[code] OTScanIt logfile created on: 7/27/2008 12:27:41 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Andy\Desktop\spy programs\OTScanIt Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.48 Mb Total Physical Memory | 515.93 Mb Available Physical Memory | 50.41% Memory free 1.47 Gb Paging File | 0.95 Gb Available in Paging File | 65.04% Paging File free Paging file location(s): C:\pagefile.sys 576 1152; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.81 Gb Total Space | 10.24 Gb Free Space | 30.28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 57.62 Gb Total Space | 37.71 Gb Free Space | 65.44% Space Free | Partition Type: NTFS Drive G: | 57.62 Gb Total Space | 40.18 Gb Free Space | 69.73% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GAMEROOM Current User Name: Andy Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4173 | Size = 483328 bytes | Modified Date = 6/26/2007 8:49:21 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4173 | Size = 483328 bytes | Modified Date = 6/26/2007 8:49:21 PM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 5:47:02 PM | Attr = ] aawservice.exe -> F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 7/26/2008 3:38:55 PM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 4:06:32 PM | Attr = ] gearsec.exe -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 2/25/2004 12:43:06 PM | Attr = ] nnsvc.exe -> %ProgramFiles%\Net Nanny\NNSvc.exe -> Looksmart, Ltd. [Ver = 5, 1, 0, 9 | Size = 278625 bytes | Modified Date = 9/1/2004 12:04:54 PM | Attr = ] pqv2isvc.exe -> F:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -> PowerQuest Corporation [Ver = 2.0.3.402 | Size = 1253376 bytes | Modified Date = 2/25/2004 2:19:06 PM | Attr = ] spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 1/4/2008 8:56:52 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 12:01:56 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 9:38:42 AM | Attr = ] hpztsb10.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb10.exe -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 3/4/2004 10:46:24 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 3, 0, 38, 1 | Size = 49152 bytes | Modified Date = 2/18/2004 12:55:28 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.5.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 1.5.0.10 | Size = 36975 bytes | Modified Date = 12/6/2004 10:31:50 PM | Attr = ] backweb-8876480.exe -> %ProgramFiles%\Desktop Messenger\8876480\Program\backWeb-8876480.exe -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] logi_mwx.exe -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 3/19/2005 7:13:26 PM | Attr = ] alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 2:47:52 PM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 5:47:02 PM | Attr = ] nntray.exe -> %ProgramFiles%\Net Nanny\nntray.exe -> Looksmart, Ltd. [Ver = 5, 1, 0, 9 | Size = 2002944 bytes | Modified Date = 9/1/2004 12:06:46 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 7/24/2008 6:59:06 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\spy programs\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 7/26/2008 3:38:55 PM | Attr = ] (ANIWZCSdService) ANIWZCSd Service [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -> Alpha Networks Inc. [Ver = 1, 0, 1, 30507 | Size = 49152 bytes | Modified Date = 10/22/2004 1:42:44 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4173 | Size = 483328 bytes | Modified Date = 6/26/2007 8:49:21 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 6/29/2007 10:05:00 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2/9/2008 4:06:32 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 5:47:02 PM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 5:47:02 PM | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 5:47:02 PM | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 8/22/2007 2:21:30 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] (GEARSecurity) GEARSecurity [Win32_Own | Auto | Running] -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 2/25/2004 12:43:06 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.232 | Size = 3220856 bytes | Modified Date = 2/9/2008 4:06:24 PM | Attr = ] (LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 1/25/2008 5:47:02 PM | Attr = ] (NNSvc) NNSvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Net Nanny\NNSvc.exe -> Looksmart, Ltd. [Ver = 5, 1, 0, 9 | Size = 278625 bytes | Modified Date = 9/1/2004 12:04:54 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 7/24/2008 6:59:06 PM | Attr = ] (V2i Protector) V2i Protector [Win32_Own | Auto | Running] -> F:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe -> PowerQuest Corporation [Ver = 2.0.3.402 | Size = 1253376 bytes | Modified Date = 2/25/2004 2:19:06 PM | Attr = ] (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 1/4/2008 8:56:52 PM | Attr = ] [Driver Services - Non-Microsoft Only] (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\A3AB.sys -> D-Link Corporation [Ver = 5.3.0.46 | Size = 547744 bytes | Modified Date = 5/23/2007 4:15:00 AM | Attr = ] (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:02:18 | Size = 1066278 bytes | Modified Date = 3/4/2005 12:02:20 PM | Attr = ] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5840 built by: WinDDK | Size = 2317696 bytes | Modified Date = 4/20/2005 12:00:56 PM | Attr = ] (ANIO) ANIO Service [Kernel | Auto | Running] -> %SystemRoot%\system32\ANIO.sys -> Alpha Networks Inc. [Ver = 2.0.0.30505 | Size = 28205 bytes | Modified Date = 7/27/2004 11:20:46 AM | Attr = ] (Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Modified Date = 12/17/2003 4:30:46 PM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6706 | Size = 2303488 bytes | Modified Date = 6/26/2007 8:58:17 PM | Attr = ] (cel90xbe) cel90xbe [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Andy\LOCALS~1\Temp\cel90xbe.sys -> File not found (COH_Mon) COH_Mon [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 3/6/2008 9:32:09 PM | Attr = ] (CO_Mon) CO_Mon [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CO_Mon.sys -> Symantec Corporation [Ver = 2007.1.1.99 | Size = 36056 bytes | Modified Date = 8/8/2007 6:39:56 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/14/2008 12:14:50 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/14/2008 12:14:48 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 7/16/2008 1:43:26 PM | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 7/16/2008 1:43:26 PM | Attr = ] (GearAspiWDM) GearAspiWDM [Kernel | System | Running] -> %SystemRoot%\System32\drivers\GEARAspiWDM.sys -> GEAR Software [Ver = 2.001 | Size = 9856 bytes | Modified Date = 2/25/2004 12:43:06 PM | Attr = ] (itchfltr) iTouch Keyboard Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\itchfltr.sys -> Logitech, Inc. [Ver = 2.20.200.0 | Size = 12953 bytes | Modified Date = 3/10/2004 2:42:24 PM | Attr = ] (l8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 51729 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] (LCcfltr) Logitech USB Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LCcfltr.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 14095 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] (LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 25505 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] (LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37887 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.79.24.0 | Size = 70801 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080727.004\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 7/16/2008 1:43:26 PM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080727.004\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 7/16/2008 1:43:26 PM | Attr = ] (PQIMount) PQIMount [Kernel | System | Running] -> %SystemRoot%\System32\drivers\PQIMount.sys -> PowerQuest Corporation [Ver = 2.0.3.402 | Size = 46773 bytes | Modified Date = 2/25/2004 2:19:08 PM | Attr = ] (PQNTDrv) PQNTDrv [Kernel | System | Running] -> %SystemRoot%\System32\drivers\PQNTDRV.SYS -> [Ver = | Size = 3360 bytes | Modified Date = 12/4/2001 8:01:00 AM | Attr = ] (PQV2i) PQV2i [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\PQV2i.sys -> StorageCraft [Ver = 2.0.3.402 | Size = 138118 bytes | Modified Date = 2/25/2004 2:19:10 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (SiS315) SiS315 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisgrp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3630 | Size = 229888 bytes | Modified Date = 9/29/2004 4:55:50 PM | Attr = ] (SiSkp) SiSkp [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srvkp.sys -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3630 | Size = 12928 bytes | Modified Date = 9/24/2004 4:38:40 AM | Attr = ] (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Modified Date = 8/4/2004 12:31:34 AM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 4.1.0.12 | Size = 447024 bytes | Modified Date = 1/16/2008 8:05:42 PM | Attr = ] (SRTSP) SRTSP [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 279088 bytes | Modified Date = 1/31/2008 5:51:16 PM | Attr = ] (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 317616 bytes | Modified Date = 1/31/2008 5:51:16 PM | Attr = ] (SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.3.3 | Size = 43696 bytes | Modified Date = 1/31/2008 5:51:16 PM | Attr = ] (SSFS0BB9) Spy Sweeper File System Filer Driver: 0BB9 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] (SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] (SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ] (SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 13616 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 7/24/2008 7:07:42 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 96432 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 38576 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ipsdefs\20080725.002\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 3/20/2008 3:37:19 PM | Attr = ] (SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 31280 bytes | Modified Date = 6/13/2008 2:14:02 PM | Attr = ] (SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 31280 bytes | Modified Date = 6/13/2008 2:14:02 PM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 37424 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 22320 bytes | Modified Date = 6/13/2008 2:13:38 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 184240 bytes | Modified Date = 6/13/2008 2:13:40 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 64 inter flaw hold -> %AllUsersProfile%\Application Data\Mode Rule 64 Inter\hole blue.exe [C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter\hole blue.exe] -> [Ver = | Size = 4043264 bytes | Modified Date = 7/27/2008 12:08:01 PM | Attr = ] AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 3/4/2005 12:01:56 PM | Attr = ] AlcxMonitor -> %SystemRoot%\ALCXMNTR.EXE [ALCXMNTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 9/7/2004 2:47:52 PM | Attr = ] ANIWZCS2Service -> %ProgramFiles%\ANI\ANIWZCS2 Service\WZCSLDR2.exe [C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] -> Alpha Networks Inc. [Ver = 1, 0, 6, 41216 | Size = 49152 bytes | Modified Date = 12/16/2004 5:49:14 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 1/25/2008 5:47:22 PM | Attr = ] D-Link AirPlus G -> F:\Program Files\D-Link\AirPlus G\AirGCFG.exe [F:\Program Files\D-Link\AirPlus G\AirGCFG.exe] -> D-Link [Ver = 3, 3, 0, 50317 | Size = 1228800 bytes | Modified Date = 3/18/2005 4:34:00 AM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 12/22/2003 9:38:42 AM | Attr = ] HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe ["C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"] -> Hewlett-Packard Company [Ver = 3, 0, 38, 1 | Size = 49152 bytes | Modified Date = 2/18/2004 12:55:28 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb10.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 3/4/2004 10:46:24 AM | Attr = ] LDM -> %ProgramFiles%\Desktop Messenger\8876480\Program\backWeb-8876480.exe ["C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe"] -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 12/17/2003 10:50:00 AM | Attr = ] NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 11:50:42 AM | Attr = ] NNTray -> %ProgramFiles%\Net Nanny\NNStart.exe [C:\Program Files\Net Nanny\nnstart.exe] -> Looksmart, Ltd. [Ver = 5, 1, 0, 9 | Size = 65536 bytes | Modified Date = 9/1/2004 12:07:50 PM | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 2/6/2008 10:49:38 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 3/19/2005 7:13:26 PM | Attr = ] SiSPower -> %SystemRoot%\system32\SiSPower.dll [Rundll32.exe SiSPower.dll,ModeAgent] -> Silicon Integrated Systems Corporation [Ver = 6.14.10.3630 | Size = 49152 bytes | Modified Date = 9/24/2004 3:49:34 AM | Attr = ] SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe [C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray] -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 5367664 bytes | Modified Date = 1/4/2008 8:56:58 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_01\bin\jusched.exe [C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe] -> Sun Microsystems, Inc. [Ver = 1.5.0.10 | Size = 36975 bytes | Modified Date = 12/6/2004 10:31:50 PM | Attr = ] zBrowser Launcher -> f:\Program Files\Logitech\iTouch\iTouch.exe [f:\Program Files\Logitech\iTouch\iTouch.exe] -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 3/18/2004 10:33:26 AM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Burn Else -> %AppData%\loud cool bat\Idlenoun.exe [C:\DOCUME~1\Andy\APPLIC~1\LOUDCO~1\Idlenoun.exe] -> [Ver = | Size = 522240 bytes | Modified Date = 7/24/2008 6:48:28 PM | Attr = ] LDM -> %ProgramFiles%\Desktop Messenger\8876480\Program\backWeb-8876480.exe ["C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"] -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 5:44:06 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Desktop Messenger\8876480\Program\LDMConf.exe -> [Ver = 1.0.006 | Size = 156160 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] < Andy Startup Folder > -> C:\Documents and Settings\Andy\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/14/2008 5:42:20 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/14/2008 5:42:40 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/14/2008 5:42:26 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/14/2008 5:42:42 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4163 | Size = 118784 bytes | Modified Date = 6/26/2007 8:50:42 PM | Attr = ] WRNotifier -> %SystemRoot%\system32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/14/2008 12:10:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLITE-ON_DVDRW_SOHW-1633S________________BPSA____\5&36942936&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomSAMSUNG_CD-ROM_SC-148A__________________B402____\5&36942936&0&0.1.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2/4/2005 1:34:39 PM | Attr = ] < HOSTS File > (4102 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.netnanny.com/p/search?pi=nnh5&qt=%s -> HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://search.netnanny.com/p/search?pi=nnh5&qt=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> f:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 1:44:04 PM | Attr = ] {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 7/24/2008 6:59:34 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 1:44:04 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 6/30/2008 1:44:04 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_01\bin\NPJPI150_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 1.5.0.10 | Size = 69746 bytes | Modified Date = 12/6/2004 10:49:16 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> f:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_01\bin\NPJPI150_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 1.5.0.10 | Size = 69746 bytes | Modified Date = 12/6/2004 10:49:16 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> NN5.1.0.9 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {55E86A76-009A-4DA4-9F47-1679336BBA3B} -> 155.164.44.30,204.148.236.3 (SiS 900-Based PCI Fast Ethernet Adapter) -> {920EB882-0724-4142-8003-48301BF81147} -> (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)) -> {93181111-7848-4CFF-BF68-D2182061E9AD} -> (1394 Net Adapter) -> {CEFA6E72-A1FB-420E-8C75-ACA00167EA4C} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 9:38:40 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107542673467[WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\NickToonsRacing -> NickToonsRacing -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> NickToonsRacing -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\NickToonsRacing -> NickToonsRacing -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> NickToonsRacing -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\NickToonsRacing -> NickToonsRacing -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> NickToonsRacing -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/14/2008 5:41:58 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/14/2008 5:42:10 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1332 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> F2 24 68 F0 C3 03 3A 9A 42 59 1D 3D 5C 70 2E 6C 33 30 37 38 35 34 33 37 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 97 55 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 02 51 11 9E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 33 A4 9B CA 45 6F FC B9 C5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B0 5E CB 07 C7 36 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> D5 0C 4C 69 EF 72 AC 1F 98 CA E4 BF 21 A5 48 BB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 7C 8C 30 13 1E EE C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C5 8E 27 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 4C 22 2B 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 79 53 2C 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1232 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Starcraft\StarCraft.exe -> F:\Program Files\Starcraft\starcraft.exe [F:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft] -> Blizzard Entertainment [Ver = Version 1.11b | Size = 1048576 bytes | Modified Date = 5/25/2004 7:46:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe -> %ProgramFiles%\Desktop Messenger\8876480\Program\backWeb-8876480.exe [C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480] -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Empires_DMW.exe -> F:\Program Files\Empires_DMW.exe [F:\Program Files\Empires_DMW.exe:*:Disabled:Empires_DMW] -> [Ver = | Size = 5816104 bytes | Modified Date = 9/23/2003 9:04:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\LimeWire\LimeWire.exe -> F:\Program Files\LimeWire\LimeWire.exe [F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 2/22/2005 3:44:09 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Conquests\Civ3Conquests.exe -> F:\Program Files\Conquests\Civ3Conquests.exe [F:\Program Files\Conquests\Civ3Conquests.exe:*:Disabled:Civ3Conquests] -> © 2001-2003 Atari Inc. [Ver = 1, 0, 0, 0 | Size = 3420160 bytes | Modified Date = 10/17/2003 3:33:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpnsvr.exe -> %SystemRoot%\system32\dpnsvr.exe [C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server] -> Microsoft Corporation [Ver = 5.03.2600.5512 (xpsp.080413-0845) | Size = 17920 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\Dawn of War\W40k.exe -> %ProgramFiles%\THQ\Dawn of War\w40k.exe [C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K] -> Relic Entertainment Inc. [Ver = 1, 0, 0, 9999 | Size = 5018112 bytes | Modified Date = 12/17/2004 6:26:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\AIM\aim.exe -> F:\Program Files\AIM\aim.exe [F:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Yahoo!\Messenger\YPager.exe -> F:\Program Files\Yahoo!