[code] OTScanIt logfile created on: 1/07/2008 11:39:05 PM OTScanIt by OldTimer - Version 1.0.15.12 Folder = C:\Documents and Settings\Tim Steer\Desktop\Ads served by Adzgalore\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1023.21 Mb Total Physical Memory | 304.92 Mb Available Physical Memory | 29.80% Memory free 2.40 Gb Paging File | 1.80 Gb Available in Paging File | 75.04% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.97 Gb Total Space | 43.38 Gb Free Space | 61.12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIMSTEER Current User Name: Tim Steer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 3/08/2005 11:02:58 PM | Attr = ] brsvc01a.exe -> %SystemRoot%\system32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 | Attr = ] brss01a.exe -> %SystemRoot%\system32\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 12:01:00 AM | Attr = ] pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/03/2008 4:54:12 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 3/08/2005 11:02:58 PM | Attr = ] pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 11/04/2004 8:15:14 PM | Attr = ] tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 3:25:21 AM | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 919016 bytes | Modified Date = 13/03/2008 10:11:10 PM | Attr = ] vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 13/03/2008 10:11:08 PM | Attr = ] scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 139264 bytes | Modified Date = 3/12/2007 1:53:58 PM | Attr = ] scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 139264 bytes | Modified Date = 3/12/2007 1:53:58 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 18/04/2008 10:13:20 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\Ads served by Adzgalore\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.12 | Size = 397312 bytes | Modified Date = 7/06/2008 11:09:00 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 3/08/2005 11:02:58 PM | Attr = ] (Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 12/08/2004 11:18:40 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/04/2005 12:41:10 AM | Attr = ] (PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 9/03/2008 4:54:12 PM | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 13/03/2008 10:11:08 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Modified Date = 31/03/2007 10:43:41 AM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6561 | Size = 1273344 bytes | Modified Date = 3/08/2005 11:10:18 PM | Attr = ] (bbcap) bbcap [Kernel | System | Running] -> %SystemRoot%\system32\drivers\bbcap.sys -> Windows (R) 2000 DDK provider [Ver = 1.00 | Size = 2944 bytes | Modified Date = 12/06/2008 10:49:00 PM | Attr = ] (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.23.0.0 built by: WinDDK | Size = 44032 bytes | Modified Date = 26/09/2003 10:41:10 AM | Attr = ] (BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrScnUsb.sys -> Brother Industries Ltd. [Ver = 1,0,2,1 | Size = 15295 bytes | Modified Date = 15/10/2004 12:50:20 PM | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 12/08/2004 11:18:41 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 12/08/2004 11:18:41 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 12/08/2004 11:18:41 PM | Attr = ] (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94a | Size = 87136 bytes | Modified Date = 4/08/2004 3:21:00 AM | Attr = ] (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.46a | Size = 40544 bytes | Modified Date = 13/08/2004 2:56:00 AM | Attr = ] (giveio) giveio [Kernel | Boot | Running] -> %SystemRoot%\system32\giveio.sys -> [Ver = | Size = 5248 bytes | Modified Date = 4/04/1996 5:33:26 AM | Attr = ] (HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 208384 bytes | Modified Date = 3/05/2005 3:08:50 PM | Attr = ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.SYS -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 1033728 bytes | Modified Date = 3/05/2005 3:09:28 PM | Attr = ] (kbeepm) kbeepm [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\TIMSTE~1\LOCALS~1\Temp\kbeepm.sys -> File not found (KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19/07/2007 2:10:28 PM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 17/03/2004 12:04:14 PM | Attr = ] (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 22/08/2001 8:42:58 AM | Attr = ] (pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 28/12/2007 2:16:52 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 12/08/2004 11:26:42 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.16a | Size = 20576 bytes | Modified Date = 2/08/2004 2:03:00 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 8:25:53 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17/08/2001 1:56:16 PM | Attr = ] (speedfan) speedfan [Kernel | Boot | Running] -> %SystemRoot%\system32\speedfan.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.5438 | Size = 5248 bytes | Modified Date = 24/09/2006 11:28:46 PM | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 716272 bytes | Modified Date = 8/02/2008 3:58:59 PM | Attr = ] (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 29/03/2008 2:15:51 PM | Attr = ] (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14/07/2004 11:29:04 AM | Attr = ] (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14/07/2004 11:28:50 AM | Attr = ] (STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\stac97.sys -> SigmaTel, Inc. [Ver = 5.10.3952 | Size = 264440 bytes | Modified Date = 15/11/2004 3:37:52 PM | Attr = ] (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] (UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\UIUSys.sys -> File not found (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Modified Date = 13/03/2008 10:11:18 PM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.23.01 built by: WinDDK | Size = 705408 bytes | Modified Date = 3/05/2005 3:08:44 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 9:16:38 PM | Attr = ] ControlCenter2.0 -> %ProgramFiles%\Brother\ControlCenter2\brctrcen.exe [C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun] -> Brother Industries, Ltd. [Ver = 2, 1, 36, 20 | Size = 933888 bytes | Modified Date = 17/05/2005 5:42:32 PM | Attr = ] dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] IndexSearch -> %ProgramFiles%\ScanSoft\PaperPort\IndexSearch.exe [C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe] -> ScanSoft, Inc. [Ver = 9.0 | Size = 40960 bytes | Modified Date = 17/03/2005 2:45:52 PM | Attr = ] PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 11/04/2004 8:15:14 PM | Attr = ] SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 14/10/2003 10:22:30 AM | Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 3:25:21 AM | Attr = ] UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 7/01/2004 1:01:00 AM | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 919016 bytes | Modified Date = 13/03/2008 10:11:10 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Tim Steer Startup Folder > -> C:\Documents and Settings\Tim Steer\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004] > -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 3/08/2005 11:04:18 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004] > -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 12/08/2004 11:17:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRom_NEC_DVD+-RW_ND-6500A___________________203E____\5&877bd2b&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_GF7025P&Prod_ELO686W&Rev_1.01\5&36e5972&2&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 30/03/2007 9:23:40 AM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.ninemsn.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\] > -> -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\: Main\\Start Page -> http://www.ninemsn.com/ -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\: SearchURL\\ -> http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\] > -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\] > -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-484763869-602162358-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 10:08:42 PM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 13/08/2004 1:05:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 3:25:19 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 3:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 3:25:19 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {52EF48DB-33F4-4EDB-BECA-4A421CABA8FD} -> (Broadcom 440x 10/100 Integrated Controller) -> {E16A5EDE-8882-47CB-9551-F2D48110A2EA} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {20A60F0D-9AFA-4515-A0FD-83BD84642501}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> {5D6F45B3-9043-443D-A792-115447494D24}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab[UnoCtrl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\.Owner -> {5D6F45B3-9043-443D-A792-115447494D24} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GAME_UNO1.dll\\{5D6F45B3-9043-443D-A792-115447494D24} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 11/05/2007 2:06:38 AM | Attr = ] BrMfcWnd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found C-Major -> [C:\Program Files\SigmaTel\C-Major Audio\C-Major] -> File not found cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found combofix.exe -> %UserProfile%\Desktop\ComboFix.exe [C:\Documents and Settings\Tim Steer\Desktop\ComboFix.exe] -> File not found Conflict Desert Storm II -> [E:\Games\Large Games\Conflict Desert Storm II\Conflict Desert Storm II] -> File not found firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 18/04/2008 10:13:20 PM | Attr = ] HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\PROGRA~1\TRENDM~1\HIJACK~1\hijackthis.exe] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 2/06/2008 5:28:49 PM | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found javaws.