Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 iSayChris

iSayChris

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 13 January 2008 - 02:41 PM

hi, i have a problem removing a virus.
i scanned my computer with hijackthis, and i saw this program
"C:\Program Files\Gs34wxdCn-hplar\csrss.exe". according to hijackthis.de, it says that
"This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. This process is not running from the System32 folder as it is supposed to be."
i tried to end the program, but it said "This is a critical process. Task mananger cannot end."
i went "C:\Program Files\" tried to find "Gs34wxdCn-hplar\csrss.exe", but it wasnt there. please someone help me delete it.
i also scanned the file. heres the results

Jotti results: http://img111.imageshack.us/img111/2350/wtfov4.png
Virusvault results: Http://img247.imageshack.us/img247/6381/wtf2ea4.png

Heres my Log.
------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:12 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\program files\gs34wxdcn-hplar\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1120605367\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://uploadhosted.filefront.com
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8572 bytes

Edited by iSayChris, 14 January 2008 - 12:11 PM.


BC AdBot (Login to Remove)

 


#2 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 14 January 2008 - 10:40 AM

Ok now, the start up programs like made a copy of itself and running. Someone helpp

Edited by iSayChris, 14 January 2008 - 08:57 PM.


#3 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 January 2008 - 10:12 PM

I think i stoped the programs from copying. now the detail box on the left in a folder is gone. HELP!

also, When i try to upload something to the internet, the Browse box wont show. sometimes
andd, sometimes Explorer.exe ends randomly.

Edited by iSayChris, 18 January 2008 - 10:33 PM.


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:46 AM

Posted 18 January 2008 - 10:56 PM

Hello iSayChris and welcome to the BC HijackThis forum. I'm a bit confused with the posts. If no file was found what were the scans in the first post form? Also, what startup program was making a copy of itself?

I see two anti-virus programs running (AVG and Yahoo). When there is more than one anti-virus running, the programs will conflict with each other and can actually block each other from dealing with infected files. Keep the one you want and uninstall the other one.

Now, let's see what we can find. Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - Desktop Components
      Reg - Software Policy Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 January 2008 - 11:23 PM

WinPFind35 logfile created on: 1/18/2008 8:16:25 PM
WinPFind35U Version Beta23 Folder = C:\Documents and Settings\All Users\Documents\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

510.98 Mb Total Physical Memory | 154.66 Mb Available Physical Memory | 30.27% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 29.38 Gb Free Space | 39.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: RALPH-NCDXW43SG
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Modified Date = 8/29/2003 9:54:16 AM | Attr = ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 4.0.0.0 | Size = 46680 bytes | Modified Date = 4/18/2005 10:38:59 AM | Attr = R ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 12:54:14 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/19/2007 3:12:00 AM | Attr = ]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 12:54:12 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/1/2007 7:51:13 PM | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 259184 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 201840 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/30/2007 4:26:36 PM | Attr = ]
winpfind35u.exe -> %AllUsersDocuments%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 300032 bytes | Modified Date = 1/17/2008 12:16:46 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/24/2006 11:04:16 AM | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 4.0.0.0 | Size = 46680 bytes | Modified Date = 4/18/2005 10:38:59 AM | Attr = R ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 12:54:14 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/19/2007 3:12:00 AM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/1/2007 7:51:13 PM | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr = ]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 259184 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 5:40:21 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 5.0.1.4 | Size = 323584 bytes | Modified Date = 9/21/2005 2:29:56 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 3/30/2005 3:46:56 PM | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Modified Date = 8/29/2003 9:54:16 AM | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 201840 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr = ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 3:07:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
dla -> %System32%\dla\tfswctrl.exe -> File not found
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
-> -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 7/5/2005 11:00:23 AM | Attr = HS]
< Chris Startup Folder > -> C:\Documents and Settings\Chris\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 7/5/2005 11:00:23 AM | Attr = HS]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\wvutqoo.dll [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
wvutqoo -> wvutqoo.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
< HOSTS File > (21 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.windowsxlive.net ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://yahoo.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
click_getmirar.com [https] -> Trusted sites ->
click_mirarsearch.com [https] -> Trusted sites ->
redirect_mirarsearch.com [https] -> Trusted sites ->
awbeta_net-nucleus.com [https] -> Trusted sites ->
4 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6 domain(s) found. ->
[msn] -> My Computer ->
aimexpress_aol.com [http] -> Trusted sites ->
objects_aol.com [*] -> Out of zone range - ( 5 ) ->
www_download.com [http] -> Trusted sites ->
uploadhosted_filefront.com [http] -> Trusted sites ->
www_freeweblayouts.net [https] -> Trusted sites ->
toolbar_imageshack.us [http] -> Trusted sites ->
5 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 2:32:32 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.07b | Size = 118836 bytes | Modified Date = 3/15/2004 12:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{8B7A0116-21D9-45C1-89C6-B30BD648BC43} [HKEY_LOCAL_MACHINE] -> %System32%\mllml.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 336384 bytes | Modified Date = 1/12/2008 10:17:29 PM | Attr = ]
{8F9E2BE3-766D-4831-BB0E-766D5B819995} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive9.dll [BndBlock4 BHO Class] -> File not found
{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\wvutqoo.dll [Reg Error: Value does not exist or could not be read.] -> File not found
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor] -> File not found
{1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive9.dll [Internet Speed Monitor] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> [AIM Search] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> File not found
WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} [HKEY_LOCAL_MACHINE] -> %UserDocuments%\Programs\Quicknation\YouTubeDownload-Convert.dll [Youtube-Download-Convert-Toolbar] -> File not found
WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKEY_LOCAL_MACHINE] -> %System32%\version69ie7fix.dll [Mirar] -> File not found
WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr = ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 2:32:32 PM | Attr = ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 2:32:32 PM | Attr = ]
CmdMapping\\{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 1:17:28 PM | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Tag This Image -> -> File not found
Transload Image to ImageShack -> -> File not found
Upload All Images to ImageShack -> -> File not found
Upload Image to ImageShack -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SPOENB/1.0 -> ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{950500F1-D40B-4601-AF19-A747ED3CCDD9} -> () ->
{C9441AAD-453E-474D-BA96-70E234A907A8} -> (Intel® PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab[Support.com Configuration Class] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwa...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/3/9...heckControl.cab[Windows Genuine Advantage Validation Tool] ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[Installation Support] ->
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{48884C41-EFAC-433D-958A-9FADAC41408E}[HKEY_LOCAL_MACHINE] -> https://www.e-games.com.my/com/EGamesPlugin.cab[EGamesPlugin Class] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] ->
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab2.cab[System Requirements Lab Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{A4639D2F-774E-11D3-A490-00C04F6843FB}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/Pow...N-US/msorun.cab[IEAnimBehaviorFactory Class] ->
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab[Java Plug-in 1.4.2_08] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab[Shockwave Flash Object] ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://chat.msn.com/controls/msnchat45.cab[MSN Chat Control 4.5] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:43 PM | Attr = ]
C:\WINDOWS\system32\mllml -> %System32%\mllml.exe -> [Ver = | Size = 3584 bytes | Modified Date = 1/16/2008 6:05:20 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 9:49:30 AM | Attr = ]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 11:56:43 PM | Attr = ]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 6:21:15 AM | Attr = ]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 8:37:50 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1260 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/3/2004 11:56:44 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:57 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 37837 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 11:56:42 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C9441AAD-453E-474D-BA96-70E234A907A8} -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 11:56:57 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 11:56:46 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\WindowsLiveCall\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\RTC\PortRange\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes ->
ADE -> -> File not found
ADP -> -> File not found
BAS -> -> File not found
BAT -> -> File not found
CHM -> -> File not found
CMD -> %System32%\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr = ]
COM -> -> File not found
CPL -> -> File not found
CRT -> -> File not found
EXE -> -> File not found
HLP -> -> File not found
HTA -> -> File not found
INF -> -> File not found
INS -> -> File not found
ISP -> -> File not found
LNK -> -> File not found
MDB -> -> File not found
MDE -> -> File not found
MSC -> -> File not found
MSI -> %System32%\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 8:12:23 AM | Attr = ]
MSP -> -> File not found
MST -> -> File not found
OCX -> -> File not found
PCD -> -> File not found
PIF -> -> File not found
REG -> %System32%\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/3/2004 11:56:55 PM | Attr = ]
SCR -> -> File not found
SHS -> -> File not found
URL -> %System32%\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16574 (vista_gdr.071008-1500) | Size = 105984 bytes | Modified Date = 10/10/2007 3:55:59 PM | Attr = ]
VB -> -> File not found
WSC -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize ->
̋ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize ->
ȅ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize ->
Ζ -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize ->
Ś -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize ->
Ų -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->
HKEY_CURRENT_USER\Software\Policies\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Conferencing\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing\\BehaviorOnFailedVerify -> 0 ->