\Messenger\YPager.exe [F:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 6,0,0,1922 | Size = 2506752 bytes | Modified Date = 2/24/2005 11:57:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Yahoo!\Messenger\YServer.exe -> F:\Program Files\Yahoo!\Messenger\YServer.exe [F:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> %ProgramFiles%\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/14/2008 5:42:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\system32\qmgr.dll [C:\WINDOWS\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.7.2600.5512 (xpsp.080413-2108) | Size = 409088 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1232 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Starcraft\StarCraft.exe -> F:\Program Files\Starcraft\starcraft.exe [F:\Program Files\Starcraft\StarCraft.exe:*:Disabled:Starcraft] -> Blizzard Entertainment [Ver = Version 1.11b | Size = 1048576 bytes | Modified Date = 5/25/2004 7:46:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe -> %ProgramFiles%\Desktop Messenger\8876480\Program\backWeb-8876480.exe [C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480] -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Empires_DMW.exe -> F:\Program Files\Empires_DMW.exe [F:\Program Files\Empires_DMW.exe:*:Disabled:Empires_DMW] -> [Ver = | Size = 5816104 bytes | Modified Date = 9/23/2003 9:04:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\LimeWire\LimeWire.exe -> F:\Program Files\LimeWire\LimeWire.exe [F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 2/22/2005 3:44:09 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Conquests\Civ3Conquests.exe -> F:\Program Files\Conquests\Civ3Conquests.exe [F:\Program Files\Conquests\Civ3Conquests.exe:*:Disabled:Civ3Conquests] -> © 2001-2003 Atari Inc. [Ver = 1, 0, 0, 0 | Size = 3420160 bytes | Modified Date = 10/17/2003 3:33:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpnsvr.exe -> %SystemRoot%\system32\dpnsvr.exe [C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server] -> Microsoft Corporation [Ver = 5.03.2600.5512 (xpsp.080413-0845) | Size = 17920 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\Dawn of War\W40k.exe -> %ProgramFiles%\THQ\Dawn of War\w40k.exe [C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K] -> Relic Entertainment Inc. [Ver = 1, 0, 0, 9999 | Size = 5018112 bytes | Modified Date = 12/17/2004 6:26:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\AIM\aim.exe -> F:\Program Files\AIM\aim.exe [F:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Yahoo!\Messenger\YPager.exe -> F:\Program Files\Yahoo!\Messenger\YPager.exe [F:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 6,0,0,1922 | Size = 2506752 bytes | Modified Date = 2/24/2005 11:57:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\Program Files\Yahoo!\Messenger\YServer.exe -> F:\Program Files\Yahoo!\Messenger\YServer.exe [F:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitDownload\BitDownload.exe -> %ProgramFiles%\BitDownload\BitDownload.exe [C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/14/2008 5:42:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> [Files/Folders - Created Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 7/26/2008 7:48:24 PM | Attr = HS] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 7/25/2008 5:10:50 PM | Attr = ] bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> [Ver = | Size = 999 bytes | Created Date = 7/25/2008 1:11:15 AM | Attr = ] cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> [Ver = | Size = 717 bytes | Created Date = 7/25/2008 1:11:15 AM | Attr = ] cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> [Ver = | Size = 760 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> [Ver = | Size = 773 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> [Ver = | Size = 772 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> [Ver = | Size = 773 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] compact.wmz -> %SystemRoot%\System32\dllcache\compact.wmz -> [Ver = | Size = 184959 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> [Ver = | Size = 8298 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] controls.css -> %SystemRoot%\System32\dllcache\controls.css -> [Ver = | Size = 9585 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] controls.js -> %SystemRoot%\System32\dllcache\controls.js -> [Ver = | Size = 6878 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> [Ver = | Size = 381425 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] events.js -> %SystemRoot%\System32\dllcache\events.js -> [Ver = | Size = 5971 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] l3codeca.acm -> %SystemRoot%\System32\dllcache\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> [Ver = | Size = 457607 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> [Ver = | Size = 1885 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> [Ver = | Size = 97117 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> [Ver = | Size = 18286 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> [Ver = | Size = 2545 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> [Ver = | Size = 2778 bytes | Created Date = 7/25/2008 1:11:16 AM | Attr = ] msdxm.ocx -> %SystemRoot%\System32\dllcache\msdxm.ocx -> [Ver = | Size = 844314 bytes | Created Date = 7/25/2008 1:07:10 AM | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Created Date = 7/25/2008 1:07:10 AM | Attr = ] npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> [Ver = | Size = 403 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> [Ver = | Size = 22060 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> [Ver = | Size = 375519 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst1.wpl -> %SystemRoot%\System32\dllcache\plylst1.wpl -> [Ver = | Size = 1250 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst10.wpl -> %SystemRoot%\System32\dllcache\plylst10.wpl -> [Ver = | Size = 787 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst11.wpl -> %SystemRoot%\System32\dllcache\plylst11.wpl -> [Ver = | Size = 789 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst12.wpl -> %SystemRoot%\System32\dllcache\plylst12.wpl -> [Ver = | Size = 1451 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst13.wpl -> %SystemRoot%\System32\dllcache\plylst13.wpl -> [Ver = | Size = 783 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst14.wpl -> %SystemRoot%\System32\dllcache\plylst14.wpl -> [Ver = | Size = 775 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst15.wpl -> %SystemRoot%\System32\dllcache\plylst15.wpl -> [Ver = | Size = 733 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst2.wpl -> %SystemRoot%\System32\dllcache\plylst2.wpl -> [Ver = | Size = 1049 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst3.wpl -> %SystemRoot%\System32\dllcache\plylst3.wpl -> [Ver = | Size = 1474 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst4.wpl -> %SystemRoot%\System32\dllcache\plylst4.wpl -> [Ver = | Size = 1448 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst5.wpl -> %SystemRoot%\System32\dllcache\plylst5.wpl -> [Ver = | Size = 1477 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst6.wpl -> %SystemRoot%\System32\dllcache\plylst6.wpl -> [Ver = | Size = 1477 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst7.wpl -> %SystemRoot%\System32\dllcache\plylst7.wpl -> [Ver = | Size = 1046 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst8.wpl -> %SystemRoot%\System32\dllcache\plylst8.wpl -> [Ver = | Size = 1036 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plylst9.wpl -> %SystemRoot%\System32\dllcache\plylst9.wpl -> [Ver = | Size = 784 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> [Ver = | Size = 77307 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] revert.wmz -> %SystemRoot%\System32\dllcache\revert.wmz -> [Ver = | Size = 66725 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> [Ver = | Size = 572557 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> [Ver = | Size = 908 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] sl_anet.acm -> %SystemRoot%\System32\dllcache\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> [Ver = | Size = 1148 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> [Ver = | Size = 1380 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> [Ver = | Size = 1367 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> [Ver = | Size = 1398 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> [Ver = | Size = 1380 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] tour.js -> %SystemRoot%\System32\dllcache\tour.js -> [Ver = | Size = 3187 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> [Ver = | Size = 23829 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> [Ver = | Size = 2450 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> [Ver = | Size = 2371 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> [Ver = | Size = 2469 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> [Ver = | Size = 2375 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> [Ver = | Size = 17489 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> [Ver = | Size = 5290 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> [Ver = | Size = 300969 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> [Ver = | Size = 5789 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> [Ver = | Size = 7636 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> [Ver = | Size = 6241 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> [Ver = | Size = 7369 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> [Ver = | Size = 2477 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> [Ver = | Size = 6060 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> [Ver = | Size = 8677 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> [Ver = | Size = 4193 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> [Ver = | Size = 7892 bytes | Created Date = 7/25/2008 1:11:17 AM | Attr = ] wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> [Ver = | Size = 17272 