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 22/02/2008 1:33:32 AM | Attr = ] Jeep.exe -> e:\games\small games\jeep\Jeep.exe [e:\games\small games\jeep\Jeep.exe] -> File not found JohnDeere.exe -> E:\Games\Large Games\John Deere American Farmer\JohnDeere.exe [E:\Games\Large Games\John Deere American Farmer\JohnDeere.exe] -> File not found mohpa.exe -> E:\Games\Large Games\Medal of Honnor Pacific Assault\mohpa.exe [E:\Games\Large Games\Medal of Honnor Pacific Assault\mohpa.exe] -> File not found MountainMadness.exe -> F:\Games\small games\jeep mountain madness\MountainMadness.exe [F:\Games\small games\jeep mountain madness\MountainMadness.exe] -> File not found mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [Ver = | Size = 4639 bytes | Modified Date = 12/08/2004 11:22:24 PM | Attr = HS] mplayerc.exe -> %ProgramFiles%\Combined Community Codec Pack\MPC\mplayerc.exe [C:\Program Files\Combined Community Codec Pack\MPC\mplayerc.exe] -> Gabest [Ver = 6, 4, 9, 0 | Size = 4231168 bytes | Modified Date = 25/06/2007 9:40:06 PM | Attr = ] MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found MyDVD.exe -> %ProgramFiles%\Sonic\Sonic Solutions Product CD\MyDVD\MyDVD.exe [C:\Program Files\Sonic\Sonic Solutions Product CD\MyDVD\MyDVD.exe] -> Sonic Solutions [Ver = 5, 3, 0, 0 | Size = 15794176 bytes | Modified Date = 4/04/2004 5:31:00 AM | Attr = ] nfsc_demo.exe -> E:\Games\Small Games\Need For Speed Carbon Demo\NFS Carbon Demo\nfsc_demo.exe [E:\Games\Small Games\Need For Speed Carbon Demo\NFS Carbon Demo\nfsc_demo.exe] -> File not found None -> [C:\Program Files\Broadcom\DrvInst\Broadcom 440x 10/100 Integrated Controller] -> File not found PaprPort.exe -> %ProgramFiles%\ScanSoft\PaperPort\PaprPort.exe [C:\Program Files\ScanSoft\PaperPort\PaprPort.exe] -> ScanSoft, Inc. [Ver = 9.0 | Size = 462897 bytes | Modified Date = 17/03/2005 2:28:46 PM | Attr = ] pbrush.exe -> %SystemRoot%\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> File not found PowerCinema.exe -> %ProgramFiles%\Dell\Media Experience\PCM2.exe [C:\Program Files\Dell\Media Experience\PCM2.exe] -> CyberLink Corp. [Ver = 1.0.1611 | Size = 847956 bytes | Modified Date = 11/04/2004 8:15:14 PM | Attr = ] RecordNow.exe -> %ProgramFiles%\Sonic\Sonic Solutions Product CD\RecordNow!\RecordNow.exe [C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\RecordNow.exe] -> [Ver = 7.01.55a | Size = 1945600 bytes | Modified Date = 7/09/2004 7:01:00 AM | Attr = ] setup.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\setup.exe [C:\Program Files\ATI Technologies\ATI Control Panel\setup.exe] -> File not found SGTRAY.EXE -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"] -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 7/01/2004 1:01:00 AM | Attr = ] table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found V8Challenge.exe -> E:\Games\Large Games\V8 Challenge\V8Challenge.exe [E:\Games\Large Games\V8 Challenge\V8Challenge.exe] -> File not found winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [Ver = | Size = 936960 bytes | Modified Date = 20/09/2007 5:34:22 PM | Attr = ] WORDPAD.EXE -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WRITE.EXE -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found zplayer.exe -> %ProgramFiles%\Combined Community Codec Pack\Zoom Player\zplayer.exe [C:\Program Files\Combined Community Codec Pack\Zoom Player\zplayer.exe] -> [Ver = 5.0.0.0 | Size = 1090560 bytes | Modified Date = 17/03/2007 2:49:50 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 12/08/2004 11:23:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 16/06/2005 3:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 12/08/2004 11:23:50 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 26/04/2007 12:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 2:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 776 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 12/08/2004 11:27:47 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 12/08/2004 11:25:13 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> DE 95 EA CC 74 82 C0 33 4B FB 2D 29 5F 6A FD 88 66 32 65 64 62 33 62 30 00 FD 07 00 8D 2A 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 37 09 48 67 10 16 ED 85 B5 45 6C F2 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 92 B7 44 F7 E4 EB 77 10 04 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> CE D0 38 D5 B1 98 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 12/08/2004 11:20:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 02 AA F4 18 25 36 0D E9 D8 D5 BD 1C CF 00 25 8D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 34 AC 02 CD 5F 72 C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 80 F4 3B E0 6E 80 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 38 9C 7A 6F 80 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 F8 A9 90 6F 80 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 12/08/2004 11:30:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 42045 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 12/08/2004 11:20:10 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 12/08/2004 11:28:10 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 10:44:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 10:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2/10/2007 4:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 12/08/2004 11:28:10 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service] -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 13/03/2008 10:11:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 10:44:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 14/10/2004 2:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> %ProgramFiles%\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 16/02/2007 6:17:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 10:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2/10/2007 4:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe -> %SystemRoot%\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [Ver = | Size = 66872 bytes | Modified Date = 9/03/2008 4:54:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe -> %SystemRoot%\system32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [Ver = | Size = 107832 bytes | Modified Date = 14/06/2008 2:27:25 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6300.5000 | Size = 12829216 bytes | Modified Date = 12/12/2007 11:56:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 27/10/2006 3:37:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 27/10/2006 3:03:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\Programs\LimeWire\LimeWire.exe -> G:\Programs\LimeWire\LimeWire.exe [G:\Programs\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 12/08/2004 11:30:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 12/08/2004 11:34:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 2:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 12/08/2004 11:30:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 12/08/2004 11:27:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 12/08/2004 11:31:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 2:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> PaperPort PTD hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ScanSoft\PaperPort\pptd40nt.exe -> ScanSoft, Inc. [Ver = 9.0 | Size = 57393 bytes | Modified Date = 17/03/2005 2:25:54 PM | Attr = ] SetDefPrt hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Brother\Brmfl05a\BrStDvPt.exe -> Brother Industories, Ltd. [Ver = 1, 0, 1, 2 | Size = 49152 bytes | Modified Date = 26/01/2005 6:02:22 PM | Attr = ] < MountPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 00 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 01 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 00 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 01 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{154de9c2-27ce-11dd-b8fb-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17e71a4f-3f65-11dd-8627-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17e71a4f-3f65-11dd-8627-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17e71a4f-3f65-11dd-8627-000f1f2a500d}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e05eeed-03b2-11dd-9812-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{274f32a8-fb99-11db-bf96-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{274f32a8-fb99-11db-bf96-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{274f32a8-fb99-11db-bf96-000f1f2a500d}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF 01 01 00 5F CF CF 00 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\\_LabelFromReg -> TIM'S USB -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{290915d7-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 03 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29091c7c-0032-11dc-bfa6-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dcb2b36-ff69-11db-bfa1-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dcb2b36-ff69-11db-bfa1-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF 01 01 00 5F CF CF 00 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{305ba37f-de4f-11db-bf7a-df51531b8d99}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8b5c5d-39ab-11dc-8000-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 