[Files/Folders - Created Within 30 days]
TEMP -> %SystemDrive%\TEMP -> [Folder | Created Date = 1/14/2008 6:49:02 PM | Attr = ]
000080.exe -> %System32%\000080.exe -> [Ver = | Size = 286288 bytes | Created Date = 12/21/2007 9:54:36 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/10/2008 8:32:35 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/10/2008 8:32:35 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/10/2008 8:32:35 PM | Attr = ]
lmllm.ini -> %System32%\lmllm.ini -> [Ver = | Size = 425072 bytes | Created Date = 1/12/2008 10:17:31 PM | Attr = HS]
lmllm.ini2 -> %System32%\lmllm.ini2 -> [Ver = | Size = 425072 bytes | Created Date = 1/12/2008 10:17:32 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 0 bytes | Created Date = 1/13/2008 7:48:53 AM | Attr = ]
mllml.dll -> %System32%\mllml.dll -> [Ver = | Size = 336384 bytes | Created Date = 1/12/2008 10:17:27 PM | Attr = ]
mllml.exe -> %System32%\mllml.exe -> [Ver = | Size = 3584 bytes | Created Date = 1/16/2008 6:05:20 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 163353 bytes | Created Date = 12/30/2007 10:14:57 PM | Attr = ]
nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17737 bytes | Created Date = 12/30/2007 10:14:53 PM | Attr = ]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 1 , 1 , 0 | Size = 356352 bytes | Created Date = 12/30/2007 10:14:50 PM | Attr = ]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 1 , 1 , 0 | Size = 356352 bytes | Created Date = 12/30/2007 10:13:20 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Created Date = 12/30/2007 10:14:53 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 1/15/2008 6:42:17 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 1/15/2008 6:42:17 PM | Attr = H ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 1/15/2008 3:47:57 PM | Attr = ]
UpdReg .EXE -> %SystemRoot%\UpdReg .EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Created Date = 1/13/2008 7:03:45 AM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 1/14/2008 11:27:55 AM | Attr = ]
WinRAR -> %UserAppData%\WinRAR -> [Folder | Created Date = 1/5/2008 7:45:43 PM | Attr = ]
Paint.NET -> %LocalAppData%\Paint.NET -> [Folder | Created Date = 1/14/2008 11:56:19 AM | Attr = ]
bkl001.jpg -> %UserDocuments%\bkl001.jpg -> [Ver = | Size = 238196 bytes | Created Date = 1/5/2008 3:30:24 PM | Attr = ]
er.rtf -> %UserDocuments%\er.rtf -> [Ver = | Size = 166 bytes | Created Date = 1/9/2008 9:48:49 PM | Attr = ]
MAES LAYOUT 1-15-08.rtf -> %UserDocuments%\MAES LAYOUT 1-15-08.rtf -> [Ver = | Size = 36632 bytes | Created Date = 1/15/2008 9:23:06 PM | Attr = ]
missing!.PNG -> %UserDocuments%\missing!.PNG -> [Ver = | Size = 49250 bytes | Created Date = 1/18/2008 7:18:11 PM | Attr = ]
MY LAYOUT CODE 1-15-08.rtf -> %UserDocuments%\MY LAYOUT CODE 1-15-08.rtf -> [Ver = | Size = 23927 bytes | Created Date = 1/15/2008 9:18:36 PM | Attr = ]
New d.doc -> %UserDocuments%\New d.doc -> [Ver = | Size = 818176 bytes | Created Date = 1/17/2008 9:49:14 PM | Attr = ]
Outsiders - Tulsa Times.doc -> %UserDocuments%\Outsiders - Tulsa Times.doc -> [Ver = | Size = 818176 bytes | Created Date = 1/17/2008 9:53:09 PM | Attr = ]
outsiders word.rtf -> %UserDocuments%\outsiders word.rtf -> [Ver = | Size = 3592 bytes | Created Date = 1/17/2008 8:14:23 PM | Attr = ]
phrases.rtf -> %UserDocuments%\phrases.rtf -> [Ver = | Size = 261 bytes | Created Date = 12/31/2007 9:14:14 PM | Attr = ]
ralph-layout-headline-aboutme.rtf -> %UserDocuments%\ralph-layout-headline-aboutme.rtf -> [Ver = | Size = 23923 bytes | Created Date = 1/5/2008 2:48:51 AM | Attr = ]
username.rtf -> %UserDocuments%\username.rtf -> [Ver = | Size = 365 bytes | Created Date = 1/12/2008 3:36:38 PM | Attr = ]
WTF.PNG -> %UserDocuments%\WTF.PNG -> [Ver = | Size = 23358 bytes | Created Date = 1/13/2008 9:57:15 AM | Attr = ]
wtf2.PNG -> %UserDocuments%\wtf2.PNG -> [Ver = | Size = 46494 bytes | Created Date = 1/13/2008 10:41:11 AM | Attr = ]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk -> [Ver = | Size = 795 bytes | Created Date = 1/4/2008 4:05:14 AM | Attr = ]
FastStone Image Viewer.lnk -> %AllUsersDesktop%\FastStone Image Viewer.lnk -> [Ver = | Size = 780 bytes | Created Date = 1/7/2008 1:26:53 PM | Attr = ]
CS - Source.lnk -> %AllUsersDocuments%\Desktop\CS - Source.lnk -> [Ver = | Size = 1852 bytes | Created Date = 12/31/2007 12:42:38 PM | Attr = ]
DivX Movies.lnk -> %AllUsersDocuments%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1427 bytes | Created Date = 1/4/2008 4:05:14 AM | Attr = ]
FLV Player.lnk -> %AllUsersDocuments%\Desktop\FLV Player.lnk -> [Ver = | Size = 707 bytes | Created Date = 1/14/2008 1:30:02 PM | Attr = ]
HijackThis.lnk -> %AllUsersDocuments%\Desktop\HijackThis.lnk -> [Ver = | Size = 842 bytes | Created Date = 1/14/2008 10:41:00 AM | Attr = ]
uTorrent.lnk -> %AllUsersDocuments%\Desktop\uTorrent.lnk -> [Ver = | Size = 688 bytes | Created Date = 1/6/2008 8:12:55 AM | Attr = ]
WinPFind35u -> %AllUsersDocuments%\Desktop\WinPFind35u -> [Folder | Created Date = 1/18/2008 8:15:00 PM | Attr = ]
WinPFind35u.exe -> %AllUsersDocuments%\Desktop\WinPFind35u.exe -> [Ver = | Size = 471422 bytes | Created Date = 1/18/2008 8:14:35 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 1/15/2008 3:46:53 PM | Attr = RH ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/14/2008 6:26:49 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/15/2008 6:11:53 AM | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/15/2008 5:59:59 AM | Attr = ]
IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1954 bytes | Modified Date = 1/18/2008 7:27:34 PM | Attr = H ]
NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 12/30/2007 10:12:31 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/18/2008 7:29:03 PM | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/2/2008 6:09:31 PM | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/4/2008 8:05:59 PM | Attr = H ]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/20/2007 10:09:28 AM | Attr = H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/29/2007 10:38:49 AM | Attr = H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/29/2007 11:15:30 AM | Attr = H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/30/2007 10:38:08 PM | Attr = H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/31/2007 10:15:28 AM | Attr = H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/1/2008 5:38:39 PM | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/2/2008 10:37:23 AM | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/2/2008 5:55:05 PM | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/2/2008 6:09:30 PM | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/4/2008 8:05:58 PM | Attr = H ]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/20/2007 10:09:28 AM | Attr = H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/29/2007 10:38:49 AM | Attr = H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/29/2007 11:15:30 AM | Attr = H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/30/2007 10:38:07 PM | Attr = H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/31/2007 10:15:28 AM | Attr = H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/1/2008 5:38:39 PM | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/2/2008 10:37:23 AM | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/2/2008 5:55:05 PM | Attr = H ]
TEMP -> %SystemDrive%\TEMP -> [Folder | Modified Date = 1/14/2008 6:49:02 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/15/2008 6:42:17 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/14/2008 10:46:05 AM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/14/2008 10:45:42 AM | Attr = ]
000080.exe -> %System32%\000080.exe -> [Ver = | Size = 286288 bytes | Modified Date = 12/21/2007 9:54:36 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/18/2008 7:16:55 AM | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 1/14/2008 7:27:39 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 1/18/2008 7:17:19 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 1/14/2008 10:46:22 AM | Attr = ]
lmllm.ini -> %System32%\lmllm.ini -> [Ver = | Size = 425072 bytes | Modified Date = 1/18/2008 8:20:30 PM | Attr = HS]
lmllm.ini2 -> %System32%\lmllm.ini2 -> [Ver = | Size = 425072 bytes | Modified Date = 1/18/2008 8:18:34 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 0 bytes | Modified Date = 1/17/2008 7:02:54 AM | Attr = ]
mllml.dll -> %System32%\mllml.dll -> [Ver = | Size = 336384 bytes | Modified Date = 1/12/2008 10:17:29 PM | Attr = ]
mllml.exe -> %System32%\mllml.exe -> [Ver = | Size = 3584 bytes | Modified Date = 1/16/2008 6:05:20 AM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 163353 bytes | Modified Date = 1/5/2008 7:22:01 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1/18/2008 7:17:16 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/9/2008 7:12:16 AM | Attr = H ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 1/14/2008 1:12:45 PM | Attr = R S]
atid.ini -> %SystemRoot%\atid.ini -> [Ver = | Size = 21 bytes | Modified Date = 1/15/2008 6:46:41 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/18/2008 7:15:08 AM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 1/15/2008 9:20:16 AM | Attr = ]
dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 657 bytes | Modified Date = 1/17/2008 10:14:45 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/18/2008 7:26:09 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 12/30/2007 10:14:56 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 1/9/2008 9:57:18 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/9/2008 9:57:33 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/15/2008 6:11:53 AM | Attr = HS]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/8/2008 8:06:56 AM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1903 bytes | Modified Date = 1/1/2008 11:54:02 PM | Attr = ]
nview -> %SystemRoot%\nview -> [Folder | Modified Date = 12/30/2007 10:14:53 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/18/2008 8:15:02 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 1/15/2008 6:42:17 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/15/2008 6:42:17 PM | Attr = H ]
Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 1/8/2008 7:50:58 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/14/2008 6:26:49 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/18/2008 7:17:13 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 1/18/2008 3:43:42 PM | Attr = ]
UpdReg .EXE -> %SystemRoot%\UpdReg .EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 1/14/2008 8:48:17 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 953 bytes | Modified Date = 1/14/2008 6:26:49 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/14/2008 1:14:36 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/18/2008 7:15:53 AM | Attr = H ]
Scan for Viruses.job -> %SystemRoot%\tasks\Scan for Viruses.job -> [Ver = | Size = 342 bytes | Modified Date = 1/18/2008 10:00:00 AM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL -> [Folder | Modified Date = 1/15/2008 6:44:43 AM | Attr = ]
AOL Downloads -> %AllUsersAppData%\AOL Downloads -> [Folder | Modified Date = 1/15/2008 6:46:44 AM | Attr = ]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 1/14/2008 12:02:06 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 1/14/2008 8:49:45 AM | Attr = ]
@Alternate Data Stream - 353 bytes -> %AllUsersAppData%\TEMP:05EE1EEF
@Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:0766416E
@Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:4B7BEAFF
@Alternate Data Stream - 147 bytes -> %AllUsersAppData%\TEMP:8927A071
@Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
Viewpoint -> %AllUsersAppData%\Viewpoint -> [Folder | Modified Date = 1/15/2008 6:45:50 AM | Attr = ]
Aim -> %UserAppData%\Aim -> [Folder | Modified Date = 1/5/2008 6:58:57 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 1/15/2008 8:00:08 AM | Attr = ]
LimeWire -> %UserAppData%\LimeWire -> [Folder | Modified Date = 1/16/2008 6:49:25 PM | Attr = ]
uTorrent -> %UserAppData%\uTorrent -> [Folder | Modified Date = 1/11/2008 1:41:09 AM | Attr = ]
WinRAR -> %UserAppData%\WinRAR -> [Folder | Modified Date = 1/5/2008 8:01:59 PM | Attr = ]
AOL -> %LocalAppData%\AOL -> [Folder | Modified Date = 1/16/2008 7:45:51 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 136704 bytes | Modified Date = 1/12/2008 1:56:32 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 1581784 bytes | Modified Date = 1/8/2008 12:29:07 AM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 1/16/2008 6:51:28 AM | Attr = ]
Paint.NET -> %LocalAppData%\Paint.NET -> [Folder | Modified Date = 1/14/2008 12:20:27 PM | Attr = ]
Desktop -> %AllUsersDocuments%\Desktop -> [Folder | Modified Date = 1/18/2008 8:15:00 PM | Attr = ]
Shared -> %AllUsersDocuments%\Shared -> [Folder | Modified Date = 1/7/2008 2:08:38 AM | Attr = ]
bkl001.jpg -> %UserDocuments%\bkl001.jpg -> [Ver = | Size = 238196 bytes | Modified Date = 1/5/2008 3:33:28 PM | Attr = ]
er.rtf -> %UserDocuments%\er.rtf -> [Ver = | Size = 166 bytes | Modified Date = 1/9/2008 9:48:49 PM | Attr = ]
Jon's Music -> %UserDocuments%\Jon's Music -> [Folder | Modified Date = 1/18/2008 2:25:28 PM | Attr = ]
MAES LAYOUT 1-15-08.rtf -> %UserDocuments%\MAES LAYOUT 1-15-08.rtf -> [Ver = | Size = 36632 bytes | Modified Date = 1/15/2008 9:23:06 PM | Attr = ]
missing!.PNG -> %UserDocuments%\missing!.PNG -> [Ver = | Size = 49250 bytes | Modified Date = 1/18/2008 7:18:11 PM | Attr = ]
MY LAYOUT CODE 1-15-08.rtf -> %UserDocuments%\MY LAYOUT CODE 1-15-08.rtf -> [Ver = | Size = 23927 bytes | Modified Date = 1/15/2008 9:18:37 PM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 1/18/2008 7:24:19 PM | Attr = ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 1/17/2008 8:31:18 PM | Attr = ]
My Videos -> %UserDocuments%\My Videos -> [Folder | Modified Date = 1/12/2008 1:56:31 PM | Attr = ]
New d.doc -> %UserDocuments%\New d.doc -> [Ver = | Size = 818176 bytes | Modified Date = 1/17/2008 9:49:15 PM | Attr = ]
Outsiders - Tulsa Times.doc -> %UserDocuments%\Outsiders - Tulsa Times.doc -> [Ver = | Size = 818176 bytes | Modified Date = 1/17/2008 10:13:00 PM | Attr = ]
outsiders word.rtf -> %UserDocuments%\outsiders word.rtf -> [Ver = | Size = 3592 bytes | Modified Date = 1/17/2008 10:46:59 PM | Attr = ]
phrases.rtf -> %UserDocuments%\phrases.rtf -> [Ver = | Size = 261 bytes | Modified Date = 12/31/2007 9:14:14 PM | Attr = ]
Programs -> %UserDocuments%\Programs -> [Folder | Modified Date = 1/5/2008 8:16:33 PM | Attr = ]
ralph-layout-headline-aboutme.rtf -> %UserDocuments%\ralph-layout-headline-aboutme.rtf -> [Ver = | Size = 23923 bytes | Modified Date = 1/5/2008 2:55:36 AM | Attr = ]
Runescape -> %UserDocuments%\Runescape -> [Folder | Modified Date = 1/4/2008 4:38:32 AM | Attr = ]
Text Documents -> %UserDocuments%\Text Documents -> [Folder | Modified Date = 1/7/2008 6:16:11 PM | Attr = ]
Thumbs.db -> %UserDocuments%\Thumbs.db -> [Ver = | Size = 235008 bytes | Modified Date = 1/17/2008 8:31:25 PM | Attr = HS]
username.rtf -> %UserDocuments%\username.rtf -> [Ver = | Size = 365 bytes | Modified Date = 1/12/2008 3:36:38 PM | Attr = ]
WTF.PNG -> %UserDocuments%\WTF.PNG -> [Ver = | Size = 23358 bytes | Modified Date = 1/13/2008 9:57:24 AM | Attr = ]
wtf2.PNG -> %UserDocuments%\wtf2.PNG -> [Ver = | Size = 46494 bytes | Modified Date = 1/13/2008 10:41:16 AM | Attr = ]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk -> [Ver = | Size = 795 bytes | Modified Date = 1/4/2008 4:05:14 AM | Attr = ]
FastStone Image Viewer.lnk -> %AllUsersDesktop%\FastStone Image Viewer.lnk -> [Ver = | Size = 780 bytes | Modified Date = 1/7/2008 1:26:53 PM | Attr = ]
CS - Source.lnk -> %AllUsersDocuments%\Desktop\CS - Source.lnk -> [Ver = | Size = 1852 bytes | Modified Date = 12/31/2007 12:42:38 PM | Attr = ]
DivX Movies.lnk -> %AllUsersDocuments%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1427 bytes | Modified Date = 1/4/2008 4:05:31 AM | Attr = ]