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> [Ver = | Size = 6769 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmp.inf -> %SystemRoot%\System32\dllcache\wmp.inf -> [Ver = | Size = 29070 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> [Ver = | Size = 354468 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> [Ver = | Size = 86180 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> [Ver = | Size = 172196 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> [Ver = | Size = 86180 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> [Ver = | Size = 86196 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> [Ver = | Size = 343204 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> [Ver = | Size = 343204 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> [Ver = | Size = 172196 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> [Ver = | Size = 172196 bytes | Created Date = 7/25/2008 1:11:18 AM | Attr = ] wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> [Ver = | Size = 23195 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> [Ver = | Size = 67374 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> [Ver = | Size = 613334 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> [Ver = | Size = 420 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> [Ver = | Size = 855 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> [Ver = | Size = 1771 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> [Ver = | Size = 10457 bytes | Created Date = 7/25/2008 1:11:19 AM | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 7/25/2008 1:05:08 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/25/2008 11:23:01 AM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 7/25/2008 11:23:00 AM | Attr = ] SSFS0BB9.sys -> %SystemRoot%\System32\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Created Date = 7/25/2008 5:12:35 PM | Attr = ] sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Created Date = 7/25/2008 5:12:35 PM | Attr = ] ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Created Date = 7/25/2008 5:12:35 PM | Attr = ] sskbfd.sys -> %SystemRoot%\System32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Created Date = 7/25/2008 5:12:35 PM | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Created Date = 7/24/2008 6:58:22 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 7/24/2008 6:58:22 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Created Date = 7/24/2008 6:58:22 PM | Attr = ] aIPH.dll -> %SystemRoot%\System32\aIPH.dll -> Alpha Networks Inc. [Ver = 1, 1, 0, 50218 | Size = 212992 bytes | Created Date = 7/25/2008 1:45:05 AM | Attr = ] ANICtl.dll -> %SystemRoot%\System32\ANICtl.dll -> Alpha Networks Inc. [Ver = 1, 0, 3, 31217 | Size = 57407 bytes | Created Date = 7/25/2008 1:45:05 AM | Attr = ] ANIO.sys -> %SystemRoot%\System32\ANIO.sys -> Alpha Networks Inc. [Ver = 2.0.0.30505 | Size = 28205 bytes | Created Date = 7/25/2008 1:44:55 AM | Attr = ] ANIO.VXD -> %SystemRoot%\System32\ANIO.VXD -> [Ver = | Size = 16997 bytes | Created Date = 7/25/2008 1:44:55 AM | Attr = ] anio4.sys -> %SystemRoot%\System32\anio4.sys -> ANI [Ver = 1.1.0.30505 | Size = 11904 bytes | Created Date = 7/25/2008 1:44:55 AM | Attr = ] ANIOApi.dll -> %SystemRoot%\System32\ANIOApi.dll -> Alpha Networks Inc. [Ver = 2, 0, 0, 40127 | Size = 36864 bytes | Created Date = 7/25/2008 1:44:55 AM | Attr = ] ANIWZCS2.dll -> %SystemRoot%\System32\ANIWZCS2.dll -> Alpha Networks Inc. [Ver = 2, 4, 10, 50318 | Size = 368640 bytes | Created Date = 7/25/2008 1:45:05 AM | Attr = ] AQCKGen.dll -> %SystemRoot%\System32\AQCKGen.dll -> Alpha Networks Inc. [Ver = 1, 0, 0, 30603 | Size = 49152 bytes | Created Date = 7/25/2008 1:45:05 AM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 7/25/2008 1:10:57 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 7/25/2008 12:42:37 AM | Attr = ] odSupp_M.dll -> %SystemRoot%\System32\odSupp_M.dll -> Funk Software, Inc. [Ver = 3.00.00.006 | Size = 1323095 bytes | Created Date = 7/25/2008 1:45:05 AM | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Created Date = 7/24/2008 6:58:22 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 7/25/2008 1:10:59 AM | Attr = ] ssiefr.EXE -> %SystemRoot%\System32\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Created Date = 7/25/2008 5:12:30 PM | Attr = ] WlanApp.dll -> %SystemRoot%\System32\WlanApp.dll -> Alpha Networks Inc. [Ver = 1, 0, 10, 50316 | Size = 143360 bytes | Created Date = 7/25/2008 1:45:05 AM | Attr = ] WRLogonNtf.dll -> %SystemRoot%\System32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Created Date = 7/25/2008 5:12:34 PM | Attr = ] wrlzma.dll -> %SystemRoot%\System32\wrlzma.dll -> [Ver = | Size = 26480 bytes | Created Date = 7/25/2008 5:12:30 PM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 7/25/2008 12:41:28 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 7/25/2008 12:41:12 AM | Attr = H ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 7/25/2008 12:41:39 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 7/25/2008 12:43:20 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 7/25/2008 1:10:57 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 7/25/2008 12:39:14 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 7/25/2008 1:17:34 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 7/26/2008 8:21:33 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 7/25/2008 12:42:39 AM | Attr = ] WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Created Date = 7/25/2008 5:12:30 PM | Attr = ] Norton Internet Security - Run Full System Scan - Andy.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Andy.job -> [Ver = | Size = 620 bytes | Created Date = 7/24/2008 7:01:26 PM | Attr = ] wrSpySweeperTrialSweep.job -> %SystemRoot%\tasks\wrSpySweeperTrialSweep.job -> [Ver = | Size = 1568 bytes | Created Date = 7/25/2008 5:12:36 PM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/27/2008 12:02:45 PM | Attr = HS] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 7/25/2008 5:10:51 PM | Attr = ] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 7/25/2008 1:04:48 AM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/26/2008 8:34:23 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 7/25/2008 2:44:01 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/26/2008 3:39:37 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 7/27/2008 12:27:45 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 4102 bytes | Modified Date = 7/25/2008 5:17:34 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/23/2008 8:20:02 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 7/23/2008 8:20:08 PM | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 7/24/2008 7:07:42 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 7/24/2008 7:07:42 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 7/24/2008 7:07:42 PM | Attr = ] ANIWZCS{888A4B10-9502-40FC-9A2F-256E65ACFB50} -> %SystemRoot%\System32\ANIWZCS{888A4B10-9502-40FC-9A2F-256E65ACFB50} -> [Ver = | Size = 3284 bytes | Modified Date = 7/25/2008 12:52:46 AM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 7/25/2008 1:10:56 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 7/25/2008 1:45:14 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/27/2008 12:03:40 PM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 7/25/2008 1:07:32 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/26/2008 3:00:57 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/26/2008 3:38:23 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 7/25/2008 1:10:57 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 7/25/2008 1:10:59 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 98256 bytes | Modified Date = 7/25/2008 1:16:58 AM | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 7/25/2008 1:07:37 AM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 7/25/2008 1:06:34 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 7/25/2008 11:18:43 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 7/25/2008 11:18:43 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 470292 bytes | Modified Date = 7/25/2008 11:18:43 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 7/25/2008 1:52:56 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/25/2008 2:44:01 PM | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Modified Date = 7/24/2008 7:07:42 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 7/25/2008 1:10:59 AM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 7/25/2008 1:16:53 AM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 7/25/2008 1:10:59 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 7/25/2008 1:16:53 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13002 bytes | Modified Date = 7/27/2008 12:03:05 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/25/2008 3:04:29 PM | Attr = H ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 7/25/2008 1:03:55 AM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 7/25/2008 12:41:28 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 7/25/2008 12:41:12 AM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 7/25/2008 1:16:53 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/27/2008 12:02:57 PM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 7/25/2008 12:58:28 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/26/2008 7:06:07 PM | Attr = S] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 7/25/2008 1:01:30 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 7/25/2008 1:16:52 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/25/2008 1:11:19 AM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 7/25/2008 12:42:23 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 7/25/2008 12:43:20 AM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 7/25/2008 1:11:10 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 7/25/2008 11:18:45 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/26/2008 7:48:27 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/26/2008 7:48:42 PM | Attr = HS] iTouch.ini -> %SystemRoot%\iTouch.ini -> [Ver = | Size = 65 bytes | Modified Date = 7/25/2008 8:12:34 PM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 7/25/2008 1:10:58 AM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 7/25/2008 12:42:33 AM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 7/25/2008 1:07:35 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 7/25/2008 1:11:10 AM | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 7/25/2008 1:10:56 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/27/2008 12:23:38 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 7/26/2008 8:21:33 AM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 7/25/2008 1:47:41 AM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 7/25/2008 1:11:21 AM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 7/25/2008 1:07:34 AM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 7/25/2008 1:06:32 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/26/2008 3:38:23 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/26/2008 7:48:27 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/27/2008 12:19:58 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 7/25/2008 12:42:39 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 631 bytes | Modified Date = 7/25/2008 5:12:34 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/25/2008 1:11:31 AM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 7/25/2008 1:19:39 AM | Attr = ] Norton Internet Security - Run Full System Scan - Andy.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Andy.job -> [Ver = | Size = 620 bytes | Modified Date = 7/24/2008 7:01:27 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/27/2008 12:03:26 PM | Attr = H ] wrSpySweeperTrialSweep.job -> %SystemRoot%\tasks\wrSpySweeperTrialSweep.job -> [Ver = | Size = 1568 bytes | Modified Date = 7/25/2008 5:12:37 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes -> [Folder | Modified Date = 12/26/2007 1:09:26 AM | Attr = ] Filelist00001.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00001.DAT -> [Ver = | Size = 2300 bytes | Modified Date = 12/25/2007 11:47:43 PM | Attr = ] Filelist00002.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00002.DAT -> [Ver = | Size = 1308 bytes | Modified Date = 12/25/2007 11:47:43 PM | Attr = ] Filelist00003.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00003.DAT -> [Ver = | Size = 5392 bytes | Modified Date = 12/25/2007 11:47:44 PM | Attr = ] Filelist00004.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00004.DAT -> [Ver = | Size = 19384 bytes | Modified Date = 12/25/2007 11:47:52 PM | Attr = ] Filelist00005.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00005.DAT -> [Ver = | Size = 9352 bytes | Modified Date = 12/25/2007 11:47:54 PM | Attr = ] Filelist00006.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00006.DAT -> [Ver = | Size = 10672 bytes | Modified Date = 12/25/2007 11:47:56 PM | Attr = ] Filelist00007.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00007.DAT -> [Ver = | Size = 12652 bytes | Modified Date = 12/25/2007 11:47:57 PM | Attr = ] Filelist00008.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00008.DAT -> [Ver = | Size = 9088 bytes | Modified Date = 12/25/2007 11:47:58 PM | Attr = ] Filelist00009.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00009.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:47:59 PM | Attr = ] Filelist00010.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00010.DAT -> [Ver = | Size = 7636 bytes | Modified Date = 12/25/2007 11:48:00 PM | Attr = ] Filelist00011.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00011.DAT -> [Ver = | Size = 6184 bytes | Modified Date = 12/25/2007 11:48:00 PM | Attr = ] Filelist00012.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00012.DAT -> [Ver = | Size = 23212 bytes | Modified Date = 12/25/2007 11:48:02 PM | Attr = ] Filelist00013.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00013.DAT -> [Ver = | Size = 11596 bytes | Modified Date = 12/25/2007 11:48:04 PM | Attr = ] Filelist00014.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00014.DAT -> [Ver = | Size = 8824 bytes | Modified Date = 12/25/2007 11:48:06 PM | Attr = ] Filelist00015.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00015.DAT -> [Ver = | Size = 11596 bytes | Modified Date = 12/25/2007 11:48:07 PM | Attr = ] Filelist00016.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00016.DAT -> [Ver = | Size = 9484 bytes | Modified Date = 12/25/2007 11:48:08 PM | Attr = ] Filelist00017.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00017.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:48:09 PM | Attr = ] Filelist00018.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00018.DAT -> [Ver = | Size = 4468 bytes | Modified Date = 12/25/2007 11:48:09 PM | Attr = ] Filelist00019.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00019.DAT -> [Ver = | Size = 8164 bytes | Modified Date = 12/25/2007 11:48:09 PM | Attr = ] Filelist00020.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00020.DAT -> [Ver = | Size = 27172 bytes | Modified Date = 12/25/2007 11:48:12 PM | Attr = ] Filelist00021.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00021.DAT -> [Ver = | Size = 31396 bytes | Modified Date = 12/25/2007 11:48:19 PM | Attr = ] Filelist00022.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00022.DAT -> [Ver = | Size = 13972 bytes | Modified Date = 12/25/2007 11:48:22 PM | Attr = ] Filelist00023.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00023.DAT -> [Ver = | Size = 9220 bytes | Modified Date = 12/25/2007 11:48:24 PM | Attr = ] Filelist00024.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00024.DAT -> [Ver = | Size = 9220 bytes | Modified Date = 12/25/2007 11:48:25 PM | Attr = ] Filelist00025.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00025.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:48:27 PM | Attr = ] Filelist00026.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00026.DAT -> [Ver = | Size = 3412 bytes | Modified Date = 12/25/2007 11:48:27 PM | Attr = ] Filelist00027.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00027.DAT -> [Ver = | Size = 10672 bytes | Modified Date = 12/25/2007 11:48:28 PM | Attr = ] Filelist00028.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00028.DAT -> [Ver = | Size = 22420 bytes | Modified Date = 12/25/2007 11:48:30 PM | Attr = ] Filelist00029.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00029.DAT -> [Ver = | Size = 24004 bytes | Modified Date = 12/25/2007 11:48:32 PM | Attr = ] Filelist00030.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00030.DAT -> [Ver = | Size = 25984 bytes | Modified Date = 12/25/2007 11:48:33 PM | Attr = ] Filelist00031.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00031.DAT -> [Ver = | Size = 22156 bytes | Modified Date = 12/25/2007 11:48:34 PM | Attr = ] Filelist00032.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00032.DAT -> [Ver = | Size = 18856 bytes | Modified Date = 12/25/2007 11:48:36 PM | Attr = ] Filelist00033.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00033.DAT -> [Ver = | Size = 12256 bytes | Modified Date = 12/25/2007 11:48:36 PM | Attr = ] Filelist00034.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00034.DAT -> [Ver = | Size = 6448 bytes | Modified Date = 12/25/2007 11:48:37 PM | Attr = ] Filelist00035.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00035.DAT -> [Ver = | Size = 5128 bytes | Modified Date = 12/25/2007 11:48:37 PM | Attr = ] Filelist00036.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00036.DAT -> [Ver = | Size = 13444 bytes | Modified Date = 12/25/2007 11:48:38 PM | Attr = ] Filelist00037.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00037.DAT -> [Ver = | Size = 9088 bytes | Modified Date = 12/25/2007 11:48:38 PM | Attr = ] Filelist00038.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00038.DAT -> [Ver = | Size = 11992 bytes | Modified Date = 12/25/2007 11:48:39 PM | Attr = ] Filelist00039.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00039.DAT -> [Ver = | Size = 26512 bytes | Modified Date = 12/25/2007 11:48:41 PM | Attr = ] Filelist00040.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00040.DAT -> [Ver = | Size = 16216 bytes | Modified Date = 12/25/2007 11:48:42 PM | Attr = ] Filelist00041.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00041.DAT -> [Ver = | Size = 9616 bytes | Modified Date = 12/25/2007 11:48:43 PM | Attr = ] Filelist00042.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00042.DAT -> [Ver = | Size = 6316 bytes | Modified Date = 12/25/2007 11:48:43 PM | Attr = ] Filelist00043.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00043.DAT -> [Ver = | Size = 6976 bytes | Modified Date = 12/25/2007 11:48:44 PM | Attr = ] Filelist00044.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00044.DAT -> [Ver = | Size = 16744 bytes | Modified Date = 12/25/2007 11:48:45 PM | Attr = ] Filelist00045.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00045.DAT -> [Ver = | Size = 18460 bytes | Modified Date = 12/25/2007 11:48:46 PM | Attr = ] Filelist00046.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00046.DAT -> [Ver = | Size = 18724 bytes | Modified Date = 12/25/2007 11:48:47 PM | Attr = ] Filelist00047.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00047.DAT -> [Ver = | Size = 9484 bytes | Modified Date = 12/25/2007 11:48:48 PM | Attr = ] Filelist00048.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00048.DAT -> [Ver = | Size = 8824 bytes | Modified Date = 12/25/2007 11:48:48 PM | Attr = ] Filelist00049.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00049.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:48:49 PM | Attr = ] Filelist00050.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00050.DAT -> [Ver = | Size = 3412 bytes | Modified Date = 12/25/2007 11:48:49 PM | Attr = ] Filelist00051.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00051.DAT -> [Ver = | Size = 9484 bytes | Modified Date = 12/25/2007 11:48:50 PM | Attr = ] Filelist00052.