09 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\Name\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\Name\\ -> Flight Simulator X Disk 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de190-de94-11db-a9d4-806d6172696f}\_Autorun\DefaultIcon\\ -> D:\fsx.ico [D:\fsx.ico] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de194-de94-11db-a9d4-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de194-de94-11db-a9d4-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e4de194-de94-11db-a9d4-806d6172696f}\\_LabelFromReg -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441e-0e78-11dd-b821-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441e-0e78-11dd-b821-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441e-0e78-11dd-b821-000f1f2a500d}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441e-0e78-11dd-b821-000f1f2a500d}\_Autorun\DefaultIcon\ -> -> *~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441e-0e78-11dd-b821-000f1f2a500d}\_Autorun\DefaultIcon\\ -> F:\LaunchU3.exe -> F:\LaunchU3.exe -> File not found 0 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 03 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\\_LabelFromReg -> Removable Disk -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\Action\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\Action\\ -> Start PortableApps -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\DefaultIcon\\ -> G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\DefaultLabel\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{766d441f-0e78-11dd-b821-000f1f2a500d}\_Autorun\DefaultLabel\\ -> PortableApps -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92090b11-fb89-11db-bf94-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92090b11-fb89-11db-bf94-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92090b11-fb89-11db-bf94-000f1f2a500d}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92090b11-fb89-11db-bf94-000f1f2a500d}\\_LabelFromReg -> TIMS USB -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 07 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\\_LabelFromReg -> EXT HARD DRIVE -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a80b4215-4e0c-11dc-8021-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c39af488-8a0e-11dc-805e-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c39af488-8a0e-11dc-805e-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c39af488-8a0e-11dc-805e-000f1f2a500d}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657d577-d0d3-11dc-b922-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657d577-d0d3-11dc-b922-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657d577-d0d3-11dc-b922-000f1f2a500d}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657d577-d0d3-11dc-b922-000f1f2a500d}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657d577-d0d3-11dc-b922-000f1f2a500d}\_Autorun\DefaultIcon\ -> -> *~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657d577-d0d3-11dc-b922-000f1f2a500d}\_Autorun\DefaultIcon\\ -> E:\autorun.exe -> E:\autorun.exe -> File not found -1000 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1705b3f-bf5d-11dc-abae-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4973caf-4edf-11dc-8023-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4973caf-4edf-11dc-8023-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe666f8a-6db0-11dc-8046-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe666f8a-6db0-11dc-8046-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe666f8a-6db0-11dc-8046-000f1f2a500d}\\_AutorunStatus -> 01 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 04 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671a4-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 07 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe6671df-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 03 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26/10/2007 1:36:51 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe667458-6db0-11dc-8046-000f1f2a500d}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e4de190-de94-11db-a9d4-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e4de190-de94-11db-a9d4-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e4de190-de94-11db-a9d4-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e4de194-de94-11db-a9d4-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e4de194-de94-11db-a9d4-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e4de194-de94-11db-a9d4-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c657d577-d0d3-11dc-b922-000f1f2a500d}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c657d577-d0d3-11dc-b922-000f1f2a500d}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c657d577-d0d3-11dc-b922-000f1f2a500d}\\Generation -> 1 -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 21/06/2008 11:41:18 PM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 20/04/2008 12:10:41 PM | Attr = RH ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 3/06/2008 6:46:26 PM | Attr = HS] sn.ist -> %SystemDrive%\sn.ist -> [Ver = | Size = 33 bytes | Created Date = 22/05/2008 7:06:44 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 23/06/2008 5:49:03 PM | Attr = ] mcheck.mhf -> %SystemRoot%\System32\mcheck.mhf -> [Ver = | Size = 28 bytes | Created Date = 19/04/2008 11:31:38 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 3/06/2008 6:02:24 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] Off Road Arena -> %SystemRoot%\Off Road Arena -> [Folder | Created Date = 22/06/2008 3:19:38 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 20/04/2008 12:12:35 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 20/04/2008 11:56:10 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 3/06/2008 6:08:51 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 45 bytes | Created Date = 22/05/2008 5:38:31 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 3/06/2008 6:01:52 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] .zreglib -> %AllUsersProfile%\Application Data\.zreglib -> [Ver = | Size = 44 bytes | Created Date = 20/04/2008 12:09:03 AM | Attr = HS] LogSys -> %AllUsersProfile%\Application Data\LogSys -> [Folder | Created Date = 12/06/2008 10:48:49 PM | Attr = ] {726649E6-8F90-456E-B22B-3DFDD02D58C8} -> %AllUsersProfile%\Application Data\{726649E6-8F90-456E-B22B-3DFDD02D58C8} -> [Folder | Created Date = 12/06/2008 10:48:31 PM | Attr = H ] LogSys -> %AppData%\LogSys -> [Folder | Created Date = 12/06/2008 10:48:50 PM | Attr = ] Unity -> %UserProfile%\Local Settings\Application Data\Unity -> [Folder | Created Date = 21/06/2008 10:02:55 PM | Attr = ] Attachment_20060103_F60DFBDC.JPG -> %UserProfile%\My Documents\Attachment_20060103_F60DFBDC.JPG -> [Ver = | Size = 46616 bytes | Created Date = 10/06/2008 6:57:43 PM | Attr = ] Attachment_20061212_74C218BC.png -> %UserProfile%\My Documents\Attachment_20061212_74C218BC.png -> [Ver = | Size = 947265 bytes | Created Date = 10/06/2008 7:16:11 PM | Attr = ] BB FlashBack Movies -> %UserProfile%\My Documents\BB FlashBack Movies -> [Folder | Created Date = 12/06/2008 10:49:09 PM | Attr = ] Fire.jpg -> %UserProfile%\My Documents\Fire.jpg -> [Ver = | Size = 35199 bytes | Created Date = 10/06/2008 6:53:35 PM | Attr = ] Flight Simulator X Files -> %UserProfile%\My Documents\Flight Simulator X Files -> [Folder | Created Date = 23/06/2008 8:14:35 PM | Attr = ] Flv conveter -> %UserProfile%\My Documents\Flv conveter -> [Folder | Created Date = 5/05/2008 7:12:56 PM | Attr = ] HijackThis Logs -> %UserProfile%\My Documents\HijackThis Logs -> [Folder | Created Date = 2/06/2008 5:29:56 PM | Attr = ] Kaspersky scan report.html -> %UserProfile%\My Documents\Kaspersky scan report.html -> [Ver = | Size = 47362 bytes | Created Date = 28/05/2008 7:34:09 PM | Attr = ] Microsoft Office Excel 2007 Tips and Tricks.pdf -> %UserProfile%\My Documents\Microsoft Office Excel 2007 Tips and Tricks.pdf -> [Ver = | Size = 44175407 bytes | Created Date = 21/06/2008 8:00:50 PM | Attr = ] My DVDs -> %UserProfile%\My Documents\My DVDs -> [Folder | Created Date = 3/05/2008 9:09:54 PM | Attr = S] NSWRFS 4Wheeler.jpg -> %UserProfile%\My Documents\NSWRFS 4Wheeler.jpg -> [Ver = | Size = 32771 bytes | Created Date = 10/06/2008 6:53:27 PM | Attr = ] nswrfs_logo[1].gif -> %UserProfile%\My Documents\nswrfs_logo[1].gif -> [Ver = | Size = 7381 bytes | Created Date = 12/06/2008 8:15:35 PM | Attr = ] RFS.pdf -> %UserProfile%\My Documents\RFS.pdf -> [Ver = | Size = 1476991 bytes | Created Date = 19/04/2008 4:46:05 PM | Attr = ] Swearing_postman_pat.avi -> %UserProfile%\My Documents\Swearing_postman_pat.avi -> [Ver = | Size = 2896844 bytes | Created Date = 3/06/2008 6:45:38 PM | Attr = ] Young Endeavour -> %UserProfile%\My Documents\Young Endeavour -> [Folder | Created Date = 24/06/2008 5:43:50 PM | Attr = ] youtubegrabberv1 -> %UserProfile%\My Documents\youtubegrabberv1 -> [Folder | Created Date = 5/05/2008 6:40:41 PM | Attr = ] BB FlashBack Player.lnk -> %AllUsersProfile%\Desktop\BB FlashBack Player.lnk -> [Ver = | Size = 668 bytes | Created Date = 12/06/2008 10:48:46 PM | Attr = ] BB FlashBack Recorder.lnk -> %AllUsersProfile%\Desktop\BB FlashBack Recorder.lnk -> [Ver = | Size = 674 bytes | Created Date = 12/06/2008 10:48:46 PM | Attr = ] Microsoft Flight Simulator X.lnk -> %AllUsersProfile%\Desktop\Microsoft Flight Simulator X.lnk -> [Ver = | Size = 849 bytes | Created Date = 23/06/2008 7:30:37 PM | Attr = ] 300.jpg -> %UserProfile%\Desktop\300.jpg -> [Ver = | Size = 17532 bytes | Created Date = 18/06/2008 10:19:54 PM | Attr = ] 785.jpg -> %UserProfile%\Desktop\785.jpg -> [Ver = | Size = 65517 