[code] OTScanIt logfile created on: 8/27/2008 12:26:36 PM OTScanIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.60 Mb Total Physical Memory | 52.10 Mb Available Physical Memory | 11.67% Memory free 1.03 Gb Paging File | 0.70 Gb Available in Paging File | 67.94% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51.65 Gb Total Space | 22.97 Gb Free Space | 44.46% Space Free | Partition Type: NTFS Drive D: | 4.22 Gb Total Space | 2.38 Gb Free Space | 56.42% Space Free | Partition Type: FAT32 Drive E: | 542.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEXANDER Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/12/2005 6:50:02 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.1.13 07Oct05 | Size = 737370 bytes | Modified Date = 10/7/2005 3:52:52 PM | Attr = ] driveicon.exe -> %ProgramFiles%\DriveIcon\DriveIcon.exe -> Realtek Semiconductor Corp. [Ver = 3.0.0.3 | Size = 655360 bytes | Modified Date = 3/17/2006 12:07:50 AM | Attr = ] ybrwicon.exe -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 5:19:46 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/4/2007 2:17:36 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 3:18:10 PM | Attr = ] ufseagnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe -> Trend Micro Inc. [Ver = 16.10.0.1182 | Size = 1398024 bytes | Modified Date = 7/29/2008 2:24:38 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/20/2007 1:26:44 PM | Attr = ] googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 8/16/2008 4:11:09 PM | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 805392 bytes | Modified Date = 5/2/2008 2:44:08 AM | Attr = ] ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> [Ver = | Size = 54776 bytes | Modified Date = 10/3/2006 2:04:38 PM | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/20/2007 1:26:06 PM | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 10/26/2006 10:21:50 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8464 | Size = 143427 bytes | Modified Date = 4/27/2006 1:48:00 PM | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.60.42 | Size = 76304 bytes | Modified Date = 5/2/2008 2:40:56 AM | Attr = ] rpcnet.exe -> %SystemRoot%\system32\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.857.0 | Size = 47104 bytes | Modified Date = 6/21/2008 11:11:53 AM | Attr = ] sfctlcom.exe -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.10.0.1182 | Size = 698888 bytes | Modified Date = 7/29/2008 2:24:36 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] tmbmsrv.exe -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ] tmpfw.exe -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.2.0.1009 | Size = 488768 bytes | Modified Date = 2/16/2008 12:58:10 AM | Attr = ] tmproxy.exe -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.2.0.1009 | Size = 648456 bytes | Modified Date = 2/16/2008 12:58:10 AM | Attr = ] ybrowser.exe -> %ProgramFiles%\Yahoo!\browser\ybrowser.exe -> Yahoo!, Inc. [Ver = 2006, 8, 11, 1 | Size = 668184 bytes | Modified Date = 8/11/2006 8:53:02 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 402944 bytes | Modified Date = 8/26/2008 8:26:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] (GoogleDesktopManager-093007-112848) Google Desktop Manager 5.5.709.30344 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.5.709.30344 | Size = 29744 bytes | Modified Date = 2/10/2008 12:29:29 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/20/2007 1:26:06 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr = ] (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 121360 bytes | Modified Date = 5/2/2008 2:42:06 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8464 | Size = 143427 bytes | Modified Date = 4/27/2006 1:48:00 PM | Attr = ] (PrismXL) PrismXL [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 6/14/2006 4:50:38 PM | Attr = ] (Rpcnet) Remote Procedure Call (RPC) Net [Win32_Own | Auto | Running] -> %SystemRoot%\system32\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.857.0 | Size = 47104 bytes | Modified Date = 6/21/2008 11:11:53 AM | Attr = ] (SfCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Internet Security\SfCtlCom.exe -> Trend Micro Inc. [Ver = 16.10.0.1182 | Size = 698888 bytes | Modified Date = 7/29/2008 2:24:36 PM | Attr = ] (TMBMServer) Trend Micro Unauthorized Change Prevention Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\BM\TMBMSRV.exe -> Trend Micro Inc. [Ver = 2.2.0.1004 | Size = 333064 bytes | Modified Date = 12/24/2007 5:41:06 PM | Attr = ] (TmPfw) Trend Micro Personal Firewall [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Trend Micro\Internet Security\TmPfw.exe -> Trend Micro Inc. [Ver = 5.2.0.1009 | Size = 488768 bytes | Modified Date = 2/16/2008 12:58:10 AM | Attr = ] (tmproxy) Trend Micro Proxy Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Trend Micro\Internet Security\TmProxy.exe -> Trend Micro Inc. [Ver = 5.2.0.1009 | Size = 648456 bytes | Modified Date = 2/16/2008 12:58:10 AM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.63 2.1.63 12/12/2005 14:50:01 | Size = 88204 bytes | Modified Date = 12/12/2005 6:50:02 PM | Attr = ] AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr = ] DriveIcons -> %ProgramFiles%\DriveIcon\DriveIcon.exe [C:\Program Files\DriveIcon\DriveIcon.exe] -> Realtek Semiconductor Corp. [Ver = 3.0.0.3 | Size = 655360 bytes | Modified Date = 3/17/2006 12:07:50 AM | Attr = ] Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.5.709.30344 | Size = 29744 bytes | Modified Date = 2/10/2008 12:29:29 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr = ] Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 9/21/2007 4:10:12 AM | Attr = ] LogMeIn GUI -> %ProgramFiles%\LogMeIn\x86\LogMeInSystray.exe ["C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"] -> File not found NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8464 | Size = 7561216 bytes | Modified Date = 4/27/2006 1:48:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet /nodetect] -> [Ver = | Size = 1519616 bytes | Modified Date = 4/27/2006 1:48:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe [%WINDIR%\SMINST\RECGUARD.EXE] -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/14/2002 1:42:26 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.1.13 07Oct05 | Size = 737370 bytes | Modified Date = 10/7/2005 3:52:52 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 2/4/2007 2:17:36 PM | Attr = ] UfSeAgnt.exe -> %ProgramFiles%\Trend Micro\Internet Security\UfSeAgnt.exe ["C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"] -> Trend Micro Inc. [Ver = 16.10.0.1182 | Size = 1398024 bytes | Modified Date = 7/29/2008 2:24:38 PM | Attr = ] YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe [C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe] -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 5:19:46 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found ProxyWay -> %ProgramFiles%\ProxyWay\proxyway.exe [C:\Program Files\ProxyWay\proxyway.exe] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/20/2007 1:26:44 PM | Attr = ] Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 6/12/2008 4:47:13 PM | Attr = ] Power2GoExpress -> [NA] -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 6/12/2008 4:47:13 PM | Attr = ] Power2GoExpress -> [NA] -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found ProxyWay -> %ProgramFiles%\ProxyWay\proxyway.exe [C:\Program Files\ProxyWay\proxyway.exe] -> File not found swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/20/2007 1:26:44 PM | Attr = ] Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 8/16/2008 4:11:09 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 805392 bytes | Modified Date = 5/2/2008 2:44:08 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> [Ver = | Size = 54776 bytes | Modified Date = 10/3/2006 2:04:38 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < LogMeInRemoteUser Startup Folder > -> C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.5.709.30344 | Size = 118784 bytes | Modified Date = 2/10/2008 6:22:30 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> LBTWlgn -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 72208 bytes | Modified Date = 5/2/2008 2:42:30 AM | Attr = ] LMIinit -> %SystemRoot%\system32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Modified Date = 5/28/2008 12:32:54 PM | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 1/9/2005 9:13:09 PM | Attr = ] AUTORUN.INF [[autorun] | OPEN=SETUP.EXE | ICON=D2X.ICO | ] -> E:\AUTORUN.INF [ CDFS ] -> [Ver = | Size = 41 bytes | Modified