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\receipt.htm:Zone.Identifier references.doc -> %UserProfile%\Desktop\references.doc -> [Ver = | Size = 25600 bytes | Created Date = 4/28/2008 12:07:27 AM | Attr = ] RSMInit.exe -> %UserProfile%\Desktop\RSMInit.exe -> RapidShare AG [Ver = 1.0.0.0 | Size = 20480 bytes | Created Date = 5/12/2008 4:51:44 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\RSMInit.exe:Zone.Identifier sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 18509352 bytes | Created Date = 6/15/2008 6:48:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sdsetup.exe:Zone.Identifier setupeng.exe -> %UserProfile%\Desktop\setupeng.exe -> [Ver = | Size = 24270296 bytes | Created Date = 6/19/2008 7:46:28 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\setupeng.exe:Zone.Identifier starterfiles -> %UserProfile%\Desktop\starterfiles -> [Folder | Created Date = 5/6/2008 10:00:07 AM | Attr = ] starterfiles.zip -> %UserProfile%\Desktop\starterfiles.zip -> [Ver = | Size = 72878 bytes | Created Date = 5/6/2008 10:00:02 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\starterfiles.zip:Zone.Identifier Tam's RESUME4.doc -> %UserProfile%\Desktop\Tam's RESUME4.doc -> [Ver = | Size = 44544 bytes | Created Date = 4/10/2008 3:03:01 PM | Attr = ] Transcript Tam2.doc -> %UserProfile%\Desktop\Transcript Tam2.doc -> [Ver = | Size = 118272 bytes | Created Date = 4/28/2008 12:06:05 AM | Attr = ] Usher_-_Here_I_Stand_2008 -> %UserProfile%\Desktop\Usher_-_Here_I_Stand_2008 -> [Folder | Created Date = 6/11/2008 1:56:38 AM | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0005 | Size = 250880 bytes | Created Date = 6/13/2008 12:59:31 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier XBOX360_SS_Merger_1.7b -> %UserProfile%\Desktop\XBOX360_SS_Merger_1.7b -> [Folder | Created Date = 4/22/2008 2:56:11 AM | Attr = ] xxx-od.nfo -> %UserProfile%\Desktop\xxx-od.nfo -> [Ver = | Size = 5256 bytes | Created Date = 5/12/2008 6:01:02 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\xxx-od.nfo:Zone.Identifier [AonE-Gekkostate-Menclave]_Macross_F_-_01_[704x400_XviD_MP3]_[E159C4F0].avi -> %UserProfile%\Desktop\[AonE-Gekkostate-Menclave]_Macross_F_-_01_[704x400_XviD_MP3]_[E159C4F0].avi -> [Ver = | Size = 188532736 bytes | Created Date = 4/25/2008 10:29:37 AM | Attr = ] [Shoku-dan] Vampire Knight - 03.avi -> %UserProfile%\Desktop\[Shoku-dan] Vampire Knight - 03.avi -> [Ver = | Size = 149374384 bytes | Created Date = 6/12/2008 1:45:26 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\[Shoku-dan] Vampire Knight - 03.avi:Zone.Identifier [Shoku-dan]_Vampire_Knight_-_04.avi -> %UserProfile%\Desktop\[Shoku-dan]_Vampire_Knight_-_04.avi -> [Ver = | Size = 208863478 bytes | Created Date = 6/12/2008 1:49:22 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\[Shoku-dan]_Vampire_Knight_-_04.avi:Zone.Identifier [WF] School Rumble 2nd Term - 13-16.torrent -> %UserProfile%\Desktop\[WF] School Rumble 2nd Term - 13-16.torrent -> [Ver = | Size = 28106 bytes | Created Date = 5/2/2008 2:49:14 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\[WF] School Rumble 2nd Term - 13-16.torrent:Zone.Identifier _Mahou-X_SoulEater_v7_ch27 -> %UserProfile%\Desktop\_Mahou-X_SoulEater_v7_ch27 -> [Folder | Created Date = 6/12/2008 5:54:37 PM | Attr = ] _Mahou-X_SoulEater_v7_ch27.zip -> %UserProfile%\Desktop\_Mahou-X_SoulEater_v7_ch27.zip -> [Ver = | Size = 13745253 bytes | Created Date = 6/12/2008 5:52:10 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\_Mahou-X_SoulEater_v7_ch27.zip:Zone.Identifier Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 6/13/2008 12:49:13 AM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 6/19/2008 7:49:26 PM | Attr = ] Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [Folder | Created Date = 5/14/2008 4:10:47 PM | Attr = ] Alwil Software -> %ProgramFiles%\Alwil Software -> [Folder | Created Date = 6/19/2008 7:50:45 PM | Attr = ] Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 5/15/2008 6:38:59 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 6/13/2008 12:54:11 AM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 5/14/2008 7:37:19 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 6/13/2008 2:47:57 AM | Attr = ] SMPlayer -> %ProgramFiles%\SMPlayer -> [Folder | Created Date = 5/2/2008 