bytes | Created Date = 18/06/2008 10:14:40 PM | Attr = ] Ads served by Adzgalore -> %UserProfile%\Desktop\Ads served by Adzgalore -> [Folder | Created Date = 9/06/2008 2:20:40 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 9/06/2008 2:20:15 PM | Attr = ] Business studies LOG BOOK.docx -> %UserProfile%\Desktop\Business studies LOG BOOK.docx -> [Ver = | Size = 10261 bytes | Created Date = 1/07/2008 11:31:30 PM | Attr = ] Microsoft Office Word 2007 (2).lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007 (2).lnk -> [Ver = | Size = 2515 bytes | Created Date = 20/04/2008 5:45:20 PM | Attr = ] Mjajor_Recoil.avi -> %UserProfile%\Desktop\Mjajor_Recoil.avi -> [Ver = | Size = 6501024 bytes | Created Date = 6/05/2008 6:05:38 PM | Attr = ] n204800116_30633706_2689.jpg -> %UserProfile%\Desktop\n204800116_30633706_2689.jpg -> [Ver = | Size = 44334 bytes | Created Date = 5/06/2008 11:52:13 PM | Attr = ] Setup -> %UserProfile%\Desktop\Setup -> [Folder | Created Date = 20/04/2008 6:04:31 PM | Attr = R ] Sex Secrets (How To Turn A Woman On, Satisfy Her In A Big way...) ->[Folder | Created Date = 29/06/2008 9:40:56 PM | Attr = ] Shortcut to LimeWire.exe.lnk -> %UserProfile%\Desktop\Shortcut to LimeWire.exe.lnk -> [Ver = | Size = 595 bytes | Created Date = 30/06/2008 6:14:03 PM | Attr = ] Unused Desktop -> %UserProfile%\Desktop\Unused Desktop -> [Folder | Created Date = 10/06/2008 6:13:48 PM | Attr = ] Blueberry Software -> %CommonProgramFiles%\Blueberry Software -> [Folder | Created Date = 12/06/2008 10:48:44 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 20/04/2008 12:20:15 PM | Attr = ] Microsoft Games -> %ProgramFiles%\Microsoft Games -> [Folder | Created Date = 23/06/2008 6:30:50 PM | Attr = ] Microsoft Office -> %ProgramFiles%\Microsoft Office -> [Folder | Created Date = 20/04/2008 12:11:41 PM | Attr = ] Microsoft.NET -> %ProgramFiles%\Microsoft.NET -> [Folder | Created Date = 20/04/2008 12:18:12 PM | Attr = ] MSBuild -> %ProgramFiles%\MSBuild -> [Folder | Created Date = 20/04/2008 12:21:05 PM | Attr = ] MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 23/06/2008 7:31:49 PM | Attr = ] NovaClock -> %ProgramFiles%\NovaClock -> [Folder | Created Date = 9/04/2008 11:55:32 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 4/06/2008 5:23:36 PM | Attr = ] Playboy - The Mansion -> %ProgramFiles%\Playboy - The Mansion -> [Folder | Created Date = 10/06/2008 10:27:46 PM | Attr = ] ReflexiveArcade -> %ProgramFiles%\ReflexiveArcade -> [Folder | Created Date = 22/06/2008 3:19:45 PM | Attr = ] Shockwave.com -> %ProgramFiles%\Shockwave.com -> [Folder | Created Date = 22/06/2008 12:09:14 AM | Attr = ] SlySoft -> %ProgramFiles%\SlySoft -> [Folder | Created Date = 19/04/2008 11:31:18 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 2/06/2008 5:28:49 PM | Attr = ] Unity -> %ProgramFiles%\Unity -> [Folder | Created Date = 21/06/2008 10:00:26 PM | Attr = ] UselessCreations -> %ProgramFiles%\UselessCreations -> [Folder | Created Date = 1/05/2008 10:39:02 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2/06/2008 3:46:20 PM | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 29/06/2008 9:54:29 PM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 21/06/2008 11:41:18 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072984064 bytes | Modified Date = 1/07/2008 3:45:32 PM | Attr = HS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 20/04/2008 12:10:41 PM | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 23/06/2008 7:31:49 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/06/2008 6:46:26 PM | Attr = HS] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 805 bytes | Modified Date = 1/07/2008 8:55:50 PM | Attr = ] sn.ist -> %SystemDrive%\sn.ist -> [Ver = | Size = 33 bytes | Modified Date = 22/05/2008 7:06:44 PM | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 29/04/2008 8:31:10 PM | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 29/04/2008 9:02:44 PM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 232 bytes | Modified Date = 29/04/2008 9:02:51 PM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:57:03 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:57:14 PM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:57:40 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:58:09 PM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:58:15 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:58:21 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 30/04/2008 5:58:27 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 232 bytes | Modified Date = 1/05/2008 7:51:47 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 232 bytes | Modified Date = 1/05/2008 7:51:49 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/05/2008 6:35:46 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/05/2008 10:43:41 PM | Attr = H ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/05/2008 11:21:51 PM | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/05/2008 11:24:55 PM | Attr = H ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/05/2008 11:25:07 PM | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 232 bytes | Modified Date = 2/05/2008 11:25:25 PM | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/05/2008 11:12:02 PM | Attr = H ] sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 232 bytes | Modified Date = 5/05/2008 11:17:41 PM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 29/04/2008 8:31:10 PM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 29/04/2008 9:02:44 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 29/04/2008 9:02:51 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:57:03 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:57:14 PM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:57:40 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:58:09 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:58:15 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:58:21 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 30/04/2008 5:58:27 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/05/2008 7:51:47 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/05/2008 7:51:49 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/05/2008 6:35:46 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/05/2008 10:43:41 PM | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/05/2008 11:21:51 PM | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/05/2008 11:24:55 PM | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/05/2008 11:25:07 PM | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 2/05/2008 11:25:25 PM | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/05/2008 11:12:02 PM | Attr = H ] sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/05/2008 11:17:41 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/06/2008 3:53:27 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 30/06/2008 3:45:57 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 23/06/2008 5:49:03 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 7/05/2008 3:18:48 PM | Attr = ] bbcap.sys -> %SystemRoot%\System32\drivers\bbcap.sys -> Windows (R) 2000 DDK provider [Ver = 1.00 | Size = 2944 bytes | Modified Date = 12/06/2008 10:49:00 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 15156768 bytes | Modified Date = 1/07/2008 11:38:05 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 205832 bytes | Modified Date = 30/06/2008 11:28:04 PM | Attr = HS] PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 14/06/2008 2:27:32 PM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 2/05/2008 11:27:42 PM | Attr = ] bbcap.dll -> %SystemRoot%\System32\bbcap.dll -> Blueberry Consultants Ltd. [Ver = 3.00 | Size = 27776 bytes | Modified Date = 12/06/2008 10:49:00 PM | Attr = ] bbcap.err -> %SystemRoot%\System32\bbcap.err -> [Ver = | Size = 31 bytes | Modified Date = 27/06/2008 3:53:26 PM | Attr = ] bbchlp.dll -> %SystemRoot%\System32\bbchlp.dll -> Blueberry Consultants Ltd. [Ver = 3.00 | Size = 4608 bytes | Modified Date = 12/06/2008 10:49:00 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 17/06/2008 9:54:39 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 1/07/2008 6:22:56 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 23/06/2008 7:31:39 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 21/06/2008 11:16:54 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 21/06/2008 11:16:54 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 291680 bytes | Modified Date = 24/06/2008 3:46:17 PM | Attr = ] mcheck.mhf -> %SystemRoot%\System32\mcheck.mhf -> [Ver = | Size = 28 bytes | Modified Date = 19/04/2008 11:31:38 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 19/04/2008 2:42:29 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 53806 bytes | Modified Date = 29/06/2008 12:11:56 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 383492 bytes | Modified Date = 29/06/2008 12:11:56 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 442982 bytes | Modified Date = 29/06/2008 12:11:56 PM | Attr = ] PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe -> [Ver = | Size = 107832 bytes | Modified Date = 14/06/2008 2:27:25 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 7/05/2008 3:18:48 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/06/2008 3:53:27 PM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 355093 bytes | Modified Date = 1/07/2008 3:49:01 PM | Attr = H ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/07/2008 3:47:17 PM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/05/2008 6:21:17 PM | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 