Date = 4/18/2001 3:23:00 AM | Attr = R ] < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/?wl=true -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.yahoo.com -> HKEY_USERS\.DEFAULT\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.yahoo.com -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.yahoo.com -> HKEY_USERS\S-1-5-18\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.yahoo.com -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Main\\Start Page -> http://www.msn.com/?wl=true -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 17 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 17 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 2/6/2008 6:37:52 PM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 3/31/2008 7:32:51 PM | Attr = ] {B9D6B3C2-09AD-464A-8162-8C55114C808A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AV VCS 3.0\Vcs3RT.dll [VCS3IESupport Class] -> [Ver = 1, 0, 0, 1 | Size = 135168 bytes | Modified Date = 4/15/2003 6:07:26 PM | Attr = ] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\bae.dll [CBrowserHelperObject Object] -> Gateway Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/1/2006 6:54:30 AM | Attr = ] {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 6:07:08 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 9, 5, 1 | Size = 816400 bytes | Modified Date = 9/5/2007 5:48:58 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [AT&T Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 2/6/2008 6:37:52 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 2/6/2008 6:37:52 PM | Attr = ] CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1372160 bytes | Modified Date = 2/6/2008 6:37:52 PM | Attr = ] CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\] > -> HKEY_USERS\S-1-5-21-1965070417-845985428-1032633789-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7D70767D-757A-4F12-809B-D77CD86F9A8A} -> (Realtek RTL8185 54M Wireless LAN Network Adapter) -> {A712E844-8AA4-4F6A-99B1-061A011140E9} -> (NVIDIA nForce Networking Controller) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2/6/2008 6:37:52 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {4A01A151-E350-4839-A2B8-03DC39D6C8E5}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/ypc/ypcxwizard2003080601.cab[YPCXWizard Class] -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab2.cab[System Requirements Lab Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab[ZoneIntro Class] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CC32D4D8-2A0B-4CEB-B105-C9B968379105}[HKEY_LOCAL_MACHINE] -> https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab[CGameManagerCtrl Object] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DIGGameManager.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DIGGameManager.dll\\.Owner -> {CC32D4D8-2A0B-4CEB-B105-C9B968379105} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DIGGameManager.dll\\{CC32D4D8-2A0B-4CEB-B105-C9B968379105} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\.Owner -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YPCXWizard_dll.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YPCXWizard_dll.dll\\.Owner -> {4A01A151-E350-4839-A2B8-03DC39D6C8E5} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YPCXWizard_dll.dll\\{4A01A151-E350-4839-A2B8-03DC39D6C8E5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1384 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 55 4A 1A D3 49 54 B3 07 B4 43 50 A8 06 26 22 D0 66 61 38 32 38 34 33 64 00 00 00 00 4E 78 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 1C BD 80 4B C3 0C 82 F3 F6 35 85 FA [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F2 F7 4D AB 62 7E 46 3E CE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 16 18 86 2E A8 86 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 91 E6 FE BF 76 23 6A 29 09 56 4A 0F A9 E3 C7 8E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D4 D1 2C FF 5F 08 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 38 3A 3C 0C 7F C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 38 3A 3C 0C 7F C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 38 3A 3C 0C 7F C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 21838 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,200 | Size = 4662776 bytes | Modified Date = 10/26/2006 10:21:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 6/12/2008 4:47:13 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TightVNC\WinVNC.exe -> %ProgramFiles%\TightVNC\WinVNC.exe [C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TightVNC\vncviewer.exe -> %ProgramFiles%\TightVNC\vncviewer.exe [C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:vncviewer] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe -> %ProgramFiles%\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire] -> FrostWire Group [Ver = 1.0.0.2 | Size = 114688 bytes | Modified Date = 8/30/2007 1:45:20 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe -> %ProgramFiles%\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> Blizzard Entertainment [Ver = 1, 0, 0, 1 | Size = 274432 bytes | Modified Date = 3/20/2008 10:28:05 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O3A5G1OR\opserver[1].exe -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\O3A5G1OR\opserver[1].exe [C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O3A5G1OR\opserver[1].exe:*:Enabled:opserver[1]] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/21/2008 3:14:23 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 7:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rundll32.exe -> %SystemRoot%\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Starcraft\StarCraft.exe -> %ProgramFiles%\Starcraft\StarCraft.exe [C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War] -> Blizzard Entertainment [Ver = 1.15.2 | Size = 1220608 bytes | Modified Date = 1/10/2008 4:23:42 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\utorrent\utorrent.exe -> %ProgramFiles%\utorrent\utorrent.exe [C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.248 | Size = 21898024 bytes | Modified Date = 2/6/2008 6:37:52 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 7/30/2008 10:47:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Local Settings\Temp\.ttF.tmp -> %UserProfile%\Local Settings\Temp\.ttF.tmp [C:\Documents and Settings\Owner\Local Settings\Temp\.ttF.tmp:*:Enabled:enable] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sysrest32.exe -> %SystemRoot%\system32\sysrest32.exe [C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5900:TCP -> 5900:TCP:*:Enabled:vnc5900 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\5800:TCP -> 5800:TCP:*:Enabled:vnc5800 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] .rnd -> %SystemDrive%\.rnd -> [Ver = | Size = 1024 bytes | Created Date = 6/20/2008 11:30:11 PM | Attr = ] LMIRfsDriver.sys -> %SystemRoot%\System32\drivers\LMIRfsDriver.sys -> LogMeIn, Inc. [Ver = 2.4.3.0 | Size = 45848 bytes | Created Date = 6/20/2008 11:30:43 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/27/2008 11:42:25 AM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/27/2008 11:42:23 AM | Attr = ] CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 5/31/2008 6:09:30 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/9/2008 12:57:07 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/9/2008 12:57:07 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/9/2008 12:57:07 PM | Attr = ] LMIinit.dll -> %SystemRoot%\System32\LMIinit.dll -> LogMeIn, Inc. [Ver = 4.0.734 | Size = 87352 bytes | Created Date = 6/20/2008 11:30:20 PM | Attr = ] LMIport.dll -> %SystemRoot%\System32\LMIport.dll -> LogMeIn, Inc. [Ver = 0.2.0.0 | Size = 24608 bytes | Created Date = 6/20/2008 11:30:45 PM | Attr = ] LMIRfsClientNP.dll -> %SystemRoot%\System32\LMIRfsClientNP.dll -> LogMeIn, Inc. [Ver = 2.1.3.0 | Size = 83288 bytes | Created Date = 6/20/2008 11:30:43 PM | Attr = ] SIntf16.dll -> %SystemRoot%\System32\SIntf16.dll -> [Ver = | Size = 12067 bytes | Created Date = 5/31/2008 5:40:16 PM | Attr = ] SIntf32.dll -> %SystemRoot%\System32\SIntf32.dll -> [Ver = | Size = 17212 bytes | Created Date = 5/31/2008 5:40:16 PM | Attr = ] SIntfNT.dll -> %SystemRoot%\System32\SIntfNT.dll -> [Ver = | Size = 21840 bytes | Created Date = 5/31/2008 5:40:16 PM | Attr = ] DIIUnin.dat -> %SystemRoot%\DIIUnin.dat -> [Ver = | Size = 37676 bytes | Created Date = 5/31/2008 5:33:12 PM | Attr = ] DIIUnin.exe -> %SystemRoot%\DIIUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Created Date = 5/31/2008 5:33:09 