[code] OTScanIt logfile created on: 8/20/2008 6:16:10 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.48 Mb Total Physical Memory | 124.76 Mb Available Physical Memory | 24.44% Memory free 1.22 Gb Paging File | 0.77 Gb Available in Paging File | 63.48% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.23 Gb Total Space | 5.13 Gb Free Space | 7.20% Space Free | Partition Type: NTFS Drive D: | 3.30 Gb Total Space | 1.13 Gb Free Space | 34.15% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 679.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KITCHEN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4190 | Size = 536576 bytes | Modified Date = 3/28/2008 11:54:05 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4190 | Size = 536576 bytes | Modified Date = 3/28/2008 11:54:05 PM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 258103 bytes | Modified Date = 5/12/2006 2:27:16 PM | Attr = ] incdsrv.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 859136 bytes | Modified Date = 11/10/2006 5:18:42 PM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 10/19/2006 2:52:24 PM | Attr = ] ramaint.exe -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 PM | Attr = ] mbackmonitor.exe -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr = ] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] richvideo.exe -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/7/2005 8:54:00 AM | Attr = ] wbload.exe -> %ProgramFiles%\AlienGUIse\wbload.exe -> Stardock Systems, Inc [Ver = 4.51 | Size = 437760 bytes | Modified Date = 5/12/2005 11:02:24 AM | Attr = ] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/4/2007 2:33:14 AM | Attr = ] tsvncache.exe -> %ProgramFiles%\TortoiseSVN\bin\TSVNCache.exe -> www.tortoisesvn.org [Ver = 1, 4, 8, 12137 | Size = 405504 bytes | Modified Date = 2/16/2008 12:35:04 PM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4190 | Size = 536576 bytes | Modified Date = 3/28/2008 11:54:05 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 3/28/2008 9:05:00 PM | Attr = ] (BlueSoleilCS) BlueSoleilCS [Win32_Shared | Disabled | Stopped] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -> [Ver = 1, 0, 0, 1 | Size = 778240 bytes | Modified Date = 6/5/2008 5:50:58 PM | Attr = ] (BsHelpCS) BsHelpCS [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BsHelpCS.exe -> [Ver = 1, 0, 0, 1 | Size = 69735 bytes | Modified Date = 6/4/2008 6:28:14 PM | Attr = ] (BsMobileCS) BsMobileCS [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BsMobileCS.exe -> [Ver = 1, 0, 0, 1 | Size = 143467 bytes | Modified Date = 6/4/2008 6:26:58 PM | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 258103 bytes | Modified Date = 5/12/2006 2:27:16 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/1/2007 10:51:43 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ] (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 859136 bytes | Modified Date = 11/10/2006 5:18:42 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 10/19/2006 2:52:24 PM | Attr = ] (LMIMaint) LogMeIn Maintenance Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LogMeIn\x86\ramaint.exe -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 116032 bytes | Modified Date = 5/28/2008 12:32:34 PM | Attr = ] (LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\LogMeIn\x86\LogMeIn.exe -> LogMeIn, Inc. [Ver = 3.0.596 | Size = 63040 bytes | Modified Date = 2/28/2008 3:31:50 PM | Attr = ] (lxcc_device) lxcc_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\lxcccoms.exe -> Lexmark International, Inc. [Ver = 1.101.97.0 | Size = 466944 bytes | Modified Date = 2/25/2005 11:42:46 AM | Attr = ] (MBackMonitor) MBackMonitor [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\McShield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 1 | Size = 774144 bytes | Modified Date = 1/5/2007 2:41:10 PM | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 6:54:04 PM | Attr = ] (PinnacleSys.MediaServer) Pinnacle Systems Media Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -> File not found (PrismXL) PrismXL [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 7/1/2007 4:16:28 PM | Attr = ] (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/7/2005 8:54:00 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MBkLogOnHook -> %ProgramFiles%\McAfee\MBK\LogonHook.exe [C:\Program Files\McAfee\MBK\LogOnHook.exe] -> McAfee [Ver = 1.0.2563.24415 | Size = 20480 bytes | Modified Date = 1/8/2007 11:22:46 AM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe [%WINDIR%\SMINST\RECGUARD.EXE] -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 2:42:26 AM | Attr = ] RegistryMechanic -> [] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < Administrator.KITCHEN Startup Folder > -> C:\Documents and Settings\Administrator.KITCHEN\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < LogMeInRemoteUser Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup -> < LogMeInRemoteUser.KITCHEN Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser.KITCHEN\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < Test Startup Folder > -> C:\Documents and Settings\Test\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> wbsys.dll -> %SystemRoot%\system32\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 10:27:44 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> C:\WINDOWS\system32\logonuiX.exe -> %SystemRoot%\system32\logonuiX.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4389888 bytes | Modified Date = 9/3/2007 7:51:50 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 126976 bytes | Modified Date = 3/28/2008 11:55:33 PM | Attr = ] LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 PM | Attr = ] WB -> %ProgramFiles%\AlienGUIse\fastload.dll -> Stardock [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 12/20/2001 11:34:52 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRAM_GSA-H42L________________SL00____\324b373152323036343320352020202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_DVD_SOHD-16P9S__________________FS09____\5&1c711010&0&0.1.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 3/23/2005 2:13:17 PM | Attr = ] Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 9/13/2004 12:15:24 PM | Attr = HS] autorun.inf.aug.8 [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ] -> D:\autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 9/13/2004 12:15:24 PM | Attr = HS] AutoRun [] -> F:\AutoRun.exe [ CDFS ] -> Electronic Arts Inc. [Ver = 1.3.0.342 | Size = 684032 bytes | Modified Date = 11/14/2004 9:53:50 PM | Attr = R ] AutoRun.exe [MZ | ] -> F:\AutoRun.exe [ CDFS ] -> Electronic Arts Inc. [Ver = 1.3.0.342 | Size = 684032 bytes | Modified Date = 11/14/2004 9:53:50 PM | Attr = R ] AutoRunGUI.dll [MZ | ] -> F:\AutoRunGUI.dll [ CDFS ] -> Electronic Arts Inc. [Ver = 1.03.00.00 | Size = 929792 bytes | Modified Date = 11/14/2004 7:08:55 PM | Attr = R ] autorun.inf [[autorun] | open=Setup.exe | Icon=LotRIcon.exe | Name=The Battle for Middle-earth | | [Special] | Disk=1 | | ] -> F:\autorun.inf [ CDFS ] -> [Ver = | Size = 103 bytes | Modified Date = 11/14/2004 10:14:46 PM | Attr = R ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\.DEFAULT\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-18\: SearchURL\\ -> http://www.google.com/keyword/%s[gogl] -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 5:39:26 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 12:56:50 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 6:51:28 AM | Attr = ] {96372AB6-15EB-4316-B497-71C741BC548C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll [Easy Gif Animator Toolbar Helper] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 10/3/2007 6:52:46 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {35065594-9169-4A34-B167-FC4865038E53} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll [Easy Gif Animator Toolbar] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 10/3/2007 6:52:46 AM | Attr = ] {4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 5:39:26 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll [Easy Gif Animator Toolbar] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 10/3/2007 6:52:46 AM | Attr = ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll [Easy Gif Animator Toolbar] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 10/3/2007 6:52:46 AM | Attr = ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] WebBrowser\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {E19ADC6E-3909-43E4-9A89-B7B676377EE3}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sothink SWF Catcher] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\SourceTec\SWF Catcher\SWFCatcher.dll [SWFDecompiler.InternetExplorer] -> SourceTec [Ver = 3, 0, 0, 1 | Size = 397312 bytes | Modified Date = 3/6/2007 3:58:34 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Sothink SWF Catcher -> %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm -> [Ver = | Size = 191 bytes | Modified Date = 3/6/2007 3:58:34 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] &Google Search -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Backward Links -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Similar Pages -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found Translate into English -> %ProgramFiles%\Google\GoogleToolbar1.dll -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 390256 bytes | Modified Date = 3/22/2004 7:16:16 PM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E19ADC6E-3909-43E4-9A89-B7B676377EE3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\SourceTec\SWF Catcher\SWFCatcher.dll [SWFDecompiler.InternetExplorer] -> SourceTec [Ver = 3, 0, 0, 1 | Size = 397312 bytes | Modified Date = 3/6/2007 3:58:34 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\] > -> HKEY_USERS\S-1-5-21-165763714-2931035455-1041126916-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Sothink SWF Catcher -> %CommonProgramFiles%\SourceTec\SWF Catcher\InternetExplorer.htm -> [Ver = | Size = 191 bytes | Modified Date = 3/6/2007 3:58:34 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {28547EEA-1552-4BE8-9785-D85238041A41} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {5DD11A74-D67B-44EE-BBE5-63699240C1AC} -> () -> {8C9AD3A5-D581-45B8-9506-D8BAA148C557} -> () -> {BF622003-113A-4A0F-916D-51FAAD6EE986} -> (1394 Net Adapter) -> {C3C98AEE-14B7-46B6-8D0E-845A88362FDC} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\skype4com.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 0, 22 | Size = 1717848 bytes | Modified Date = 8/27/2007 1:37:02 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab[CDownloadCtrl Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> Justin.tv Publisher[HKEY_LOCAL_MACHINE] -> http://www.justin.tv/plugins/justintv_publisher.CAB[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DLMControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DLMControl.dll\\.Owner -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DLMControl.dll\\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/justintv_publisher.