12:49:02 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 6/11/2008 3:31:42 PM | Attr = ] [Files/Folders - Modified Within 90 days] als_script.zip -> %SystemDrive%\als_script.zip -> [Ver = | Size = 24310 bytes | Modified Date = 5/14/2008 7:03:04 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\als_script.zip:Zone.Identifier beforeafter.html -> %SystemDrive%\beforeafter.html -> [Ver = | Size = 6858 bytes | Modified Date = 5/15/2008 10:21:42 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 6/19/2008 8:01:43 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 6/19/2008 8:01:43 PM | Attr = RHS] Copy of index.zip -> %SystemDrive%\Copy of index.zip -> [Ver = | Size = 129459 bytes | Modified Date = 5/16/2008 2:18:26 PM | Attr = ] custom.gif -> %SystemDrive%\custom.gif -> [Ver = | Size = 1208 bytes | Modified Date = 5/14/2008 2:37:28 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/18/2008 10:09:22 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/14/2008 1:07:22 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1340985344 bytes | Modified Date = 6/20/2008 2:49:22 PM | Attr = HS] images.zip -> %SystemDrive%\images.zip -> [Ver = | Size = 85209372 bytes | Modified Date = 5/16/2008 1:00:02 AM | Attr = ] Incomplete -> %SystemDrive%\Incomplete -> [Folder | Modified Date = 4/6/2008 9:29:15 PM | Attr = ] Picture -> %SystemDrive%\Picture -> [Folder | Modified Date = 5/16/2008 12:55:42 AM | Attr = ] Picture 001.zip -> %SystemDrive%\Picture 001.zip -> [Ver = | Size = 1031937 bytes | Modified Date = 5/14/2008 3:32:54 PM | Attr = ] Picture.zip -> %SystemDrive%\Picture.zip -> [Ver = | Size = 5768929 bytes | Modified Date = 5/15/2008 12:37:58 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/20/2008 2:16:48 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/20/2008 2:55:53 PM | Attr = ] Shared -> %SystemDrive%\Shared -> [Folder | Modified Date = 4/6/2008 9:29:00 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/19/2008 7:34:02 PM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 5/19/2008 1:14:53 PM | Attr = ] temp.html -> %SystemDrive%\temp.html -> [Ver = | Size = 720 bytes | Modified Date = 5/14/2008 6:18:56 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/14/2008 1:18:03 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/20/2008 2:55:58 PM | Attr = ] XDVDMulleterBeta10[1].1 -> %SystemDrive%\XDVDMulleterBeta10[1].1 -> [Folder | Modified Date = 6/2/2008 3:06:19 AM | Attr = ] XDVDMulleterBeta10[1].1.rar -> %SystemDrive%\XDVDMulleterBeta10[1].1.rar -> [Ver = | Size = 4930311 bytes | Modified Date = 5/5/2008 7:42:00 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\XDVDMulleterBeta10[1].1.rar:Zone.Identifier _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/19/2008 7:55:26 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 5/15/2008 7:13:26 PM | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 5/15/2008 7:16:06 PM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 5/15/2008 7:18:33 PM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 5/15/2008 7:15:29 PM | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 5/15/2008 7:20:32 PM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 5/15/2008 7:14:11 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/20/2008 2:49:53 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 6/20/2008 2:49:53 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 6/10/2008 7:02:40 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/10/2008 7:02:44 PM | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Modified Date = 5/15/2008 7:24:43 PM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Modified Date = 5/15/2008 7:12:36 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 6/20/2008 2:34:51 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/20/2008 2:55:05 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 6/20/2008 2:45:33 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 6/20/2008 2:57:49 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/20/2008 2:06:30 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/20/2008 2:56:02 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1484600 bytes | Modified Date = 5/15/2008 8:16:02 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 3/25/2008 1:28:39 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 