PM | Attr = ] DIIUnin.pif -> %SystemRoot%\DIIUnin.pif -> [Ver = | Size = 2829 bytes | Created Date = 5/31/2008 5:33:09 PM | Attr = ] popcinfot.dat -> %SystemRoot%\popcinfot.dat -> [Ver = | Size = 14 bytes | Created Date = 8/17/2008 11:20:26 AM | Attr = ] popcreg.dat -> %SystemRoot%\popcreg.dat -> [Ver = | Size = 0 bytes | Created Date = 8/17/2008 11:20:26 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/29/2008 3:47:57 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/29/2008 3:47:57 PM | Attr = H ] TrueInstall.exe -> %SystemRoot%\TrueInstall.exe -> [Ver = | Size = 75384 bytes | Created Date = 8/1/2008 6:35:13 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 7/6/2008 6:38:38 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] acccore -> %AllUsersProfile%\Application Data\acccore -> [Folder | Created Date = 6/23/2008 2:18:02 AM | Attr = ] BigFishGamesCache -> %AllUsersProfile%\Application Data\BigFishGamesCache -> [Folder | Created Date = 8/16/2008 11:06:09 PM | Attr = ] LogMeIn -> %AllUsersProfile%\Application Data\LogMeIn -> [Folder | Created Date = 6/20/2008 11:30:54 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/27/2008 11:42:20 AM | Attr = ] acccore -> %AppData%\acccore -> [Folder | Created Date = 6/23/2008 2:22:42 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/27/2008 11:42:58 AM | Attr = ] AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP -> [Folder | Created Date = 6/23/2008 2:19:11 AM | Attr = ] LogMeIn -> %UserProfile%\Local Settings\Application Data\LogMeIn -> [Folder | Created Date = 6/20/2008 11:30:54 PM | Attr = ] AIMLogger -> %UserProfile%\My Documents\AIMLogger -> [Folder | Created Date = 8/12/2008 1:12:31 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 6/16/2008 12:12:11 PM | Attr = R ] AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk -> [Ver = | Size = 1672 bytes | Created Date = 6/23/2008 2:17:55 AM | Attr = ] Diablo II.lnk -> %AllUsersProfile%\Desktop\Diablo II.lnk -> [Ver = | Size = 1564 bytes | Created Date = 5/31/2008 5:33:12 PM | Attr = ] Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [Ver = | Size = 851 bytes | Created Date = 7/9/2008 12:57:37 PM | Attr = ] Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [Ver = | Size = 1836 bytes | Created Date = 7/31/2008 12:41:41 AM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 7/31/2008 10:09:59 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 8/27/2008 11:42:29 AM | Attr = ] Diablo II - Lord of Destruction.lnk -> %UserProfile%\Desktop\Diablo II - Lord of Destruction.lnk -> [Ver = | Size = 1564 bytes | Created Date = 5/31/2008 9:53:29 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 8/27/2008 2:28:19 AM | Attr = ] Kate's Video Converter.lnk -> %UserProfile%\Desktop\Kate's Video Converter.lnk -> [Ver = | Size = 676 bytes | Created Date = 5/29/2008 3:45:38 PM | Attr = ] OCP-Enforcer.lnk -> %UserProfile%\Desktop\OCP-Enforcer.lnk -> [Ver = | Size = 1683 bytes | Created Date = 7/28/2008 5:03:21 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/27/2008 12:24:35 PM | Attr = ] Oberon Media -> %CommonProgramFiles%\Oberon Media -> [Folder | Created Date = 8/16/2008 11:10:43 PM | Attr = ] wsm -> %CommonProgramFiles%\wsm -> [Folder | Created Date = 5/29/2008 3:45:16 PM | Attr = ] AIM6 -> %ProgramFiles%\AIM6 -> [Folder | Created Date = 6/23/2008 2:15:47 AM | Attr = ] bfgclient -> %ProgramFiles%\bfgclient -> [Folder | Created Date = 8/16/2008 11:07:00 PM | Attr = ] Chill -> %ProgramFiles%\Chill -> [Folder | Created Date = 8/16/2008 11:10:42 PM | Attr = ] Diablo II -> %ProgramFiles%\Diablo II -> [Folder | Created Date = 5/31/2008 5:23:22 PM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 7/31/2008 10:09:12 PM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 7/31/2008 10:08:36 PM | Attr = ] Kate's Video Converter -> %ProgramFiles%\Kate's Video Converter -> [Folder | Created Date = 5/29/2008 3:45:16 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/27/2008 11:42:19 AM | Attr = ] PopCap Games -> %ProgramFiles%\PopCap Games -> [Folder | Created Date = 8/17/2008 11:20:26 AM | Attr = ] SocksProxySearch -> %ProgramFiles%\SocksProxySearch -> [Folder | Created Date = 7/15/2008 11:47:21 PM | Attr = ] StealthBotTrivia -> %ProgramFiles%\StealthBotTrivia -> [Folder | Created Date = 7/28/2008 5:03:18 PM | Attr = ] Sun -> %ProgramFiles%\Sun -> [Folder | Created Date = 7/9/2008 12:57:36 PM | Attr = ] SuperScan -> %ProgramFiles%\SuperScan -> [Folder | Created Date = 7/13/2008 11:01:55 PM | Attr = ] [Files/Folders - Modified Within 90 days] .rnd -> %SystemDrive%\.rnd -> [Ver = | Size = 1024 bytes | Modified Date = 6/20/2008 11:30:15 PM | Attr = ] CMPNENTS -> %SystemDrive%\CMPNENTS -> [Folder | Modified Date = 6/8/2008 5:43:47 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/20/2008 11:32:33 PM | Attr = ] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 5305 bytes | Modified Date = 6/23/2008 2:19:03 AM | Attr = H ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/27/2008 12:11:43 PM | Attr = R ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/27/2008 11:34:30 AM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/27/2008 12:15:07 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/27/2008 1:49:51 AM | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 433 bytes | Modified Date = 8/27/2008 12:15:36 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr = ] tmpreflt.sys -> %SystemRoot%\System32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.900.0.1001 | Size = 36368 bytes | Modified Date = 7/18/2008 7:08:32 PM | Attr = ] tmxpflt.sys -> %SystemRoot%\System32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.900.0.1001 | Size = 205328 bytes | Modified Date = 7/18/2008 7:08:38 PM | Attr = ] usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Modified Date = 7/10/2008 9:35:22 AM | Attr = ] vsapint.sys -> %SystemRoot%\System32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.900-1001 | Size = 1195448 bytes | Modified Date = 7/18/2008 6:51:32 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/27/2008 12:15:38 PM | Attr = ] 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 6/18/2008 12:22:17 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/27/2008 12:15:58 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/27/2008 12:13:59 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 7/11/2008 3:56:12 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 170688 bytes | Modified Date = 8/15/2008 2:56:56 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:01 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:04 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 50868 bytes | Modified Date = 8/27/2008 12:15:01 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/27/2008 11:34:30 AM | Attr = ] rpcnet.dll -> %SystemRoot%\System32\rpcnet.dll -> Absolute Software Corp. [Ver = 8.0.857.0 | Size = 47104 bytes | Modified Date = 8/27/2008 12:15:07 PM | Attr = ] rpcnet.exe -> %SystemRoot%\System32\rpcnet.exe -> Absolute Software Corp. [Ver = 8.0.857.0 | Size = 47104 bytes | Modified Date = 6/21/2008 11:11:53 AM | Attr = ] rpcnetp.dll -> %SystemRoot%\System32\rpcnetp.dll -> [Ver = | Size = 17408 bytes | Modified Date = 8/11/2008 11:31:22 AM | Attr = ] rpcnetp.exe -> %SystemRoot%\System32\rpcnetp.exe -> [Ver = | Size = 17408 bytes | Modified Date = 8/27/2008 12:15:13 PM | Attr = ] SIntf16.dll -> %SystemRoot%\System32\SIntf16.dll -> [Ver = | Size = 12067 bytes | Modified Date = 5/31/2008 9:54:23 PM | Attr = ] SIntf32.dll -> %SystemRoot%\System32\SIntf32.dll -> [Ver = | Size = 17212 bytes | Modified Date = 5/31/2008 9:54:23 PM | Attr = ] SIntfNT.dll -> %SystemRoot%\System32\SIntfNT.dll -> [Ver = | Size = 21840 bytes | Modified Date = 5/31/2008 9:54:23 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 8/26/2008 11:35:43 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 2:49:24 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/27/2008 12:14:34 PM | Attr = S] DIIUnin.dat -> %SystemRoot%\DIIUnin.dat -> [Ver = | Size = 37676 bytes | Modified Date = 6/18/2008 12:23:23 AM | Attr = ] DIIUnin.exe -> %SystemRoot%\DIIUnin.