FLV Player.lnk -> %AllUsersDocuments%\Desktop\FLV Player.lnk -> [Ver = | Size = 707 bytes | Modified Date = 1/14/2008 1:30:02 PM | Attr = ]
HijackThis.lnk -> %AllUsersDocuments%\Desktop\HijackThis.lnk -> [Ver = | Size = 842 bytes | Modified Date = 1/14/2008 10:41:01 AM | Attr = ]
uTorrent.lnk -> %AllUsersDocuments%\Desktop\uTorrent.lnk -> [Ver = | Size = 688 bytes | Modified Date = 1/6/2008 8:12:55 AM | Attr = ]
WinPFind35u -> %AllUsersDocuments%\Desktop\WinPFind35u -> [Folder | Modified Date = 1/18/2008 8:15:01 PM | Attr = ]
WinPFind35u.exe -> %AllUsersDocuments%\Desktop\WinPFind35u.exe -> [Ver = | Size = 471422 bytes | Modified Date = 1/18/2008 8:14:33 PM | Attr = ]
AOL -> %CommonProgramFiles%\AOL -> [Folder | Modified Date = 1/5/2008 7:03:53 PM | Attr = ]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 12/30/2007 3:22:38 PM | Attr = ]
Yazzle1552OinUninstaller.exe -> %CommonProgramFiles%\Yazzle1552OinUninstaller.exe -> [Ver = | Size = 40183 bytes | Modified Date = 1/12/2008 10:11:59 PM | Attr = HS]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 2327 bytes | Modified Date = 8/3/2006 2:23:21 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6800 bytes | Modified Date = 1/18/2008 7:17:29 AM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6800 bytes | Modified Date = 1/18/2008 7:17:29 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/2/2007 7:32:21 PM | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8458 bytes | Modified Date = 3/30/2007 7:14:39 PM | Attr = ]
index.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 81920 bytes | Modified Date = 4/10/2007 2:20:59 PM | Attr = ]
notes.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\notes.dat -> [Ver = | Size = 6800 bytes | Modified Date = 8/6/2006 7:39:56 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\notes.dat:Zone.Identifier
sellable.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\sellable.dat -> [Ver = | Size = 6800 bytes | Modified Date = 8/6/2006 7:39:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\sellable.dat:Zone.Identifier
stackable.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\stackable.dat -> [Ver = | Size = 6800 bytes | Modified Date = 8/6/2006 7:39:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\stackable.dat:Zone.Identifier
tradeable.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\tradeable.dat -> [Ver = | Size = 6800 bytes | Modified Date = 8/6/2006 7:39:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\tradeable.dat:Zone.Identifier
twohanded.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\twohanded.dat -> [Ver = | Size = 6800 bytes | Modified Date = 8/6/2006 7:39:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for MoparScape30.zip\MoparScape30\HybridScape\data\twohanded.dat:Zone.Identifier
code.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Rs_Cache.zip\Rs Cache\code.dat -> [Ver = | Size = 226185 bytes | Modified Date = 11/26/2006 3:01:56 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Rs_Cache.zip\Rs Cache\code.dat:Zone.Identifier
code.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\code.dat -> [Ver = | Size = 226185 bytes | Modified Date = 12/4/2006 7:42:01 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\code.dat:Zone.Identifier
main_file_cache.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\main_file_cache.dat -> [Ver = | Size = 18460165 bytes | Modified Date = 12/4/2006 7:42:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\main_file_cache.dat:Zone.Identifier
shared_game_unpacker.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\shared_game_unpacker.dat -> [Ver = | Size = 17836 bytes | Modified Date = 12/4/2006 7:42:13 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\shared_game_unpacker.dat:Zone.Identifier
uid.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\uid.dat -> [Ver = | Size = 4 bytes | Modified Date = 12/4/2006 7:41:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\uid.dat:Zone.Identifier
worldmap.dat -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\worldmap.dat -> [Ver = | Size = 354341 bytes | Modified Date = 12/4/2006 7:41:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\worldmap.dat:Zone.Identifier
main_file_cache.dat0 -> C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\rsmap\main_file_cache.dat -> [Ver = | Size = 369527 bytes | Modified Date = 12/4/2006 7:41:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\rsmap\main_file_cache.dat0:Zone.Identifier
main_file_cache.dat1 -> C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\runescape\main_file_cache.dat -> [Ver = | Size = 227288 bytes | Modified Date = 12/4/2006 7:41:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\runescape\main_file_cache.dat1:Zone.Identifier
main_file_cache.dat2 -> C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\runescape\main_file_cache.dat -> [Ver = | Size = 28121960 bytes | Modified Date = 12/4/2006 7:41:51 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for Rs_Cache.zip\Rs Cache\runescape\main_file_cache.dat2:Zone.Identifier
setup.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\setup.ini -> [Ver = | Size = 3370 bytes | Modified Date = 1/18/2008 7:26:41 PM | Attr = ]
dlconfig.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\AIM_6.5.9.1\dlconfig.ini -> [Ver = | Size = 49 bytes | Modified Date = 1/3/2008 8:27:46 AM | Attr = ]
gui.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\AIM_6.5.9.1\gui.ini -> [Ver = | Size = 5495 bytes | Modified Date = 1/3/2008 8:27:46 AM | Attr = ]
post.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\AIM_6.5.9.1\post.ini -> [Ver = | Size = 389 bytes | Modified Date = 1/3/2008 8:27:46 AM | Attr = ]
postui.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\AIM_6.5.9.1\postui.ini -> [Ver = | Size = 1954 bytes | Modified Date = 1/3/2008 8:27:46 AM | Attr = ]
setup.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\AIM_6.5.9.1\setup.ini -> [Ver = | Size = 3299 bytes | Modified Date = 1/3/2008 8:27:47 AM | Attr = ]
metrics.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\metrics.ini -> [Ver = | Size = 19532 bytes | Modified Date = 8/3/2006 4:56:10 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\metrics.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_fade in\BGAnimation.ini -> [Ver = | Size = 170 bytes | Modified Date = 8/3/2006 4:55:55 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_fade in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_fade out\BGAnimation.ini -> [Ver = | Size = 170 bytes | Modified Date = 8/3/2006 4:55:55 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_fade out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_fade out to options\BGAnimation.ini -> [Ver = | Size = 67 bytes | Modified Date = 8/3/2006 4:55:55 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_fade out to options\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_menu in\BGAnimation.ini -> [Ver = | Size = 259 bytes | Modified Date = 8/3/2006 4:55:55 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_menu in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_menu out\BGAnimation.ini -> [Ver = | Size = 344 bytes | Modified Date = 8/3/2006 4:55:55 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_menu out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_shared background\BGAnimation.ini -> [Ver = | Size = 431 bytes | Modified Date = 8/3/2006 4:55:56 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_shared background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_shared background fade in\BGAnimation.ini -> [Ver = | Size = 108 bytes | Modified Date = 8/3/2006 4:55:55 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_shared background fade in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenCaution background\BGAnimation.ini -> [Ver = | Size = 825 bytes | Modified Date = 8/3/2006 4:55:56 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenCaution background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenDemonstration overlay\BGAnimation.ini -> [Ver = | Size = 213 bytes | Modified Date = 8/3/2006 4:55:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenDemonstration overlay\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationStage background\BGAnimation.ini -> [Ver = | Size = 1768 bytes | Modified Date = 8/3/2006 4:55:58 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationStage background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationSummary background\BGAnimation.ini -> [Ver = | Size = 851 bytes | Modified Date = 8/3/2006 4:55:59 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationSummary background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameOver background\BGAnimation.ini -> [Ver = | Size = 136 bytes | Modified Date = 8/3/2006 4:55:59 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameOver background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay cleared\BGAnimation.ini -> [Ver = | Size = 372 bytes | Modified Date = 8/3/2006 4:55:59 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay cleared\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay danger all\BGAnimation.ini -> [Ver = | Size = 179 bytes | Modified Date = 8/3/2006 4:56:00 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay danger all\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay failed\BGAnimation.ini -> [Ver = | Size = 374 bytes | Modified Date = 8/3/2006 4:56:00 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay failed\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay go\BGAnimation.ini -> [Ver = | Size = 195 bytes | Modified Date = 8/3/2006 4:56:01 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay go\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay ready\BGAnimation.ini -> [Ver = | Size = 13 bytes | Modified Date = 8/3/2006 4:56:01 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenGameplay ready\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay background\BGAnimation.ini -> [Ver = | Size = 127 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay overlay\BGAnimation.ini -> [Ver = | Size = 2495 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay overlay\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenLogo background\BGAnimation.ini -> [Ver = | Size = 192 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenLogo background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenMusicScroll background\BGAnimation.ini -> [Ver = | Size = 139 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenMusicScroll background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenOptions background\BGAnimation.ini -> [Ver = | Size = 179 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenOptions background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenRanking background\BGAnimation.ini -> [Ver = | Size = 106 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenRanking background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenSelectDifficulty background\BGAnimation.ini -> [Ver = | Size = 439 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenSelectDifficulty background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenSelectMusic background\BGAnimation.ini -> [Ver = | Size = 758 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenSelectMusic background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenSelectStyle background\BGAnimation.ini -> [Ver = | Size = 209 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenSelectStyle background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 1\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 1\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 2\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 2\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 3\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 3\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 4\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 4\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 5\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 5\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 6\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage 6\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage event\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage event\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage extra1\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage extra1\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage final\BGAnimation.ini -> [Ver = | Size = 1868 bytes | Modified Date = 8/3/2006 4:56:03 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage final\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage in\BGAnimation.ini -> [Ver = | Size = 49 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage out\BGAnimation.ini -> [Ver = | Size = 13 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenStage out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenTitleMenu background\BGAnimation.ini -> [Ver = | Size = 1094 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenTitleMenu background\BGAnimation.ini:Zone.Identifier
OptionIcon.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\OptionIcon.ini -> [Ver = | Size = 1756 bytes | Modified Date = 8/3/2006 4:56:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\OptionIcon.ini:Zone.Identifier
ScreenManager credits 16x16.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\ScreenManager credits 16x16.ini -> [Ver = | Size = 1801 bytes | Modified Date = 8/3/2006 4:56:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\ScreenManager credits 16x16.ini:Zone.Identifier
_game chars 16px 9x1.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\_game chars 16px 9x1.ini -> [Ver = | Size = 525 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\_game chars 16px 9x1.ini:Zone.Identifier
_shared1.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\_shared1.ini -> [Ver = | Size = 1958 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Fonts\_shared1.ini:Zone.Identifier
english.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Languages\english.ini -> [Ver = | Size = 2709 bytes | Modified Date = 8/3/2006 4:56:09 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Languages\english.ini:Zone.Identifier