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/justintv_publisher.dll\\.Owner -> Justin.tv Publisher -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/justintv_publisher.dll\\Justin.tv Publisher -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 800 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 53 23 EF 90 98 8C D2 97 E9 CC 3B 69 5F BB 2F 4A 35 33 62 38 33 33 62 30 00 00 00 00 AF E3 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 E6 B1 D9 66 05 06 B8 31 73 EB 16 53 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> AA B6 F4 F8 1B 6E F9 FE B7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 9B 01 79 C7 4A 59 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 26 E8 8F FE 9E B7 EF 38 0F BC 80 04 9D 34 7E 2B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 40 6B DB CE 1B BC C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 B8 BF 3D 55 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 B8 BF 3D 55 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 B8 BF 3D 55 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4283 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1 | Size = 496752 bytes | Modified Date = 4/7/2004 3:07:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 6/30/2004 12:49:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1 | Size = 496752 bytes | Modified Date = 4/7/2004 3:07:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 6/30/2004 12:49:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> %ProgramFiles%\uTorrent\utorrent.exe [C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orb Networks\Orb\bin\Orb.exe -> %ProgramFiles%\Orb Networks\Orb\bin\Orb.exe [C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb] -> Orb Networks, Inc. [Ver = 1, 2008, 129, 1700 | Size = 73728 bytes | Modified Date = 1/29/2008 10:19:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe -> %ProgramFiles%\Orb Networks\Orb\bin\OrbTray.exe [C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray] -> Orb Networks [Ver = 2, 2008, 228, 1415 | Size = 503808 bytes | Modified Date = 2/28/2008 6:15:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe -> %ProgramFiles%\Orb Networks\Orb\bin\OrbStreamerClient.exe [C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> Orb Networks [Ver = 2, 2008, 313, 1500 | Size = 5844992 bytes | Modified Date = 3/13/2008 6:51:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat -> %ProgramFiles%\EA GAMES\The Battle for Middle-earth (tm)\game.dat [C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)] -> [Ver = | Size = 18179069 bytes | Modified Date = 11/14/2004 3:32:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 5/7/2008 8:18:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [Ver = | Size = 587568 bytes | Modified Date = 4/29/2008 1:51:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS] -> [Ver = 1, 0, 0, 1 | Size = 778240 bytes | Modified Date = 6/5/2008 5:50:58 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 581693 bytes | Modified Date = 5/12/2006 2:33:22 PM | Attr = ] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> BtTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\IVT Corporation\BlueSoleil\BtTray.exe -> [Ver = 1, 0, 0, 1 | Size = 231424 bytes | Modified Date = 6/5/2008 5:50:56 PM | Attr = ] ISUSPM Startup hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 3:30:30 PM | Attr = ] ISUSScheduler hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 3:30:30 PM | Attr = ] StartCCC hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -> Advanced Micro Devices, Inc. [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 1/21/2008 12:17:18 PM | Attr = ] [Files/Folders - Created Within 90 days] Converted Music -> %SystemDrive%\Converted Music -> [Folder | Created Date = 8/11/2008 7:09:08 PM | Attr = ] Fraps -> %SystemDrive%\Fraps -> [Folder | Created Date = 6/17/2008 10:51:57 PM | Attr = ] Games -> %SystemDrive%\Games -> [Folder | Created Date = 8/10/2008 8:16:46 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Created Date = 8/19/2008 8:20:42 PM | Attr = HS] Python25 -> %SystemDrive%\Python25 -> [Folder | Created Date = 6/17/2008 5:30:18 PM | Attr = ] QUAKE_SW -> %SystemDrive%\QUAKE_SW -> [Folder | Created Date = 5/30/2008 10:31:58 AM | Attr = ] server -> %SystemDrive%\server -> [Folder | Created Date = 8/5/2008 3:58:27 PM | Attr = ] superwebcam.sys -> %SystemRoot%\System32\drivers\superwebcam.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 31872 bytes | Created Date = 6/25/2008 7:16:01 AM | Attr = ] 0 -> %SystemRoot%\System32\0 -> [Ver = | Size = 0 bytes | Created Date = 6/23/2008 1:37:57 AM | Attr = ] blphcj41j0e38v.scr -> %SystemRoot%\System32\blphcj41j0e38v.scr -> Sysinternals [Ver = 3.2 | Size = 118784 bytes | Created Date = 8/18/2008 5:50:35 PM | Attr = ] BlueSoleilCSps.dll -> %SystemRoot%\System32\BlueSoleilCSps.dll -> IVT Corporation [Ver = 1, 0, 0, 0 | Size = 520307 bytes | Created Date = 6/4/2008 6:28:50 PM | Attr = ] Bs2Res.dll -> %SystemRoot%\System32\Bs2Res.dll -> [Ver = 1, 0, 0, 1 | Size = 98403 bytes | Created Date = 6/4/2008 6:27:44 PM | Attr = ] Bscdlg.dll -> %SystemRoot%\System32\Bscdlg.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 540758 bytes | Created Date = 6/4/2008 6:29:34 PM | Attr = ] BsCommon.dll -> %SystemRoot%\System32\BsCommon.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 143450 bytes | Created Date = 6/4/2008 6:28:58 PM | Attr = ] bscs.ini -> %SystemRoot%\System32\bscs.ini -> [Ver = | Size = 837 bytes | Created Date = 6/5/2008 5:51:08 PM | Attr = ] BsHelpCSps.dll -> %SystemRoot%\System32\BsHelpCSps.dll -> IVT Corporation [Ver = 1, 0, 0, 0 | Size = 94314 bytes | Created Date = 6/4/2008 6:28:52 PM | Attr = ] BsMobileCSps.dll -> %SystemRoot%\System32\BsMobileCSps.dll -> [Ver = | Size = 28672 bytes | Created Date = 6/4/2008 6:27:02 PM | Attr = ] BsMobileSDK.dll -> %SystemRoot%\System32\BsMobileSDK.dll -> [Ver = | Size = 118880 bytes | Created Date = 6/4/2008 6:27:10 PM | Attr = ] BsMonSvr.dll -> %SystemRoot%\System32\BsMonSvr.dll -> IVT Corporation. [Ver = 1, 0, 0, 1 | Size = 18432 bytes | Created Date = 6/4/2008 6:30:52 PM | Attr = ] BsMonUI.dll -> %SystemRoot%\System32\BsMonUI.dll -> IVT Corporation. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Created Date = 6/4/2008 6:30:56 PM | Attr = ] BSPRINT.INI -> %SystemRoot%\System32\BSPRINT.INI -> [Ver = | Size = 0 bytes | Created Date = 6/23/2008 1:39:49 AM | Attr = ] BsProfileFunc.dll -> %SystemRoot%\System32\BsProfileFunc.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 114788 bytes | Created Date = 6/4/2008 6:29:24 PM | Attr = ] bsratswf.dll -> %SystemRoot%\System32\bsratswf.dll -> [Ver = | Size = 585728 bytes | Created Date = 6/25/2008 4:40:37 AM | Attr = ] bsratwmv.dll -> %SystemRoot%\System32\bsratwmv.dll -> [Ver = | Size = 147456 bytes | Created Date = 6/25/2008 4:40:37 AM | Attr = ] BsSDK.dll -> %SystemRoot%\System32\BsSDK.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 225364 bytes | Created Date = 6/4/2008 6:27:42 PM | Attr = ] BSShell.dll -> %SystemRoot%\System32\BSShell.dll -> [Ver = 1, 0, 0, 1 | Size = 622693 bytes | Created Date = 6/4/2008 6:29:48 PM | Attr = ] BsTrace.dll -> %SystemRoot%\System32\BsTrace.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 28760 bytes | Created Date = 6/4/2008 6:26:52 PM | Attr = ] BsUI.dll -> %SystemRoot%\System32\BsUI.dll -> [Ver = 1, 0, 0, 1 | Size = 405589 bytes | Created Date = 6/4/2008 6:30:44 PM | Attr = ] btfunc.dll -> %SystemRoot%\System32\btfunc.dll -> IVT Corporation [Ver = 1, 2, 0, 0 | Size = 57430 bytes | Created Date = 6/4/2008 6:30:30 PM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 8/19/2008 4:22:39 PM | Attr = ] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 8/19/2008 8:14:25 PM | Attr = ] HtmPrintHelper.dll -> %SystemRoot%\System32\HtmPrintHelper.dll -> [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Created Date = 6/4/2008 6:30:04 PM | Attr = ] lphcj41j0e38v.exe -> %SystemRoot%\System32\lphcj41j0e38v.exe -> [Ver = | Size = 194560 bytes | Created Date = 8/18/2008 5:49:26 PM | Attr = ] outlookAddin.dll -> %SystemRoot%\System32\outlookAddin.dll -> [Ver = 1, 0, 0, 2 | Size = 278647 bytes | Created Date = 6/4/2008 6:30:22 PM | Attr = ] phcj41j0e38v.bmp -> %SystemRoot%\System32\phcj41j0e38v.bmp -> [Ver = | Size = 625208 bytes | Created Date = 8/18/2008 5:50:08 PM | Attr = ] PlayerCtrl.dll -> %SystemRoot%\System32\PlayerCtrl.dll -> IVT [Ver = 1, 0, 0, 1 | Size = 28766 bytes | Created Date = 6/4/2008 6:27:48 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Created Date = 5/27/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Created Date = 5/27/2008 10:50:34 AM | Attr = ] SpoonUninstall-dBpowerAMP Music Converter.bmp -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp -> [Ver = | Size = 33846 bytes | Created Date = 8/11/2008 7:04:51 PM | Attr = ] SpoonUninstall-dBpowerAMP Music Converter.dat -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.dat -> [Ver = | Size = 36104 bytes | Created Date = 8/11/2008 7:04:51 PM | Attr = ] SpoonUninstall.exe -> %SystemRoot%\System32\SpoonUninstall.exe -> [Ver = | Size = 131072 bytes | Created Date = 8/11/2008 7:04:51 PM | Attr = ] Tr_sttool.dat -> %SystemRoot%\System32\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Created Date = 6/25/2008 4:40:38 AM | Attr = ] versit.dll -> %SystemRoot%\System32\versit.dll -> Versit Consortium (Apple Computer, AT&T, IBM and Siemens) [Ver = 1, 0, 0, 1 | Size = 114774 bytes | Created Date = 6/4/2008 6:29:58 PM | Attr = ] wiiload.exe -> %SystemRoot%\System32\wiiload.exe -> [Ver = | Size = 11264 bytes | Created Date = 5/27/2008 1:08:58 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 6/14/2008 12:56:22 AM | Attr = ] ~.exe -> %SystemRoot%\System32\~.exe -> [Ver = | Size = 210088 bytes | Created Date = 8/18/2008 5:48:35 PM | Attr = ] 0 -> %SystemRoot%\0 -> [Ver = | Size = 32 bytes | Created Date = 6/23/2008 1:37:57 AM | Attr = ] NARBACULARDROP.INI -> %SystemRoot%\NARBACULARDROP.INI -> [Ver = | Size = 65 bytes | Created Date = 5/27/2008 4:38:07 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 7/31/2008 7:40:36 AM | Attr = ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 8/17/2008 1:58:36 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] 2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> %AllUsersProfile%\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> [Folder | Created Date = 6/3/2008 1:38:55 AM | Attr = ] ZangoSA -> %AllUsersProfile%\Application Data\ZangoSA -> [Folder | Created Date = 6/3/2008 1:38:55 AM | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Created Date = 6/6/2008 10:04:07 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Created Date = 6/3/2008 3:27:09 AM | Attr = ] Subversion -> %AppData%\Subversion -> [Folder | Created Date = 6/10/2008 3:12:44 AM | Attr = ] WeatherDPA -> %AppData%\WeatherDPA -> [Folder | Created Date = 6/3/2008 1:38:52 AM | Attr = ] Zango -> %AppData%\Zango -> [Folder | Created Date = 6/3/2008 1:38:41 AM | Attr = ] bluesoleil -> %UserProfile%\Local Settings\Application Data\bluesoleil -> [Folder | Created Date = 6/23/2008 1:52:08 AM | Attr = ] Paint.NET -> %UserProfile%\Local Settings\Application Data\Paint.NET -> [Folder | Created Date = 8/6/2008 5:25:18 PM | Attr = ] TSVNCache -> %UserProfile%\Local Settings\Application Data\TSVNCache -> [Folder | Created Date = 6/10/2008 3:13:56 AM | Attr = ] Yahoo -> %UserProfile%\Local Settings\Application Data\Yahoo -> [Folder | Created Date = 6/5/2008 7:51:24 PM | Attr = ] ---.wps -> %UserProfile%\My Documents\---.wps -> [Ver = | Size = 9728 bytes | Created Date = 8/4/2008 3:16:44 PM | Attr = ] BSR Videos -> %UserProfile%\My Documents\BSR Videos -> [Folder | Created Date = 6/25/2008 4:41:25 AM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 6/22/2008 2:58:46 PM | Attr = ] Futuristic Dream.wps -> %UserProfile%\My Documents\Futuristic Dream.wps -> [Ver = | Size = 22528 bytes | Created Date = 6/21/2008 10:20:23 PM | Attr = ] JellyCar Level Editor.lnk -> %AllUsersProfile%\Desktop\JellyCar Level Editor.lnk -> [Ver = | Size = 827 bytes | Created Date = 8/14/2008 11:58:46 PM | Attr = ] JellyCar.lnk -> %AllUsersProfile%\Desktop\JellyCar.lnk -> [Ver = | Size = 682 bytes | Created Date = 8/15/2008 12:02:04 AM | Attr = ] Paint.NET.lnk -> %AllUsersProfile%\Desktop\Paint.NET.lnk -> [Ver = | Size = 812 bytes | Created Date = 8/6/2008 5:25:55 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 8/17/2008 2:02:49 PM | Attr = ] Yahoo! Widgets.lnk -> %AllUsersProfile%\Desktop\Yahoo! Widgets.lnk -> [Ver = | Size = 786 bytes | Created Date = 6/5/2008 7:50:54 PM | Attr = ] --- -> %UserProfile%\Desktop\--- -> [Folder | Created Date = 6/19/2008 2:36:27 AM | Attr = ] -.bmp -> %UserProfile%\Desktop\-.bmp -> [Ver = | Size = 1136862 bytes | Created Date = 8/19/2008 5:31:35 PM | Attr = ] -pe-r-i-l-trans-par-ent- -> %UserProfile%\Desktop\-pe-r-i-l-trans-par-ent- -> [Folder | Created Date = 8/10/2008 8:58:08 PM | Attr = ] -peril- -> %UserProfile%\Desktop\-peril- -> [Folder | Created Date = 8/11/2008 7:21:14 AM | Attr = ] 50169007-.GIF -> %UserProfile%\Desktop\50169007-.GIF -> [Ver = | Size = 17816 bytes | Created Date = 8/18/2008 6:04:14 PM | Attr = ] 50169007.gif -> %UserProfile%\Desktop\50169007.gif -> [Ver = | Size = 17824 bytes | Created Date = 6/18/2008 2:12:56 AM | Attr = ] annoying.hls -> %UserProfile%\Desktop\annoying.hls -> [Ver = | Size = 224 bytes | Created Date = 8/11/2008 7:19:30 PM | Attr = ] ApertureScience17.swf -> %UserProfile%\Desktop\ApertureScience17.swf -> [Ver = | Size = 84075 bytes | Created Date = 7/1/2008 5:47:51 PM | Attr = ] aTube Catcher.lnk -> %UserProfile%\Desktop\aTube Catcher.lnk -> [Ver = | Size = 2477 bytes | Created Date = 7/25/2008 3:11:15 AM | Attr = ] Bletotum.PNG -> %UserProfile%\Desktop\Bletotum.PNG -> [Ver = | Size = 15141 bytes | Created Date = 6/20/2008 8:03:24 AM | Attr = ] BoFC SWEP Generator -> %UserProfile%\Desktop\BoFC SWEP Generator -> [Folder | Created Date = 7/12/2008 7:08:37 AM | Attr = ] Bontago.exe -> %UserProfile%\Desktop\Bontago.exe -> [Ver = | Size = 24151706 bytes | Created Date = 5/27/2008 6:08:11 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Bontago.exe:Zone.Identifier Burning a building in oe - cake_0001.wmv -> %UserProfile%\Desktop\Burning a building in oe - cake_0001.wmv -> [Ver = | Size = 15878577 bytes | Created Date = 6/18/2008 2:30:18 PM | Attr = ] chamber-17.avi -> %UserProfile%\Desktop\chamber-17.avi -> [Ver = | Size = 242223616 bytes | Created Date = 7/27/2008 7:36:09 AM | Attr = ] congratulations, have a cat.jpg -> %UserProfile%\Desktop\congratulations, have a cat.jpg -> [Ver = | Size = 34895 bytes | Created Date = 7/29/2008 10:12:47 PM | Attr = ] ConTEXT.lnk -> %UserProfile%\Desktop\ConTEXT.lnk -> [Ver = | Size = 666 bytes | Created Date = 6/5/2008 8:33:16 AM | Attr = ] custom-level.avi -> %UserProfile%\Desktop\custom-level.avi -> [Ver = | Size = 230106112 bytes | Created Date = 8/1/2008 12:16:36 AM | Attr = ] dBpowerAMP Music Converter.lnk -> %UserProfile%\Desktop\dBpowerAMP Music Converter.lnk -> [Ver = | Size = 851 bytes | Created Date = 8/11/2008 7:05:40 PM | Attr = ] dighfghfgjsg -> %UserProfile%\Desktop\dighfghfgjsg -> [Folder | Created Date = 6/3/2008 9:52:59 PM | Attr = ] dMC Audio CD Input.lnk -> %UserProfile%\Desktop\dMC Audio CD Input.lnk -> [Ver = | Size = 809 bytes | Created Date = 8/11/2008 7:05:40 PM | Attr = ] dMC-r11.5.exe -> %UserProfile%\Desktop\dMC-r11.5.exe -> [Ver = | Size = 2167119 bytes | Created Date = 8/11/2008 7:04:20 PM | Attr = ] Facepunch-ref.png -> %UserProfile%\Desktop\Facepunch-ref.png -> [Ver = | Size = 39723 bytes | Created Date = 6/20/2008 7:38:59 AM | Attr = ] fil.bmp -> %UserProfile%\Desktop\fil.bmp -> [Ver = | Size = 65590 bytes | Created Date = 8/5/2008 3:27:19 AM | Attr = ] file.tga -> %UserProfile%\Desktop\file.tga -> [Ver = | Size = 66086 bytes | Created Date = 8/5/2008 3:27:00 AM | Attr = ] Fraps.lnk -> %UserProfile%\Desktop\Fraps.lnk -> [Ver = | Size = 478 bytes | Created Date = 6/17/2008 10:51:59 PM | Attr = ] G-Flash-0.3 -> %UserProfile%\Desktop\G-Flash-0.3 -> [Folder | Created Date = 6/21/2008 3:39:21 AM | Attr = ] game.exe -> %UserProfile%\Desktop\game.exe -> SCEE [Ver = 0, 1, 8, 0 | Size = 98304 bytes | Created Date = 8/14/2008 11:29:07 PM | Attr = ] Garry's Mod.lnk -> %UserProfile%\Desktop\Garry's Mod.lnk -> [Ver = | Size = 670 bytes | Created Date = 6/25/2008 9:13:06 AM | Attr = ] gimp-2.4.6-i686-setup.exe -> %UserProfile%\Desktop\gimp-2.4.6-i686-setup.exe -> [Ver = 2.4.6 | Size = 17950304 bytes | Created Date = 8/6/2008 5:14:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gimp-2.4.6-i686-setup.exe:Zone.Identifier gimpshop_2.2.8_fix1_setup.exe -> %UserProfile%\Desktop\gimpshop_2.2.8_fix1_setup.exe -> [Ver = | Size = 7712639 bytes | Created Date = 8/6/2008 5:14:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gimpshop_2.2.8_fix1_setup.exe:Zone.Identifier gmaker.exe -> %UserProfile%\Desktop\gmaker.exe -> [Ver = 2, 0, 0, 21 | Size = 3720910 bytes | Created Date = 6/21/2008 3:37:37 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmaker.exe:Zone.Identifier GMod10 Dedicated Server.bat -> %UserProfile%\Desktop\GMod10 Dedicated Server.bat -> [Ver = | Size = 105 bytes | Created Date = 8/5/2008 4:42:51 PM | Attr = ] GoldWave.lnk -> %UserProfile%\Desktop\GoldWave.lnk -> [Ver = | Size = 471 bytes | Created Date = 8/14/2008 6:14:51 PM | Attr = ] gwave520.exe -> %UserProfile%\Desktop\gwave520.exe -> [Ver = | Size = 2510572 bytes | Created Date = 8/14/2008 6:13:18 PM | Attr = ] Half-Life 2 Demo.lnk -> %UserProfile%\Desktop\Half-Life 2 Demo.lnk -> [Ver = | Size = 1568 bytes | Created Date = 8/17/2008 4:37:30 PM | Attr = ] Half-Life.lnk -> %UserProfile%\Desktop\Half-Life.lnk -> [Ver = | Size = 1552 bytes | Created Date = 8/1/2008 2:23:35 PM | Attr = ] happycatix8.jpg -> %UserProfile%\Desktop\happycatix8.jpg -> [Ver = | Size = 4567 bytes | Created Date = 6/17/2008 6:03:21 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 8/19/2008 4:59:24 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 8/19/2008 4:58:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier HLDJ -> %UserProfile%\Desktop\HLDJ -> [Folder | Created Date = 8/16/2008 2:05:22 PM | Attr = ] HLSS 3.00.exe -> %UserProfile%\Desktop\HLSS 3.00.exe -> None [Ver = 3.0.0.0 | Size = 723456 bytes | Created Date = 8/11/2008 6:55:31 PM | Attr = ] HLSS 3.00.ini -> %UserProfile%\Desktop\HLSS 3.00.ini -> [Ver = | Size = 306 bytes | Created Date = 8/11/2008 6:55:42 PM | Attr = ] imadepost - 2500.JPG -> %UserProfile%\Desktop\imadepost - 2500.JPG -> [Ver = | Size = 171638 bytes | Created Date = 6/18/2008 9:20:12 PM | Attr = ] iso -> %UserProfile%\Desktop\iso -> [Folder | Created Date = 6/20/2008 12:23:52 AM | Attr = ] IVT_BlueSoleil_6.0.227.0_for_32bit_OS -> %UserProfile%\Desktop\IVT_BlueSoleil_6.0.227.0_for_32bit_OS -> [Folder | Created Date = 6/23/2008 1:37:24 AM | Attr = ] iwbtgbeta(fs).exe -> %UserProfile%\Desktop\iwbtgbeta(fs).exe -> [Ver = 3, 0, 239, 0 | Size = 72131486 bytes | Created Date = 6/13/2008 6:49:13 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\iwbtgbeta(fs).exe:Zone.Identifier iwbtgbeta_slo-mo_.exe -> %UserProfile%\Desktop\iwbtgbeta_slo-mo_.exe -> [Ver = 3, 0, 239, 0 | Size = 64977257 bytes | Created Date = 6/13/2008 5:38:13 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\iwbtgbeta_slo-mo_.exe:Zone.Identifier l.gif -> %UserProfile%\Desktop\l.gif -> [Ver = | Size = 109383 bytes | Created Date = 8/6/2008 4:57:09 PM | Attr = ] LevelBuilder -> %UserProfile%\Desktop\LevelBuilder -> [Folder | Created Date = 7/16/2008 12:09:11 PM | Attr = ] lol.gif -> %UserProfile%\Desktop\lol.gif -> [Ver = | Size = 1369657 bytes | Created Date = 8/5/2008 2:55:24 AM | Attr = ] longcatarise-.gif -> %UserProfile%\Desktop\longcatarise-.gif -> [Ver = | Size = 1551189 bytes | Created Date = 8/8/2008 2:19:28 PM | Attr = ] longcatmario.gif -> %UserProfile%\Desktop\longcatmario.gif -> [Ver = | Size = 269400 bytes | Created Date = 7/27/2008 8:04:59 AM | Attr = ] MoveMediaPlayer_07076007.exe -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe -> [Ver = | Size = 779536 bytes | Created Date = 6/3/2008 3:27:05 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe:Zone.Identifier Narbacular Drop.lnk -> %UserProfile%\Desktop\Narbacular Drop.lnk -> [Ver = | Size = 766 bytes | Created Date = 5/27/2008 4:38:07 PM | Attr = ] OE - Cake.lnk -> %UserProfile%\Desktop\OE - Cake.lnk -> [Ver = | Size = 592 bytes | Created Date = 6/7/2008 3:59:06 PM | Attr = ] Online.JPG -> %UserProfile%\Desktop\Online.JPG -> [Ver = | Size = 20624 bytes | Created Date = 6/25/2008 8:03:16 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/20/2008 6:13:57 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/20/2008 6:13:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier penguin_animated.gif -> %UserProfile%\Desktop\penguin_animated.gif -> [Ver = | Size = 385117 bytes | Created Date = 8/18/2008 12:44:29 AM | Attr = ] peril -> %UserProfile%\Desktop\peril -> [Folder | Created Date = 8/5/2008 4:13:01 AM | Attr = ] Peril (128 x 128)-.jpg -> %UserProfile%\Desktop\Peril (128 x 128)-.jpg -> [Ver = | Size = 5306 bytes | Created Date = 8/5/2008 4:03:25 AM | Attr = ] Peril (256 x 256).jpg -> %UserProfile%\Desktop\Peril (256 x 256).jpg -> [Ver = | Size = 10543 bytes | Created Date = 8/5/2008 12:15:37 PM | Attr = ] Peril (400 x 400).jpg -> %UserProfile%\Desktop\Peril (400 x 400).jpg -> [Ver = | Size = 22482 bytes | Created Date = 6/25/2008 7:45:26 AM | Attr = ] Peril (640 x 480).jpg -> %UserProfile%\Desktop\Peril (640 x 480).jpg -> [Ver = | Size = 20213 bytes | Created Date = 6/25/2008 7:44:08 AM | Attr = ] Peril-tr.gif -> %UserProfile%\Desktop\Peril-tr.gif -> [Ver = | Size = 1291 bytes | Created Date = 8/10/2008 8:57:21 PM | Attr = ] Peril-trans.bmp -> %UserProfile%\Desktop\Peril-trans.bmp -> [Ver = | Size = 19254 bytes | Created Date = 8/6/2008 5:36:25 PM | Attr = ] Peril.tga -> %UserProfile%\Desktop\Peril.tga -> [Ver = | Size = 16402 bytes | Created Date = 8/5/2008 3:49:31 AM | Attr = ] Peril0 (128 x 128).jpg -> %UserProfile%\Desktop\Peril0 (128 x 128).jpg -> [Ver = | Size = 4752 bytes | Created Date = 8/5/2008 4:03:06 AM | Attr = ] Peril1 (128 x 128).jpg -> %UserProfile%\Desktop\Peril1 (128 x 128).jpg -> [Ver = | Size = 4930 bytes | Created Date = 8/5/2008 4:02:44 AM | Attr = ] Peril2 (128 x 128).jpg -> %UserProfile%\Desktop\Peril2 (128 x 128).jpg -> [Ver = | Size = 5084 bytes | Created Date = 8/5/2008 4:03:43 AM | Attr = ] Peril3 (128 x 128).jpg -> %UserProfile%\Desktop\Peril3 (128 x 128).jpg -> [Ver = | Size = 5306 bytes | Created Date = 8/5/2008 4:03:54 AM | Attr = ] Peril4 (128 x 128).jpg -> %UserProfile%\Desktop\Peril4 (128 x 128).jpg -> [Ver = | Size = 5224 bytes | Created Date = 8/5/2008 4:04:10 AM | Attr = ] Peril5 (128 x 128).jpg -> %UserProfile%\Desktop\Peril5 (128 x 128).jpg -> [Ver = | Size = 5052 bytes | Created Date = 8/5/2008 4:04:25 AM | Attr = ] Peril6 (128 x 128).jpg -> %UserProfile%\Desktop\Peril6 (128 x 128).jpg -> [Ver = | Size = 4752 bytes | Created Date = 8/5/2008 4:04:34 AM | Attr = ] peril64.tga -> %UserProfile%\Desktop\peril64.tga -> [Ver = | Size = 16402 bytes | Created Date = 8/5/2008 4:38:26 AM | Attr = ] peril68.vtf -> %UserProfile%\Desktop\peril68.vtf -> [Ver = | Size = 19416 bytes | Created Date = 8/5/2008 4:24:57 AM | Attr = ] perilspray.vtf -> %UserProfile%\Desktop\perilspray.vtf -> [Ver = | Size = 19416 bytes | Created Date = 8/5/2008 3:53:19 AM | Attr = ] PIXresizer (640 x 480).jpg -> %UserProfile%\Desktop\PIXresizer (640 x 480).jpg -> [Ver = | Size = 67311 bytes | Created Date = 6/25/2008 7:43:17 AM | Attr = ] Portal - Level.wmv -> %UserProfile%\Desktop\Portal - Level.wmv -> [Ver = | Size = 8294081 bytes | Created Date = 6/18/2008 7:10:11 PM | Attr = ] Public_Installer -> %UserProfile%\Desktop\Public_Installer -> [Folder | Created Date = 8/5/2008 3:55:46 PM | Attr = ] RC15B26 -> %UserProfile%\Desktop\RC15B26 -> [Folder | Created Date = 6/4/2008 2:18:03 PM | Attr = ] rigid-chips.wmv -> %UserProfile%\Desktop\rigid-chips.wmv -> [Ver = | Size = 2501769 bytes | Created Date = 6/20/2008 12:05:52 AM | Attr = ] RigidChips15B26 2008-06-20 16-16-11-96.avi -> %UserProfile%\Desktop\RigidChips15B26 2008-06-20 16-16-11-96.avi -> [Ver = | Size = 24854536 bytes | Created Date = 6/20/2008 4:16:12 PM | Attr = ] rocket.gif -> %UserProfile%\Desktop\rocket.gif -> [Ver = | Size = 5033 bytes | Created Date = 8/7/2008 1:37:22 AM | Attr = ] roflcopterft7.gif -> %UserProfile%\Desktop\roflcopterft7.gif -> [Ver = | Size = 6717 bytes | Created Date = 6/18/2008 2:07:20 AM | Attr = ] save -> %UserProfile%\Desktop\save -> [Folder | Created Date = 6/14/2008 1:19:58 AM | Attr = ] settings.ini -> %UserProfile%\Desktop\settings.ini -> [Ver = | Size = 104 bytes | Created Date = 5/30/2008 5:41:08 PM | Attr = ] Setup.exe -> %UserProfile%\Desktop\Setup.exe -> Zango, Inc. [Ver = 53, 0, 7, 0 | Size = 334088 bytes | Created Date = 6/3/2008 1:33:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Setup.exe:Zone.Identifier sg_base -> %UserProfile%\Desktop\sg_base -> [Folder | Created Date = 7/1/2008 11:50:54 PM | Attr = ] shadowlolz.jpg -> %UserProfile%\Desktop\shadowlolz.jpg -> [Ver = | Size = 3077 bytes | Created Date = 8/7/2008 2:00:18 AM | Attr = ] Shortcut to addons.lnk -> %UserProfile%\Desktop\Shortcut to addons.lnk -> [Ver = | Size = 954 bytes | Created Date = 6/25/2008 12:31:53 PM | Attr = ] Shortcut to AssaultDroid.lnk -> %UserProfile%\Desktop\Shortcut to AssaultDroid.lnk -> [Ver = | Size = 661 bytes | Created Date = 8/10/2008 8:19:51 PM | Attr = ] Shortcut to Bontago.lnk -> %UserProfile%\Desktop\Shortcut to Bontago.lnk -> [Ver = | Size = 666 bytes | Created Date = 5/27/2008 6:12:04 PM | Attr = ] Shortcut to Game_Maker.lnk -> %UserProfile%\Desktop\Shortcut to Game_Maker.lnk -> [Ver = | Size = 713 bytes | Created Date = 6/21/2008 3:47:44 AM | Attr = ] Shortcut to logos.lnk -> %UserProfile%\Desktop\Shortcut to logos.lnk -> [Ver = | Size = 1110 bytes | Created Date = 8/5/2008 4:51:08 AM | Attr = ] Shortcut to movies.lnk -> %UserProfile%\Desktop\Shortcut to movies.lnk -> [Ver = | Size = 1117 bytes | Created Date = 7/25/2008 11:28:13 AM | Attr = ] Shortcut to RigidChips15B26.lnk -> %UserProfile%\Desktop\Shortcut to RigidChips15B26.lnk -> [Ver = | Size = 600 bytes | Created Date = 6/5/2008 9:28:27 AM | Attr = ] Shortcut to SuperWebcam.lnk -> %UserProfile%\Desktop\Shortcut to SuperWebcam.lnk -> [Ver = | Size = 718 bytes | Created Date = 6/25/2008 7:19:32 AM | Attr = ] Shortcut to Wow.lnk -> %UserProfile%\Desktop\Shortcut to Wow.lnk -> [Ver = | Size = 814 bytes | Created Date = 6/25/2008 3:36:50 AM | Attr = ] SM-06_Battlespider_C1.rcd -> %UserProfile%\Desktop\SM-06_Battlespider_C1.rcd -> [Ver = | Size = 55833 bytes | Created Date = 6/15/2008 2:47:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SM-06_Battlespider_C1.rcd:Zone.Identifier SprayR -> %UserProfile%\Desktop\SprayR -> [Folder | Created Date = 8/9/2008 11:11:31 AM | Attr = ] SprayR.lnk -> %UserProfile%\Desktop\SprayR.lnk -> [Ver = | Size = 654 bytes | Created Date = 8/9/2008 11:14:49 AM | Attr = ] Steam -> %UserProfile%\Desktop\Steam -> [Folder | Created Date = 8/1/2008 2:23:01 PM | Attr = ] StickMen2.exe -> %UserProfile%\Desktop\StickMen2.exe -> [Ver = 2, 0, 0, 21 | Size = 186001 bytes | Created Date = 8/17/2008 3:22:37 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\StickMen2.exe:Zone.Identifier Submarine_Grey_H_CNT.rcd -> %UserProfile%\Desktop\Submarine_Grey_H_CNT.rcd -> [Ver = | Size = 19766 bytes | Created Date = 6/23/2008 1:02:37 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Submarine_Grey_H_CNT.rcd:Zone.Identifier Team Fortress Classic.lnk -> %UserProfile%\Desktop\Team Fortress Classic.lnk -> [Ver = | Size = 1576 bytes | Created Date = 8/1/2008 2:24:02 PM | Attr = ] The Battle for Middle-earth (tm).lnk -> %UserProfile%\Desktop\The Battle for Middle-earth (tm).lnk -> [Ver = | Size = 1975 bytes | Created Date = 6/19/2008 3:26:01 AM | Attr = ] The Ultra Sub-Compact Mini Uber Jet.rcd -> %UserProfile%\Desktop\The Ultra Sub-Compact Mini Uber Jet.rcd -> [Ver = | Size = 1381 bytes | Created Date = 6/21/2008 1:52:51 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 79360 bytes | Created Date = 5/23/2008 11:02:45 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable tradingcardgame.swf -> %UserProfile%\Desktop\tradingcardgame.swf -> [Ver = | Size = 141321 bytes | Created Date = 6/20/2008 7:36:24 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\tradingcardgame.swf:Zone.Identifier uninstall_flash_player.exe -> %UserProfile%\Desktop\uninstall_flash_player.exe -> Adobe Systems Incorporated [Ver = 4.0.0.8 | Size = 185008 bytes | Created Date = 6/3/2008 3:22:41 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\uninstall_flash_player.exe:Zone.Identifier Version 1.1b -> %UserProfile%\Desktop\Version 1.1b -> [Folder | Created Date = 6/7/2008 3:53:30 PM | Attr = ] video -> %UserProfile%\Desktop\video -> [Folder | Created Date = 6/18/2008 7:02:12 PM | Attr = ] VTFEdit.lnk -> %UserProfile%\Desktop\VTFEdit.lnk -> [Ver = | Size = 616 bytes | Created Date = 8/5/2008 3:20:02 AM | Attr = ] vtfedit125-20.exe -> %UserProfile%\Desktop\vtfedit125-20.exe -> Neil Jedrzejewski & Ryan Gregg [Ver = | Size = 869928 bytes | Created Date = 8/5/2008 3:07:54 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\vtfedit125-20.exe:Zone.Identifier WiiSticks_Beta_02 -> %UserProfile%\Desktop\WiiSticks_Beta_02 -> [Folder | Created Date = 8/14/2008 11:18:18 PM | Attr = ] Windows Movie Maker.lnk -> %UserProfile%\Desktop\Windows Movie Maker.lnk -> [Ver = | Size = 786 bytes | Created Date = 6/18/2008 7:04:04 PM | Attr = ] wtflol.gif -> %UserProfile%\Desktop\wtflol.gif -> [Ver = | Size = 174584 bytes | Created Date = 6/19/2008 12:42:22 AM | Attr = ] zasetsuko.exe -> %UserProfile%\Desktop\zasetsuko.exe -> Igor Pavlov [Ver = 4, 11, 0, 0 | Size = 11919188 bytes | Created Date = 6/20/2008 6:34:57 PM | Attr = ] zasetsuko.zip -> %UserProfile%\Desktop\zasetsuko.zip -> [Ver = | Size = 11915851 bytes | Created Date = 6/20/2008 6:35:28 PM | Attr = ] zoid.gif -> %UserProfile%\Desktop\zoid.gif -> [Ver = | Size = 523665 bytes | Created Date = 8/9/2008 3:44:43 PM | Attr = ] _outside____1.jpg -> %UserProfile%\Desktop\_outside____1.jpg -> [Ver = | Size = 181424 bytes | Created Date = 7/27/2008 10:28:01 PM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 8/17/2008 1:58:28 PM | Attr = ] ArtMoney- -> %ProgramFiles%\ArtMoney- -> [Folder | Created Date = 6/13/2008 12:52:14 AM | Attr = ] BitTorrent -> %ProgramFiles%\BitTorrent -> [Folder | Created Date = 6/6/2008 10:03:39 PM | Attr = ] BSR Screen Recorder 4 -> %ProgramFiles%\BSR Screen Recorder 4 -> [Folder | Created Date = 6/25/2008 4:40:35 AM | Attr = ] ConTEXT -> %ProgramFiles%\ConTEXT -> [Folder | Created Date = 6/5/2008 8:33:10 AM | Attr = ] EasyRecorder -> %ProgramFiles%\EasyRecorder -> [Folder | Created Date = 7/21/2008 12:41:01 AM | Attr = ] Game_Maker6 -> %ProgramFiles%\Game_Maker6 -> [Folder | Created Date = 6/21/2008 3:38:22 AM | Attr = ] GoldWave -> %ProgramFiles%\GoldWave -> [Folder | Created Date = 8/14/2008 6:14:48 PM | Attr = ] Illustrate -> %ProgramFiles%\Illustrate -> [Folder | Created Date = 8/11/2008 7:04:35 PM | Attr = ] IVT Corporation -> %ProgramFiles%\IVT Corporation -> [Folder | Created Date = 6/23/2008 1:38:13 AM | Attr = ] JellyCar -> %ProgramFiles%\JellyCar -> [Folder | Created Date = 8/14/2008 11:58:43 PM | Attr = ] MSBuild -> %ProgramFiles%\MSBuild -> [Folder | Created Date = 6/14/2008 12:56:34 AM | Attr = ] Narbacular Drop -> %ProgramFiles%\Narbacular Drop -> [Folder | Created Date = 5/27/2008 4:37:59 PM | Attr = ] Paint.NET -> %ProgramFiles%\Paint.NET -> [Folder | Created Date = 8/6/2008 5:25:34 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 8/17/2008 2:01:47 PM | Attr = ] Reference Assemblies -> %ProgramFiles%\Reference Assemblies -> [Folder | Created Date = 6/14/2008 12:56:06 AM | Attr = ] SprayR -> %ProgramFiles%\SprayR -> [Folder | Created Date = 8/9/2008 11:14:47 AM | Attr = ] StickMen Screen Saver -> %ProgramFiles%\StickMen Screen Saver -> [Folder | Created Date = 8/17/2008 3:22:59 PM | Attr = ] SuperWebcam -> %ProgramFiles%\SuperWebcam -> [Folder | Created Date = 6/25/2008 7:17:48 AM | Attr = ] Terragen -> %ProgramFiles%\Terragen -> [Folder | Created Date = 8/20/2008 5:17:35 PM | Attr = ] TortoiseSVN -> %ProgramFiles%\TortoiseSVN -> [Folder | Created Date = 6/10/2008 3:11:11 AM | Attr = ] Trainer Creation Kit -> %ProgramFiles%\Trainer Creation Kit -> [Folder | Created Date = 6/14/2008 10:45:12 PM | Attr = ] Trainer Maker Kit -> %ProgramFiles%\Trainer Maker Kit -> [Folder | Created Date = 6/14/2008 12:55:49 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/19/2008 4:59:22 PM | Attr = ] Valve -> %ProgramFiles%\Valve -> [Folder | Created Date = 8/5/2008 4:01:01 PM | Attr = ] VTFEdit -> %ProgramFiles%\VTFEdit -> [Folder | Created Date = 8/5/2008 3:20:01 AM | Attr = ] [Files/Folders - Modified Within 90 days] Converted Music -> %SystemDrive%\Converted Music -> [Folder | Modified Date = 8/14/2008 6:27:33 PM | Attr = ] devkitPro -> %SystemDrive%\devkitPro -> [Folder | Modified Date = 6/19/2008 2:41:03 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/19/2008 7:03:51 AM | Attr = ] Fraps -> %SystemDrive%\Fraps -> [Folder | Modified Date = 6/19/2008 2:05:21 AM | Attr = ] Games -> %SystemDrive%\Games -> [Folder | Modified Date = 8/10/2008 8:16:46 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535351296 bytes | Modified Date = 8/20/2008 4:49:32 PM | Attr = HS] My Music -> %SystemDrive%\My Music -> [Folder | Modified Date = 6/6/2008 10:06:24 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/20/2008 5:17:35 PM | Attr = R ] Python25 -> %SystemDrive%\Python25 -> [Folder | Modified Date = 6/17/2008 5:30:48 PM | Attr = ] QUAKE_SW -> %SystemDrive%\QUAKE_SW -> [Folder | Modified Date = 5/30/2008 10:32:01 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/19/2008 7:34:19 AM | Attr = HS] server -> %SystemDrive%\server -> [Folder | Modified Date = 8/5/2008 3:58:48 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/19/2008 8:24:28 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/20/2008 4:51:52 PM | Attr = ] (null)id -> %SystemRoot%\System32\(null)id -> [Ver = | Size = 0 bytes | Modified Date = 7/15/2008 5:14:59 PM | Attr = ] 0 -> %SystemRoot%\System32\0 -> [Ver = | Size = 0 bytes | Modified Date = 6/23/2008 1:37:57 AM | Attr = ] blphcj41j0e38v.scr -> %SystemRoot%\System32\blphcj41j0e38v.scr -> Sysinternals [Ver = 3.2 | Size = 118784 bytes | Modified Date = 8/19/2008 8:24:03 PM | Attr = ] BlueSoleilCSps.dll -> %SystemRoot%\System32\BlueSoleilCSps.dll -> IVT Corporation [Ver = 1, 0, 0, 0 | Size = 520307 bytes | Modified Date = 6/4/2008 6:28:50 PM | Attr = ] Bs2Res.dll -> %SystemRoot%\System32\Bs2Res.dll -> [Ver = 1, 0, 0, 1 | Size = 98403 bytes | Modified Date = 6/4/2008 6:27:44 PM | Attr = ] Bscdlg.dll -> %SystemRoot%\System32\Bscdlg.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 540758 bytes | Modified Date = 6/4/2008 6:29:34 PM | Attr = ] BsCommon.dll -> %SystemRoot%\System32\BsCommon.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 143450 bytes | Modified Date = 6/4/2008 6:28:58 PM | Attr = ] bscs.ini -> %SystemRoot%\System32\bscs.ini -> [Ver = | Size = 837 bytes | Modified Date = 8/19/2008 8:20:58 PM | Attr = ] BsHelpCSps.dll -> %SystemRoot%\System32\BsHelpCSps.dll -> IVT Corporation [Ver = 1, 0, 0, 0 | Size = 94314 bytes | Modified Date = 6/4/2008 6:28:52 PM | Attr = ] BsMobileCSps.dll -> %SystemRoot%\System32\BsMobileCSps.dll -> [Ver = | Size = 28672 bytes | Modified Date = 6/4/2008 6:27:02 PM | Attr = ] BsMobileSDK.dll -> %SystemRoot%\System32\BsMobileSDK.dll -> [Ver = | Size = 118880 bytes | Modified Date = 6/4/2008 6:27:10 PM | Attr = ] BsMonSvr.dll -> %SystemRoot%\System32\BsMonSvr.dll -> IVT Corporation. [Ver = 1, 0, 0, 1 | Size = 18432 bytes | Modified Date = 6/4/2008 6:30:52 PM | Attr = ] BsMonUI.dll -> %SystemRoot%\System32\BsMonUI.dll -> IVT Corporation. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 6/4/2008 6:30:56 PM | Attr = ] BSPRINT.INI -> %SystemRoot%\System32\BSPRINT.INI -> [Ver = | Size = 0 bytes | Modified Date = 6/23/2008 1:39:49 AM | Attr = ] BsProfileFunc.dll -> %SystemRoot%\System32\BsProfileFunc.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 114788 bytes | Modified Date = 6/4/2008 6:29:24 PM | Attr = ] bsratswf.dll -> %SystemRoot%\System32\bsratswf.dll -> [Ver = | Size = 585728 bytes | Modified Date = 6/25/2008 4:40:37 AM | Attr = ] bsratwmv.dll -> %SystemRoot%\System32\bsratwmv.dll -> [Ver = | Size = 147456 bytes | Modified Date = 6/25/2008 4:40:37 AM | Attr = ] BsSDK.dll -> %SystemRoot%\System32\BsSDK.