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 94208 bytes | Modified Date = 5/31/2008 5:33:09 PM | Attr = ] DIIUnin.pif -> %SystemRoot%\DIIUnin.pif -> [Ver = | Size = 2829 bytes | Modified Date = 5/31/2008 5:33:09 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/23/2008 2:17:19 AM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/1/2008 7:49:24 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 8/14/2008 2:47:43 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 2:49:20 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/15/2008 3:43:12 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/24/2008 5:31:41 PM | Attr = HS] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 488 bytes | Modified Date = 8/6/2008 1:12:33 PM | Attr = ] popcinfot.dat -> %SystemRoot%\popcinfot.dat -> [Ver = | Size = 14 bytes | Modified Date = 8/18/2008 11:01:15 AM | Attr = ] popcreg.dat -> %SystemRoot%\popcreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 8/17/2008 11:20:26 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/25/2008 9:34:33 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/29/2008 3:47:57 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 7/6/2008 5:52:00 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/27/2008 12:15:30 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/27/2008 12:13:59 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/6/2008 6:38:38 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/27/2008 12:16:29 PM | Attr = ] War3Unin.dat -> %SystemRoot%\War3Unin.dat -> [Ver = | Size = 83559 bytes | Modified Date = 7/21/2008 1:45:49 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 649 bytes | Modified Date = 8/14/2008 2:52:06 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/21/2008 8:33:26 PM | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 254 bytes | Modified Date = 8/27/2008 12:22:00 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/27/2008 12:14:40 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 2/18/2008 2:20:31 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1304 bytes | Modified Date = 2/18/2008 2:20:31 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/3/2007 1:51:24 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 8/14/2008 2:29:45 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 8/14/2008 2:29:45 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 5/19/2007 2:05:57 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8270 bytes | Modified Date = 5/19/2007 2:07:53 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\PI\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\PI -> [Folder | Modified Date = 6/14/2006 5:01:49 PM | Attr = ] mspi11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\PI\mspi11.dat -> [Ver = | Size = 4 bytes | Modified Date = 6/14/2006 5:01:49 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\POD\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\POD -> [Folder | Modified Date = 6/14/2006 5:01:49 PM | Attr = ] mspod11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\POD\mspod11.dat -> [Ver = | Size = 4 bytes | Modified Date = 6/14/2006 5:01:49 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 7/16/2008 12:00:18 AM | Attr = ] CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 524 bytes | Modified Date = 2/19/2007 9:00:14 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/20/2007 12:04:24 AM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162475 bytes | Modified Date = 8/1/2008 7:27:21 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/27/2008 12:15:13 PM | Attr = ] d2l_Install.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\d2l_Install.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 5 | Size = 352256 bytes | Modified Date = 5/9/2001 12:19:26 PM | Attr = ] GoogleToolbarInstaller_en.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\GoogleToolbarInstaller_en.exe -> Google [Ver = 4, 0, 1601, 5904 | Size = 1145896 bytes | Modified Date = 4/9/2008 10:51:37 AM | Attr = ] Install_WLMessenger.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Install_WLMessenger.exe -> Microsoft Corporation [Ver = 12.0.1471.1025 | Size = 20222992 bytes | Modified Date = 10/28/2007 12:46:44 AM | Attr = ] mny53.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\mny53.exe -> Microsoft(R) Corporation [Ver = 15.00.0513 | Size = 83456 bytes | Modified Date = 5/14/2005 2:36:02 AM | Attr = ] setpointenu.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\setpointenu.exe -> Logitech Inc. [Ver = 3.3 | Size = 56826856 bytes | Modified Date = 8/11/2008 11:35:46 AM | Attr = ] TFR26.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\TFR26.exe -> Microsoft Corp. [Ver = 9.0.1316.0 | Size = 132608 bytes | Modified Date = 1/20/2004 6:44:42 PM | Attr = ] war3_Install.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\war3_Install.exe -> Blizzard Entertainment [Ver = 1, 0, 0, 0 | Size = 294912 bytes | Modified Date = 10/14/2003 11:08:35 AM | Attr = ] yih_setup.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\yih_setup.exe -> Yahoo! Inc. [Ver = 2007.08.28.01 | Size = 885408 bytes | Modified Date = 1/9/2008 4:44:29 PM | Attr = ] 494 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/27/2008 12:15:13 PM | Attr = ] atl80.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\atl80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 96256 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] binkw32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\binkw32.dll -> [Ver = | Size = 263168 bytes | Modified Date = 4/6/2000 | Attr = ] CmdLineExt02.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\CmdLineExt02.dll -> [Ver = | Size = 36864 bytes | Modified Date = 5/5/2008 7:09:20 PM | Attr = ] libexpat.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\libexpat.dll -> [Ver = | Size = 156936 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfc80.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\mfc80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 1101824 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfc80u.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\mfc80u.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 1093120 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfcm80.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\mfcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 69632 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfcm80u.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\mfcm80u.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 57856 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] msvcm80.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 479232 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] msvcp80.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 548864 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] msvcr80.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 626688 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] progupd.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\progupd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 6/12/2008 4:53:58 PM | Attr = ] SIntf16.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\SIntf16.dll -> [Ver = | Size = 12305 bytes | Modified Date = 6/18/2008 12:22:18 AM | Attr = ] SIntf32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\SIntf32.dll -> [Ver = | Size = 20016 bytes | Modified Date = 6/18/2008 12:22:18 AM | Attr = ] SIntfNT.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24744 bytes | Modified Date = 6/18/2008 12:22:18 AM | Attr = ] TmDbg32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\TmDbg32.dll -> Trend Micro Inc. [Ver = 16.05.0.1015 | Size = 124168 bytes | Modified Date = 12/16/2007 5:25:02 AM | Attr = ] WizeSupp.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\WizeSupp.dll -> [Ver = | Size = 65536 bytes | Modified Date = 4/12/2004 1:44:50 AM | Attr = ] 494 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\nsnA4.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\nsnA4.tmp\ -> [Folder | Modified Date = 8/26/2008 2:25:59 AM | Attr = ] euladlg.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\nsnA4.tmp\euladlg.dll -> [Ver = | Size = 69632 bytes | Modified Date = 8/26/2008 2:26:02 AM | Attr = ] MachineKey.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\nsnA4.tmp\MachineKey.dll -> [Ver = | Size = 53248 bytes | Modified Date = 8/26/2008 2:25:53 AM | Attr = ] System.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\nsnA4.tmp\System.dll -> [Ver = | Size = 10240 bytes | Modified Date = 8/26/2008 2:25:53 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/27/2008 12:15:13 PM | Attr = ] Perflib_Perfdata_118.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_118.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/12/2008 5:15:41 PM | Attr = ] Perflib_Perfdata_1414.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_1414.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/28/2008 9:30:14 AM | Attr = ] Perflib_Perfdata_198.