metrics.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\metrics.ini -> [Ver = | Size = 14827 bytes | Modified Date = 8/3/2006 7:34:35 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\metrics.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_fade in\BGAnimation.ini -> [Ver = | Size = 170 bytes | Modified Date = 8/3/2006 7:34:35 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_fade in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_menu in\BGAnimation.ini -> [Ver = | Size = 259 bytes | Modified Date = 8/3/2006 7:34:35 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_menu in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_menu out\BGAnimation.ini -> [Ver = | Size = 281 bytes | Modified Date = 8/3/2006 7:34:35 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_menu out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background\BGAnimation.ini -> [Ver = | Size = 497 bytes | Modified Date = 8/3/2006 7:34:36 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background fade in\BGAnimation.ini -> [Ver = | Size = 108 bytes | Modified Date = 8/3/2006 7:34:35 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background fade in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenCaution background\BGAnimation.ini -> [Ver = | Size = 125 bytes | Modified Date = 8/3/2006 7:34:36 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenCaution background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenDemonstration overlay\BGAnimation.ini -> [Ver = | Size = 213 bytes | Modified Date = 8/3/2006 7:34:37 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenDemonstration overlay\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationStage background\BGAnimation.ini -> [Ver = | Size = 1181 bytes | Modified Date = 8/3/2006 7:34:38 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationStage background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationSummary background\BGAnimation.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/3/2006 7:34:39 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationSummary background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameOver background\BGAnimation.ini -> [Ver = | Size = 136 bytes | Modified Date = 8/3/2006 7:34:39 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameOver background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay cleared\BGAnimation.ini -> [Ver = | Size = 139 bytes | Modified Date = 8/3/2006 7:34:39 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay cleared\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay danger all\BGAnimation.ini -> [Ver = | Size = 190 bytes | Modified Date = 8/3/2006 7:34:39 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay danger all\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay failed\BGAnimation.ini -> [Ver = | Size = 136 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay failed\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay go\BGAnimation.ini -> [Ver = | Size = 155 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay go\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay ready\BGAnimation.ini -> [Ver = | Size = 172 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay ready\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay background\BGAnimation.ini -> [Ver = | Size = 127 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay overlay\BGAnimation.ini -> [Ver = | Size = 2495 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay overlay\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenLogo background\BGAnimation.ini -> [Ver = | Size = 192 bytes | Modified Date = 8/3/2006 7:34:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenLogo background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenRanking background\BGAnimation.ini -> [Ver = | Size = 260 bytes | Modified Date = 8/3/2006 7:34:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenRanking background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectDifficulty background\BGAnimation.ini -> [Ver = | Size = 669 bytes | Modified Date = 8/3/2006 7:34:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectDifficulty background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\BGAnimation.ini -> [Ver = | Size = 867 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenStage 1\BGAnimation.ini -> [Ver = | Size = 720 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenStage 1\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenStage out\BGAnimation.ini -> [Ver = | Size = 13 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenStage out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenTitleMenu background\BGAnimation.ini -> [Ver = | Size = 1818 bytes | Modified Date = 8/3/2006 7:34:43 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenTitleMenu background\BGAnimation.ini:Zone.Identifier
OptionIcon.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\OptionIcon.ini -> [Ver = | Size = 1756 bytes | Modified Date = 8/3/2006 7:34:30 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\OptionIcon.ini:Zone.Identifier
ScreenManager credits 16x16.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\ScreenManager credits 16x16.ini -> [Ver = | Size = 1801 bytes | Modified Date = 8/3/2006 7:34:30 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\ScreenManager credits 16x16.ini:Zone.Identifier
_game chars 16px 9x1.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\_game chars 16px 9x1.ini -> [Ver = | Size = 525 bytes | Modified Date = 8/3/2006 7:34:30 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\_game chars 16px 9x1.ini:Zone.Identifier
_shared1.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\_shared1.ini -> [Ver = | Size = 1958 bytes | Modified Date = 8/3/2006 7:34:30 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Fonts\_shared1.ini:Zone.Identifier
english.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Languages\english.ini -> [Ver = | Size = 2532 bytes | Modified Date = 8/3/2006 7:34:34 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Languages\english.ini:Zone.Identifier
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 283 bytes | Modified Date = 1/26/2007 3:52:41 PM | Attr = ]
metrics.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\metrics.ini -> [Ver = | Size = 53388 bytes | Modified Date = 8/6/2006 11:05:56 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\metrics.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_fade in\BGAnimation.ini -> [Ver = | Size = 182 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_fade in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_fade out\BGAnimation.ini -> [Ver = | Size = 182 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_fade out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_menu in\BGAnimation.ini -> [Ver = | Size = 1115 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_menu in\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_menu out\BGAnimation.ini -> [Ver = | Size = 1113 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\_menu out\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Blank\BGAnimation.ini -> [Ver = | Size = 76 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Blank\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Caution\BGAnimation.ini -> [Ver = | Size = 1162 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Caution\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Credits\BGAnimation.ini -> [Ver = | Size = 92 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Credits\BGAnimation.ini:Zone.Identifier
bganimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Default\bganimation.ini -> [Ver = | Size = 0 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Default\bganimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Difficulty\BGAnimation.ini -> [Ver = | Size = 93 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Difficulty\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Evaluation\BGAnimation.ini -> [Ver = | Size = 886 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Evaluation\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Fade Out to options\BGAnimation.ini -> [Ver = | Size = 60 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Fade Out to options\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-GameOver\BGAnimation.ini -> [Ver = | Size = 446 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-GameOver\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Gameplay Cleared\BGAnimation.ini -> [Ver = | Size = 1485 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Gameplay Cleared\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Gameplay Failed\BGAnimation.ini -> [Ver = | Size = 1009 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Gameplay Failed\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Gameplay Toasty\BGAnimation.ini -> [Ver = | Size = 258 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Gameplay Toasty\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-GameplayIn\BGAnimation.ini -> [Ver = | Size = 268 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-GameplayIn\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-GetReady\BGAnimation.ini -> [Ver = | Size = 388 bytes | Modified Date = 8/6/2006 11:06:05 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-GetReady\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-HowToPlay\BGAnimation.ini -> [Ver = | Size = 215 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-HowToPlay\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-HowToPlay overlay\BGAnimation.ini -> [Ver = | Size = 2966 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-HowToPlay overlay\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Intro\BGAnimation.ini -> [Ver = | Size = 1045 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Intro\BGAnimation.ini:Zone.Identifier
Copy of BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Intro\Copy of BGAnimation.ini -> [Ver = | Size = 2772 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Intro\Copy of BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-LetsRock\BGAnimation.ini -> [Ver = | Size = 395 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-LetsRock\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Menu\BGAnimation.ini -> [Ver = | Size = 93 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Menu\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Music\BGAnimation.ini -> [Ver = | Size = 485 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Music\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Music In\BGAnimation.ini -> [Ver = | Size = 616 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Music In\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Options\BGAnimation.ini -> [Ver = | Size = 463 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Options\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Ranking\BGAnimation.ini -> [Ver = | Size = 410 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Ranking\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-RockIn\BGAnimation.ini -> [Ver = | Size = 1133 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-RockIn\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 1\BGAnimation.ini -> [Ver = | Size = 648 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 1\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 2\BGAnimation.ini -> [Ver = | Size = 648 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 2\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 3\BGAnimation.ini -> [Ver = | Size = 648 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 3\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 4\BGAnimation.ini -> [Ver = | Size = 648 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 4\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 5\BGAnimation.ini -> [Ver = | Size = 648 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 5\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 6\BGAnimation.ini -> [Ver = | Size = 648 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage 6\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Bonus\BGAnimation.ini -> [Ver = | Size = 652 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Bonus\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Endless\BGAnimation.ini -> [Ver = | Size = 654 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Endless\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Event\BGAnimation.ini -> [Ver = | Size = 652 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Event\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Extra\BGAnimation.ini -> [Ver = | Size = 652 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Extra\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Final\BGAnimation.ini -> [Ver = | Size = 652 bytes | Modified Date = 8/6/2006 11:06:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Final\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Nonstop\BGAnimation.ini -> [Ver = | Size = 654 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Nonstop\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Oni\BGAnimation.ini -> [Ver = | Size = 650 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Stage Oni\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Style\BGAnimation.ini -> [Ver = | Size = 93 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Style\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Title\BGAnimation.ini -> [Ver = | Size = 4053 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Title\BGAnimation.ini:Zone.Identifier
BGAnimation.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Title In\BGAnimation.ini -> [Ver = | Size = 3959 bytes | Modified Date = 8/6/2006 11:06:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\BGAnimations\ZR-Title In\BGAnimation.ini:Zone.Identifier
english.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\Languages\english.ini -> [Ver = | Size = 21536 bytes | Modified Date = 8/6/2006 11:06:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for Trance Machina 5.zip\Themes\Trance Machina - Zen Rebirth\Languages\english.ini:Zone.Identifier
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 2 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 489 bytes | Modified Date = 1/28/2007 7:32:53 PM | Attr = ]
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 3 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 400 bytes | Modified Date = 1/26/2007 4:24:00 PM | Attr = ]
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 4 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 549 bytes | Modified Date = 1/28/2007 7:37:52 PM | Attr = ]
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 5 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 387 bytes | Modified Date = 1/28/2007 7:39:09 PM | Attr = ]
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 6 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 383 bytes | Modified Date = 1/28/2007 7:47:00 PM | Attr = ]
ResHacker.ini -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 7 for ResHack[1].zip\ResHacker.ini -> [Ver = | Size = 626 bytes | Modified Date = 4/6/2007 1:29:14 AM | Attr = ]
2B00002B40.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\aolbartcache\1\2B00002B40.gif -> [Ver = | Size = 7162 bytes | Modified Date = 1/16/2008 7:57:58 PM | Attr = ]
2E000C00000000000004007F1CB301.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\aolbartcache\1\2E000C00000000000004007F1CB301.gif -> [Ver = | Size = 2015 bytes | Modified Date = 1/15/2008 6:50:12 AM | Attr = ]
9347DF1AC6B11DF45B6ABDD317979AD9.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\aolbartcache\1\9347DF1AC6B11DF45B6ABDD317979AD9.gif -> [Ver = | Size = 335 bytes | Modified Date = 1/16/2008 7:57:33 PM | Attr = ]
E9C29F40F383337BB648BADDDCDD0577.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\aolbartcache\1\E9C29F40F383337BB648BADDDCDD0577.gif -> [Ver = | Size = 2977 bytes | Modified Date = 1/16/2008 7:58:01 PM | Attr = ]
clip_image001.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\msohtml1\04\clip_image001.gif -> [Ver = | Size = 1064 bytes | Modified Date = 1/17/2008 8:41:28 PM | Attr = ]
circle.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_shared background\circle.gif -> [Ver = | Size = 1889 bytes | Modified Date = 8/3/2006 4:55:56 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\_shared background\circle.gif:Zone.Identifier
demo.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenDemonstration overlay\demo.gif -> [Ver = | Size = 5783 bytes | Modified Date = 8/3/2006 4:55:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenDemonstration overlay\demo.gif:Zone.Identifier
bars.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationStage background\bars.gif -> [Ver = | Size = 4540 bytes | Modified Date = 8/3/2006 4:55:57 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationStage background\bars.gif:Zone.Identifier
box.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationStage background\box.gif -> [Ver = | Size = 1794 bytes | Modified Date = 8/3/2006 4:55:58 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenEvaluationStage background\box.gif:Zone.Identifier
bar.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay background\bar.gif -> [Ver = | Size = 5690 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay background\bar.gif:Zone.Identifier
jumphands.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay overlay\jumphands.gif -> [Ver = | Size = 6264 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay overlay\jumphands.gif:Zone.Identifier
taphand.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay overlay\taphand.gif -> [Ver = | Size = 3946 bytes | Modified Date = 8/3/2006 4:56:02 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenHowToPlay overlay\taphand.gif:Zone.Identifier