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 225364 bytes | Modified Date = 6/4/2008 6:27:42 PM | Attr = ] BSShell.dll -> %SystemRoot%\System32\BSShell.dll -> [Ver = 1, 0, 0, 1 | Size = 622693 bytes | Modified Date = 6/4/2008 6:29:48 PM | Attr = ] BsTrace.dll -> %SystemRoot%\System32\BsTrace.dll -> ivt [Ver = 1, 0, 0, 1 | Size = 28760 bytes | Modified Date = 6/4/2008 6:26:52 PM | Attr = ] BsUI.dll -> %SystemRoot%\System32\BsUI.dll -> [Ver = 1, 0, 0, 1 | Size = 405589 bytes | Modified Date = 6/4/2008 6:30:44 PM | Attr = ] btfunc.dll -> %SystemRoot%\System32\btfunc.dll -> IVT Corporation [Ver = 1, 2, 0, 0 | Size = 57430 bytes | Modified Date = 6/4/2008 6:30:30 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/20/2008 5:05:43 PM | Attr = ] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/20/2008 5:05:43 PM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 8/20/2008 5:05:44 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/10/2008 12:40:40 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 47626 bytes | Modified Date = 8/20/2008 4:50:56 PM | Attr = ] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 8/19/2008 8:14:29 PM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 8/15/2008 12:02:48 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/14/2008 3:06:54 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/18/2008 6:38:14 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 6/14/2008 12:56:29 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 733464 bytes | Modified Date = 6/15/2008 1:05:52 AM | Attr = ] HtmPrintHelper.dll -> %SystemRoot%\System32\HtmPrintHelper.dll -> [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 6/4/2008 6:30:04 PM | Attr = ] LMIinit.dll -> %SystemRoot%\System32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 PM | Attr = ] lmimirr.dll -> %SystemRoot%\System32\lmimirr.dll -> LogMeIn, Inc. [Ver = 2.50.596 | Size = 23736 bytes | Modified Date = 5/28/2008 12:32:56 PM | Attr = ] lmimirr2.dll -> %SystemRoot%\System32\lmimirr2.dll -> LogMeIn, Inc. [Ver = 2.50.596 | Size = 10040 bytes | Modified Date = 5/28/2008 12:32:56 PM | Attr = ] LMIport.dll -> %SystemRoot%\System32\LMIport.dll -> LogMeIn, Inc. [Ver = 0.2.0.0 | Size = 24608 bytes | Modified Date = 5/28/2008 12:32:58 PM | Attr = ] LMIRfsClientNP.dll -> %SystemRoot%\System32\LMIRfsClientNP.dll -> LogMeIn, Inc. [Ver = 2.1.3.0 | Size = 83288 bytes | Modified Date = 5/28/2008 12:33:14 PM | Attr = ] lphcj41j0e38v.exe -> %SystemRoot%\System32\lphcj41j0e38v.exe -> [Ver = | Size = 194560 bytes | Modified Date = 8/18/2008 5:49:26 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 6/6/2008 3:11:16 PM | Attr = ] outlookAddin.dll -> %SystemRoot%\System32\outlookAddin.dll -> [Ver = 1, 0, 0, 2 | Size = 278647 bytes | Modified Date = 6/4/2008 6:30:22 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 97090 bytes | Modified Date = 6/14/2008 12:58:18 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 507130 bytes | Modified Date = 6/14/2008 12:58:18 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 613248 bytes | Modified Date = 6/14/2008 12:58:18 AM | Attr = ] phcj41j0e38v.bmp -> %SystemRoot%\System32\phcj41j0e38v.bmp -> [Ver = | Size = 625208 bytes | Modified Date = 8/19/2008 8:23:56 PM | Attr = ] PlayerCtrl.dll -> %SystemRoot%\System32\PlayerCtrl.dll -> IVT [Ver = 1, 0, 0, 1 | Size = 28766 bytes | Modified Date = 6/4/2008 6:27:48 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Modified Date = 5/27/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Modified Date = 5/27/2008 10:50:34 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/19/2008 8:24:28 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 6/14/2008 12:55:09 AM | Attr = ] SpoonUninstall-dBpowerAMP Music Converter.bmp -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp -> [Ver = | Size = 33846 bytes | Modified Date = 8/11/2008 7:04:24 PM | Attr = ] SpoonUninstall-dBpowerAMP Music Converter.dat -> %SystemRoot%\System32\SpoonUninstall-dBpowerAMP Music Converter.dat -> [Ver = | Size = 36104 bytes | Modified Date = 8/11/2008 7:04:51 PM | Attr = ] SpoonUninstall.exe -> %SystemRoot%\System32\SpoonUninstall.exe -> [Ver = | Size = 131072 bytes | Modified Date = 8/11/2008 7:04:51 PM | Attr = ] Tr_sttool.dat -> %SystemRoot%\System32\Tr_sttool.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/21/2008 12:36:34 AM | Attr = ] versit.dll -> %SystemRoot%\System32\versit.dll -> Versit Consortium (Apple Computer, AT&T, IBM and Siemens) [Ver = 1, 0, 0, 1 | Size = 114774 bytes | Modified Date = 6/4/2008 6:29:58 PM | Attr = ] wiiload.exe -> %SystemRoot%\System32\wiiload.exe -> [Ver = | Size = 11264 bytes | Modified Date = 5/24/2008 6:47:12 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 5/24/2008 3:34:01 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 6/14/2008 12:56:22 AM | Attr = ] ~.exe -> %SystemRoot%\System32\~.exe -> [Ver = | Size = 210088 bytes | Modified Date = 8/18/2008 5:48:36 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 3:06:43 AM | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 0 -> %SystemRoot%\0 -> [Ver = | Size = 32 bytes | Modified Date = 6/23/2008 1:39:55 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 8/15/2008 12:01:02 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/20/2008 4:49:34 PM | Attr = S] creator -> %SystemRoot%\creator -> [Folder | Modified Date = 6/20/2008 12:25:51 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/19/2008 7:36:40 AM | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/14/2008 12:56:30 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/9/2008 3:03:07 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 3:06:48 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/20/2008 5:03:03 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/20/2008 5:17:40 PM | Attr = HS] LogonStudio.ini -> %SystemRoot%\LogonStudio.ini -> [Ver = | Size = 24 bytes | Modified Date = 6/28/2008 6:23:01 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 6/14/2008 2:36:12 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 7/8/2008 9:27:12 AM | Attr = ] NARBACULARDROP.INI -> %SystemRoot%\NARBACULARDROP.INI -> [Ver = | Size = 65 bytes | Modified Date = 5/27/2008 4:38:07 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 8/17/2008 4:24:58 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/20/2008 6:14:02 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 7/31/2008 7:40:37 AM | Attr = ] SMINST -> %SystemRoot%\SMINST -> [Folder | Modified Date = 6/20/2008 12:23:07 AM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 6/14/2008 12:55:41 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/19/2008 8:14:29 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/17/2008 1:58:36 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/20/2008 5:21:22 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 798 bytes | Modified Date = 6/28/2008 6:23:27 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 8/6/2008 5:25:47 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/17/2008 2:10:53 PM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 1:16:48 AM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 352 bytes | Modified Date = 8/1/2008 1:07:46 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/20/2008 4:49:38 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 7/1/2007 10:53:13 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/20/2008 5:01:40 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 8/20/2008 5:01:40 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/9/2007 8:36:46 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8294 bytes | Modified Date = 8/19/2008 7:36:19 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0 -> [Folder | Modified Date = 1/14/2008 8:41:22 AM | Attr = ] VCExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VCExpress\8.0\VCExpress000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 1/14/2008 8:40:58 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 8/6/2008 12:00:49 AM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 524 bytes | Modified Date = 8/1/2007 12:00:36 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/29/2007 7:43:29 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 7/29/2007 7:44:23 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release -> [Folder | Modified Date = 1/17/2007 12:33:44 AM | Attr = ] WiiStix.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\WiiStix.exe -> [Ver = | Size = 118784 bytes | Modified Date = 1/17/2007 12:26:47 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for A_Heros_Adventure_2[1].zip\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for A_Heros_Adventure_2[1].zip\ -> [Folder | Modified Date = 8/5/2008 10:11:31 PM | Attr = H ] A Hero's Adventure.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for A_Heros_Adventure_2[1].zip\A Hero's Adventure.exe -> [Ver = | Size = 2228736 bytes | Modified Date = 6/26/2008 11:14:18 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for AssaultDroid[1].zip\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for AssaultDroid[1].zip\ -> [Folder | Modified Date = 8/10/2008 8:16:19 PM | Attr = H ] Setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for AssaultDroid[1].zip\Setup.exe -> [Ver = | Size = 19473692 bytes | Modified Date = 8/8/2008 5:39:32 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\nsd19.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\nsd19.tmp\ -> [Folder | Modified Date = 8/18/2008 6:07:57 PM | Attr = ] euladlg.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\nsd19.tmp\euladlg.dll -> [Ver = | Size = 69632 bytes | Modified Date = 8/18/2008 6:07:58 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release -> [Folder | Modified Date = 1/17/2007 12:33:44 AM | Attr = ] cg.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\cg.dll -> NVIDIA Corporation [Ver = 1, 41, 0603, 092 | Size = 1683456 bytes | Modified Date = 3/9/2006 7:53:20 PM | Attr = ] DevIL.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\DevIL.dll -> [Ver = | Size = 761856 bytes | Modified Date = 11/9/2005 12:30:14 AM | Attr = ] ILU.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\ILU.dll -> [Ver = | Size = 73728 bytes | Modified Date = 11/9/2005 12:25:40 AM | Attr = ] ILUT.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\ILUT.dll -> [Ver = | Size = 15872 bytes | Modified Date = 11/9/2005 12:25:50 AM | Attr = ] Newton.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\Newton.dll -> [Ver = | Size = 446464 bytes | Modified Date = 5/24/2006 9:32:36 PM | Attr = ] OgreGUIRenderer.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\OgreGUIRenderer.dll -> [Ver = | Size = 61440 bytes | Modified Date = 8/13/2006 5:43:43 PM | Attr = ] OgreMain.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\OgreMain.dll -> [Ver = | Size = 2499072 bytes | Modified Date = 8/13/2006 5:42:13 PM | Attr = ] OgrePlatform.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\OgrePlatform.dll -> [Ver = | Size = 372736 bytes | Modified Date = 8/13/2006 5:44:56 PM | Attr = ] OgrePlatform_original.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\OgrePlatform_original.dll -> [Ver = | Size = 372736 bytes | Modified Date = 8/13/2006 5:44:56 PM | Attr = ] RenderSystem_Direct3D9.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\RenderSystem_Direct3D9.dll -> [Ver = | Size = 344064 bytes | Modified Date = 8/13/2006 5:44:39 PM | Attr = ] RenderSystem_GL.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\RenderSystem_GL.dll -> [Ver = | Size = 512000 bytes | Modified Date = 8/13/2006 5:45:45 PM | Attr = ] zlib1.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rar$DR01.312\WiiSticks_Beta_02\Release\zlib1.dll -> [Ver = 1.2.1 | Size = 55808 bytes | Modified Date = 11/17/2003 11:29:04 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 6:09:59 PM | Attr = ] Perflib_Perfdata_784.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_784.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/1/2008 12:08:07 AM | Attr = ] 85 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/20/2008 6:09:59 PM | Attr = ] WinStyles.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\WinStyles.ini -> [Ver = | Size = 1448 bytes | Modified Date = 12/19/2005 9:14:48 PM | Attr = ] 85 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\~thememgr\ -> C:\Documents and Settings\Owner\Local Settings\Temp\~thememgr -> [Folder | Modified Date = 8/19/2008 9:53:15 PM | Attr = ] WinStyles.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\~thememgr\WinStyles.ini -> [Ver = | Size = 1448 bytes | Modified Date = 12/19/2005 9:14:48 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/20/2008 6:14:05 PM | Attr = ] 0rbujrnw.cmdline -> C:\WINDOWS\Temp\0rbujrnw.cmd -> [Ver = | Size = 315 bytes | Modified Date = 7/31/2008 7:29:45 PM | Attr = ] b_g-okyk.cmdline -> C:\WINDOWS\Temp\b_g-okyk.cmd -> [Ver = | Size = 315 bytes | Modified Date = 7/16/2008 10:35:49 PM | Attr = ] npqqn4gw.cmdline -> C:\WINDOWS\Temp\npqqn4gw.cmd -> [Ver = | Size = 315 bytes | Modified Date = 6/26/2008 2:22:52 PM | Attr = ] s-lxpnly.cmdline -> C:\WINDOWS\Temp\s-lxpnly.cmd -> [Ver = | Size = 315 bytes | Modified Date = 6/30/2008 12:47:46 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/20/2008 6:14:05 PM | Attr = ] 0rbujrnw.dll -> C:\WINDOWS\Temp\0rbujrnw.dll -> [Ver = | Size = 0 bytes | Modified Date = 7/31/2008 7:29:45 PM | Attr = ] b_g-okyk.dll -> C:\WINDOWS\Temp\b_g-okyk.dll -> [Ver = | Size = 0 bytes | Modified Date = 7/16/2008 10:35:48 PM | Attr = ] npqqn4gw.dll -> C:\WINDOWS\Temp\npqqn4gw.dll -> [Ver = | Size = 0 bytes | Modified Date = 6/26/2008 2:22:52 PM | Attr = ] s-lxpnly.dll -> C:\WINDOWS\Temp\s-lxpnly.dll -> [Ver = | Size = 0 bytes | Modified Date = 6/30/2008 12:47:46 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/20/2008 6:14:05 PM | Attr = ] Perflib_Perfdata_1a74.