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_198.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/6/2008 10:10:00 PM | Attr = ] Perflib_Perfdata_314.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_314.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/4/2008 12:44:09 PM | Attr = ] Perflib_Perfdata_4dc.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_4dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/29/2008 7:43:45 AM | Attr = ] Perflib_Perfdata_5b8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_5b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/11/2008 10:55:35 PM | Attr = ] Perflib_Perfdata_65c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_65c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/11/2008 3:16:09 PM | Attr = ] Perflib_Perfdata_6c0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_6c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/21/2007 5:45:28 PM | Attr = ] Perflib_Perfdata_85c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_85c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/26/2008 4:39:01 PM | Attr = ] Perflib_Perfdata_8b4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_8b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/13/2008 10:54:39 AM | Attr = ] Perflib_Perfdata_a08.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a08.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/10/2008 8:09:41 PM | Attr = ] Perflib_Perfdata_a44.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a44.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/4/2008 7:49:59 PM | Attr = ] Perflib_Perfdata_a78.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a78.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/5/2008 8:31:24 PM | Attr = ] Perflib_Perfdata_bc4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_bc4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/11/2008 12:29:28 AM | Attr = ] Perflib_Perfdata_c74.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_c74.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/15/2008 10:59:30 PM | Attr = ] Perflib_Perfdata_cc8.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_cc8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/5/2008 7:32:36 AM | Attr = ] Perflib_Perfdata_cf4.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_cf4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/10/2008 12:42:03 PM | Attr = ] Perflib_Perfdata_d1c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_d1c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/14/2008 5:10:13 PM | Attr = ] Perflib_Perfdata_d98.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_d98.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/30/2008 10:06:20 PM | Attr = ] Perflib_Perfdata_e4c.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_e4c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/9/2008 10:43:37 AM | Attr = ] Perflib_Perfdata_f28.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_f28.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/2/2008 4:49:56 PM | Attr = ] Perflib_Perfdata_fb0.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_fb0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/8/2008 12:54:12 AM | Attr = ] 494 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [Folder | Modified Date = 8/27/2008 12:15:13 PM | Attr = ] 4194-1~3.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\4194-1~3.ini -> [Ver = | Size = 202 bytes | Modified Date = 12/22/2007 12:16:10 AM | Attr = ] aolsetup.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\aolsetup.ini -> [Ver = | Size = 495 bytes | Modified Date = 12/22/2007 12:14:49 AM | Attr = ] setup.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\setup.ini -> [Ver = | Size = 3862 bytes | Modified Date = 6/23/2008 2:18:16 AM | Attr = ] {AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 769 bytes | Modified Date = 4/29/2008 3:07:59 PM | Attr = ] {AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 578 bytes | Modified Date = 4/29/2008 3:09:24 PM | Attr = ] 494 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\gisa6bf31\ -> C:\WINDOWS\Temp\gisa6bf31 -> [Folder | Modified Date = 8/17/2008 10:31:05 AM | Attr = ] GoogleUpdater.exe -> C:\WINDOWS\Temp\gisa6bf31\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 8/16/2008 4:11:09 PM | Attr = ] GoogleUpdaterAdminPrefs.exe -> C:\WINDOWS\Temp\gisa6bf31\GoogleUpdaterAdminPrefs.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 187064 bytes | Modified Date = 8/16/2008 4:11:09 PM | Attr = ] GoogleUpdaterInstallMgr.exe -> C:\WINDOWS\Temp\gisa6bf31\GoogleUpdaterInstallMgr.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 666296 bytes | Modified Date = 8/16/2008 4:11:09 PM | Attr = ] GoogleUpdaterService.exe -> C:\WINDOWS\Temp\gisa6bf31\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 8/16/2008 4:11:12 PM | Attr = ] GoogleUpdaterSetup.exe -> C:\WINDOWS\Temp\gisa6bf31\GoogleUpdaterSetup.exe -> Google Inc. [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 8/16/2008 4:11:11 PM | Attr = ] gtfirstboot.exe -> C:\WINDOWS\Temp\gisa6bf31\gtfirstboot.exe -> [Ver = | Size = 65536 bytes | Modified Date = 8/16/2008 4:11:11 PM | Attr = ] C:\WINDOWS\Temp\gisa6bf31\ -> C:\WINDOWS\Temp\gisa6bf31 -> [Folder | Modified Date = 8/17/2008 10:31:05 AM | Attr = ] ci.dll -> C:\WINDOWS\Temp\gisa6bf31\ci.dll -> Google [Ver = 2.2.1111.1511.beta | Size = 877056 bytes | Modified Date = 8/16/2008 4:11:08 PM | Attr = ] cires_en.dll -> C:\WINDOWS\Temp\gisa6bf31\cires_en.dll -> [Ver = | Size = 125952 bytes | Modified Date = 8/16/2008 4:11:11 PM | Attr = ] npCIDetect11.dll -> C:\WINDOWS\Temp\gisa6bf31\npCIDetect11.dll -> Google [Ver = 2.2.1111.1511.beta | Size = 83968 bytes | Modified Date = 8/16/2008 4:11:09 PM | Attr = ] C:\WINDOWS\Temp\nsp37.tmp\ -> C:\WINDOWS\Temp\nsp37.tmp\ -> [Folder | Modified Date = 4/10/2008 9:53:41 PM | Attr = ] NSIS_Picasa.dll -> C:\WINDOWS\Temp\nsp37.tmp\NSIS_Picasa.dll -> [Ver = | Size = 51200 bytes | Modified Date = 4/10/2008 9:53:41 PM | Attr = ] C:\WINDOWS\Temp\tismsi\ -> C:\WINDOWS\Temp\tismsi -> [Folder | Modified Date = 3/26/2008 5:00:21 PM | Attr = ] atl80.dll -> C:\WINDOWS\Temp\tismsi\atl80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 96256 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] GENKEY32.dll -> C:\WINDOWS\Temp\tismsi\GENKEY32.dll -> [Ver = | Size = 29448 bytes | Modified Date = 12/16/2007 5:25:10 AM | Attr = ] libexpat.dll -> C:\WINDOWS\Temp\tismsi\libexpat.dll -> [Ver = | Size = 156936 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfc80.dll -> C:\WINDOWS\Temp\tismsi\mfc80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 1101824 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfc80u.dll -> C:\WINDOWS\Temp\tismsi\mfc80u.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 1093120 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfcm80.dll -> C:\WINDOWS\Temp\tismsi\mfcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 69632 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] mfcm80u.dll -> C:\WINDOWS\Temp\tismsi\mfcm80u.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 57856 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] msvcm80.dll -> C:\WINDOWS\Temp\tismsi\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 479232 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] msvcp80.dll -> C:\WINDOWS\Temp\tismsi\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 548864 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] msvcr80.dll -> C:\WINDOWS\Temp\tismsi\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.762 | Size = 626688 bytes | Modified Date = 12/16/2007 5:25:12 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/27/2008 12:16:29 PM | Attr = ] Perflib_Perfdata_118.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_118.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/22/2007 11:57:16 AM | Attr = ] Perflib_Perfdata_11c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/11/2007 2:26:41 PM | Attr = ] Perflib_Perfdata_128.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_128.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/11/2007 5:49:32 PM | Attr = ] Perflib_Perfdata_13c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_13c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/11/2007 12:34:43 PM | Attr = ] Perflib_Perfdata_148.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_148.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/13/2007 3:08:32 PM | Attr = ] Perflib_Perfdata_154.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_154.