by.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenTitleMenu background\by.gif -> [Ver = | Size = 3816 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenTitleMenu background\by.gif:Zone.Identifier
text.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenTitleMenu background\text.gif -> [Ver = | Size = 2901 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\ScreenTitleMenu background\text.gif:Zone.Identifier
arrow.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\STAGE\arrow.gif -> [Ver = | Size = 666 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\STAGE\arrow.gif:Zone.Identifier
b-back.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\STAGE\b-back.gif -> [Ver = | Size = 810 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\STAGE\b-back.gif:Zone.Identifier
w-back.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\STAGE\w-back.gif -> [Ver = | Size = 812 bytes | Modified Date = 8/3/2006 4:56:04 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\BGAnimations\STAGE\w-back.gif:Zone.Identifier
DifficultyDisplay bar 6x1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\DifficultyDisplay bar 6x1.gif -> [Ver = | Size = 51 bytes | Modified Date = 8/3/2006 4:56:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\DifficultyDisplay bar 6x1.gif:Zone.Identifier
DifficultyMeter bar 2x1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\DifficultyMeter bar 2x1.gif -> [Ver = | Size = 172 bytes | Modified Date = 8/3/2006 4:56:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\DifficultyMeter bar 2x1.gif:Zone.Identifier
GrooveRadar labels 1x5.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\GrooveRadar labels 1x5.gif -> [Ver = | Size = 51 bytes | Modified Date = 8/3/2006 4:56:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\GrooveRadar labels 1x5.gif:Zone.Identifier
MusicWheelItem section.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\MusicWheelItem section.gif -> [Ver = | Size = 3249 bytes | Modified Date = 8/3/2006 4:56:06 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\MusicWheelItem section.gif:Zone.Identifier
OptionsCursor cursor 3x2.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\OptionsCursor cursor 3x2.gif -> [Ver = | Size = 1495 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\OptionsCursor cursor 3x2.gif:Zone.Identifier
ScreenEvaluation banner frame.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation banner frame.gif -> [Ver = | Size = 383 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation banner frame.gif:Zone.Identifier
ScreenEvaluation grades 1x8.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation grades 1x8.gif -> [Ver = | Size = 14141 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation grades 1x8.gif:Zone.Identifier
ScreenEvaluation graph frame p1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation graph frame p1.gif -> [Ver = | Size = 1209 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation graph frame p1.gif:Zone.Identifier
ScreenEvaluation graph frame p2.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation graph frame p2.gif -> [Ver = | Size = 1394 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation graph frame p2.gif:Zone.Identifier
ScreenEvaluation judge labels 1x8.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation judge labels 1x8.gif -> [Ver = | Size = 52 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenEvaluation judge labels 1x8.gif:Zone.Identifier
ScreenGameplay difficulty icons 2x6.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenGameplay difficulty icons 2x6.gif -> [Ver = | Size = 17452 bytes | Modified Date = 8/3/2006 4:56:07 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenGameplay difficulty icons 2x6.gif:Zone.Identifier
ScreenSelectMusic banner mask.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenSelectMusic banner mask.gif -> [Ver = | Size = 809 bytes | Modified Date = 8/3/2006 4:56:08 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenSelectMusic banner mask.gif:Zone.Identifier
ScreenSelectMusic difficulty frame p1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenSelectMusic difficulty frame p1.gif -> [Ver = | Size = 1311 bytes | Modified Date = 8/3/2006 4:56:08 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenSelectMusic difficulty frame p1.gif:Zone.Identifier
ScreenSelectMusic difficulty icons 1x6.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenSelectMusic difficulty icons 1x6.gif -> [Ver = | Size = 1910 bytes | Modified Date = 8/3/2006 4:56:08 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScreenSelectMusic difficulty icons 1x6.gif:Zone.Identifier
ScrollBar parts 1x3.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScrollBar parts 1x3.gif -> [Ver = | Size = 786 bytes | Modified Date = 8/3/2006 4:56:09 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScrollBar parts 1x3.gif:Zone.Identifier
ScrollBar thumb.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScrollBar thumb.gif -> [Ver = | Size = 131 bytes | Modified Date = 8/3/2006 4:56:09 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for aoi-np2.zip\Graphics\ScrollBar thumb.gif:Zone.Identifier
scr-l.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background\scr-l.gif -> [Ver = | Size = 4722 bytes | Modified Date = 8/3/2006 7:34:36 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background\scr-l.gif:Zone.Identifier
scr-r.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background\scr-r.gif -> [Ver = | Size = 4740 bytes | Modified Date = 8/3/2006 7:34:36 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\_shared background\scr-r.gif:Zone.Identifier
demo.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenDemonstration overlay\demo.gif -> [Ver = | Size = 5783 bytes | Modified Date = 8/3/2006 7:34:37 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenDemonstration overlay\demo.gif:Zone.Identifier
bars.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationStage background\bars.gif -> [Ver = | Size = 5737 bytes | Modified Date = 8/3/2006 7:34:37 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationStage background\bars.gif:Zone.Identifier
box.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationStage background\box.gif -> [Ver = | Size = 1794 bytes | Modified Date = 8/3/2006 7:34:38 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenEvaluationStage background\box.gif:Zone.Identifier
rock.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay go\rock.gif -> [Ver = | Size = 4684 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay go\rock.gif:Zone.Identifier
rd1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay ready\rd1.gif -> [Ver = | Size = 4514 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenGameplay ready\rd1.gif:Zone.Identifier
bar.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay background\bar.gif -> [Ver = | Size = 1857 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay background\bar.gif:Zone.Identifier
jumphands.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay overlay\jumphands.gif -> [Ver = | Size = 6264 bytes | Modified Date = 8/3/2006 7:34:40 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay overlay\jumphands.gif:Zone.Identifier
taphand.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay overlay\taphand.gif -> [Ver = | Size = 3946 bytes | Modified Date = 8/3/2006 7:34:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenHowToPlay overlay\taphand.gif:Zone.Identifier
footer.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenRanking background\footer.gif -> [Ver = | Size = 1385 bytes | Modified Date = 8/3/2006 7:34:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenRanking background\footer.gif:Zone.Identifier
header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenRanking background\header.gif -> [Ver = | Size = 11380 bytes | Modified Date = 8/3/2006 7:34:41 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenRanking background\header.gif:Zone.Identifier
lbl.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\lbl.gif -> [Ver = | Size = 2538 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\lbl.gif:Zone.Identifier
ns.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\ns.gif -> [Ver = | Size = 6485 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\ns.gif:Zone.Identifier
typ.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\typ.gif -> [Ver = | Size = 186 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenSelectMusic background\typ.gif:Zone.Identifier
st.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenStage 1\st.gif -> [Ver = | Size = 7285 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenStage 1\st.gif:Zone.Identifier
bars.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenTitleMenu background\bars.gif -> [Ver = | Size = 801 bytes | Modified Date = 8/3/2006 7:34:42 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\BGAnimations\ScreenTitleMenu background\bars.gif:Zone.Identifier
DifficultyDisplay bar 6x1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\DifficultyDisplay bar 6x1.gif -> [Ver = | Size = 51 bytes | Modified Date = 8/3/2006 7:34:31 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\DifficultyDisplay bar 6x1.gif:Zone.Identifier
GrooveRadar labels 1x5.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\GrooveRadar labels 1x5.gif -> [Ver = | Size = 51 bytes | Modified Date = 8/3/2006 7:34:31 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\GrooveRadar labels 1x5.gif:Zone.Identifier
HoldJudgment 1x2.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\HoldJudgment 1x2.gif -> [Ver = | Size = 1546 bytes | Modified Date = 8/3/2006 7:34:31 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\HoldJudgment 1x2.gif:Zone.Identifier
Judgment 1x6.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\Judgment 1x6.gif -> [Ver = | Size = 5400 bytes | Modified Date = 8/3/2006 7:34:31 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\Judgment 1x6.gif:Zone.Identifier
MusicWheelItem grades 2x8.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\MusicWheelItem grades 2x8.gif -> [Ver = | Size = 7336 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\MusicWheelItem grades 2x8.gif:Zone.Identifier
MusicWheelItem section.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\MusicWheelItem section.gif -> [Ver = | Size = 3249 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\MusicWheelItem section.gif:Zone.Identifier
MusicWheelItem song.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\MusicWheelItem song.gif -> [Ver = | Size = 548 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\MusicWheelItem song.gif:Zone.Identifier
OptionIcon frame 3x2.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\OptionIcon frame 3x2.gif -> [Ver = | Size = 1653 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\OptionIcon frame 3x2.gif:Zone.Identifier
OptionsCursor cursor 3x2.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\OptionsCursor cursor 3x2.gif -> [Ver = | Size = 1495 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\OptionsCursor cursor 3x2.gif:Zone.Identifier
ScreenEvaluation banner frame.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation banner frame.gif -> [Ver = | Size = 383 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation banner frame.gif:Zone.Identifier
ScreenEvaluation grades 1x8.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation grades 1x8.gif -> [Ver = | Size = 14141 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation grades 1x8.gif:Zone.Identifier
ScreenEvaluation graph frame p1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation graph frame p1.gif -> [Ver = | Size = 1209 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation graph frame p1.gif:Zone.Identifier
ScreenEvaluation graph frame p2.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation graph frame p2.gif -> [Ver = | Size = 1394 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation graph frame p2.gif:Zone.Identifier
ScreenEvaluation judge labels 1x8.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation judge labels 1x8.gif -> [Ver = | Size = 52 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluation judge labels 1x8.gif:Zone.Identifier
ScreenEvaluationStage header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluationStage header.gif -> [Ver = | Size = 7412 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenEvaluationStage header.gif:Zone.Identifier
ScreenGameplay difficulty icons 2x6.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenGameplay difficulty icons 2x6.gif -> [Ver = | Size = 18165 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenGameplay difficulty icons 2x6.gif:Zone.Identifier
ScreenSelectCharacter header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectCharacter header.gif -> [Ver = | Size = 7509 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectCharacter header.gif:Zone.Identifier
ScreenSelectCourse header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectCourse header.gif -> [Ver = | Size = 7578 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectCourse header.gif:Zone.Identifier
ScreenSelectDifficulty header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectDifficulty header.gif -> [Ver = | Size = 7752 bytes | Modified Date = 8/3/2006 7:34:32 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectDifficulty header.gif:Zone.Identifier
ScreenSelectGroup header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectGroup header.gif -> [Ver = | Size = 7575 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectGroup header.gif:Zone.Identifier
ScreenSelectMusic balloon long.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic balloon long.gif -> [Ver = | Size = 6452 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic balloon long.gif:Zone.Identifier
ScreenSelectMusic balloon marathon.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic balloon marathon.gif -> [Ver = | Size = 6381 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic balloon marathon.gif:Zone.Identifier
ScreenSelectMusic banner mask.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic banner mask.gif -> [Ver = | Size = 809 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic banner mask.gif:Zone.Identifier
ScreenSelectMusic difficulty frame p1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic difficulty frame p1.gif -> [Ver = | Size = 588 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic difficulty frame p1.gif:Zone.Identifier
ScreenSelectMusic header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic header.gif -> [Ver = | Size = 7535 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectMusic header.gif:Zone.Identifier
ScreenSelectStyle header.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectStyle header.gif -> [Ver = | Size = 7572 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectStyle header.gif:Zone.Identifier
ScreenSelectStyle icon1.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectStyle icon1.gif -> [Ver = | Size = 1003 bytes | Modified Date = 8/3/2006 7:34:33 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScreenSelectStyle icon1.gif:Zone.Identifier
ScrollBar parts 1x3.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScrollBar parts 1x3.gif -> [Ver = | Size = 786 bytes | Modified Date = 8/3/2006 7:34:34 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScrollBar parts 1x3.gif:Zone.Identifier
ScrollBar thumb.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScrollBar thumb.gif -> [Ver = | Size = 131 bytes | Modified Date = 8/3/2006 7:34:34 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\ScrollBar thumb.gif:Zone.Identifier
_options page.gif -> C:\Documents and Settings\Chris\Local Settings\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\_options page.gif -> [Ver = | Size = 95940 bytes | Modified Date = 8/3/2006 7:34:34 PM | Attr = R ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 1 for RED-v0.01.zip\Graphics\_options page.gif:Zone.Identifier