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00052.DAT -> [Ver = | Size = 31924 bytes | Modified Date = 12/25/2007 11:48:52 PM | Attr = ] Filelist00053.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00053.DAT -> [Ver = | Size = 27304 bytes | Modified Date = 12/25/2007 11:48:54 PM | Attr = ] Filelist00054.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00054.DAT -> [Ver = | Size = 24400 bytes | Modified Date = 12/25/2007 11:48:56 PM | Attr = ] Filelist00055.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00055.DAT -> [Ver = | Size = 23344 bytes | Modified Date = 12/25/2007 11:48:57 PM | Attr = ] Filelist00056.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00056.DAT -> [Ver = | Size = 15820 bytes | Modified Date = 12/25/2007 11:48:57 PM | Attr = ] Filelist00057.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00057.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:48:58 PM | Attr = ] Filelist00058.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00058.DAT -> [Ver = | Size = 2356 bytes | Modified Date = 12/25/2007 11:48:58 PM | Attr = ] Filelist00059.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00059.DAT -> [Ver = | Size = 8560 bytes | Modified Date = 12/25/2007 11:48:59 PM | Attr = ] Filelist00060.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00060.DAT -> [Ver = | Size = 25720 bytes | Modified Date = 12/25/2007 11:49:00 PM | Attr = ] Filelist00061.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00061.DAT -> [Ver = | Size = 30740 bytes | Modified Date = 12/25/2007 11:49:02 PM | Attr = ] Filelist00062.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00062.DAT -> [Ver = | Size = 23212 bytes | Modified Date = 12/25/2007 11:49:03 PM | Attr = ] Filelist00063.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00063.DAT -> [Ver = | Size = 22420 bytes | Modified Date = 12/25/2007 11:49:05 PM | Attr = ] Filelist00064.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00064.DAT -> [Ver = | Size = 11332 bytes | Modified Date = 12/25/2007 11:49:05 PM | Attr = ] Filelist00065.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00065.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:49:06 PM | Attr = ] Filelist00066.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00066.DAT -> [Ver = | Size = 904 bytes | Modified Date = 12/25/2007 11:49:06 PM | Attr = ] Filelist00067.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00067.DAT -> [Ver = | Size = 7636 bytes | Modified Date = 12/25/2007 11:49:07 PM | Attr = ] Filelist00068.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00068.DAT -> [Ver = | Size = 22288 bytes | Modified Date = 12/25/2007 11:49:08 PM | Attr = ] Filelist00069.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00069.DAT -> [Ver = | Size = 27964 bytes | Modified Date = 12/25/2007 11:49:10 PM | Attr = ] Filelist00070.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00070.DAT -> [Ver = | Size = 17272 bytes | Modified Date = 12/25/2007 11:49:11 PM | Attr = ] Filelist00071.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00071.DAT -> [Ver = | Size = 9748 bytes | Modified Date = 12/25/2007 11:49:12 PM | Attr = ] Filelist00072.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00072.DAT -> [Ver = | Size = 8824 bytes | Modified Date = 12/25/2007 11:49:12 PM | Attr = ] Filelist00073.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00073.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:49:13 PM | Attr = ] Filelist00074.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00074.DAT -> [Ver = | Size = 1432 bytes | Modified Date = 12/25/2007 11:49:13 PM | Attr = ] Filelist00075.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00075.DAT -> [Ver = | Size = 8956 bytes | Modified Date = 12/25/2007 11:49:15 PM | Attr = ] Filelist00076.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00076.DAT -> [Ver = | Size = 20044 bytes | Modified Date = 12/25/2007 11:49:17 PM | Attr = ] Filelist00077.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00077.DAT -> [Ver = | Size = 21364 bytes | Modified Date = 12/25/2007 11:49:19 PM | Attr = ] Filelist00078.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00078.DAT -> [Ver = | Size = 25456 bytes | Modified Date = 12/25/2007 11:49:22 PM | Attr = ] Filelist00079.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00079.DAT -> [Ver = | Size = 15952 bytes | Modified Date = 12/25/2007 11:49:23 PM | Attr = ] Filelist00080.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00080.DAT -> [Ver = | Size = 12520 bytes | Modified Date = 12/25/2007 11:49:24 PM | Attr = ] Filelist00081.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00081.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:49:25 PM | Attr = ] Filelist00082.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00082.DAT -> [Ver = | Size = 244 bytes | Modified Date = 12/25/2007 11:49:25 PM | Attr = ] Filelist00083.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00083.DAT -> [Ver = | Size = 6184 bytes | Modified Date = 12/25/2007 11:49:26 PM | Attr = ] Filelist00084.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00084.DAT -> [Ver = | Size = 17140 bytes | Modified Date = 12/25/2007 11:49:29 PM | Attr = ] Filelist00085.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00085.DAT -> [Ver = | Size = 22156 bytes | Modified Date = 12/25/2007 11:49:34 PM | Attr = ] Filelist00086.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00086.DAT -> [Ver = | Size = 15028 bytes | Modified Date = 12/25/2007 11:49:37 PM | Attr = ] Filelist00087.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00087.DAT -> [Ver = | Size = 25852 bytes | Modified Date = 12/25/2007 11:49:40 PM | Attr = ] Filelist00088.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00088.DAT -> [Ver = | Size = 22552 bytes | Modified Date = 12/25/2007 11:49:44 PM | Attr = ] Filelist00089.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00089.DAT -> [Ver = | Size = 8692 bytes | Modified Date = 12/25/2007 11:49:46 PM | Attr = ] Filelist00090.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00090.DAT -> [Ver = | Size = 508 bytes | Modified Date = 12/25/2007 11:49:46 PM | Attr = ] Filelist00091.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00091.DAT -> [Ver = | Size = 4600 bytes | Modified Date = 12/25/2007 11:49:46 PM | Attr = ] Filelist00092.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00092.DAT -> [Ver = | Size = 12784 bytes | Modified Date = 12/25/2007 11:49:47 PM | Attr = ] Filelist00093.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00093.DAT -> [Ver = | Size = 9220 bytes | Modified Date = 12/25/2007 11:49:48 PM | Attr = ] Filelist00094.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00094.DAT -> [Ver = | Size = 11596 bytes | Modified Date = 12/25/2007 11:49:48 PM | Attr = ] Filelist00095.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00095.DAT -> [Ver = | Size = 15424 bytes | Modified Date = 12/25/2007 11:49:49 PM | Attr = ] Filelist00096.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00096.DAT -> [Ver = | Size = 15160 bytes | Modified Date = 12/25/2007 11:49:50 PM | Attr = ] Filelist00097.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00097.DAT -> [Ver = | Size = 9880 bytes | Modified Date = 12/25/2007 11:49:51 PM | Attr = ] Filelist00098.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00098.DAT -> [Ver = | Size = 5392 bytes | Modified Date = 12/25/2007 11:49:51 PM | Attr = ] Filelist00099.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00099.DAT -> [Ver = | Size = 372 bytes | Modified Date = 12/25/2007 11:49:51 PM | Attr = ] Filelist00100.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00100.DAT -> [Ver = | Size = 2856 bytes | Modified Date = 12/25/2007 11:49:52 PM | Attr = ] Filelist00101.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00101.DAT -> [Ver = | Size = 904 bytes | Modified Date = 12/25/2007 11:49:52 PM | Attr = ] Filelist00102.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00102.DAT -> [Ver = | Size = 644 bytes | Modified Date = 12/25/2007 11:49:52 PM | Attr = ] Filelist00103.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00103.DAT -> [Ver = | Size = 4844 bytes | Modified Date = 12/25/2007 11:49:52 PM | Attr = ] Filelist00104.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00104.DAT -> [Ver = | Size = 2880 bytes | Modified Date = 12/25/2007 11:49:53 PM | Attr = ] Filelist00105.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00105.DAT -> [Ver = | Size = 1952 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00106.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00106.DAT -> [Ver = | Size = 1956 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00107.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00107.DAT -> [Ver = | Size = 508 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00108.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00108.DAT -> [Ver = | Size = 376 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00109.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00109.DAT -> [Ver = | Size = 252 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00110.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00110.DAT -> [Ver = | Size = 408 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00111.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00111.DAT -> [Ver = | Size = 252 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00112.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00112.DAT -> [Ver = | Size = 256 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00113.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00113.DAT -> [Ver = | Size = 2860 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] Filelist00114.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\Filelist00114.DAT -> [Ver = | Size = 252 bytes | Modified Date = 12/25/2007 11:49:54 PM | Attr = ] FilelistIndex.