29/06/2008 11:47:27 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 20/06/2008 11:36:20 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/07/2008 3:45:41 PM | Attr = S] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 29/06/2008 12:10:54 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 21/06/2008 11:43:27 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 21/06/2008 11:41:49 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 23/06/2008 6:52:08 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 29/06/2008 12:11:20 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 12/06/2008 12:59:11 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 21/06/2008 11:17:05 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 21/06/2008 11:17:04 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 29/06/2008 9:54:29 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 1/07/2008 11:37:47 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 22/06/2008 4:44:30 AM | Attr = ] Off Road Arena -> %SystemRoot%\Off Road Arena -> [Folder | Modified Date = 22/06/2008 3:19:38 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/07/2008 11:36:43 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 19/04/2008 2:42:21 PM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 20/04/2008 12:19:58 PM | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 20/04/2008 12:07:29 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 3/06/2008 6:06:40 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 29/06/2008 12:11:56 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 27/05/2008 3:20:59 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/07/2008 11:30:22 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 2/06/2008 3:46:19 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 45 bytes | Modified Date = 22/05/2008 5:38:31 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 25/06/2008 3:01:45 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/07/2008 3:45:58 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes -> [Folder | Modified Date = 23/06/2008 9:52:29 PM | Attr = ] Filelist00001.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00001.DAT -> [Ver = | Size = 2300 bytes | Modified Date = 23/06/2008 8:10:30 PM | Attr = ] Filelist00002.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00002.DAT -> [Ver = | Size = 1308 bytes | Modified Date = 23/06/2008 8:10:30 PM | Attr = ] Filelist00003.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00003.DAT -> [Ver = | Size = 5392 bytes | Modified Date = 23/06/2008 8:10:32 PM | Attr = ] Filelist00004.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00004.DAT -> [Ver = | Size = 19384 bytes | Modified Date = 23/06/2008 8:10:36 PM | Attr = ] Filelist00005.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00005.DAT -> [Ver = | Size = 9352 bytes | Modified Date = 23/06/2008 8:10:38 PM | Attr = ] Filelist00006.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00006.DAT -> [Ver = | Size = 10672 bytes | Modified Date = 23/06/2008 8:10:40 PM | Attr = ] Filelist00007.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00007.DAT -> [Ver = | Size = 12652 bytes | Modified Date = 23/06/2008 8:10:41 PM | Attr = ] Filelist00008.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00008.DAT -> [Ver = | Size = 9088 bytes | Modified Date = 23/06/2008 8:10:42 PM | Attr = ] Filelist00009.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00009.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:10:43 PM | Attr = ] Filelist00010.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00010.DAT -> [Ver = | Size = 7636 bytes | Modified Date = 23/06/2008 8:10:43 PM | Attr = ] Filelist00011.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00011.DAT -> [Ver = | Size = 6184 bytes | Modified Date = 23/06/2008 8:10:44 PM | Attr = ] Filelist00012.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00012.DAT -> [Ver = | Size = 23212 bytes | Modified Date = 23/06/2008 8:10:47 PM | Attr = ] Filelist00013.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00013.DAT -> [Ver = | Size = 11596 bytes | Modified Date = 23/06/2008 8:10:48 PM | Attr = ] Filelist00014.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00014.DAT -> [Ver = | Size = 8824 bytes | Modified Date = 23/06/2008 8:10:51 PM | Attr = ] Filelist00015.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00015.DAT -> [Ver = | Size = 11596 bytes | Modified Date = 23/06/2008 8:10:54 PM | Attr = ] Filelist00016.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00016.DAT -> [Ver = | Size = 9484 bytes | Modified Date = 23/06/2008 8:10:56 PM | Attr = ] Filelist00017.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00017.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:10:58 PM | Attr = ] Filelist00018.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00018.DAT -> [Ver = | Size = 4468 bytes | Modified Date = 23/06/2008 8:10:59 PM | Attr = ] Filelist00019.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00019.DAT -> [Ver = | Size = 8164 bytes | Modified Date = 23/06/2008 8:11:01 PM | Attr = ] Filelist00020.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00020.DAT -> [Ver = | Size = 27172 bytes | Modified Date = 23/06/2008 8:11:06 PM | Attr = ] Filelist00021.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00021.DAT -> [Ver = | Size = 31396 bytes | Modified Date = 23/06/2008 8:11:15 PM | Attr = ] Filelist00022.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00022.DAT -> [Ver = | Size = 13972 bytes | Modified Date = 23/06/2008 8:11:18 PM | Attr = ] Filelist00023.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00023.DAT -> [Ver = | Size = 9220 bytes | Modified Date = 23/06/2008 8:11:21 PM | Attr = ] Filelist00024.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00024.DAT -> [Ver = | Size = 9220 bytes | Modified Date = 23/06/2008 8:11:23 PM | Attr = ] Filelist00025.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00025.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:11:26 PM | Attr = ] Filelist00026.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00026.DAT -> [Ver = | Size = 3412 bytes | Modified Date = 23/06/2008 8:11:27 PM | Attr = ] Filelist00027.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00027.DAT -> [Ver = | Size = 10672 bytes | Modified Date = 23/06/2008 8:11:28 PM | Attr = ] Filelist00028.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00028.DAT -> [Ver = | Size = 22420 bytes | Modified Date = 23/06/2008 8:11:31 PM | Attr = ] Filelist00029.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00029.DAT -> [Ver = | Size = 24004 bytes | Modified Date = 23/06/2008 8:11:34 PM | Attr = ] Filelist00030.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00030.DAT -> [Ver = | Size = 25984 bytes | Modified Date = 23/06/2008 8:11:36 PM | Attr = ] Filelist00031.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00031.DAT -> [Ver = | Size = 22156 bytes | Modified Date = 23/06/2008 8:11:38 PM | Attr = ] Filelist00032.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00032.DAT -> [Ver = | Size = 18856 bytes | Modified Date = 23/06/2008 8:11:40 PM | Attr = ] Filelist00033.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00033.DAT -> [Ver = | Size = 12256 bytes | Modified Date = 23/06/2008 8:11:41 PM | Attr = ] Filelist00034.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00034.DAT -> [Ver = | Size = 6448 bytes | Modified Date = 23/06/2008 8:11:42 PM | Attr = ] Filelist00035.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00035.DAT -> [Ver = | Size = 5128 bytes | Modified Date = 23/06/2008 8:11:42 PM | Attr = ] Filelist00036.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00036.DAT -> [Ver = | Size = 13444 bytes | Modified Date = 23/06/2008 8:11:43 PM | Attr = ] Filelist00037.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00037.DAT -> [Ver = | Size = 9088 bytes | Modified Date = 23/06/2008 8:11:44 PM | Attr = ] Filelist00038.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00038.DAT -> [Ver = | Size = 11992 bytes | Modified Date = 23/06/2008 8:11:45 PM | Attr = ] Filelist00039.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00039.DAT -> [Ver = | Size = 26512 bytes | Modified Date = 23/06/2008 8:11:48 PM | Attr = ] Filelist00040.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00040.DAT -> [Ver = | Size = 16216 bytes | Modified Date = 23/06/2008 8:11:50 PM | Attr = ] Filelist00041.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00041.DAT -> [Ver = | Size = 9616 bytes | Modified Date = 23/06/2008 8:11:50 PM | Attr = ] Filelist00042.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00042.DAT -> [Ver = | Size = 6316 bytes | Modified Date = 23/06/2008 8:11:51 PM | Attr = ] Filelist00043.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00043.DAT -> [Ver = | Size = 6976 bytes | Modified Date = 23/06/2008 8:11:52 PM | Attr = ] Filelist00044.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00044.DAT -> [Ver = | Size = 16744 bytes | Modified Date = 23/06/2008 8:11:54 PM | Attr = ] Filelist00045.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00045.DAT -> [Ver = | Size = 18460 bytes | Modified Date = 23/06/2008 8:11:56 PM | Attr = ] Filelist00046.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00046.DAT -> [Ver = | Size = 18724 bytes | Modified Date = 23/06/2008 8:11:57 PM | Attr = ] Filelist00047.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00047.DAT -> [Ver = | Size = 9484 bytes | Modified Date = 23/06/2008 8:11:58 PM | Attr = ] Filelist00048.