< End of report >

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:46 AM

Posted 19 January 2008 - 07:12 AM

Hi iSayChris. Let's see if we can clean some of this up. Please print these directions and then follow the steps below in order.

Step #1

Open Notepad and copy/paste the text in the codebox below into the new document:

[Kill Explorer]
[Unregister Dlls]
[Win32 Services - Non-Microsoft Only]
YN -> (NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> dla -> %System32%\dla\tfswctrl.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\wvutqoo.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> wvutqoo -> wvutqoo.dll
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> click_getmirar.com [https] -> Trusted sites
YN -> click_mirarsearch.com [https] -> Trusted sites
YN -> redirect_mirarsearch.com [https] -> Trusted sites
YN -> awbeta_net-nucleus.com [https] -> Trusted sites
[msn]
YN -> aimexpress_aol.com [http] -> Trusted sites
YN -> objects_aol.com [*] -> Out of zone range - ( 5 )
YN -> www_download.com [http] -> Trusted sites
YN -> uploadhosted_filefront.com [http] -> Trusted sites
YN -> www_freeweblayouts.net [https] -> Trusted sites
YN -> toolbar_imageshack.us [http] -> Trusted sites
YN -> {8B7A0116-21D9-45C1-89C6-B30BD648BC43} [HKEY_LOCAL_MACHINE] -> %System32%\mllml.dll [Reg Error: Value does not exist or could not be read.]
YN -> {8F9E2BE3-766D-4831-BB0E-766D5B819995} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive9.dll [BndBlock4 BHO Class]
YN -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> %System32%\wvutqoo.dll [Reg Error: Value does not exist or could not be read.]
YN -> {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive8.dll [Internet Speed Monitor]
YN -> {1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive9.dll [Internet Speed Monitor]
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar]
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} [HKEY_LOCAL_MACHINE] -> %UserDocuments%\Programs\Quicknation\YouTubeDownload-Convert.dll [Youtube-Download-Convert-Toolbar]
YN -> WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKEY_LOCAL_MACHINE] -> %System32%\version69ie7fix.dll [Mirar]
YN -> WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar]
YN -> CmdMapping\\{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com]
YN -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\mllml -> %System32%\mllml.exe
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> 000080.exe -> %System32%\000080.exe
NY -> lmllm.ini -> %System32%\lmllm.ini
NY -> lmllm.ini2 -> %System32%\lmllm.ini2
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mllml.dll -> %System32%\mllml.dll
NY -> mllml.exe -> %System32%\mllml.exe
[Files/Folders - Modified Within 30 days]
NY -> 000080.exe -> %System32%\000080.exe
NY -> lmllm.ini -> %System32%\lmllm.ini
NY -> lmllm.ini2 -> %System32%\lmllm.ini2
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mllml.dll -> %System32%\mllml.dll
NY -> mllml.exe -> %System32%\mllml.exe
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 353 bytes -> %AllUsersAppData%\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:0766416E
NY -> @Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:4B7BEAFF
NY -> @Alternate Data Stream - 147 bytes -> %AllUsersAppData%\TEMP:8927A071
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
[Empty Temp Folders]
[Reboot]

Save the document to your desktop as wpf35.txt and close Notepad.

Step #2

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Close SUPERAntiSpyware, we will come back to it later on.
Step #3

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Step #4

Start SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #5

Now start WinPFind35U. Open Notepad and then open the wpf35.txt file that you saved to your desktop. Copy/paste the contents of the Notepad file into the WinPFind35u textbox where it says Paste Fix Here and click the Run Fix button.

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot the computer normally.

Step #6

Post the following back here:
  • the VundoFix log (c:\vundofix.txt)
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u\MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
  • a new WinPFind35U report with the following options:
    • Under Additional Scans] click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans
  • Do not change any other settings.
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 19 January 2008 - 10:55 PM

Im having a problem with the Paste fix thing. When i click Run Fix, it just freezes. i waited for like an hour and still. Also the details box is still not showing

Also the latest .log file from the WinPFind3u\MovedFiles folder, theres nothing there. Theres a WinPFind35.Txt


EDIT: Ok i left the Paste Fix thing over night, and it still freezes.

Attached Files


Edited by iSayChris, 20 January 2008 - 11:50 AM.


#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:46 AM

Posted 20 January 2008 - 02:10 PM

Hi iSayChris. Yes, there's still a bit of the infection in there that could be blocking the fix We'll grab another tool here and see what it does.

First, delete the WinPFind35u.exe file that you doenloaded earlier and the folder it created on your desktop and download the latest version from here: WinPFind35u.exe

Double-click on it to extract the files and then follow the steps below.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\program files\QDRDRIVE\
c:\windows\System32\000080.exe
c:\windows\System32\mcrh.tmp
c:\windows\System32\mllml.exe
c:\windows\\atid.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh WinPFind35u log by using Add/Reply

4. Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {8F9E2BE3-766D-4831-BB0E-766D5B819995} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QDRDRIVE\QDRDRIVE9.DLL [BndBlock4 BHO Class]
YN -> {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {1BAC9A2A-4755-43c3-A430-D3512C5B8A4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QDRDRIVE\QDRDRIVE8.DLL [Internet Speed Monitor]
YN -> {1FE2EBE5-42FF-4586-A144-CA420C84FF6A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive9.dll [Internet Speed Monitor]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> 000080.exe -> %System32%\000080.exe
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mllml.exe -> %System32%\mllml.exe
[Files/Folders - Modified Within 30 days]
NY -> 000080.exe -> %System32%\000080.exe
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mllml.exe -> %System32%\mllml.exe
NY -> atid.ini -> %SystemRoot%\atid.ini
NY -> imsins.BAK -> %SystemRoot%\imsins.BAK
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 353 bytes -> %AllUsersAppData%\TEMP:05EE1EEF
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:0766416E
NY -> @Alternate Data Stream - 114 bytes -> %AllUsersAppData%\TEMP:4B7BEAFF
NY -> @Alternate Data Stream - 147 bytes -> %AllUsersAppData%\TEMP:8927A071
NY -> @Alternate Data Stream - 113 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind35u scan.

I will review the information when it comes back in.