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\FSX\SceneryIndexes\FilelistIndex.DAT -> [Ver = | Size = 50460 bytes | Modified Date = 12/29/2007 1:03:27 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 2/4/2005 3:44:16 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8123 bytes | Modified Date = 2/4/2005 3:44:16 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2/4/2005 1:45:49 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 8077 bytes | Modified Date = 7/27/2008 12:06:41 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8077 bytes | Modified Date = 7/27/2008 12:06:41 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing -> [Folder | Modified Date = 12/25/2007 2:13:46 PM | Attr = ] 1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\1e5087d3-4b65-3a13-e56e-f8c0b01c389d.dat -> [Ver = | Size = 3338 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 2aa181cf-5771-3146-73c7-afbf7e9ced2e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\2aa181cf-5771-3146-73c7-afbf7e9ced2e.dat -> [Ver = | Size = 16644 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 325ecd9f-b45c-7657-310d-a3ec69566036.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\325ecd9f-b45c-7657-310d-a3ec69566036.dat -> [Ver = | Size = 4324 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 3a2d0e4e-183a-3be6-de12-f79b20b6726b.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\3a2d0e4e-183a-3be6-de12-f79b20b6726b.dat -> [Ver = | Size = 4339 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 43b3fb56-0aa1-cf24-fcd5-ace4f579aa78.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\43b3fb56-0aa1-cf24-fcd5-ace4f579aa78.dat -> [Ver = | Size = 6043 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 4a9b95b9-1079-3d9a-1dd0-511ab9735c52.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\4a9b95b9-1079-3d9a-1dd0-511ab9735c52.dat -> [Ver = | Size = 4190 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 61003c70-2333-4da9-f637-1240e25f9b46.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\61003c70-2333-4da9-f637-1240e25f9b46.dat -> [Ver = | Size = 5105 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 6d1fc144-430d-92ee-a585-fccf492243f1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\6d1fc144-430d-92ee-a585-fccf492243f1.dat -> [Ver = | Size = 16652 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 7fc76939-1749-9389-638e-b057f3111dfe.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\7fc76939-1749-9389-638e-b057f3111dfe.dat -> [Ver = | Size = 8266 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] 8750c800-55f9-e425-7ccc-4b72eb2e0e5e.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\8750c800-55f9-e425-7ccc-4b72eb2e0e5e.dat -> [Ver = | Size = 6182 bytes | Modified Date = 12/25/2007 2:13:42 PM | Attr = ] 9728020c-33b1-869d-8ca7-2da2673eeba6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\9728020c-33b1-869d-8ca7-2da2673eeba6.dat -> [Ver = | Size = 13319 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] a0f9724c-96cd-feb7-a7df-c7a88f4708b0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\a0f9724c-96cd-feb7-a7df-c7a88f4708b0.dat -> [Ver = | Size = 4256 bytes | Modified Date = 12/25/2007 2:13:44 PM | Attr = ] af154ab4-7867-7da2-509f-55369e19b78a.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\af154ab4-7867-7da2-509f-55369e19b78a.dat -> [Ver = | Size = 5259 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] b3724b38-a0be-7e2e-680a-76a2b74d87ae.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\b3724b38-a0be-7e2e-680a-76a2b74d87ae.dat -> [Ver = | Size = 11422 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] b63271ae-c613-2d09-eede-d8f740f9fbdc.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\b63271ae-c613-2d09-eede-d8f740f9fbdc.dat -> [Ver = | Size = 3447 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] bb94bdbd-e879-9f77-c792-8f2b062f83fa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\bb94bdbd-e879-9f77-c792-8f2b062f83fa.dat -> [Ver = | Size = 3033 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] c6605a8c-2f74-5773-5b06-b797e1036c1f.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\c6605a8c-2f74-5773-5b06-b797e1036c1f.dat -> [Ver = | Size = 5612 bytes | Modified Date = 12/25/2007 2:13:44 PM | Attr = ] c7f13e4f-3a54-f72a-4415-9de346aa9a51.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\c7f13e4f-3a54-f72a-4415-9de346aa9a51.dat -> [Ver = | Size = 3448 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] de9e2bcc-7d00-b549-255a-b17032b2f1aa.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\de9e2bcc-7d00-b549-255a-b17032b2f1aa.dat -> [Ver = | Size = 11348 bytes | Modified Date = 12/25/2007 2:13:46 PM | Attr = ] e6e4926f-0068-fab6-7801-65e0e80fd0ef.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\e6e4926f-0068-fab6-7801-65e0e80fd0ef.dat -> [Ver = | Size = 3037 bytes | Modified Date = 12/25/2007 2:13:42 PM | Attr = ] e840ba51-07a0-5a6f-202f-a1d2634d5cb6.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\e840ba51-07a0-5a6f-202f-a1d2634d5cb6.dat -> [Ver = | Size = 11430 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] f0f642df-b163-4f5b-70aa-9dbfadeaa323.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\f0f642df-b163-4f5b-70aa-9dbfadeaa323.dat -> [Ver = | Size = 3978 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] f68611eb-e389-1a51-bd94-636faf15e309.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\f68611eb-e389-1a51-bd94-636faf15e309.dat -> [Ver = | Size = 7371 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] fda68769-b92c-0baa-a72e-cdf551afdbb7.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\SLDL\SoftwareLicensing\fda68769-b92c-0baa-a72e-cdf551afdbb7.dat -> [Ver = | Size = 13323 bytes | Modified Date = 12/25/2007 2:01:00 PM | Attr = ] C:\Documents and Settings\Andy\Local Settings\Temp\ins1.tmp\ -> C:\Documents and Settings\Andy\Local Settings\Temp\ins1.tmp\ -> [Folder | Modified Date = 2/18/2005 5:17:47 PM | Attr = ] LDMClient.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\ins1.tmp\LDMClient.exe -> BackWeb [Ver = Version 6.1 (Build 155R) | Size = 4233134 bytes | Modified Date = 12/14/2001 5:32:00 AM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\ins2.tmp\ -> C:\Documents and Settings\Andy\Local Settings\Temp\ins2.tmp\ -> [Folder | Modified Date = 2/18/2005 6:14:32 PM | Attr = ] LDMClient.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\ins2.tmp\LDMClient.exe -> BackWeb [Ver = Version 6.1 (Build 155R) | Size = 4233134 bytes | Modified Date = 12/14/2001 5:32:00 AM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for ClonyXXL.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for ClonyXXL.zip\ -> [Folder | Modified Date = 3/24/2005 10:42:52 AM | Attr = H ] ClonyXXL.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for ClonyXXL.zip\ClonyXXL.exe -> [Ver = 2, 0, 1, 5 | Size = 274944 bytes | Modified Date = 4/29/2003 9:46:18 PM | Attr = ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for ClonyXXL.zip\ClonyXXL.exe:Zone.Identifier C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\ -> [Folder | Modified Date = 2/4/2005 4:45:23 PM | Attr = H ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\setup.exe -> [Ver = | Size = 38782335 bytes | Modified Date = 9/12/2003 6:41:38 PM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY -> [Folder | Modified Date = 2/4/2005 4:45:23 PM | Attr = ] PartInNT.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY\PartInNT.exe -> PowerQuest Corporation [Ver = 8.0.0.0 | Size = 859136 bytes | Modified Date = 9/16/2002 3:04:16 AM | Attr = R ] Pqboot32.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY\Pqboot32.exe -> PowerQuest Corporation [Ver = 8.0.0.0 | Size = 149504 bytes | Modified Date = 9/16/2002 2:19:30 AM | Attr = R ] PTEDIT32.EXE -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY\PTEDIT32.EXE -> PowerQuest Corporation [Ver = 1.1.0.0 | Size = 503808 bytes | Modified Date = 9/16/2002 3:24:48 AM | Attr = R ] RestoreMBR.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY\RestoreMBR.exe -> PowerQuest Corporation [Ver = 2, 0, 1, 309 | Size = 598016 bytes | Modified Date = 9/12/2003 2:55:38 PM | Attr = R ] SmeDump.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for DriveImage701A_ESD.zip\UTILITY\SmeDump.exe -> PowerQuest Corporation [Ver = 2, 0, 1, 309 | Size = 5160960 bytes | Modified Date = 9/12/2003 3:26:34 PM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for vpro203_personalupdate_esd.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for vpro203_personalupdate_esd.zip\ -> [Folder | Modified Date = 12/22/2007 1:50:08 AM | Attr = H ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 1 for vpro203_personalupdate_esd.zip\setup.exe -> [Ver = | Size = 53516830 bytes | Modified Date = 2/25/2004 2:52:48 PM | Attr = R ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 1 for vpro203_personalupdate_esd.zip\setup.exe:Zone.Identifier C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for DriveImage701A_ESD.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for DriveImage701A_ESD.zip\ -> [Folder | Modified Date = 12/22/2007 1:41:47 AM | Attr = H ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for DriveImage701A_ESD.zip\setup.exe -> [Ver = | Size = 38782335 bytes | Modified Date = 9/12/2003 6:41:38 PM | Attr = ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for DWLG510_driver_211.zip\D-Link AirPlus G Utility (V2.11 Build 50317) for G510_G630 released(Driver 4.0.0.1414)-us\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for DWLG510_driver_211.zip\D-Link AirPlus G Utility (V2.11 Build 50317) for G510_G630 released(Driver 4.0.0.1414)-us -> [Folder | Modified Date = 7/25/2008 1:45:21 AM | Attr = ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for DWLG510_driver_211.zip\D-Link AirPlus G Utility (V2.11 Build 50317) for G510_G630 released(Driver 4.0.0.1414)-us\setup.exe -> D-Link [Ver = 3.1.6 | Size = 20918113 bytes | Modified Date = 3/28/2005 2:21:32 PM | Attr = ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for vpro203_personalupdate_esd.