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1a74.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/23/2008 8:21:16 AM | Attr = ] Perflib_Perfdata_1b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/20/2008 4:50:00 PM | Attr = ] Perflib_Perfdata_1e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2008 9:38:06 PM | Attr = ] Perflib_Perfdata_408.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_408.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/23/2008 11:16:59 PM | Attr = ] Perflib_Perfdata_40c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_40c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/22/2008 4:21:17 PM | Attr = ] Perflib_Perfdata_45c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_45c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/26/2008 8:38:24 PM | Attr = ] Perflib_Perfdata_484.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_484.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 7:20:41 AM | Attr = ] Perflib_Perfdata_488.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_488.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2008 4:46:22 PM | Attr = ] Perflib_Perfdata_4e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2008 4:17:31 PM | Attr = ] Perflib_Perfdata_4fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/15/2008 1:06:40 AM | Attr = ] Perflib_Perfdata_56c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2008 7:03:52 AM | Attr = ] Perflib_Perfdata_5c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/23/2008 8:31:14 PM | Attr = ] Perflib_Perfdata_5d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/17/2008 4:57:59 PM | Attr = ] Perflib_Perfdata_62c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/12/2008 12:09:53 AM | Attr = ] Perflib_Perfdata_678.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_678.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2008 7:44:03 PM | Attr = ] Perflib_Perfdata_6f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/16/2008 9:20:01 PM | Attr = ] Perflib_Perfdata_74c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_74c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:28:14 AM | Attr = ] Perflib_Perfdata_794.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_794.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/9/2008 11:04:00 PM | Attr = ] Perflib_Perfdata_814.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_814.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/2/2008 11:33:00 AM | Attr = ] Perflib_Perfdata_92c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_92c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/28/2008 3:09:09 PM | Attr = ] Perflib_Perfdata_980.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_980.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/15/2008 10:04:00 PM | Attr = ] Perflib_Perfdata_9a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/3/2008 5:01:26 PM | Attr = ] Perflib_Perfdata_9ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/9/2008 3:31:25 PM | Attr = ] Perflib_Perfdata_9b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/8/2008 11:24:35 AM | Attr = ] Perflib_Perfdata_9bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9bc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/7/2008 12:46:47 PM | Attr = ] Perflib_Perfdata_9c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/10/2008 11:35:10 AM | Attr = ] Perflib_Perfdata_9f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/14/2008 3:15:43 AM | Attr = ] Perflib_Perfdata_9fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_9fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/3/2008 1:41:00 PM | Attr = ] Perflib_Perfdata_a00.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a00.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/15/2008 11:06:24 PM | Attr = ] Perflib_Perfdata_a04.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a04.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/9/2008 10:33:37 AM | Attr = ] Perflib_Perfdata_a08.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a08.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/6/2008 4:35:08 PM | Attr = ] Perflib_Perfdata_a2c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a2c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/18/2008 4:16:16 PM | Attr = ] Perflib_Perfdata_a44.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a44.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/18/2008 6:42:16 AM | Attr = ] Perflib_Perfdata_a48.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a48.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:36:57 AM | Attr = ] Perflib_Perfdata_a54.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a54.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/8/2008 9:33:48 AM | Attr = ] Perflib_Perfdata_ab8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ab8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/16/2008 11:43:14 AM | Attr = ] Perflib_Perfdata_b00.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b00.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/28/2008 3:26:01 PM | Attr = ] Perflib_Perfdata_b08.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b08.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/22/2008 4:52:42 PM | Attr = ] Perflib_Perfdata_b0c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b0c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/28/2008 8:30:58 AM | Attr = ] Perflib_Perfdata_b10.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b10.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/28/2008 8:44:25 AM | Attr = ] Perflib_Perfdata_b14.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b14.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/4/2008 9:24:07 PM | Attr = ] Perflib_Perfdata_b18.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b18.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2008 9:57:45 AM | Attr = ] Perflib_Perfdata_b3c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b3c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/30/2008 3:19:20 PM | Attr = ] Perflib_Perfdata_b58.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b58.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/29/2008 6:00:56 AM | Attr = ] Perflib_Perfdata_b5c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b5c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/14/2008 6:22:51 PM | Attr = ] Perflib_Perfdata_b7c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b7c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/14/2008 11:32:12 AM | Attr = ] Perflib_Perfdata_b80.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b80.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/25/2008 7:48:04 PM | Attr = ] Perflib_Perfdata_b88.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b88.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/9/2008 4:30:04 AM | Attr = ] Perflib_Perfdata_b98.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b98.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/30/2008 2:41:29 AM | Attr = ] Perflib_Perfdata_ba8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ba8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/28/2008 1:21:38 AM | Attr = ] Perflib_Perfdata_bac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/17/2008 2:08:42 PM | Attr = ] Perflib_Perfdata_bb0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bb0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/6/2008 3:12:29 PM | Attr = ] Perflib_Perfdata_bc0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bc0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/25/2008 2:51:13 PM | Attr = ] Perflib_Perfdata_bc8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bc8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/18/2008 3:50:00 PM | Attr = ] Perflib_Perfdata_bd4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bd4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/23/2008 9:42:51 PM | Attr = ] Perflib_Perfdata_be4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_be4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/15/2008 10:40:13 PM | Attr = ] Perflib_Perfdata_be8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_be8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/14/2008 6:41:43 AM | Attr = ] Perflib_Perfdata_bf0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bf0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/17/2008 4:00:23 PM | Attr = ] Perflib_Perfdata_bfc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bfc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/30/2008 10:11:37 AM | Attr = ] Perflib_Perfdata_c00.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c00.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/23/2008 11:08:58 AM | Attr = ] Perflib_Perfdata_c08.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c08.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/21/2008 5:33:57 PM | Attr = ] Perflib_Perfdata_c28.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c28.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/28/2008 8:44:29 PM | Attr = ] Perflib_Perfdata_c2c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c2c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/24/2008 1:20:45 AM | Attr = ] Perflib_Perfdata_c40.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c40.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/31/2008 7:36:12 AM | Attr = ] Perflib_Perfdata_c50.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_c50.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/29/2008 1:47:28 AM | Attr = ] Perflib_Perfdata_cc8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cc8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/23/2008 1:44:23 PM | Attr = ] Perflib_Perfdata_cf0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cf0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/11/2008 9:05:59 PM | Attr = ] Perflib_Perfdata_d30.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d30.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/28/2008 6:24:31 AM | Attr = ] Perflib_Perfdata_d48.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_d48.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/2/2008 7:58:33 AM | Attr = ] Perflib_Perfdata_db8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_db8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/18/2008 7:19:09 AM | Attr = ] Perflib_Perfdata_dd4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_dd4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/3/2008 2:59:11 AM | Attr = ] Perflib_Perfdata_dd8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_dd8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/7/2008 8:18:37 PM | Attr = ] Perflib_Perfdata_ea0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ea0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/18/2008 2:46:59 PM | Attr = ] Perflib_Perfdata_ea8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ea8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/23/2008 10:26:51 PM | Attr = ] Perflib_Perfdata_f30.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f30.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/17/2008 8:02:38 PM | Attr = ] Perflib_Perfdata_f68.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f68.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/10/2008 10:44:07 PM | Attr = ] Perflib_Perfdata_f94.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f94.