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/29/2007 6:07:56 PM | Attr = ] Perflib_Perfdata_158.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_158.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/8/2007 9:40:22 PM | Attr = ] Perflib_Perfdata_168.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_168.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/19/2007 3:27:27 PM | Attr = ] Perflib_Perfdata_178.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_178.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/30/2007 5:57:38 PM | Attr = ] Perflib_Perfdata_18c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_18c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/20/2007 5:16:44 PM | Attr = ] Perflib_Perfdata_194.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_194.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/4/2007 9:08:29 PM | Attr = ] Perflib_Perfdata_198.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_198.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/21/2007 10:17:24 AM | Attr = ] Perflib_Perfdata_1a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/27/2007 8:05:11 PM | Attr = ] Perflib_Perfdata_1b0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1b0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/1/2007 5:48:59 PM | Attr = ] Perflib_Perfdata_1b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/11/2007 5:35:36 PM | Attr = ] Perflib_Perfdata_1b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/5/2007 4:21:11 PM | Attr = ] Perflib_Perfdata_1d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1d0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/29/2007 1:04:27 PM | Attr = ] Perflib_Perfdata_1d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/2/2007 6:12:19 PM | Attr = ] Perflib_Perfdata_1dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/12/2007 5:10:51 PM | Attr = ] Perflib_Perfdata_1e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/12/2008 1:40:08 PM | Attr = ] Perflib_Perfdata_1f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/6/2007 3:26:51 PM | Attr = ] Perflib_Perfdata_1f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/20/2007 5:47:28 PM | Attr = ] Perflib_Perfdata_208.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_208.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/18/2007 3:17:27 PM | Attr = ] Perflib_Perfdata_220.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_220.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/31/2007 7:40:28 PM | Attr = ] Perflib_Perfdata_228.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_228.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/30/2007 10:57:22 AM | Attr = ] Perflib_Perfdata_22c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/27/2007 1:14:31 PM | Attr = ] Perflib_Perfdata_238.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_238.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/24/2007 10:58:04 AM | Attr = ] Perflib_Perfdata_274.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_274.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/9/2008 11:50:15 AM | Attr = ] Perflib_Perfdata_27c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_27c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/6/2008 12:46:55 AM | Attr = ] Perflib_Perfdata_284.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_284.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/13/2007 7:48:39 PM | Attr = ] Perflib_Perfdata_2b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/25/2007 2:37:06 PM | Attr = ] Perflib_Perfdata_2bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2bc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/27/2007 5:16:34 PM | Attr = ] Perflib_Perfdata_2c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/3/2007 9:15:41 PM | Attr = ] Perflib_Perfdata_2dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/8/2008 6:15:00 PM | Attr = ] Perflib_Perfdata_2fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/3/2007 6:00:19 PM | Attr = ] Perflib_Perfdata_300.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_300.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/28/2007 3:12:29 PM | Attr = ] Perflib_Perfdata_304.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_304.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/2/2008 3:06:10 AM | Attr = ] Perflib_Perfdata_30c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_30c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/21/2007 11:36:26 AM | Attr = ] Perflib_Perfdata_310.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_310.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/26/2007 6:48:07 AM | Attr = ] Perflib_Perfdata_318.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_318.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/4/2008 6:04:36 PM | Attr = ] Perflib_Perfdata_320.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_320.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/13/2008 12:53:23 PM | Attr = ] Perflib_Perfdata_330.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_330.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/17/2007 6:59:17 PM | Attr = ] Perflib_Perfdata_34c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_34c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/17/2008 7:09:38 PM | Attr = ] Perflib_Perfdata_354.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_354.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/1/2007 10:33:23 PM | Attr = ] Perflib_Perfdata_35c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_35c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/9/2007 1:27:26 PM | Attr = ] Perflib_Perfdata_360.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_360.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/7/2008 4:29:16 PM | Attr = ] Perflib_Perfdata_370.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_370.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/25/2007 5:50:19 PM | Attr = ] Perflib_Perfdata_37c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_37c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/29/2008 4:27:54 PM | Attr = ] Perflib_Perfdata_380.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_380.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/3/2008 11:04:32 PM | Attr = ] Perflib_Perfdata_384.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_384.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/5/2007 5:19:01 PM | Attr = ] Perflib_Perfdata_390.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_390.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/6/2008 9:11:01 PM | Attr = ] Perflib_Perfdata_3a4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3a4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/27/2007 7:42:37 PM | Attr = ] Perflib_Perfdata_3a8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/21/2008 12:44:23 PM | Attr = ] Perflib_Perfdata_3c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/16/2008 11:20:11 AM | Attr = ] Perflib_Perfdata_3cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/2/2008 2:36:27 PM | Attr = ] Perflib_Perfdata_3dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/15/2008 11:47:38 AM | Attr = ] Perflib_Perfdata_3ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/2/2008 2:10:43 AM | Attr = ] Perflib_Perfdata_400.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_400.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/3/2007 2:24:09 PM | Attr = ] Perflib_Perfdata_408.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_408.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/14/2008 5:04:54 PM | Attr = ] Perflib_Perfdata_420.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_420.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/24/2008 1:40:19 PM | Attr = ] Perflib_Perfdata_434.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_434.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/16/2008 1:12:30 PM | Attr = ] Perflib_Perfdata_448.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_448.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/31/2007 4:28:03 PM | Attr = ] Perflib_Perfdata_45c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_45c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2008 10:32:12 PM | Attr = ] Perflib_Perfdata_460.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_460.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/2/2007 12:45:31 AM | Attr = ] Perflib_Perfdata_464.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_464.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/10/2007 10:51:33 PM | Attr = ] Perflib_Perfdata_468.