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for vpro203_personalupdate_esd.zip\ -> [Folder | Modified Date = 12/22/2007 2:02:05 AM | Attr = H ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 2 for vpro203_personalupdate_esd.zip\setup.exe -> [Ver = | Size = 53516830 bytes | Modified Date = 2/25/2004 2:52:48 PM | Attr = ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 2 for vpro203_personalupdate_esd.zip\setup.exe:Zone.Identifier C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\ -> [Folder | Modified Date = 12/22/2007 2:03:21 AM | Attr = H ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\setup.exe -> [Ver = | Size = 38782335 bytes | Modified Date = 9/12/2003 6:41:38 PM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY -> [Folder | Modified Date = 12/22/2007 2:03:23 AM | Attr = ] PartInNT.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY\PartInNT.exe -> PowerQuest Corporation [Ver = 8.0.0.0 | Size = 859136 bytes | Modified Date = 9/16/2002 3:04:16 AM | Attr = R ] Pqboot32.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY\Pqboot32.exe -> PowerQuest Corporation [Ver = 8.0.0.0 | Size = 149504 bytes | Modified Date = 9/16/2002 2:19:30 AM | Attr = R ] PTEDIT32.EXE -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY\PTEDIT32.EXE -> PowerQuest Corporation [Ver = 1.1.0.0 | Size = 503808 bytes | Modified Date = 9/16/2002 3:24:48 AM | Attr = R ] RestoreMBR.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY\RestoreMBR.exe -> PowerQuest Corporation [Ver = 2, 0, 1, 309 | Size = 598016 bytes | Modified Date = 9/12/2003 2:55:38 PM | Attr = R ] SmeDump.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for DriveImage701A_ESD.zip\UTILITY\SmeDump.exe -> PowerQuest Corporation [Ver = 2, 0, 1, 309 | Size = 5160960 bytes | Modified Date = 9/12/2003 3:26:34 PM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for vpro203_personalupdate_esd.zip\ -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for vpro203_personalupdate_esd.zip\ -> [Folder | Modified Date = 12/22/2007 2:07:45 AM | Attr = H ] setup.exe -> C:\Documents and Settings\Andy\Local Settings\Temp\Temporary Directory 3 for vpro203_personalupdate_esd.zip\setup.exe -> [Ver = | Size = 53516830 bytes | Modified Date = 2/25/2004 2:52:48 PM | Attr = R ] @Alternate Data Stream - 0 bytes -> %UserProfile%\Local Settings\Temp\Temporary Directory 3 for vpro203_personalupdate_esd.zip\setup.exe:Zone.Identifier C:\Documents and Settings\Andy\Local Settings\Temp\ -> C:\Documents and Settings\Andy\Local Settings\Temp -> [Folder | Modified Date = 7/27/2008 12:27:30 PM | Attr = ] IadHide3.dll -> C:\Documents and Settings\Andy\Local Settings\Temp\IadHide3.dll -> BackWeb [Ver = Version 6.1 (Build 155R) | Size = 24576 bytes | Modified Date = 2/18/2005 6:14:30 PM | Attr = ] 38 C:\Documents and Settings\Andy\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Andy\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Andy\Local Settings\Temp\193629705\ -> C:\Documents and Settings\Andy\Local Settings\Temp\193629705 -> [Folder | Modified Date = 7/24/2008 6:53:28 PM | Attr = ] Builder.dll -> C:\Documents and Settings\Andy\Local Settings\Temp\193629705\Builder.dll -> Symantec Corporation [Ver = 4.5.0.25 | Size = 213360 bytes | Modified Date = 2/7/2008 2:22:56 PM | Attr = R ] C:\Documents and Settings\Andy\Local Settings\Temp\ -> C:\Documents and Settings\Andy\Local Settings\Temp -> [Folder | Modified Date = 7/27/2008 12:27:30 PM | Attr = ] Setup.INI -> C:\Documents and Settings\Andy\Local Settings\Temp\Setup.INI -> [Ver = | Size = 2121 bytes | Modified Date = 9/9/2006 5:15:01 AM | Attr = R ] 38 C:\Documents and Settings\Andy\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Andy\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Andy\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\ -> C:\Documents and Settings\Andy\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6} -> [Folder | Modified Date = 12/25/2007 2:06:09 PM | Attr = ] 0x0409.ini -> C:\Documents and Settings\Andy\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\0x0409.ini -> [Ver = | Size = 5515 bytes | Modified Date = 9/9/2006 5:15:01 AM | Attr = R ] setup.ini -> C:\Documents and Settings\Andy\Local Settings\Temp\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\setup.ini -> [Ver = | Size = 2121 bytes | Modified Date = 9/9/2006 5:15:01 AM | Attr = R ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] Application Data -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 7/26/2008 3:38:23 PM | Attr = H ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 2/17/2005 3:11:48 PM | Attr = ] Ahead -> C:\Documents and Settings\All Users\Application Data\Ahead -> [Folder | Modified Date = 2/4/2005 4:48:38 PM | Attr = ] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [Folder | Modified Date = 7/26/2008 3:39:47 PM | Attr = ] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [Folder | Modified Date = 7/24/2008 7:35:22 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 7/26/2008 7:48:27 PM | Attr = S] Mode Rule 64 Inter -> C:\Documents and Settings\All Users\Application Data\Mode Rule 64 Inter -> [Folder | Modified Date = 7/24/2008 6:49:17 PM | Attr = ] PowerQuest -> C:\Documents and Settings\All Users\Application Data\PowerQuest -> [Folder | Modified Date = 2/4/2005 4:46:53 PM | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 7/25/2008 5:01:29 PM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 7/26/2008 8:30:54 AM | Attr = ] Webroot -> C:\Documents and Settings\All Users\Application Data\Webroot -> [Folder | Modified Date = 7/25/2008 5:12:30 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 7/25/2008 8:53:02 AM | Attr = ] Application Data -> C:\Documents and Settings\Andy\Application Data -> [Folder | Modified Date = 7/25/2008 5:12:30 PM | Attr = H ] Adobe -> C:\Documents and Settings\Andy\Application Data\Adobe -> [Folder | Modified Date = 12/18/2007 11:03:47 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Andy\Application Data\AdobeUM -> [Folder | Modified Date = 2/17/2005 3:12:34 PM | Attr = ] Ahead -> C:\Documents and Settings\Andy\Application Data\Ahead -> [Folder | Modified Date = 2/4/2005 6:05:37 PM | Attr = ] Aim -> C:\Documents and Settings\Andy\Application Data\Aim -> [Folder | Modified Date = 12/16/2007 11:33:30 AM | Attr = ] ATI -> C:\Documents and Settings\Andy\Application Data\ATI -> [Folder | Modified Date = 12/17/2007 11:15:22 AM | Attr = ] Help -> C:\Documents and Settings\Andy\Application Data\Help -> [Folder | Modified Date = 2/4/2005 3:47:09 PM | Attr = ] Identities -> C:\Documents and Settings\Andy\Application Data\Identities -> [Folder | Modified Date = 2/4/2005 1:37:44 PM | Attr = ] IsolatedStorage -> C:\Documents and Settings\Andy\Application Data\IsolatedStorage -> [Folder | Modified Date = 2/4/2005 4:52:57 PM | Attr = ] Leadertech -> C:\Documents and Settings\Andy\Application Data\Leadertech -> [Folder | Modified Date = 3/1/2005 8:27:53 PM | Attr = ] loud cool bat -> C:\Documents and Settings\Andy\Application Data\loud cool bat -> [Folder | Modified Date = 7/25/2008 11:51:39 AM | Attr = ] Macromedia -> C:\Documents and Settings\Andy\Application Data\Macromedia -> [Folder | Modified Date = 2/15/2005 8:47:16 PM | Attr = ] Malwarebytes -> C:\Documents and Settings\Andy\Application Data\Malwarebytes -> [Folder | Modified Date = 7/24/2008 7:35:26 PM | Attr = ] Microsoft -> C:\Documents and Settings\Andy\Application Data\Microsoft -> [Folder | Modified Date = 12/25/2007 1:43:10 PM | Attr = S] Sun -> C:\Documents and Settings\Andy\Application Data\Sun -> [Folder | Modified Date = 2/13/2005 10:25:14 AM | Attr = ] Symantec -> C:\Documents and Settings\Andy\Application Data\Symantec -> [Folder | Modified Date = 7/24/2008 7:02:42 PM | Attr = ] The Labyrinth Plus! Edition -> C:\Documents and Settings\Andy\Application Data\The Labyrinth Plus! Edition -> [Folder | Modified Date = 2/4/2005 8:13:18 PM | Attr = ] Webroot -> C:\Documents and Settings\Andy\Application Data\Webroot -> [Folder | Modified Date = 7/25/2008 5:12:30 PM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 7/26/2008 7:48:27 PM | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = RH ] Norton Internet Security - Run Full System Scan - Andy.job -> C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Andy.job -> [Ver = | Size = 620 bytes | Modified Date = 7/24/2008 7:01:27 PM | Attr = ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/27/2008 12:03:26 PM | Attr = H ] wrSpySweeperTrialSweep.job -> C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job -> [Ver = | Size = 1568 bytes | Modified Date = 7/25/2008 5:12:37 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\PowerQuest\hpc:1617307125 378 bytes C:\Documents and Settings\All Users\Application Data\PowerQuest\hpc:2663419967 457 bytes C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563 61 bytes C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\577ABB3D.TMP 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Andy\Desktop\MindFit - Adult Brain Teasers, Games and Activities_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Andy\Favorites\Links\CartoonNetwork.url:favicon 25214 bytes C:\Documents and Settings\Andy\Favorites\Links\CWShredder.url:favicon 3750 bytes C:\Documents and Settings\Andy\Favorites\Links\doxdesk.com parasite cures.url:favicon 318 bytes C:\Documents and Settings\Andy\Favorites\Links\GameCopyWorld Mirrors.url:favicon 318 bytes C:\Documents and Settings\Andy\Favorites\Links\HijackThis - Quick Start! What the Tech.url:favicon 3638 bytes C:\Documents and Settings\Andy\Favorites\Links\SpywareInfo · Browser Hijacking.url:favicon 2238 bytes C:\Documents and Settings\Andy\Favorites\Links\Stores\circuitcity.com Consumer Electronics.url:favicon 318 bytes C:\Documents and Settings\Andy\Favorites\Links\Stores\Outpost.com.url:favicon 25214 bytes C:\Documents and Settings\Andy\Favorites\Links\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Andy\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 32 < End of report > [/code]