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00048.DAT -> [Ver = | Size = 8824 bytes | Modified Date = 23/06/2008 8:11:59 PM | Attr = ] Filelist00049.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00049.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:12:00 PM | Attr = ] Filelist00050.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00050.DAT -> [Ver = | Size = 3412 bytes | Modified Date = 23/06/2008 8:12:00 PM | Attr = ] Filelist00051.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00051.DAT -> [Ver = | Size = 9484 bytes | Modified Date = 23/06/2008 8:12:01 PM | Attr = ] Filelist00052.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00052.DAT -> [Ver = | Size = 31924 bytes | Modified Date = 23/06/2008 8:12:05 PM | Attr = ] Filelist00053.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00053.DAT -> [Ver = | Size = 27304 bytes | Modified Date = 23/06/2008 8:12:08 PM | Attr = ] Filelist00054.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00054.DAT -> [Ver = | Size = 24400 bytes | Modified Date = 23/06/2008 8:12:10 PM | Attr = ] Filelist00055.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00055.DAT -> [Ver = | Size = 23344 bytes | Modified Date = 23/06/2008 8:12:13 PM | Attr = ] Filelist00056.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00056.DAT -> [Ver = | Size = 15820 bytes | Modified Date = 23/06/2008 8:12:14 PM | Attr = ] Filelist00057.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00057.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:12:15 PM | Attr = ] Filelist00058.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00058.DAT -> [Ver = | Size = 2356 bytes | Modified Date = 23/06/2008 8:12:15 PM | Attr = ] Filelist00059.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00059.DAT -> [Ver = | Size = 8560 bytes | Modified Date = 23/06/2008 8:12:16 PM | Attr = ] Filelist00060.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00060.DAT -> [Ver = | Size = 25720 bytes | Modified Date = 23/06/2008 8:12:18 PM | Attr = ] Filelist00061.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00061.DAT -> [Ver = | Size = 30740 bytes | Modified Date = 23/06/2008 8:12:21 PM | Attr = ] Filelist00062.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00062.DAT -> [Ver = | Size = 23212 bytes | Modified Date = 23/06/2008 8:12:23 PM | Attr = ] Filelist00063.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00063.DAT -> [Ver = | Size = 22420 bytes | Modified Date = 23/06/2008 8:12:25 PM | Attr = ] Filelist00064.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00064.DAT -> [Ver = | Size = 11332 bytes | Modified Date = 23/06/2008 8:12:26 PM | Attr = ] Filelist00065.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00065.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:12:27 PM | Attr = ] Filelist00066.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00066.DAT -> [Ver = | Size = 904 bytes | Modified Date = 23/06/2008 8:12:27 PM | Attr = ] Filelist00067.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00067.DAT -> [Ver = | Size = 7636 bytes | Modified Date = 23/06/2008 8:12:28 PM | Attr = ] Filelist00068.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00068.DAT -> [Ver = | Size = 22288 bytes | Modified Date = 23/06/2008 8:12:30 PM | Attr = ] Filelist00069.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00069.DAT -> [Ver = | Size = 27964 bytes | Modified Date = 23/06/2008 8:12:33 PM | Attr = ] Filelist00070.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00070.DAT -> [Ver = | Size = 17272 bytes | Modified Date = 23/06/2008 8:12:35 PM | Attr = ] Filelist00071.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00071.DAT -> [Ver = | Size = 9748 bytes | Modified Date = 23/06/2008 8:12:36 PM | Attr = ] Filelist00072.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00072.DAT -> [Ver = | Size = 8824 bytes | Modified Date = 23/06/2008 8:12:36 PM | Attr = ] Filelist00073.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00073.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:12:37 PM | Attr = ] Filelist00074.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00074.DAT -> [Ver = | Size = 1432 bytes | Modified Date = 23/06/2008 8:12:37 PM | Attr = ] Filelist00075.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00075.DAT -> [Ver = | Size = 8956 bytes | Modified Date = 23/06/2008 8:12:40 PM | Attr = ] Filelist00076.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00076.DAT -> [Ver = | Size = 20044 bytes | Modified Date = 23/06/2008 8:12:44 PM | Attr = ] Filelist00077.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00077.DAT -> [Ver = | Size = 21364 bytes | Modified Date = 23/06/2008 8:12:48 PM | Attr = ] Filelist00078.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00078.DAT -> [Ver = | Size = 25456 bytes | Modified Date = 23/06/2008 8:12:54 PM | Attr = ] Filelist00079.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00079.DAT -> [Ver = | Size = 15952 bytes | Modified Date = 23/06/2008 8:12:56 PM | Attr = ] Filelist00080.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00080.DAT -> [Ver = | Size = 12520 bytes | Modified Date = 23/06/2008 8:12:58 PM | Attr = ] Filelist00081.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00081.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:13:00 PM | Attr = ] Filelist00082.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00082.DAT -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 8:13:00 PM | Attr = ] Filelist00083.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00083.DAT -> [Ver = | Size = 6184 bytes | Modified Date = 23/06/2008 8:13:01 PM | Attr = ] Filelist00084.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00084.DAT -> [Ver = | Size = 17140 bytes | Modified Date = 23/06/2008 8:13:06 PM | Attr = ] Filelist00085.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00085.DAT -> [Ver = | Size = 22156 bytes | Modified Date = 23/06/2008 8:13:13 PM | Attr = ] Filelist00086.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00086.DAT -> [Ver = | Size = 15028 bytes | Modified Date = 23/06/2008 8:13:17 PM | Attr = ] Filelist00087.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00087.DAT -> [Ver = | Size = 25852 bytes | Modified Date = 23/06/2008 8:13:22 PM | Attr = ] Filelist00088.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00088.DAT -> [Ver = | Size = 22552 bytes | Modified Date = 23/06/2008 8:13:27 PM | Attr = ] Filelist00089.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00089.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 23/06/2008 8:13:29 PM | Attr = ] Filelist00090.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00090.DAT -> [Ver = | Size = 508 bytes | Modified Date = 23/06/2008 8:13:29 PM | Attr = ] Filelist00091.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00091.DAT -> [Ver = | Size = 4600 bytes | Modified Date = 23/06/2008 8:13:30 PM | Attr = ] Filelist00092.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00092.DAT -> [Ver = | Size = 12784 bytes | Modified Date = 23/06/2008 8:13:31 PM | Attr = ] Filelist00093.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00093.DAT -> [Ver = | Size = 9220 bytes | Modified Date = 23/06/2008 8:13:32 PM | Attr = ] Filelist00094.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00094.DAT -> [Ver = | Size = 11596 bytes | Modified Date = 23/06/2008 8:13:33 PM | Attr = ] Filelist00095.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00095.DAT -> [Ver = | Size = 15424 bytes | Modified Date = 23/06/2008 8:13:34 PM | Attr = ] Filelist00096.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00096.DAT -> [Ver = | Size = 15160 bytes | Modified Date = 23/06/2008 8:13:36 PM | Attr = ] Filelist00097.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00097.DAT -> [Ver = | Size = 9880 bytes | Modified Date = 23/06/2008 8:13:36 PM | Attr = ] Filelist00098.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00098.DAT -> [Ver = | Size = 5392 bytes | Modified Date = 23/06/2008 8:13:37 PM | Attr = ] Filelist00099.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00099.DAT -> [Ver = | Size = 372 bytes | Modified Date = 23/06/2008 8:13:37 PM | Attr = ] Filelist00100.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00100.DAT -> [Ver = | Size = 2856 bytes | Modified Date = 23/06/2008 8:13:37 PM | Attr = ] Filelist00101.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00101.DAT -> [Ver = | Size = 904 bytes | Modified Date = 23/06/2008 8:13:38 PM | Attr = ] Filelist00102.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00102.DAT -> [Ver = | Size = 644 bytes | Modified Date = 23/06/2008 8:13:38 PM | Attr = ] Filelist00103.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00103.DAT -> [Ver = | Size = 4844 bytes | Modified Date = 23/06/2008 8:13:39 PM | Attr = ] Filelist00104.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00104.DAT -> [Ver = | Size = 2880 bytes | Modified Date = 23/06/2008 8:13:40 PM | Attr = ] Filelist00105.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00105.DAT -> [Ver = | Size = 1952 bytes | Modified Date = 23/06/2008 8:13:40 PM | Attr = ] Filelist00106.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00106.DAT -> [Ver = | Size = 1956 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00107.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00107.DAT -> [Ver = | Size = 508 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00108.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00108.DAT -> [Ver = | Size = 376 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00109.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00109.DAT -> [Ver = | Size = 252 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00110.