3/25/2008 1:28:43 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 68174 bytes | Modified Date = 6/11/2008 3:35:06 PM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 64052 bytes | Modified Date = 6/20/2008 2:31:50 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 407296 bytes | Modified Date = 6/20/2008 2:31:50 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 478832 bytes | Modified Date = 6/20/2008 2:31:49 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/19/2008 7:34:02 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 6/20/2008 2:08:58 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/18/2008 3:51:31 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/20/2008 2:01:36 AM | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/11/2008 1:48:41 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/20/2008 2:49:24 PM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 6/20/2008 2:12:05 PM | Attr = HS] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 6/20/2008 2:43:47 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/19/2008 8:04:36 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/20/2008 2:45:19 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/15/2008 6:33:00 PM | Attr = R S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/15/2008 6:49:37 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/20/2008 2:07:21 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/19/2008 7:50:22 PM | Attr = HS] Jump Shot Basketball Uninstaller.exe -> %SystemRoot%\Jump Shot Basketball Uninstaller.exe -> [Ver = | Size = 186034 bytes | Modified Date = 4/17/2008 11:44:21 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/11/2008 1:48:44 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/15/2008 8:31:20 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 6/13/2008 2:49:16 PM | Attr = ] Powerplayer.ini -> %SystemRoot%\Powerplayer.ini -> [Ver = | Size = 34 bytes | Modified Date = 4/30/2008 10:06:26 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/19/2008 8:02:49 PM | Attr = ] psnetwork.ini -> %SystemRoot%\psnetwork.ini -> [Ver = | Size = 411 bytes | Modified Date = 4/30/2008 10:07:53 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/20/2008 2:50:35 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 6/20/2008 2:08:56 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 6/19/2008 8:01:32 PM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Modified Date = 6/19/2008 8:01:29 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 259 bytes | Modified Date = 6/20/2008 2:50:04 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/20/2008 2:56:03 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/20/2008 2:55:56 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 63 bytes | Modified Date = 4/9/2008 3:00:25 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/14/2008 4:20:50 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/11/2008 9:20:04 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/20/2008 2:49:34 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 5/26/2007 12:14:34 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8129 bytes | Modified Date = 5/26/2007 12:14:34 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2/26/2005 3:30:30 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 14996 bytes | Modified Date = 6/20/2008 2:51:25 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 14996 bytes | Modified Date = 6/20/2008 2:51:25 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 11/8/2007 7:11:20 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 8/26/2005 4:41:15 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 11100 bytes | Modified Date = 7/21/2007 1:26:18 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa12.dat -> [Ver = | Size = 8492 bytes | Modified Date = 11/8/2007 7:15:03 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0 -> [Folder | Modified Date = 9/19/2007 7:14:36 PM | Attr = ] vbexpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VBExpress\8.0\vbexpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 9/19/2007 7:14:15 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0 -> [Folder | Modified Date = 1/17/2008 8:52:41 PM | Attr = ] VCExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\VCExpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 