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • File - Additional Folder Scans[/color]
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 20 January 2008 - 04:28 PM

Ok the fixed paste worked out great.
i attached the Avenger.txt and The lastest moved files thing

Heres a fresh Wpf35u Log
WinPFind35 logfile created on: 1/20/2008 1:16:00 PM
WinPFind35U Version Beta26	 Folder = C:\Documents and Settings\All Users\Documents\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
 
510.98 Mb Total Physical Memory | 219.71 Mb Available Physical Memory | 43.00% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 29.20 Gb Free Space | 39.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: RALPH-NCDXW43SG
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Modified Date = 8/29/2003 9:54:16 AM | Attr =	]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 4.0.0.0 | Size = 46680 bytes | Modified Date = 4/18/2005 10:38:59 AM | Attr = R  ]
aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 12:54:14 PM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/19/2007 3:12:00 AM | Attr =	]
aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 10/15/2004 12:54:12 PM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/1/2007 7:51:13 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 259184 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
ctsvccda.exe -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr =	]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 1:38:08 PM | Attr =	]
wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 8/27/2003 9:27:44 AM | Attr =	]
vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 201840 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
winpfind35u.exe -> %AllUsersDocuments%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 306176 bytes | Modified Date = 1/19/2008 1:35:44 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 10/24/2006 11:04:16 AM | Attr =	]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online [Ver = 4.0.0.0 | Size = 46680 bytes | Modified Date = 4/18/2005 10:38:59 AM | Attr = R  ]
(AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 10/15/2004 12:54:14 PM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 11/19/2007 3:12:00 AM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/1/2007 7:51:13 PM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 259184 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTsvcCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 11:56:48 PM | Attr =	]
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache -> File not found
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService -> File not found
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(HidServ) Human Interface Device Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT -> File not found
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %System32%\imapi -> File not found
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService -> File not found
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\KodakCCS -> File not found
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES -> File not found
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %System32%\mnmsrvc -> File not found
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %System32%\msdtc ->  [Folder | Modified Date = 7/5/2005 10:58:01 AM | Attr =	]
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %System32%\msiexec -> File not found
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %System32%\netdde -> File not found
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost -> File not found
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %System32%\lsass -> File not found
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32 -> File not found
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE -> File not found
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %System32%\services -> File not found
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %System32%\sessmgr -> File not found
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %System32%\svchost -> File not found
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %System32%\locator -> File not found
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %System32%\rsvp -> File not found
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %System32%\lsass -> File not found
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %System32%\scardsvr -> File not found
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %System32%\spoolsv -> File not found
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %System32%\dllhost -> File not found
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %System32%\smlogsvc -> File not found
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %System32%\svchost -> File not found
(Themes) Themes [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %System32%\ups -> File not found
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc -> File not found
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg -> File not found
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService -> File not found
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %System32%\vssvc -> File not found
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc -> File not found
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %System32%\MsPMSPSv -> File not found
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %System32%\wbem\wmiapsrv -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk -> File not found
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(wuauserv) Automatic Updates [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %System32%\svchost -> File not found
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %System32%\svchost -> File not found
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %System32%\YPcservice -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %System32%\drivers\acpi -> File not found
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %System32%\drivers\acpiec -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec -> File not found
(AFD) AFD Networking Support Environment [Kernel | System | Running] -> %System32%\drivers\afd -> File not found
(agp440) Intel AGP Bus Filter [Kernel | Boot | Running] -> %System32%\drivers\agp440 -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac -> File not found
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %System32%\drivers\atapi -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc -> File not found
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core -> File not found
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw -> File not found
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp -> File not found
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean -> File not found
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep -> File not found
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> %System32%\drivers\bvrp_pci -> File not found
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k -> File not found
(CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %System32%\drivers\ccdecode -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio -> File not found
(Cdfs) Cdfs [File_System | Disabled | Stopped] -> %System32%\drivers\cdfs -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %System32%\drivers\cdrom -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DcCam) Kodak Camera Proxy [Kernel | System | Running] -> %System32%\drivers\DcCam -> File not found
(DcFpoint) DcFpoint [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcFpoint -> File not found
(DCFS2K) Kodak DCFS2K Driver [Kernel | Auto | Running] -> %System32%\drivers\DCFS2k -> File not found
(DcLps) Legacy Polling Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcLps -> File not found
(DcPTP) DcPTP [Kernel | On_Demand | Stopped] -> %System32%\drivers\DcPtp -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %System32%\drivers\disk -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot -> File not found
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio -> File not found
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload -> File not found
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %System32%\drivers\dmusic -> File not found
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud -> File not found
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb -> File not found
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm -> File not found
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325 -> File not found
(EntDrv51) EntDrv51 [Kernel | On_Demand | Stopped] -> %System32%\drivers\EntDrv51.sys -> File not found
(Exportit) Exportit [Kernel | System | Stopped] -> %System32%\drivers\ExportIt -> File not found
(Fastfat) Fastfat [File_System | Disabled | Running] -> %System32%\drivers\fastfat -> File not found
(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %System32%\drivers\fdc -> File not found
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips -> File not found
(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %System32%\drivers\flpydisk -> File not found
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltmgr -> File not found
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\ftdisk -> File not found
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %System32%\drivers\gameenum -> File not found
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM -> File not found
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc -> File not found
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> %System32%\drivers\hamachi -> File not found
(hamachi_oem) PlayLinc Adapter [Kernel | On_Demand | Stopped] -> %System32%\drivers\gan_adapter -> File not found
(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %System32%\drivers\hidusb -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWBS2 -> File not found
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP -> File not found
(HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %System32%\drivers\i8042prt -> File not found
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %System32%\drivers\imapi -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(intelppm) Intel Processor Driver [Kernel | System | Running] -> %System32%\drivers\intelppm -> File not found
(ip6fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw -> File not found
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv -> File not found
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip -> File not found
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat -> File not found
(IPSec) IPSEC driver [Kernel | System | Running] -> %System32%\drivers\ipsec -> File not found
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum -> File not found
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\isapnp -> File not found
(Jukebox3) Jukebox3 [Kernel | On_Demand | Stopped] -> %System32%\drivers\ctpdusb -> File not found
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %System32%\drivers\kbdclass -> File not found
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %System32%\drivers\kmixer -> File not found
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %System32%\drivers\mdc8021x -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk -> File not found
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd -> File not found
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem -> File not found
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> %System32%\drivers\MODEMCSA -> File not found
(MotoSwitchService) MotoSwitch Service [Kernel | On_Demand | Running] -> %System32%\drivers\motswch -> File not found
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %System32%\drivers\mouclass -> File not found
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid -> File not found
(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %System32%\drivers\mountmgr -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav -> File not found
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb -> File not found
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs -> File not found
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mskssrv -> File not found
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspclock -> File not found
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\mspqm -> File not found
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios -> File not found
(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstee -> File not found
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup -> File not found
(NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\nabtsfec -> File not found
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %System32%\drivers\ndis -> File not found
(NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %System32%\drivers\ndisip -> File not found
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi -> File not found
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio -> File not found
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan -> File not found
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy -> File not found
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %System32%\drivers\netbios -> File not found
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %System32%\drivers\netbt -> File not found
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs -> File not found
(Ntfs) Ntfs [File_System | Disabled | Running] -> %System32%\drivers\ntfs -> File not found
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null -> File not found
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini -> File not found
(nvcap) nVidia WDM Video Capture (universal) [Kernel | Auto | Running] -> %System32%\drivers\NVCAP -> File not found
(nvTUNEP) nVidia WDM TVTuner [Kernel | Auto | Running] -> %System32%\drivers\NVTUNEP -> File not found
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd -> File not found
(OMCI) OMCI [Kernel | System | Running] -> %System32%\drivers\omci -> File not found
(P16X) Creative SB Live! Series (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\P16X -> File not found
(P2k) Motorola USB Device [Kernel | On_Demand | Running] -> %System32%\drivers\P2k -> File not found
(Parport) Parallel port driver [Kernel | On_Demand | Running] -> %System32%\drivers\parport -> File not found
(PartMgr) Partition Manager [Kernel | Boot | Running] -> %System32%\drivers\partmgr -> File not found
(ParVdm) ParVdm [Kernel | Auto | Running] -> %System32%\drivers\parvdm -> File not found
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %System32%\drivers\pci -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide -> File not found
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %System32%\drivers\pcmcia -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PfModNT) PfModNT [Kernel | Auto | Running] -> %System32%\PFMODNT -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp -> File not found
(Processor) Processor Driver [Kernel | System | Stopped] -> %System32%\drivers\processr -> File not found
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %System32%\drivers\psched -> File not found
(PSSdk23) PSSdk23 [Kernel | On_Demand | Stopped] -> %System32%\Drivers\PsSdk23.drv -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink -> File not found
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20 -> File not found
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %System32%\drivers\rasacd -> File not found
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp -> File not found
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe -> File not found
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti -> File not found
(Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss -> File not found
(RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd -> File not found
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd -> File not found
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %System32%\drivers\redbook -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv -> File not found
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv -> File not found
(serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\serenum -> File not found
(Serial) Serial port driver [Kernel | System | Running] -> %System32%\drivers\serial -> File not found
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy -> File not found
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %System32%\drivers\slip -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1 -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter -> File not found
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %System32%\drivers\sr -> File not found
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv -> File not found
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5 -> File not found
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln -> File not found
(streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %System32%\drivers\streamip -> File not found
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum -> File not found
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio -> File not found
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %System32%\drivers\tcpip -> File not found
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe -> File not found
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp -> File not found
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %System32%\drivers\termdd -> File not found
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio -> File not found
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs -> File not found
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct -> File not found
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres -> File not found
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs -> File not found
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio -> File not found
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool -> File not found
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf -> File not found
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %System32%\drivers\update -> File not found
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbccgp -> File not found
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci -> File not found
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub -> File not found
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> %System32%\drivers\usbprint -> File not found
(usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbscan -> File not found
(usbser) Motorola USB Modem Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbser -> File not found
(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR -> File not found
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci -> File not found
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\Vet-Filt -> File not found
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\Vet-Rec -> File not found
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\VetEBoot -> File not found
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\VetEFile -> File not found
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\VetFDDNT -> File not found
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\vetmonnt -> File not found
(vgadrv) vgadrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\vgadrv -> File not found
(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %System32%\drivers\vga -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap -> File not found
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp -> File not found
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %System32%\drivers\wanatw4 -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT -> File not found
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %System32%\drivers\ws2ifsl -> File not found
(WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\wstcodec -> File not found
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfPf -> File not found
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %System32%\drivers\WudfRd -> File not found
(zntport) NTPort Library Driver [Kernel | Auto | Stopped] -> %System32%\zntport.sys -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
dxfbidea -> %SystemDrive%\myuolpts.bat -> File not found
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr =	]
nwiz -> %System32%\nwiz -> File not found
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> 
 ->  -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
ctfmon.exe -> %System32%\ctfmon -> File not found
P2kAutostart ->  -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> %AllUsersStartup%\desktop -> File not found
< Chris Startup Folder > -> C:\Documents and Settings\Chris\Start Menu\Programs\Startup -> 
 -> %UserStartup%\desktop -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
Your Image File Name Here without a path -> %System32%\ntsd [Debugger] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer -> File not found
*MultiFile Done* -> -> 
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %System32%\userinit -> File not found
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
C:\Windows\System32\logonui.exe -> %System32%\logonui -> File not found
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %System32%\rundll32 -> File not found
Control_RunDLL "sysdm.cpl" -> %System32%\sysdm -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
< HOSTS File > (21 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.windowsxlive.net -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://yahoo.com/ -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6 domain(s) found. -> 
  [msn] -> My Computer -> 
aimexpress_aol.com [http] -> Trusted sites -> 
objects_aol.com [*] -> Out of zone range - ( 5 ) -> 
www_download.com [http] -> Trusted sites -> 
uploadhosted_filefront.com [http] -> Trusted sites -> 
www_freeweblayouts.net [https] -> Trusted sites -> 
toolbar_imageshack.us [http] -> Trusted sites -> 
5 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 2:32:32 PM | Attr =	]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.07b | Size = 118836 bytes | Modified Date = 3/15/2004 12:04:00 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] ->  [AIM Search] -> File not found
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 11:53:18 AM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 2:32:32 PM | Attr =	]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger [Yahoo! Messenger] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> File not found
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 7, 31, 1 | Size = 185848 bytes | Modified Date = 7/31/2006 2:32:32 PM | Attr =	]
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Real.com] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger [Yahoo! Messenger] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Tag This Image ->  -> File not found
Transload Image to ImageShack ->  -> File not found
Upload All Images to ImageShack ->  -> File not found
Upload Image to ImageShack ->  -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SPOENB/1.0 ->  -> 
YPC 3.2.0 -> Yahoo! Parental Controls -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{950500F1-D40B-4601-AF19-A747ED3CCDD9} ->	() -> 
{C9441AAD-453E-474D-BA96-70E234A907A8} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000020 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
Protocol_Catalog9\Catalog_Entries\000000000021 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.8 | Size = 74864 bytes | Modified Date = 9/27/2006 3:59:51 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab[Support.com Configuration Class] -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll[Installation Support] -> 
{33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> 
{48884C41-EFAC-433D-958A-9FADAC41408E}[HKEY_LOCAL_MACHINE] -> https://www.e-games.com.my/com/EGamesPlugin.cab[EGamesPlugin Class] -> 
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> 
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab2.cab[System Requirements Lab Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{A4639D2F-774E-11D3-A490-00C04F6843FB}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab[IEAnimBehaviorFactory Class] -> 
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.4.2/jinstall-1_4_2_08-windows-i586.cab[Java Plug-in 1.4.2_08] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://chat.msn.com/controls/msnchat45.cab[MSN Chat Control 4.5] -> 