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00110.DAT -> [Ver = | Size = 408 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00111.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00111.DAT -> [Ver = | Size = 252 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00112.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00112.DAT -> [Ver = | Size = 256 bytes | Modified Date = 23/06/2008 8:13:41 PM | Attr = ] Filelist00113.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00113.DAT -> [Ver = | Size = 2860 bytes | Modified Date = 23/06/2008 8:13:42 PM | Attr = ] Filelist00114.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00114.DAT -> [Ver = | Size = 252 bytes | Modified Date = 23/06/2008 8:13:42 PM | Attr = ] FilelistIndex.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\FilelistIndex.DAT -> [Ver = | Size = 58116 bytes | Modified Date = 27/06/2008 9:43:43 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 30/03/2007 10:08:04 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 98014 bytes | Modified Date = 1/07/2008 3:48:40 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 98014 bytes | Modified Date = 1/07/2008 3:48:40 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 20/04/2008 12:19:34 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8396 bytes | Modified Date = 17/05/2007 7:28:16 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8384 bytes | Modified Date = 17/05/2007 8:06:53 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing -> [Folder | Modified Date = 23/06/2008 8:09:23 PM | Attr = ] 09148581-7001-9502-b81a-ddff084ae6ee.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\09148581-7001-9502-b81a-ddff084ae6ee.dat -> [Ver = | Size = 6182 bytes | Modified Date = 23/06/2008 8:08:13 PM | Attr = ] 1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat -> [Ver = | Size = 3338 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 2aa181cf-5771-3146-73c7-afbf7e9ced2e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\2aa181cf-5771-3146-73c7-afbf7e9ced2e.dat -> [Ver = | Size = 16644 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 325ecd9f-b45c-7657-310d-a3ec69566036.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\325ecd9f-b45c-7657-310d-a3ec69566036.dat -> [Ver = | Size = 4324 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 3a2d0e4e-183a-3be6-de12-f79b20b6726b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\3a2d0e4e-183a-3be6-de12-f79b20b6726b.dat -> [Ver = | Size = 4339 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 43b3fb56-0aa1-cf24-fcd5-ace4f579aa78.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\43b3fb56-0aa1-cf24-fcd5-ace4f579aa78.dat -> [Ver = | Size = 6043 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 4a9b95b9-1079-3d9a-1dd0-511ab9735c52.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\4a9b95b9-1079-3d9a-1dd0-511ab9735c52.dat -> [Ver = | Size = 4190 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 61003c70-2333-4da9-f637-1240e25f9b46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\61003c70-2333-4da9-f637-1240e25f9b46.dat -> [Ver = | Size = 5105 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 6d1fc144-430d-92ee-a585-fccf492243f1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\6d1fc144-430d-92ee-a585-fccf492243f1.dat -> [Ver = | Size = 16652 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 7fc76939-1749-9389-638e-b057f3111dfe.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\7fc76939-1749-9389-638e-b057f3111dfe.dat -> [Ver = | Size = 8266 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] 80e6fb29-e941-8cd6-02a4-de76e1000f1d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\80e6fb29-e941-8cd6-02a4-de76e1000f1d.dat -> [Ver = | Size = 3037 bytes | Modified Date = 23/06/2008 8:08:12 PM | Attr = ] 85694c06-b10c-a13e-ead8-4b3d8b4fa6af.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\85694c06-b10c-a13e-ead8-4b3d8b4fa6af.dat -> [Ver = | Size = 5612 bytes | Modified Date = 23/06/2008 8:09:10 PM | Attr = ] 9728020c-33b1-869d-8ca7-2da2673eeba6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\9728020c-33b1-869d-8ca7-2da2673eeba6.dat -> [Ver = | Size = 13319 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] af154ab4-7867-7da2-509f-55369e19b78a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\af154ab4-7867-7da2-509f-55369e19b78a.dat -> [Ver = | Size = 5259 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] b3724b38-a0be-7e2e-680a-76a2b74d87ae.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\b3724b38-a0be-7e2e-680a-76a2b74d87ae.dat -> [Ver = | Size = 11422 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] b63271ae-c613-2d09-eede-d8f740f9fbdc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\b63271ae-c613-2d09-eede-d8f740f9fbdc.dat -> [Ver = | Size = 3447 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] bb94bdbd-e879-9f77-c792-8f2b062f83fa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\bb94bdbd-e879-9f77-c792-8f2b062f83fa.dat -> [Ver = | Size = 3033 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] c7f13e4f-3a54-f72a-4415-9de346aa9a51.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\c7f13e4f-3a54-f72a-4415-9de346aa9a51.dat -> [Ver = | Size = 3448 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] e840ba51-07a0-5a6f-202f-a1d2634d5cb6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\e840ba51-07a0-5a6f-202f-a1d2634d5cb6.dat -> [Ver = | Size = 11430 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] e9f9f228-aedb-24f3-2265-9dd49f9caa95.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\e9f9f228-aedb-24f3-2265-9dd49f9caa95.dat -> [Ver = | Size = 4252 bytes | Modified Date = 23/06/2008 8:09:10 PM | Attr = ] ec8b761e-e469-96f8-4db5-cef2937fdb89.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\ec8b761e-e469-96f8-4db5-cef2937fdb89.dat -> [Ver = | Size = 11348 bytes | Modified Date = 23/06/2008 8:09:22 PM | Attr = ] f0f642df-b163-4f5b-70aa-9dbfadeaa323.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\f0f642df-b163-4f5b-70aa-9dbfadeaa323.dat -> [Ver = | Size = 3978 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] f68611eb-e389-1a51-bd94-636faf15e309.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\f68611eb-e389-1a51-bd94-636faf15e309.dat -> [Ver = | Size = 7371 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] fda68769-b92c-0baa-a72e-cdf551afdbb7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\fda68769-b92c-0baa-a72e-cdf551afdbb7.dat -> [Ver = | Size = 13323 bytes | Modified Date = 23/06/2008 7:30:00 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 12/05/2007 12:29:50 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/05/2007 12:28:00 AM | Attr = ] C:\Documents and Settings\Tim Steer\Local Settings\Temp\ -> C:\Documents and Settings\Tim Steer\Local Settings\Temp -> [Folder | Modified Date = 1/07/2008 11:36:21 PM | Attr = ] Setup.INI -> C:\Documents and Settings\Tim Steer\Local Settings\Temp\Setup.INI -> [Ver = | Size = 2121 bytes | Modified Date = 9/09/2006 7:37:06 PM | Attr = R ] 20 C:\Documents and Settings\Tim Steer\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Tim Steer\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Tim Steer\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\ -> C:\Documents and Settings\Tim Steer\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6} -> [Folder | Modified Date = 23/06/2008 8:02:24 PM | Attr = ] 0x0409.ini -> C:\Documents and Settings\Tim Steer\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\0x0409.ini -> [Ver = | Size = 5515 bytes | Modified Date = 9/09/2006 7:37:06 PM | Attr = R ] setup.ini -> C:\Documents and Settings\Tim Steer\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\setup.ini -> [Ver = | Size = 2121 bytes | Modified Date = 9/09/2006 7:37:06 PM | Attr = R ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] .zreglib -> %AllUsersProfile%\Application Data\.zreglib -> [Ver = | Size = 44 bytes | Modified Date = 24/04/2008 9:18:02 PM | Attr = HS] Blueberry -> %AllUsersProfile%\Application Data\Blueberry -> [Folder | Modified Date = 12/06/2008 10:49:57 PM | Attr = ] LogSys -> %AllUsersProfile%\Application Data\LogSys -> [Folder | Modified Date = 12/06/2008 10:48:49 PM | Attr = ] MailFrontier -> %AllUsersProfile%\Application Data\MailFrontier -> [Folder | Modified Date = 15/06/2008 1:46:49 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 23/06/2008 7:30:37 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 23/05/2008 9:08:54 PM | Attr = ] {726649E6-8F90-456E-B22B-3DFDD02D58C8} -> %AllUsersProfile%\Application Data\{726649E6-8F90-456E-B22B-3DFDD02D58C8} -> [Folder | Modified Date = 12/06/2008 10:48:48 PM | Attr = H ] Blueberry -> %AppData%\Blueberry -> [Folder | Modified Date = 12/06/2008 10:55:36 PM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 30/06/2008 6:14:22 PM | Attr = ] LogSys -> %AppData%\LogSys -> [Folder | Modified Date = 12/06/2008 10:49:07 PM | Attr = ] MailFrontier -> %AppData%\MailFrontier -> [Folder | Modified Date = 15/06/2008 1:46:50 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 23/06/2008 6:51:47 PM | Attr = S] U3 -> %AppData%\U3 -> [Folder | Modified Date = 20/04/2008 11:37:59 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 29/06/2008 10:04:10 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 240640 bytes | Modified Date = 30/06/2008 11:02:37 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 77528 bytes | Modified Date = 3/05/2008 9:10:23 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2644732 bytes | Modified Date = 22/05/2008 