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/16/2008 6:23:56 AM | Attr = ] Perflib_Perfdata_fbc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_fbc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/18/2008 1:39:05 PM | Attr = ] C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 5/19/2008 3:36:07 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2008 3:36:05 PM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 5/19/2008 3:36:07 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2008 3:36:05 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 5/19/2008 3:36:06 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 49152 bytes | Modified Date = 8/11/2008 3:36:05 PM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 5/19/2008 3:36:07 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 5/19/2008 3:36:07 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 5/19/2008 3:36:06 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 3:36:06 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\I4HBXCPO\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\I4HBXCPO -> [Folder | Modified Date = 8/11/2008 3:36:10 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\I4HBXCPO\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 3:36:07 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MMWKW9N6\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MMWKW9N6 -> [Folder | Modified Date = 8/11/2008 3:36:10 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MMWKW9N6\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 3:36:06 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NCTRMVYS\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NCTRMVYS -> [Folder | Modified Date = 8/11/2008 3:36:11 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\NCTRMVYS\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 3:36:06 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Z3B6UTIL\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Z3B6UTIL -> [Folder | Modified Date = 8/11/2008 3:36:11 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\Z3B6UTIL\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 5/19/2008 3:36:06 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] 2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> %AllUsersProfile%\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 -> [Folder | Modified Date = 6/3/2008 1:38:55 AM | Attr = ] GamesBar -> %AllUsersProfile%\Application Data\GamesBar -> [Folder | Modified Date = 8/19/2008 7:09:02 AM | Attr = ] OrbNetworks -> %AllUsersProfile%\Application Data\OrbNetworks -> [Folder | Modified Date = 6/26/2008 10:31:34 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 7/23/2008 1:58:49 PM | Attr = ] @Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> %AllUsersProfile%\Application Data\TEMP:E4BEA9F6 YoYoGames -> %AllUsersProfile%\Application Data\YoYoGames -> [Folder | Modified Date = 6/24/2008 5:16:16 AM | Attr = ] ZangoSA -> %AllUsersProfile%\Application Data\ZangoSA -> [Folder | Modified Date = 6/3/2008 1:43:57 AM | Attr = ] Audacity -> %AppData%\Audacity -> [Folder | Modified Date = 8/14/2008 6:26:12 PM | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 6/27/2008 4:08:42 AM | Attr = ] DNA -> %AppData%\DNA -> [Folder | Modified Date = 8/19/2008 9:23:55 PM | Attr = ] IGN_DLM -> %AppData%\IGN_DLM -> [Folder | Modified Date = 6/19/2008 3:24:53 AM | Attr = ] mIRC -> %AppData%\mIRC -> [Folder | Modified Date = 6/2/2008 2:14:51 AM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 6/3/2008 3:27:25 AM | Attr = ] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 8/9/2008 10:23:33 PM | Attr = ] Subversion -> %AppData%\Subversion -> [Folder | Modified Date = 6/10/2008 3:12:44 AM | Attr = ] WeatherDPA -> %AppData%\WeatherDPA -> [Folder | Modified Date = 6/3/2008 1:38:52 AM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 2182 bytes | Modified Date = 8/4/2008 3:16:44 PM | Attr = ] Zango -> %AppData%\Zango -> [Folder | Modified Date = 6/3/2008 1:40:26 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 8/20/2008 4:51:58 PM | Attr = ] bluesoleil -> %UserProfile%\Local Settings\Application Data\bluesoleil -> [Folder | Modified Date = 6/23/2008 1:52:08 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 27648 bytes | Modified Date = 8/17/2008 3:58:03 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 231688 bytes | Modified Date = 6/15/2008 1:13:22 AM | Attr = ] Paint.NET -> %UserProfile%\Local Settings\Application Data\Paint.NET -> [Folder | Modified Date = 8/17/2008 2:49:05 AM | Attr = ] TSVNCache -> %UserProfile%\Local Settings\Application Data\TSVNCache -> [Folder | Modified Date = 8/20/2008 4:51:02 PM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 6/20/2008 12:06:32 AM | Attr = ] Yahoo -> %UserProfile%\Local Settings\Application Data\Yahoo -> [Folder | Modified Date = 6/5/2008 7:51:24 PM | Attr = ] Global.sw2 -> %AllUsersProfile%\Documents\Global.sw2 -> [Ver = | Size = 4925 bytes | Modified Date = 6/21/2008 3:49:11 AM | Attr = ] ---.wps -> %UserProfile%\My Documents\---.wps -> [Ver = | Size = 9728 bytes | Modified Date = 8/4/2008 3:16:44 PM | Attr = ] Ableton -> %UserProfile%\My Documents\Ableton -> [Folder | Modified Date = 6/9/2008 5:00:30 PM | Attr = ] BSR Videos -> %UserProfile%\My Documents\BSR Videos -> [Folder | Modified Date = 8/17/2008 2:47:54 AM | Attr = ] Chapter One - JMH.wps -> %UserProfile%\My Documents\Chapter One - JMH.wps -> [Ver = | Size = 24064 bytes | Modified Date = 7/19/2008 5:25:26 PM | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 6/22/2008 3:42:31 PM | Attr = ] Futuristic Dream.wps -> %UserProfile%\My Documents\Futuristic Dream.wps -> [Ver = | Size = 22528 bytes | Modified Date = 7/29/2008 1:10:16 PM | Attr = ] iPod Photos -> %UserProfile%\My Documents\iPod Photos -> [Folder | Modified Date = 8/17/2008 2:47:55 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 8/16/2008 9:28:41 PM | Attr = S] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 6/20/2008 12:05:36 AM | Attr = S] My Widgets -> %UserProfile%\My Documents\My Widgets -> [Folder | Modified Date = 6/5/2008 7:51:24 PM | Attr = ] YoYoGames -> %UserProfile%\My Documents\YoYoGames -> [Folder | Modified Date = 6/24/2008 7:05:01 AM | Attr = ] JellyCar Level Editor.lnk -> %AllUsersProfile%\Desktop\JellyCar Level Editor.lnk -> [Ver = | Size = 827 bytes | Modified Date = 8/14/2008 11:58:46 PM | Attr = ] JellyCar.lnk -> %AllUsersProfile%\Desktop\JellyCar.lnk -> [Ver = | Size = 682 bytes | Modified Date = 8/15/2008 12:02:04 AM | Attr = ] Paint.NET.lnk -> %AllUsersProfile%\Desktop\Paint.NET.lnk -> [Ver = | Size = 812 bytes | Modified Date = 8/6/2008 5:25:55 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 8/17/2008 2:02:49 PM | Attr = ] Yahoo! Widgets.lnk -> %AllUsersProfile%\Desktop\Yahoo! Widgets.lnk -> [Ver = | Size = 786 bytes | Modified Date = 6/5/2008 7:50:54 PM | Attr = ] --- -> %UserProfile%\Desktop\--- -> [Folder | Modified Date = 6/19/2008 2:41:03 AM | Attr = ] -.bmp -> %UserProfile%\Desktop\-.bmp -> [Ver = | Size = 1136862 bytes | Modified Date = 8/19/2008 5:32:56 PM | Attr = ] -pe-r-i-l-trans-par-ent- -> %UserProfile%\Desktop\-pe-r-i-l-trans-par-ent- -> [Folder | Modified Date = 8/10/2008 9:15:05 PM | Attr = ] -peril- -> %UserProfile%\Desktop\-peril- -> [Folder | Modified Date = 8/11/2008 7:30:32 AM | Attr = ] 50169007-.GIF -> %UserProfile%\Desktop\50169007-.GIF -> [Ver = | Size = 17816 bytes | Modified Date = 8/18/2008 6:04:26 PM | Attr = ] 50169007.gif -> %UserProfile%\Desktop\50169007.gif -> [Ver = | Size = 17824 bytes | Modified Date = 8/18/2008 6:03:53 PM | Attr = ] Alchemy.lnk -> %UserProfile%\Desktop\Alchemy.lnk -> [Ver = | Size = 967 bytes | Modified Date = 7/5/2008 5:03:49 PM | Attr = ] AlchemyContinuation.lnk -> %UserProfile%\Desktop\AlchemyContinuation.lnk -> [Ver = | Size = 932 bytes | Modified Date = 7/5/2008 5:03:50 PM | Attr = ] annoying.hls -> %UserProfile%\Desktop\annoying.hls -> [Ver = | Size = 224 bytes | Modified Date = 8/11/2008 10:00:41 PM | Attr = ] ApertureScience17.swf -> %UserProfile%\Desktop\ApertureScience17.swf -> [Ver = | Size = 84075 bytes | Modified Date = 7/1/2008 5:41:27 PM | Attr = ] aTube Catcher.lnk -> %UserProfile%\Desktop\aTube Catcher.lnk -> [Ver = | Size = 2477 bytes | Modified Date = 7/25/2008 11:54:02 AM | Attr = ] Bletotum.PNG -> %UserProfile%\Desktop\Bletotum.PNG -> [Ver = | Size = 15141 bytes | Modified Date = 6/21/2008 1:45:07 AM | Attr = ] BoFC SWEP Generator -> %UserProfile%\Desktop\BoFC SWEP Generator -> [Folder | Modified Date = 7/12/2008 7:08:55 AM | Attr = ] Bontago.exe -> %UserProfile%\Desktop\Bontago.exe -> [Ver = | Size = 24151706 bytes | Modified Date = 5/27/2008 6:08:14 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Bontago.exe:Zone.Identifier Burning a building in oe - cake_0001.wmv -> %UserProfile%\Desktop\Burning a building in oe - cake_0001.wmv -> [Ver = | Size = 15878577 bytes | Modified Date = 6/18/2008 2:37:01 PM | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 6/28/2008 6:37:45 AM | Attr = ] chamber-17.avi -> %UserProfile%\Desktop\chamber-17.avi -> [Ver = | Size = 242223616 bytes | Modified Date = 7/27/2008 12:28:52 AM | Attr = ] congratulations, have a cat.jpg -> %UserProfile%\Desktop\congratulations, have a cat.jpg -> [Ver = | Size = 34895 bytes | Modified Date = 7/29/2008 10:11:57 PM | Attr = ] ConTEXT.lnk -> %UserProfile%\Desktop\ConTEXT.lnk -> [Ver = | Size = 666 bytes | Modified Date = 6/5/2008 8:33:16 AM | Attr = ] custom-level.avi -> %UserProfile%\Desktop\custom-level.avi -> [Ver = | Size = 230106112 bytes | Modified Date = 8/1/2008 12:06:02 AM | Attr = ] dBpowerAMP Music Converter.lnk -> %UserProfile%\Desktop\dBpowerAMP Music Converter.lnk -> [Ver = | Size = 851 bytes | Modified Date = 8/11/2008 7:05:40 PM | Attr = ] dighfghfgjsg -> %UserProfile%\Desktop\dighfghfgjsg -> [Folder | Modified Date = 6/3/2008 9:53:57 PM | Attr = ] dMC Audio CD Input.lnk -> %UserProfile%\Desktop\dMC Audio CD Input.lnk -> [Ver = | Size = 809 bytes | Modified Date = 8/11/2008 7:05:40 PM | Attr = ] Facepunch-ref.png -> %UserProfile%\Desktop\Facepunch-ref.png -> [Ver = | Size = 39723 bytes | Modified Date = 6/20/2008 7:13:30 AM | Attr = ] fil.bmp -> %UserProfile%\Desktop\fil.bmp -> [Ver = | Size = 65590 bytes | Modified Date = 8/5/2008 3:27:19 AM | Attr = ] file.tga -> %UserProfile%\Desktop\file.tga -> [Ver = | Size = 66086 bytes | Modified Date = 8/5/2008 3:27:00 AM | Attr = ] Fraps.lnk -> %UserProfile%\Desktop\Fraps.lnk -> [Ver = | Size = 478 bytes | Modified Date = 6/17/2008 10:51:59 PM | Attr = ] G-Flash-0.3 -> %UserProfile%\Desktop\G-Flash-0.3 -> [Folder | Modified Date = 6/22/2008 4:40:38 PM | Attr = ] Game Maker.lnk -> %UserProfile%\Desktop\Game Maker.lnk -> [Ver = | Size = 713 bytes | Modified Date = 6/21/2008 3:38:28 AM | Attr = ] Garry's Mod.lnk -> %UserProfile%\Desktop\Garry's Mod.lnk -> [Ver = | Size = 670 bytes | Modified Date = 6/25/2008 9:13:06 AM | Attr = ] gimp-2.4.6-i686-setup.exe -> %UserProfile%\Desktop\gimp-2.4.6-i686-setup.exe -> [Ver = 2.4.6 | Size = 17950304 bytes | Modified Date = 8/6/2008 5:14:56 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gimp-2.4.6-i686-setup.exe:Zone.Identifier gimpshop_2.2.8_fix1_setup.exe -> %UserProfile%\Desktop\gimpshop_2.2.8_fix1_setup.exe -> [Ver = | Size = 7712639 bytes | Modified Date = 8/6/2008 5:14:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gimpshop_2.2.8_fix1_setup.exe:Zone.Identifier gmaker.exe -> %UserProfile%\Desktop\gmaker.exe -> [Ver = 2, 0, 0, 21 | Size = 3720910 bytes | Modified Date = 6/21/2008 3:37:37 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmaker.exe:Zone.Identifier GMod10 Dedicated Server.bat -> %UserProfile%\Desktop\GMod10 Dedicated Server.bat -> [Ver = | Size = 105 bytes | Modified Date = 8/5/2008 4:42:51 PM | Attr = ] GoldWave.lnk -> %UserProfile%\Desktop\GoldWave.lnk -> [Ver = | Size = 471 bytes | Modified Date = 8/14/2008 6:14:51 PM | Attr = ] Half-Life 2 Demo.lnk -> %UserProfile%\Desktop\Half-Life 2 Demo.lnk -> [Ver = | Size = 1568 bytes | Modified Date = 8/17/2008 4:37:30 PM | Attr = ] Half-Life.lnk -> %UserProfile%\Desktop\Half-Life.lnk -> [Ver = | Size = 1552 bytes | Modified Date = 8/1/2008 2:23:35 PM | Attr = ] happycatix8.jpg -> %UserProfile%\Desktop\happycatix8.jpg -> [Ver = | Size = 4567 bytes | Modified Date = 6/17/2008 3:10:06 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 8/19/2008 4:59:24 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 8/19/2008 4:58:20 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier HLDJ -> %UserProfile%\Desktop\HLDJ -> [Folder | Modified Date = 8/17/2008 2:47:42 AM | Attr = ] HLSS 3.00.ini -> %UserProfile%\Desktop\HLSS 3.00.ini -> [Ver = | Size = 306 bytes | Modified Date = 8/17/2008 1:05:17 PM | Attr = ] imadepost - 2500.JPG -> %UserProfile%\Desktop\imadepost - 2500.JPG -> [Ver = | Size = 171638 bytes | Modified Date = 6/18/2008 9:20:13 PM | Attr = ] iso -> %UserProfile%\Desktop\iso -> [Folder | Modified Date = 6/20/2008 12:23:52 AM | Attr = ] IVT_BlueSoleil_6.0.227.0_for_32bit_OS -> %UserProfile%\Desktop\IVT_BlueSoleil_6.0.227.0_for_32bit_OS -> [Folder | Modified Date = 6/23/2008 1:37:30 AM | Attr = ] iwbtgbeta(fs).exe -> %UserProfile%\Desktop\iwbtgbeta(fs).exe -> [Ver = 3, 0, 239, 0 | Size = 72131486 bytes | Modified Date = 6/13/2008 6:49:18 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\iwbtgbeta(fs).exe:Zone.Identifier iwbtgbeta_slo-mo_.exe -> %UserProfile%\Desktop\iwbtgbeta_slo-mo_.exe -> [Ver = 3, 0, 239, 0 | Size = 64977257 bytes | Modified Date = 6/13/2008 5:38:33 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\iwbtgbeta_slo-mo_.exe:Zone.Identifier l.gif -> %UserProfile%\Desktop\l.gif -> [Ver = | Size = 109383 bytes | Modified Date = 8/6/2008 4:56:37 PM | Attr = ] LevelBuilder -> %UserProfile%\Desktop\LevelBuilder -> [Folder | Modified Date = 7/16/2008 12:09:14 PM | Attr = ] lol.gif -> %UserProfile%\Desktop\lol.gif -> [Ver = | Size = 1369657 bytes | Modified Date = 8/5/2008 2:52:24 AM | Attr = ] longcatarise-.gif -> %UserProfile%\Desktop\longcatarise-.gif -> [Ver = | Size = 1551189 bytes | Modified Date = 8/5/2008 1:44:56 PM | Attr = ] longcatmario.gif -> %UserProfile%\Desktop\longcatmario.gif -> [Ver = | Size = 269400 bytes | Modified Date = 7/27/2008 7:49:55 AM | Attr = ] MoveMediaPlayer_07076007.exe -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe -> [Ver = | Size = 779536 bytes | Modified Date = 6/3/2008 3:27:06 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe:Zone.Identifier Narbacular Drop.lnk -> %UserProfile%\Desktop\Narbacular Drop.lnk -> [Ver = | Size = 766 bytes | Modified Date = 5/27/2008 4:38:07 PM | Attr = ] OE - Cake.lnk -> %UserProfile%\Desktop\OE - Cake.lnk -> [Ver = | Size = 592 bytes | Modified Date = 6/7/2008 3:59:06 PM | Attr = ] Online.JPG -> %UserProfile%\Desktop\Online.JPG -> [Ver = | Size = 20624 bytes | Modified Date = 6/25/2008 8:04:29 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/20/2008 6:13:58 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/20/2008 6:13:48 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier penguin_animated.gif -> %UserProfile%\Desktop\penguin_animated.gif -> [Ver = | Size = 385117 bytes | Modified Date = 8/18/2008 12:41:44 AM | Attr = ] peril -> %UserProfile%\Desktop\peril -> [Folder | Modified Date = 8/5/2008 9:45:54 PM | Attr = ] Peril (128 x 128)-.jpg -> %UserProfile%\Desktop\Peril (128 x 128)-.jpg -> [Ver = | Size = 5306 bytes | Modified Date = 8/5/2008 4:03:25 AM | Attr = ] Peril (256 x 256).jpg -> %UserProfile%\Desktop\Peril (256 x 256).jpg -> [Ver = | Size = 10543 bytes | Modified Date = 8/5/2008 12:15:37 PM | Attr = ] Peril (400 x 400).jpg -> %UserProfile%\Desktop\Peril (400 x 400).jpg -> [Ver = | Size = 22482 bytes | Modified Date = 6/25/2008 7:45:27 AM | Attr = ] Peril (640 x 480).jpg -> %UserProfile%\Desktop\Peril (640 x 480).jpg -> [Ver = | Size = 20213 bytes | Modified Date = 6/25/2008 8:01:37 AM | Attr = ] Peril-tr.gif -> %UserProfile%\Desktop\Peril-tr.gif -> [Ver = | Size = 1291 bytes | Modified Date = 8/10/2008 8:57:21 PM | Attr = ] Peril-trans.bmp -> %UserProfile%\Desktop\Peril-trans.bmp -> [Ver = | Size = 19254 bytes | Modified Date = 8/6/2008 5:36:25 PM | Attr = ] Peril.tga -> %UserProfile%\Desktop\Peril.tga -> [Ver = | Size = 16402 bytes | Modified Date = 8/5/2008 3:50:09 AM | Attr = ] Peril0 (128 x 128).jpg -> %UserProfile%\Desktop\Peril0 (128 x 128).jpg -> [Ver = | Size = 4752 bytes | Modified Date = 8/5/2008 4:03:07 AM | Attr = ] Peril1 (128 x 128).jpg -> %UserProfile%\Desktop\Peril1 (128 x 128).jpg -> [Ver = | Size = 4930 bytes | Modified Date = 8/5/2008 4:02:44 AM | Attr = ] Peril2 (128 x 128).jpg -> %UserProfile%\Desktop\Peril2 (128 x 128).jpg -> [Ver = | Size = 5084 bytes | Modified Date = 8/5/2008 4:03:43 AM | Attr = ] Peril3 (128 x 128).jpg -> %UserProfile%\Desktop\Peril3 (128 x 128).jpg -> [Ver = | Size = 5306 bytes | Modified Date = 8/5/2008 4:03:54 AM | Attr = ] Peril4 (128 x 128).jpg -> %UserProfile%\Desktop\Peril4 (128 x 128).jpg -> [Ver = | Size = 5224 bytes | Modified Date = 8/5/2008 4:04:10 AM | Attr = ] Peril5 (128 x 128).jpg -> %UserProfile%\Desktop\Peril5 (128 x 128).jpg -> [Ver = | Size = 5052 bytes | Modified Date = 8/5/2008 4:04:25 AM | Attr = ] Peril6 (128 x 128).jpg -> %UserProfile%\Desktop\Peril6 (128 x 128).jpg -> [Ver = | Size = 4752 bytes | Modified Date = 8/5/2008 4:04:34 AM | Attr = ] peril64.tga -> %UserProfile%\Desktop\peril64.tga -> [Ver = | Size = 16402 bytes | Modified Date = 8/5/2008 4:39:19 AM | Attr = ] peril68.vtf -> %UserProfile%\Desktop\peril68.vtf -> [Ver = | Size = 19416 bytes | Modified Date = 8/5/2008 4:24:57 AM | Attr = ] perilspray.vtf -> %UserProfile%\Desktop\perilspray.vtf -> [Ver = | Size = 19416 bytes | Modified Date = 8/5/2008 3:53:19 AM | Attr = ] PIXresizer (640 x 480).jpg -> %UserProfile%\Desktop\PIXresizer (640 x 480).jpg -> [Ver = | Size = 67311 bytes | Modified Date = 6/25/2008 7:43:17 AM | Attr = ] Portal - Level.wmv -> %UserProfile%\Desktop\Portal - Level.wmv -> [Ver = | Size = 8294081 bytes | Modified Date = 6/18/2008 7:14:00 PM | Attr = ] Public_Installer -> %UserProfile%\Desktop\Public_Installer -> [Folder | Modified Date = 8/5/2008 4:07:05 PM | Attr = ] Quick-Fix -> %UserProfile%\Desktop\Quick-Fix -> [Folder | Modified Date = 8/17/2008 9:55:57 PM | Attr = ] RC15B26 -> %UserProfile%\Desktop\RC15B26 -> [Folder | Modified Date = 6/4/2008 2:18:29 PM | Attr = ] rigid-chips.wmv -> %UserProfile%\Desktop\rigid-chips.wmv -> [Ver = | Size = 2501769 bytes | Modified Date = 6/20/2008 12:06:21 AM | Attr = ] RigidChips15B26 2008-06-20 16-16-11-96.avi -> %UserProfile%\Desktop\RigidChips15B26 2008-06-20 16-16-11-96.avi -> [Ver = | Size = 24854536 bytes | Modified Date = 6/20/2008 4:16:27 PM | Attr = ] rocket.gif -> %UserProfile%\Desktop\rocket.gif -> [Ver = | Size = 5033 bytes | Modified Date = 8/7/2008 1:31:36 AM | Attr = ] roflcopterft7.gif -> %UserProfile%\Desktop\roflcopterft7.gif -> [Ver = | Size = 6717 bytes | Modified Date = 6/18/2008 2:03:42 AM | Attr = ] save -> %UserProfile%\Desktop\save -> [Folder | Modified Date = 8/10/2008 8:56:39 PM | Attr = ] settings.ini -> %UserProfile%\Desktop\settings.ini -> [Ver = | Size = 104 bytes | Modified Date = 5/30/2008 5:53:54 PM | Attr = ] Setup.exe -> %UserProfile%\Desktop\Setup.exe -> Zango, Inc. [Ver = 53, 0, 7, 0 | Size = 334088 bytes | Modified Date = 6/3/2008 1:33:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Setup.exe:Zone.Identifier sg_base -> %UserProfile%\Desktop\sg_base -> [Folder | Modified Date = 7/1/2008 11:51:04 PM | Attr = ] shadowlolz.jpg -> %UserProfile%\Desktop\shadowlolz.jpg -> [Ver = | Size = 3077 bytes | Modified Date = 7/29/2008 9:40:07 PM | Attr = ] Shortcut to addons.lnk -> %UserProfile%\Desktop\Shortcut to addons.lnk -> [Ver = | Size = 954 bytes | Modified Date = 6/25/2008 12:31:53 PM | Attr = ] Shortcut to AssaultDroid.lnk -> %UserProfile%\Desktop\Shortcut to AssaultDroid.lnk -> [Ver = | Size = 661 bytes | Modified Date = 8/10/2008 8:19:52 PM | Attr = ] Shortcut to Bontago.lnk -> %UserProfile%\Desktop\Shortcut to Bontago.lnk -> [Ver = | Size = 666 bytes | Modified Date = 5/27/2008 6:12:04 PM | Attr = ] Shortcut to Game_Maker.lnk -> %UserProfile%\Desktop\Shortcut to Game_Maker.lnk -> [Ver = | Size = 713 bytes | Modified Date = 6/21/2008 3:47:44 AM | Attr = ] Shortcut to logos.lnk -> %UserProfile%\Desktop\Shortcut to logos.lnk -> [Ver = | Size = 1110 bytes | Modified Date = 8/5/2008 4:51:08 AM | Attr = ] Shortcut to movies.lnk -> %UserProfile%\Desktop\Shortcut to movies.lnk -> [Ver = | Size = 1117 bytes | Modified Date = 7/25/2008 11:28:13 AM | Attr = ] Shortcut to Plasma Pong.lnk -> %UserProfile%\Desktop\Shortcut to Plasma Pong.lnk -> [Ver = | Size = 610 bytes | Modified Date = 8/17/2008 4:45:53 PM | Attr = ] Shortcut to RigidChips15B26.lnk -> %UserProfile%\Desktop\Shortcut to RigidChips15B26.lnk -> [Ver = | Size = 600 bytes | Modified Date = 6/5/2008 9:28:27 AM | Attr = ] Shortcut to SuperWebcam.lnk -> %UserProfile%\Desktop\Shortcut to SuperWebcam.lnk -> [Ver = | Size = 718 bytes | Modified Date = 6/25/2008 7:19:32 AM | Attr = ] Shortcut to Wow.lnk -> %UserProfile%\Desktop\Shortcut to Wow.lnk -> [Ver = | Size = 814 bytes | Modified Date = 6/25/2008 3:36:50 AM | Attr = ] SM-06_Battlespider_C1.rcd -> %UserProfile%\Desktop\SM-06_Battlespider_C1.rcd -> [Ver = | Size = 55833 bytes | Modified Date = 6/19/2008 4:58:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SM-06_Battlespider_C1.rcd:Zone.Identifier SprayR -> %UserProfile%\Desktop\SprayR -> [Folder | Modified Date = 8/9/2008 11:11:33 AM | Attr = ] SprayR.lnk -> %UserProfile%\Desktop\SprayR.lnk -> [Ver = | Size = 654 bytes | Modified Date = 8/9/2008 11:14:49 AM | Attr = ] Steam -> %UserProfile%\Desktop\Steam -> [Folder | Modified Date = 8/1/2008 2:23:09 PM | Attr = ] Steam.lnk -> %UserProfile%\Desktop\Steam.lnk -> [Ver = | Size = 2193 bytes | Modified Date = 8/17/2008 9:55:54 PM | Attr = ] StickMen2.exe -> %UserProfile%\Desktop\StickMen2.exe -> [Ver = 2, 0, 0, 21 | Size = 186001 bytes | Modified Date = 8/17/2008 3:22:44 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\StickMen2.exe:Zone.Identifier Submarine_Grey_H_CNT.rcd -> %UserProfile%\Desktop\Submarine_Grey_H_CNT.rcd -> [Ver = | Size = 19766 bytes | Modified Date = 6/23/2008 1:02:38 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Submarine_Grey_H_CNT.rcd:Zone.Identifier Team Fortress Classic.lnk -> %UserProfile%\Desktop\Team Fortress Classic.lnk -> [Ver = | Size = 1576 bytes | Modified Date = 8/1/2008 2:24:02 PM | Attr = ] The Battle for Middle-earth (tm).lnk -> %UserProfile%\Desktop\The Battle for Middle-earth (tm).lnk -> [Ver = | Size = 1975 bytes | Modified Date = 6/19/2008 3:26:01 AM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 79360 bytes | Modified Date = 8/11/2008 7:21:49 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable tradingcardgame.swf -> %UserProfile%\Desktop\tradingcardgame.swf -> [Ver = | Size = 141321 bytes | Modified Date = 6/20/2008 7:36:24 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\tradingcardgame.swf:Zone.Identifier uninstall_flash_player.exe -> %UserProfile%\Desktop\uninstall_flash_player.exe -> Adobe Systems Incorporated [Ver = 4.0.0.8 | Size = 185008 bytes | Modified Date = 6/3/2008 3:22:42 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\uninstall_flash_player.exe:Zone.Identifier Version 1.1b -> %UserProfile%\Desktop\Version 1.1b -> [Folder | Modified Date = 6/9/2008 1:16:43 AM | Attr = ] video -> %UserProfile%\Desktop\video -> [Folder | Modified Date = 6/19/2008 5:20:13 AM | Attr = ] VTFEdit.lnk -> %UserProfile%\Desktop\VTFEdit.lnk -> [Ver = | Size = 616 bytes | Modified Date = 8/5/2008 3:20:02 AM | Attr = ] vtfedit125-20.exe -> %UserProfile%\Desktop\vtfedit125-20.exe -> Neil Jedrzejewski & Ryan Gregg [Ver = | Size = 869928 bytes | Modified Date = 8/5/2008 3:07:55 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\vtfedit125-20.exe:Zone.Identifier WiiSticks_Beta_02 -> %UserProfile%\Desktop\WiiSticks_Beta_02 -> [Folder | Modified Date = 8/14/2008 11:18:20 PM | Attr = ] Windows Movie Maker.lnk -> %UserProfile%\Desktop\Windows Movie Maker.lnk -> [Ver = | Size = 786 bytes | Modified Date = 6/18/2008 7:04:04 PM | Attr = ] wtflol.gif -> %UserProfile%\Desktop\wtflol.gif -> [Ver = | Size = 174584 bytes | Modified Date = 6/19/2008 12:42:03 AM | Attr = ] zasetsuko.zip -> %UserProfile%\Desktop\zasetsuko.zip -> [Ver = | Size = 11915851 bytes | Modified Date = 6/20/2008 6:35:29 PM | Attr = ] zoid.gif -> %UserProfile%\Desktop\zoid.gif -> [Ver = | Size = 523665 bytes | Modified Date = 8/5/2008 9:15:12 PM | Attr = ] _outside____1.jpg -> %UserProfile%\Desktop\_outside____1.jpg -> [Ver = | Size = 181424 bytes | Modified Date = 7/27/2008 10:25:17 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 8/15/2008 12:01:00 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]