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_468.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/9/2007 11:06:00 PM | Attr = ] Perflib_Perfdata_470.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_470.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/11/2007 3:03:58 PM | Attr = ] Perflib_Perfdata_474.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_474.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/6/2007 5:46:22 PM | Attr = ] Perflib_Perfdata_484.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_484.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/20/2007 10:57:32 PM | Attr = ] Perflib_Perfdata_490.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_490.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/8/2007 3:02:06 PM | Attr = ] Perflib_Perfdata_4b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/17/2007 8:31:54 PM | Attr = ] Perflib_Perfdata_4d8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/8/2007 1:46:30 PM | Attr = ] Perflib_Perfdata_4e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/21/2008 2:01:54 PM | Attr = ] Perflib_Perfdata_4e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/1/2008 6:49:48 PM | Attr = ] Perflib_Perfdata_4e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/19/2008 7:45:20 PM | Attr = ] Perflib_Perfdata_4f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/19/2008 6:08:50 PM | Attr = ] Perflib_Perfdata_4f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/28/2008 6:46:04 PM | Attr = ] Perflib_Perfdata_4f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/9/2008 12:54:50 PM | Attr = ] Perflib_Perfdata_4fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/18/2008 12:53:55 PM | Attr = ] Perflib_Perfdata_500.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_500.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/8/2008 9:11:40 PM | Attr = ] Perflib_Perfdata_508.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_508.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/26/2008 7:51:13 PM | Attr = ] Perflib_Perfdata_50c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/21/2008 8:00:58 PM | Attr = ] Perflib_Perfdata_524.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_524.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/15/2007 8:15:27 PM | Attr = ] Perflib_Perfdata_52c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/11/2008 10:32:35 PM | Attr = ] Perflib_Perfdata_574.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_574.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/14/2008 4:51:16 PM | Attr = ] Perflib_Perfdata_5a0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/5/2007 7:14:00 PM | Attr = ] Perflib_Perfdata_5d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/15/2008 4:31:18 PM | Attr = ] Perflib_Perfdata_5e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/15/2007 3:54:35 PM | Attr = ] Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/16/2007 5:00:40 PM | Attr = ] Perflib_Perfdata_5ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/11/2007 11:52:52 AM | Attr = ] Perflib_Perfdata_5f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/26/2008 7:01:12 PM | Attr = ] Perflib_Perfdata_600.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_600.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/2/2008 2:13:04 PM | Attr = ] Perflib_Perfdata_6ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/3/2008 9:02:55 PM | Attr = ] Perflib_Perfdata_6d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/23/2007 4:08:59 PM | Attr = ] Perflib_Perfdata_6f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6f8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/4/2007 2:59:18 PM | Attr = ] Perflib_Perfdata_70.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_70.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/10/2008 12:19:22 PM | Attr = ] Perflib_Perfdata_704.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_704.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/2/2008 2:27:40 AM | Attr = ] Perflib_Perfdata_744.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_744.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/10/2007 11:05:24 PM | Attr = ] Perflib_Perfdata_750.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_750.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/29/2007 4:16:49 PM | Attr = ] Perflib_Perfdata_758.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_758.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/25/2007 11:26:55 AM | Attr = ] Perflib_Perfdata_760.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_760.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/9/2007 5:07:22 PM | Attr = ] Perflib_Perfdata_768.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_768.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/29/2007 9:29:52 PM | Attr = ] Perflib_Perfdata_788.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_788.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/22/2008 7:25:49 PM | Attr = ] Perflib_Perfdata_794.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_794.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/25/2007 2:43:42 PM | Attr = ] Perflib_Perfdata_7ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/21/2008 12:25:39 PM | Attr = ] Perflib_Perfdata_7c0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/26/2007 2:26:42 PM | Attr = ] Perflib_Perfdata_7c4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/4/2007 8:47:02 PM | Attr = ] Perflib_Perfdata_7c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/26/2007 9:49:14 AM | Attr = ] Perflib_Perfdata_7cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7cc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/3/2007 12:26:57 PM | Attr = ] Perflib_Perfdata_7e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/26/2007 8:09:21 PM | Attr = ] Perflib_Perfdata_7e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/29/2008 6:18:06 PM | Attr = ] Perflib_Perfdata_7ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/12/2007 9:18:01 PM | Attr = ] Perflib_Perfdata_808.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_808.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/25/2007 8:09:27 PM | Attr = ] Perflib_Perfdata_824.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_824.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/8/2007 11:21:53 PM | Attr = ] Perflib_Perfdata_834.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_834.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/1/2008 6:34:57 PM | Attr = ] Perflib_Perfdata_838.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_838.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/19/2007 7:19:57 PM | Attr = ] Perflib_Perfdata_83c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_83c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/5/2007 10:40:50 PM | Attr = ] Perflib_Perfdata_84c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_84c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/11/2008 1:50:27 PM | Attr = ] Perflib_Perfdata_850.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_850.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/10/2008 6:21:04 PM | Attr = ] Perflib_Perfdata_864.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_864.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/27/2008 2:37:46 PM | Attr = ] Perflib_Perfdata_868.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_868.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/6/2008 11:18:02 AM | Attr = ] Perflib_Perfdata_87c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_87c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/17/2007 8:23:48 PM | Attr = ] Perflib_Perfdata_888.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_888.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/5/2008 8:56:35 PM | Attr = ] Perflib_Perfdata_88c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_88c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/2/2007 8:41:49 PM | Attr = ] Perflib_Perfdata_8ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/20/2007 8:02:15 PM | Attr = ] Perflib_Perfdata_8c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/4/2007 11:47:14 PM | Attr = ] Perflib_Perfdata_8d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/14/2008 10:11:56 PM | Attr = ] Perflib_Perfdata_8e4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_8e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/17/2008 12:38:28 PM | Attr = ] Perflib_Perfdata_908.