10:58:19 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 23/06/2008 8:15:01 PM | Attr = ] Unity -> %UserProfile%\Local Settings\Application Data\Unity -> [Folder | Modified Date = 21/06/2008 10:02:55 PM | Attr = ] Attachment_20060103_F60DFBDC.JPG -> %UserProfile%\My Documents\Attachment_20060103_F60DFBDC.JPG -> [Ver = | Size = 46616 bytes | Modified Date = 10/06/2008 6:57:43 PM | Attr = ] Attachment_20061212_74C218BC.png -> %UserProfile%\My Documents\Attachment_20061212_74C218BC.png -> [Ver = | Size = 947265 bytes | Modified Date = 10/06/2008 7:16:11 PM | Attr = ] BB FlashBack Movies -> %UserProfile%\My Documents\BB FlashBack Movies -> [Folder | Modified Date = 12/06/2008 10:49:09 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 29/06/2008 9:50:34 PM | Attr = ] Fire.jpg -> %UserProfile%\My Documents\Fire.jpg -> [Ver = | Size = 35199 bytes | Modified Date = 10/06/2008 6:53:36 PM | Attr = ] Flight Simulator X Files -> %UserProfile%\My Documents\Flight Simulator X Files -> [Folder | Modified Date = 27/06/2008 6:06:08 PM | Attr = ] Flv conveter -> %UserProfile%\My Documents\Flv conveter -> [Folder | Modified Date = 6/05/2008 6:04:35 PM | Attr = ] GTA San Andreas User Files -> %UserProfile%\My Documents\GTA San Andreas User Files -> [Folder | Modified Date = 10/06/2008 6:17:02 PM | Attr = ] HijackThis Logs -> %UserProfile%\My Documents\HijackThis Logs -> [Folder | Modified Date = 5/06/2008 7:20:00 PM | Attr = ] Incomplete -> %UserProfile%\My Documents\Incomplete -> [Folder | Modified Date = 30/06/2008 6:44:38 PM | Attr = ] John Deere American Builder Deluxe -> %UserProfile%\My Documents\John Deere American Builder Deluxe -> [Folder | Modified Date = 10/06/2008 6:17:29 PM | Attr = ] Kaspersky scan report.html -> %UserProfile%\My Documents\Kaspersky scan report.html -> [Ver = | Size = 47362 bytes | Modified Date = 28/05/2008 7:34:10 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 30/06/2008 6:43:26 PM | Attr = ] Microsoft Office Excel 2007 Tips and Tricks.pdf -> %UserProfile%\My Documents\Microsoft Office Excel 2007 Tips and Tricks.pdf -> [Ver = | Size = 44175407 bytes | Modified Date = 21/06/2008 8:00:53 PM | Attr = ] My DVDs -> %UserProfile%\My Documents\My DVDs -> [Folder | Modified Date = 3/05/2008 9:17:31 PM | Attr = S] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 30/05/2008 10:26:30 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 23/06/2008 9:23:37 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 24/06/2008 5:25:48 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 578 bytes | Modified Date = 1/07/2008 6:26:04 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 3/05/2008 9:15:33 PM | Attr = R ] NSWRFS 4Wheeler.jpg -> %UserProfile%\My Documents\NSWRFS 4Wheeler.jpg -> [Ver = | Size = 32771 bytes | Modified Date = 10/06/2008 6:53:27 PM | Attr = ] nswrfs_logo[1].gif -> %UserProfile%\My Documents\nswrfs_logo[1].gif -> [Ver = | Size = 7381 bytes | Modified Date = 12/06/2008 8:15:35 PM | Attr = ] RFS.pdf -> %UserProfile%\My Documents\RFS.pdf -> [Ver = | Size = 1476991 bytes | Modified Date = 19/04/2008 4:46:05 PM | Attr = ] Swearing_postman_pat.avi -> %UserProfile%\My Documents\Swearing_postman_pat.avi -> [Ver = | Size = 2896844 bytes | Modified Date = 3/06/2008 6:45:46 PM | Attr = ] Young Endeavour -> %UserProfile%\My Documents\Young Endeavour -> [Folder | Modified Date = 24/06/2008 5:59:54 PM | Attr = ] youtubegrabberv1 -> %UserProfile%\My Documents\youtubegrabberv1 -> [Folder | Modified Date = 5/05/2008 6:44:36 PM | Attr = ] BB FlashBack Player.lnk -> %AllUsersProfile%\Desktop\BB FlashBack Player.lnk -> [Ver = | Size = 668 bytes | Modified Date = 12/06/2008 10:48:46 PM | Attr = ] BB FlashBack Recorder.lnk -> %AllUsersProfile%\Desktop\BB FlashBack Recorder.lnk -> [Ver = | Size = 674 bytes | Modified Date = 12/06/2008 10:48:46 PM | Attr = ] Microsoft Flight Simulator X.lnk -> %AllUsersProfile%\Desktop\Microsoft Flight Simulator X.lnk -> [Ver = | Size = 849 bytes | Modified Date = 23/06/2008 7:30:37 PM | Attr = ] 300.jpg -> %UserProfile%\Desktop\300.jpg -> [Ver = | Size = 17532 bytes | Modified Date = 18/06/2008 10:19:54 PM | Attr = ] 785.jpg -> %UserProfile%\Desktop\785.jpg -> [Ver = | Size = 65517 bytes | Modified Date = 18/06/2008 10:14:40 PM | Attr = ] Ads served by Adzgalore -> %UserProfile%\Desktop\Ads served by Adzgalore -> [Folder | Modified Date = 28/06/2008 3:31:34 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 9/06/2008 2:17:41 PM | Attr = ] Business studies LOG BOOK.docx -> %UserProfile%\Desktop\Business studies LOG BOOK.docx -> [Ver = | Size = 10261 bytes | Modified Date = 1/07/2008 11:31:31 PM | Attr = ] Decent music -> %UserProfile%\Desktop\Decent music -> [Folder | Modified Date = 29/06/2008 11:25:38 PM | Attr = ] Games -> %UserProfile%\Desktop\Games -> [Folder | Modified Date = 22/06/2008 3:31:14 PM | Attr = R ] Microsoft Office Word 2007 (2).lnk -> %UserProfile%\Desktop\Microsoft Office Word 2007 (2).lnk -> [Ver = | Size = 2515 bytes | Modified Date = 24/06/2008 4:43:33 PM | Attr = ] Mjajor_Recoil.avi -> %UserProfile%\Desktop\Mjajor_Recoil.avi -> [Ver = | Size = 6501024 bytes | Modified Date = 6/05/2008 6:05:57 PM | Attr = ] n204800116_30633706_2689.jpg -> %UserProfile%\Desktop\n204800116_30633706_2689.jpg -> [Ver = | Size = 44334 bytes | Modified Date = 5/06/2008 11:52:13 PM | Attr = ] Playboy The Mansion -> %UserProfile%\Desktop\Playboy The Mansion -> [Folder | Modified Date = 10/06/2008 10:20:09 PM | Attr = ] Setup -> %UserProfile%\Desktop\Setup -> [Folder | Modified Date = 30/06/2008 11:01:16 PM | Attr = R ] Sex Secrets (How To Turn A Woman On, Satisfy Her In A Big way...) ->[Folder | Modified Date = 29/06/2008 9:40:57 PM | Attr = ] Shortcut to LimeWire.exe.lnk -> %UserProfile%\Desktop\Shortcut to LimeWire.exe.lnk -> [Ver = | Size = 595 bytes | Modified Date = 30/06/2008 6:14:00 PM | Attr = ] Tims Resume uptodate.docx -> %UserProfile%\Desktop\Tims Resume uptodate.docx -> [Ver = | Size = 20884 bytes | Modified Date = 24/06/2008 6:00:04 PM | Attr = ] Unused Desktop -> %UserProfile%\Desktop\Unused Desktop -> [Folder | Modified Date = 10/06/2008 10:36:23 PM | Attr = ] Blueberry Software -> %CommonProgramFiles%\Blueberry Software -> [Folder | Modified Date = 12/06/2008 10:48:46 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 20/04/2008 12:20:15 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 23/06/2008 6:37:39 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 20/04/2008 12:13:00 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:a5,18,6c,09,d0,02,cb,ea,14,22,2d,32,c4,d9,6a,5a,fb,5a,0d,dd,b2,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,5d,9b,ca,41,3a,fa,83,87,65,74,52,44,4b,40,05,44,a3,.. "khjeh"=hex:1d,87,2e,9f,8b,96,6c,5a,6b,c9,fc,50,30,24,70,5a,9c,b8,d1,f0,0c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:e1,c0,33,ff,26,73,7e,9d,29,ea,76,59,ae,6f,6f,00,7a,ad,6c,6c,da,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:a5,18,6c,09,d0,02,cb,ea,14,22,2d,32,c4,d9,6a,5a,fb,5a,0d,dd,b2,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,5d,9b,ca,41,3a,fa,83,87,65,74,52,44,4b,40,05,44,a3,.. "khjeh"=hex:1d,87,2e,9f,8b,96,6c,5a,6b,c9,fc,50,30,24,70,5a,9c,b8,d1,f0,0c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:e1,c0,33,ff,26,73,7e,9d,29,ea,76,59,ae,6f,6f,00,7a,ad,6c,6c,da,.. scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\Web\printers\images\Thumbs.db:encryptable 0 bytes C:\WINDOWS\Web\Wallpaper\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\.limewire\themes\other_theme\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\.limewire\themes\windows_theme\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\.limewire\xml\misc\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Desktop\Decent music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Desktop\Setup\Movies\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Desktop\Setup\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Desktop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Favorites\Cabela's Official Website .url:favicon 1406 bytes C:\Documents and Settings\Tim Steer\Incomplete\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Local Settings\Temporary Internet Files\Content.IE5\D8653UEP\videoByTag[3].xml 13507 bytes C:\Documents and Settings\Tim Steer\My Documents\Cars\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\Downloads\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\GTA San Andreas User Files\Gallery\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\GTA San Andreas User Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\GTA San Andreas User Files\User Tracks\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My Pictures\ControlCenter2\Scan\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My Pictures\Flight Simulator X Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My Videos\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\Increase speed UTorrent\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\Motor bike pics\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My DVDs\Man Vs Wild\Man Vs Wild Patagonia\Man Vs Wild Patagonia.dvd:Afp_AfpInfo 48 bytes C:\Documents and Settings\Tim Steer\My Documents\My DVDs\Man Vs Wild\Man Vs Wild.dvd:Afp_AfpInfo 48 bytes C:\Documents and Settings\Tim Steer\My Documents\My Music\Gallery\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\My Music\User Tracks\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\My Documents\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Tim Steer\Shared\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 39 < End of report > [/code]