1/17/2008 8:52:48 PM | Attr = H ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] .zreglib -> %AllUsersProfile%\Application Data\.zreglib -> [Ver = | Size = 41 bytes | Modified Date = 6/2/2008 3:56:06 AM | Attr = HS] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 5/16/2008 12:47:40 AM | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Modified Date = 5/14/2008 4:29:15 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/13/2008 12:54:11 AM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 4/9/2008 3:00:49 AM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1362 bytes | Modified Date = 6/8/2008 6:44:48 AM | Attr = ] SlySoft -> %AllUsersProfile%\Application Data\SlySoft -> [Folder | Modified Date = 6/2/2008 3:58:09 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 6/15/2008 7:02:28 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 .BitTornado -> %AppData%\.BitTornado -> [Folder | Modified Date = 6/2/2008 3:57:39 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 5/16/2008 12:47:40 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/13/2008 12:54:15 AM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 6/20/2008 3:23:59 AM | Attr = ] ppStream -> %AppData%\ppStream -> [Folder | Modified Date = 4/30/2008 10:06:20 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 3/23/2008 2:14:58 AM | Attr = ] SopCast -> %AppData%\SopCast -> [Folder | Modified Date = 3/26/2008 9:04:43 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 5/15/2008 8:26:16 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 26624 bytes | Modified Date = 6/19/2008 4:14:59 AM | Attr = ] Deployment -> %UserProfile%\Local Settings\Application Data\Deployment -> [Folder | Modified Date = 5/14/2008 3:51:29 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 38656 bytes | Modified Date = 5/15/2008 8:22:34 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/20/2008 2:42:47 PM | Attr = ] MulletPower -> %UserProfile%\Local Settings\Application Data\MulletPower -> [Folder | Modified Date = 5/12/2008 4:57:04 PM | Attr = ] RapidShare -> %UserProfile%\Local Settings\Application Data\RapidShare -> [Folder | Modified Date = 5/12/2008 5:27:11 AM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 127 bytes | Modified Date = 5/14/2008 7:23:12 PM | Attr = HS] BillpaymentMC.doc -> %UserProfile%\My Documents\BillpaymentMC.doc -> [Ver = | Size = 36352 bytes | Modified Date = 5/26/2008 1:49:32 AM | Attr = ] Downloaded Installations -> %UserProfile%\My Documents\Downloaded Installations -> [Folder | Modified Date = 5/14/2008 4:02:55 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/15/2008 2:16:05 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 5/28/2008 2:13:46 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 604 bytes | Modified Date = 6/18/2008 11:17:40 PM | Attr = ] Receipt.doc -> %UserProfile%\My Documents\Receipt.doc -> [Ver = | Size = 43008 bytes | Modified Date = 4/22/2008 5:00:00 PM | Attr = ] references.doc -> %UserProfile%\My Documents\references.doc -> [Ver = | Size = 25600 bytes | Modified Date = 4/27/2008 11:52:15 PM | Attr = ] Unnamed Site 2 -> %UserProfile%\My Documents\Unnamed Site 2 -> [Folder | Modified Date = 5/14/2008 6:27:59 PM | Attr = ] View Results.doc -> %UserProfile%\My Documents\View Results.doc -> [Ver = | Size = 587264 bytes | Modified Date = 4/16/2008 2:26:59 PM | Attr = ] ac?d.doc -> %UserProfile%\My Documents\ąĉіđ.doc -> [Ver = | Size = 24064 bytes | Modified Date = 4/3/2007 11:52:27 AM | Attr = ] avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [Ver = | Size = 1741 bytes | Modified Date = 6/19/2008 7:51:17 PM | Attr = ] CloneCD.lnk -> %AllUsersProfile%\Desktop\CloneCD.lnk -> [Ver = | Size = 798 bytes | Modified Date = 6/2/2008 3:58:31 AM | Attr = ] Macromedia Dreamweaver 8.lnk -> %AllUsersProfile%\Desktop\Macromedia Dreamweaver 8.lnk -> [Ver = | Size = 1591 bytes | Modified Date = 5/14/2008 2:20:01 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 728 bytes | Modified Date = 6/13/2008 12:54:12 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1634 bytes | Modified Date = 6/11/2008 11:48:51 PM | Attr = ] 041508 -> %UserProfile%\Desktop\041508 -> [Folder | Modified Date = 5/29/2008 12:42:32 AM | Attr = ] 1188605469.ppt -> %UserProfile%\Desktop\1188605469.ppt -> [Ver = | Size = 82944 bytes | Modified Date = 4/27/2008 7:49:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\1188605469.ppt:Zone.Identifier 57110-Itazurana Kiss v.04.zip -> %UserProfile%\Desktop\57110-Itazurana Kiss v.04.zip -> [Ver = | Size = 38190020 bytes | Modified Date = 4/6/2008 11:39:29 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\57110-Itazurana Kiss v.04.zip:Zone.Identifier 81828-Soul Eater Volume 4.zip -> %UserProfile%\Desktop\81828-Soul Eater Volume 4.zip -> [Ver = | Size = 62769739 bytes | Modified Date = 4/30/2008 2:01:43 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\81828-Soul Eater Volume 4.zip:Zone.Identifier Anime -> %UserProfile%\Desktop\Anime -> [Folder | Modified Date = 6/8/2008 6:19:25 AM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/13/2008 12:50:21 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF_Cleaner.exe:Zone.Identifier balmoral_d.zip -> %UserProfile%\Desktop\balmoral_d.zip -> [Ver = | Size = 44058 bytes | Modified Date = 5/14/2008 7:00:00 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\balmoral_d.zip:Zone.Identifier Body.Language -> %UserProfile%\Desktop\Body.Language -> [Folder | Modified Date = 6/12/2008 3:24:30 AM | Attr = ] Claymore_79_[FH] -> %UserProfile%\Desktop\Claymore_79_[FH] -> [Folder | Modified Date = 5/4/2008 4:30:43 PM | Attr = ] clone[1].ccd5302.rar -> %UserProfile%\Desktop\clone[1].ccd5302.rar -> [Ver = | Size = 2590649 bytes | Modified Date = 6/2/2008 3:53:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\clone[1].ccd5302.rar:Zone.Identifier ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2026645 bytes | Modified Date = 6/20/2008 2:42:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier Dexter -> %UserProfile%\Desktop\Dexter -> [Folder | Modified Date = 6/19/2008 4:12:25 AM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 722982 bytes | Modified Date = 6/18/2008 10:09:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier fix.bat -> %UserProfile%\Desktop\fix.bat -> [Ver = | Size = 157 bytes | Modified Date = 6/20/2008 2:39:23 PM | Attr = ] FT_63_[FH] -> %UserProfile%\Desktop\FT_63_[FH] -> [Folder | Modified Date = 5/12/2008 12:12:32 AM | Attr = ] gslite -> %UserProfile%\Desktop\gslite -> [Folder | Modified Date = 5/6/2008 10:05:25 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1766 bytes | Modified Date = 6/11/2008 3:31:46 PM | Attr = ] jquery-1[1].2.3.min.js -> %UserProfile%\Desktop\jquery-1[1].2.3.min.js -> [Ver = | Size = 54075 bytes | Modified Date = 5/14/2008 3:53:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jquery-1[1].2.3.min.js:Zone.Identifier jsbfree.exe -> %UserProfile%\Desktop\jsbfree.exe -> [Ver = | Size = 7974354 bytes | Modified Date = 4/17/2008 11:43:55 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jsbfree.exe:Zone.Identifier Lineup.xls -> %UserProfile%\Desktop\Lineup.xls -> [Ver = | Size = 843776 bytes | Modified Date = 5/22/2008 10:58:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Lineup.xls:Zone.Identifier Manga -> %UserProfile%\Desktop\Manga -> [Folder | Modified Date = 6/15/2008 6:49:48 PM | Attr = ] Manga 3 -> %UserProfile%\Desktop\Manga 3 -> [Folder | Modified Date = 6/8/2008 6:19:30 AM | Attr = ] Manga 4 -> %UserProfile%\Desktop\Manga 4 -> [Folder | Modified Date = 6/20/2008 2:59:49 AM | Attr = ] Manga2 -> %UserProfile%\Desktop\Manga2 -> [Folder | Modified Date = 6/15/2008 6:49:49 PM | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 5/20/2008 2:59:12 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> [Ver = | Size = 326656 bytes | Modified Date = 6/19/2008 7:44:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/20/2008 2:56:30 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568483 bytes | Modified Date = 6/20/2008 2:40:44 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier RapidShare Manager.lnk -> %UserProfile%\Desktop\RapidShare Manager.lnk -> [Ver = | Size = 2590 bytes | Modified Date = 5/12/2008 4:52:25 AM | Attr = ] receipt.htm -> %UserProfile%\Desktop\receipt.htm -> [Ver = | Size = 24339 bytes | Modified Date = 5/26/2008 2:00:07 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\receipt.htm:Zone.Identifier references.doc -> %UserProfile%\Desktop\references.doc -> [Ver = | Size = 25600 bytes | Modified Date = 4/27/2008 11:52:15 