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_908.dat -> [Ver = | Size = 16384 bytes | Modified Date = 1/30/2008 12:39:52 PM | Attr = ] Perflib_Perfdata_90c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_90c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/2/2008 1:08:18 AM | Attr = ] Perflib_Perfdata_b74.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b74.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/2/2008 10:36:47 PM | Attr = ] Perflib_Perfdata_bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/6/2007 4:16:52 PM | Attr = ] Perflib_Perfdata_dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2/8/2008 12:40:12 PM | Attr = ] Perflib_Perfdata_f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/7/2007 6:02:06 PM | Attr = ] Perflib_Perfdata_f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/29/2007 4:21:13 PM | Attr = ] 6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/6/2008 8:28:33 AM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/6/2008 8:28:33 AM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 8/6/2008 8:28:33 AM | Attr = HS] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/27/2008 12:16:29 PM | Attr = ] tmdbg.ini -> C:\WINDOWS\Temp\tmdbg.ini -> [Ver = | Size = 1402 bytes | Modified Date = 3/26/2008 4:56:58 PM | Attr = ] {AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\WINDOWS\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> [Ver = | Size = 700 bytes | Modified Date = 2/2/2008 2:29:51 PM | Attr = ] {AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\WINDOWS\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 586 bytes | Modified Date = 2/2/2008 2:32:52 PM | Attr = ] 6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0IZ3NJ3F\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0IZ3NJ3F -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0IZ3NJ3F\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6QW3WPNB\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6QW3WPNB -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\6QW3WPNB\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7PTWJVO1\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7PTWJVO1 -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7PTWJVO1\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EL2R9IP0\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EL2R9IP0 -> [Folder | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EL2R9IP0\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 9/3/2007 2:37:36 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] acccore -> %AllUsersProfile%\Application Data\acccore -> [Folder | Modified Date = 6/23/2008 2:18:02 AM | Attr = ] BigFishGamesCache -> %AllUsersProfile%\Application Data\BigFishGamesCache -> [Folder | Modified Date = 8/16/2008 11:08:18 PM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 8/1/2008 5:49:56 PM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 8/26/2008 11:50:44 PM | Attr = ] LogMeIn -> %AllUsersProfile%\Application Data\LogMeIn -> [Folder | Modified Date = 6/20/2008 11:30:54 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 8/27/2008 11:42:21 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 8/16/2008 11:10:57 PM | Attr = S] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 8/21/2008 11:04:01 AM | Attr = ] @Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:2ABEB9EB @Alternate Data Stream - 95 bytes -> %AllUsersProfile%\Application Data\TEMP:A1D3FEF0 @Alternate Data Stream - 127 bytes -> %AllUsersProfile%\Application Data\TEMP:B623B5B8 @Alternate Data Stream - 123 bytes -> %AllUsersProfile%\Application Data\TEMP:CAAA7DD7 @Alternate Data Stream - 107 bytes -> %AllUsersProfile%\Application Data\TEMP:E60C72DB Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint -> [Folder | Modified Date = 6/23/2008 2:18:10 AM | Attr = ] WinZip -> %AllUsersProfile%\Application Data\WinZip -> [Folder | Modified Date = 8/24/2008 5:31:27 PM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 7/11/2008 2:35:34 PM | Attr = ] acccore -> %AppData%\acccore -> [Folder | Modified Date = 6/23/2008 2:22:45 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/18/2008 10:01:46 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 7/25/2008 2:08:17 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 6/15/2008 7:02:53 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 8/27/2008 11:42:58 AM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 6/15/2008 3:24:02 PM | Attr = ] skypePM -> %AppData%\skypePM -> [Folder | Modified Date = 6/15/2008 3:21:45 PM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 1284 bytes | Modified Date = 8/1/2008 7:27:01 PM | Attr = ] AOL -> %UserProfile%\Local Settings\Application Data\AOL -> [Folder | Modified Date = 8/1/2008 5:48:39 PM | Attr = ] AOL OCP -> %UserProfile%\Local Settings\Application Data\AOL OCP -> [Folder | Modified Date = 6/23/2008 2:19:11 AM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 7/25/2008 2:08:17 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 6/23/2008 2:35:57 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 41472 bytes | Modified Date = 8/15/2008 3:42:38 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 6/15/2008 7:02:53 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1580148 bytes | Modified Date = 8/24/2008 5:13:08 PM | Attr = H ] LogMeIn -> %UserProfile%\Local Settings\Application Data\LogMeIn -> [Folder | Modified Date = 6/20/2008 11:30:54 PM | Attr = ] MediaMonkey -> %UserProfile%\Local Settings\Application Data\MediaMonkey -> [Folder | Modified Date = 8/24/2008 12:31:19 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/16/2008 2:36:55 PM | Attr = ] Yahoo -> %AllUsersProfile%\Documents\Yahoo -> [Folder | Modified Date = 7/6/2008 12:20:04 PM | Attr = ] AIMLogger -> %UserProfile%\My Documents\AIMLogger -> [Folder | Modified Date = 8/12/2008 1:12:31 AM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 8/1/2008 5:45:39 PM | Attr = R ] My Projects -> %UserProfile%\My Documents\My Projects -> [Folder | Modified Date = 7/15/2008 12:21:20 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 5/29/2008 5:00:30 PM | Attr = R ] AIM 6.lnk -> %AllUsersProfile%\Desktop\AIM 6.lnk -> [Ver = | Size = 1672 bytes | Modified Date = 6/23/2008 2:17:55 AM | Attr = ] Diablo II.lnk -> %AllUsersProfile%\Desktop\Diablo II.lnk -> [Ver = | Size = 1564 bytes | Modified Date = 5/31/2008 5:33:12 PM | Attr = ] Get OpenOffice.org.lnk -> %AllUsersProfile%\Desktop\Get OpenOffice.org.lnk -> [Ver = | Size = 851 bytes | Modified Date = 7/9/2008 12:57:37 PM | Attr = ] Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [Ver = | Size = 1836 bytes | Modified Date = 7/31/2008 12:41:41 AM | Attr = ] Google Updater.lnk -> %AllUsersProfile%\Desktop\Google Updater.lnk -> [Ver = | Size = 890 bytes | Modified Date = 8/16/2008 4:11:24 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 8/25/2008 9:38:31 PM | Attr = ] Logitech Mouse and Keyboard Settings.lnk -> %AllUsersProfile%\Desktop\Logitech Mouse and Keyboard Settings.lnk -> [Ver = | Size = 1681 bytes | Modified Date = 8/11/2008 11:40:18 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 8/27/2008 11:42:29 AM | Attr = ] Diablo II - Lord of Destruction.lnk -> %UserProfile%\Desktop\Diablo II - Lord of Destruction.lnk -> [Ver = | Size = 1564 bytes | Modified Date = 5/31/2008 9:53:29 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 8/27/2008 2:28:19 AM | Attr = ] Kate's Video Converter.lnk -> %UserProfile%\Desktop\Kate's Video Converter.lnk -> [Ver = | Size = 676 bytes | Modified Date = 5/29/2008 3:45:38 PM | Attr = ] OCP-Enforcer.lnk -> %UserProfile%\Desktop\OCP-Enforcer.lnk -> [Ver = | Size = 1683 bytes | Modified Date = 7/28/2008 5:03:21 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/27/2008 12:24:35 PM | Attr = ] Skype.lnk -> %UserProfile%\Desktop\Skype.lnk -> [Ver = | Size = 2257 bytes | Modified Date = 6/15/2008 3:20:52 PM | Attr = ] Google Updater.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> [Ver = | Size = 920 bytes | Modified Date = 8/16/2008 4:11:24 PM | Attr = ] Logitech SetPoint.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> [Ver = | Size = 1687 bytes | Modified Date = 8/11/2008 11:40:16 AM | Attr = ] AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 6/23/2008 2:16:10 AM | Attr = ] Oberon Media -> %CommonProgramFiles%\Oberon Media -> [Folder | Modified Date = 8/16/2008 11:10:43 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 8/1/2008 6:33:36 PM | Attr = ] wsm -> %CommonProgramFiles%\wsm -> [Folder | Modified Date = 5/29/2008 3:45:49 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]