PM | Attr = ] RSMInit.exe -> %UserProfile%\Desktop\RSMInit.exe -> RapidShare AG [Ver = 1.0.0.0 | Size = 20480 bytes | Modified Date = 5/12/2008 4:51:44 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\RSMInit.exe:Zone.Identifier School -> %UserProfile%\Desktop\School -> [Folder | Modified Date = 6/12/2008 3:24:27 AM | Attr = ] School2 -> %UserProfile%\Desktop\School2 -> [Folder | Modified Date = 6/12/2008 3:25:24 AM | Attr = ] sdsetup.exe -> %UserProfile%\Desktop\sdsetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 18509352 bytes | Modified Date = 6/15/2008 6:48:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\sdsetup.exe:Zone.Identifier Setup Progz -> %UserProfile%\Desktop\Setup Progz -> [Folder | Modified Date = 6/20/2008 2:06:19 PM | Attr = ] setupeng.exe -> %UserProfile%\Desktop\setupeng.exe -> [Ver = | Size = 24270296 bytes | Modified Date = 6/19/2008 7:46:31 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\setupeng.exe:Zone.Identifier starterfiles -> %UserProfile%\Desktop\starterfiles -> [Folder | Modified Date = 5/6/2008 10:00:07 AM | Attr = ] starterfiles.zip -> %UserProfile%\Desktop\starterfiles.zip -> [Ver = | Size = 72878 bytes | Modified Date = 5/6/2008 10:00:02 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\starterfiles.zip:Zone.Identifier Tam's RESUME4.doc -> %UserProfile%\Desktop\Tam's RESUME4.doc -> [Ver = | Size = 44544 bytes | Modified Date = 4/27/2008 11:56:18 PM | Attr = ] Tam's RESUME5.doc -> %UserProfile%\Desktop\Tam's RESUME5.doc -> [Ver = | Size = 42496 bytes | Modified Date = 4/22/2008 4:51:45 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Tam's RESUME5.doc:Zone.Identifier Transcript Tam2.doc -> %UserProfile%\Desktop\Transcript Tam2.doc -> [Ver = | Size = 118272 bytes | Modified Date = 4/28/2008 12:06:05 AM | Attr = ] Usher_-_Here_I_Stand_2008 -> %UserProfile%\Desktop\Usher_-_Here_I_Stand_2008 -> [Folder | Modified Date = 6/11/2008 1:56:38 AM | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0005 | Size = 250880 bytes | Modified Date = 6/13/2008 12:59:32 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier XBOX360_SS_Merger_1.7b -> %UserProfile%\Desktop\XBOX360_SS_Merger_1.7b -> [Folder | Modified Date = 4/22/2008 2:56:11 AM | Attr = ] xxx-od.nfo -> %UserProfile%\Desktop\xxx-od.nfo -> [Ver = | Size = 5256 bytes | Modified Date = 5/12/2008 6:01:03 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\xxx-od.nfo:Zone.Identifier [AonE-Gekkostate-Menclave]_Macross_F_-_01_[704x400_XviD_MP3]_[E159C4F0].avi -> %UserProfile%\Desktop\[AonE-Gekkostate-Menclave]_Macross_F_-_01_[704x400_XviD_MP3]_[E159C4F0].avi -> [Ver = | Size = 188532736 bytes | Modified Date = 4/25/2008 10:26:05 AM | Attr = ] [Shoku-dan] Vampire Knight - 03.avi -> %UserProfile%\Desktop\[Shoku-dan] Vampire Knight - 03.avi -> [Ver = | Size = 149374384 bytes | Modified Date = 6/12/2008 1:45:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\[Shoku-dan] Vampire Knight - 03.avi:Zone.Identifier [Shoku-dan]_Vampire_Knight_-_04.avi -> %UserProfile%\Desktop\[Shoku-dan]_Vampire_Knight_-_04.avi -> [Ver = | Size = 208863478 bytes | Modified Date = 6/12/2008 1:49:37 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\[Shoku-dan]_Vampire_Knight_-_04.avi:Zone.Identifier [WF] School Rumble 2nd Term - 13-16.torrent -> %UserProfile%\Desktop\[WF] School Rumble 2nd Term - 13-16.torrent -> [Ver = | Size = 28106 bytes | Modified Date = 5/2/2008 2:49:15 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\[WF] School Rumble 2nd Term - 13-16.torrent:Zone.Identifier _Mahou-X_SoulEater_v7_ch27 -> %UserProfile%\Desktop\_Mahou-X_SoulEater_v7_ch27 -> [Folder | Modified Date = 6/12/2008 5:54:37 PM | Attr = ] _Mahou-X_SoulEater_v7_ch27.zip -> %UserProfile%\Desktop\_Mahou-X_SoulEater_v7_ch27.zip -> [Ver = | Size = 13745253 bytes | Modified Date = 6/12/2008 5:52:11 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\_Mahou-X_SoulEater_v7_ch27.zip:Zone.Identifier Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 5/15/2008 6:38:53 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 6/13/2008 12:54:00 AM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 6/19/2008 7:49:26 PM | Attr = ] Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared -> [Folder | Modified Date = 5/14/2008 4:10:47 PM | Attr = ] < End of report > [/code]