[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 1/20/2008 1:11:01 PM | Attr =	]
TEMP -> %SystemDrive%\TEMP ->  [Folder | Created Date = 1/14/2008 6:49:02 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 1/19/2008 12:23:27 PM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/10/2008 8:32:35 PM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/10/2008 8:32:35 PM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/10/2008 8:32:35 PM | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 163353 bytes | Created Date = 12/30/2007 10:14:57 PM | Attr =	]
nvdisp.nvu -> %System32%\nvdisp.nvu ->  [Ver =  | Size = 17737 bytes | Created Date = 12/30/2007 10:14:53 PM | Attr =	]
nvudisp.exe -> %System32%\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 1 , 1 , 0  | Size = 356352 bytes | Created Date = 12/30/2007 10:14:50 PM | Attr =	]
NVUNINST.EXE -> %System32%\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 1 , 1 , 0  | Size = 356352 bytes | Created Date = 12/30/2007 10:13:20 PM | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Created Date = 12/30/2007 10:14:53 PM | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 1/15/2008 3:47:57 PM | Attr =	]
UpdReg .EXE -> %SystemRoot%\UpdReg .EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Created Date = 1/13/2008 7:03:45 AM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/14/2008 11:27:55 AM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 1/19/2008 12:05:03 PM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 1/19/2008 12:04:39 PM | Attr =	]
WinRAR -> %UserAppData%\WinRAR ->  [Folder | Created Date = 1/5/2008 7:45:43 PM | Attr =	]
Paint.NET -> %LocalAppData%\Paint.NET ->  [Folder | Created Date = 1/14/2008 11:56:19 AM | Attr =	]
bkl001.jpg -> %UserDocuments%\bkl001.jpg ->  [Ver =  | Size = 238196 bytes | Created Date = 1/5/2008 3:30:24 PM | Attr =	]
Chargers.PNG -> %UserDocuments%\Chargers.PNG ->  [Ver =  | Size = 286803 bytes | Created Date = 1/20/2008 11:04:54 AM | Attr =	]
Daft Punk - Human After All.mp3 -> %UserDocuments%\Daft Punk - Human After All.mp3 ->  [Ver =  | Size = 7668267 bytes | Created Date = 1/20/2008 10:07:01 AM | Attr =	]
Daft Punk 2.mp3 -> %UserDocuments%\Daft Punk 2.mp3 ->  [Ver =  | Size = 400680 bytes | Created Date = 1/20/2008 10:48:57 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Daft Punk 2.mp3:Zone.Identifier
Daft Punk short.mp3 -> %UserDocuments%\Daft Punk short.mp3 ->  [Ver =  | Size = 321552 bytes | Created Date = 1/20/2008 10:46:54 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Daft Punk short.mp3:Zone.Identifier
er.rtf -> %UserDocuments%\er.rtf ->  [Ver =  | Size = 166 bytes | Created Date = 1/9/2008 9:48:49 PM | Attr =	]
MAES LAYOUT 1-15-08.rtf -> %UserDocuments%\MAES LAYOUT 1-15-08.rtf ->  [Ver =  | Size = 36632 bytes | Created Date = 1/15/2008 9:23:06 PM | Attr =	]
missing!.PNG -> %UserDocuments%\missing!.PNG ->  [Ver =  | Size = 49250 bytes | Created Date = 1/18/2008 7:18:11 PM | Attr =	]
MY LAYOUT CODE 1-15-08.rtf -> %UserDocuments%\MY LAYOUT CODE 1-15-08.rtf ->  [Ver =  | Size = 23927 bytes | Created Date = 1/15/2008 9:18:36 PM | Attr =	]
New d.doc -> %UserDocuments%\New d.doc ->  [Ver =  | Size = 818176 bytes | Created Date = 1/17/2008 9:49:14 PM | Attr =	]
Outsiders - Tulsa Times.doc -> %UserDocuments%\Outsiders - Tulsa Times.doc ->  [Ver =  | Size = 818176 bytes | Created Date = 1/17/2008 9:53:09 PM | Attr =	]
outsiders word.rtf -> %UserDocuments%\outsiders word.rtf ->  [Ver =  | Size = 3592 bytes | Created Date = 1/17/2008 8:14:23 PM | Attr =	]
param_table.bin -> %UserDocuments%\param_table.bin ->  [Ver =  | Size = 3644 bytes | Created Date = 1/18/2008 11:27:51 PM | Attr =	]
phrases.rtf -> %UserDocuments%\phrases.rtf ->  [Ver =  | Size = 261 bytes | Created Date = 12/31/2007 9:14:14 PM | Attr =	]
plmn_text_table.bin -> %UserDocuments%\plmn_text_table.bin ->  [Ver =  | Size = 9629 bytes | Created Date = 1/18/2008 11:25:53 PM | Attr =	]
Print out.rtf -> %UserDocuments%\Print out.rtf ->  [Ver =  | Size = 4985 bytes | Created Date = 1/19/2008 12:17:41 PM | Attr =	]
ralph-layout-headline-aboutme.rtf -> %UserDocuments%\ralph-layout-headline-aboutme.rtf ->  [Ver =  | Size = 23923 bytes | Created Date = 1/5/2008 2:48:51 AM | Attr =	]
Sound.png.gif -> %UserDocuments%\Sound.png.gif ->  [Ver =  | Size = 1668 bytes | Created Date = 1/20/2008 9:24:44 AM | Attr =	]
username.rtf -> %UserDocuments%\username.rtf ->  [Ver =  | Size = 365 bytes | Created Date = 1/12/2008 3:36:38 PM | Attr =	]
WTF.PNG -> %UserDocuments%\WTF.PNG ->  [Ver =  | Size = 23358 bytes | Created Date = 1/13/2008 9:57:15 AM | Attr =	]
wtf2.PNG -> %UserDocuments%\wtf2.PNG ->  [Ver =  | Size = 46494 bytes | Created Date = 1/13/2008 10:41:11 AM | Attr =	]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk ->  [Ver =  | Size = 795 bytes | Created Date = 1/4/2008 4:05:14 AM | Attr =	]
FastStone Image Viewer.lnk -> %AllUsersDesktop%\FastStone Image Viewer.lnk ->  [Ver =  | Size = 780 bytes | Created Date = 1/7/2008 1:26:53 PM | Attr =	]
avenger.exe -> %AllUsersDocuments%\Desktop\avenger.exe ->  [Ver =  | Size = 130048 bytes | Created Date = 1/20/2008 1:07:13 PM | Attr =	]
CS - Source.lnk -> %AllUsersDocuments%\Desktop\CS - Source.lnk ->  [Ver =  | Size = 1852 bytes | Created Date = 12/31/2007 12:42:38 PM | Attr =	]
DivX Movies.lnk -> %AllUsersDocuments%\Desktop\DivX Movies.lnk ->  [Ver =  | Size = 1427 bytes | Created Date = 1/4/2008 4:05:14 AM | Attr =	]
FLV Player.lnk -> %AllUsersDocuments%\Desktop\FLV Player.lnk ->  [Ver =  | Size = 707 bytes | Created Date = 1/14/2008 1:30:02 PM | Attr =	]
HijackThis.lnk -> %AllUsersDocuments%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 842 bytes | Created Date = 1/14/2008 10:41:00 AM | Attr =	]
StepMania.lnk -> %AllUsersDocuments%\Desktop\StepMania.lnk ->  [Ver =  | Size = 1713 bytes | Created Date = 1/19/2008 11:30:39 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDocuments%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 786 bytes | Created Date = 1/19/2008 12:04:48 PM | Attr =	]
SUPERAntiSpyware.exe -> %AllUsersDocuments%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Created Date = 1/19/2008 12:02:57 PM | Attr =	]
uTorrent.lnk -> %AllUsersDocuments%\Desktop\uTorrent.lnk ->  [Ver =  | Size = 688 bytes | Created Date = 1/6/2008 8:12:55 AM | Attr =	]
VundoFix.exe -> %AllUsersDocuments%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Created Date = 1/19/2008 12:23:07 PM | Attr =	]
WinPFind35u -> %AllUsersDocuments%\Desktop\WinPFind35u ->  [Folder | Created Date = 1/20/2008 1:12:56 PM | Attr =	]
WinPFind35u.exe -> %AllUsersDocuments%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 477315 bytes | Created Date = 1/20/2008 1:12:44 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 1/15/2008 3:46:53 PM | Attr = RH ]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 1/20/2008 1:11:01 PM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 1/14/2008 6:26:49 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/19/2008 3:57:00 PM | Attr =  HS]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/20/2008 1:09:29 PM | Attr =	]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 1954 bytes | Modified Date = 1/18/2008 7:27:34 PM | Attr =  H ]
NVIDIA -> %SystemDrive%\NVIDIA ->  [Folder | Modified Date = 12/30/2007 10:12:31 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/19/2008 3:56:59 PM | Attr =	]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/2/2008 6:09:31 PM | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/4/2008 8:05:59 PM | Attr =  H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 12/29/2007 10:38:49 AM | Attr =  H ]
sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 12/29/2007 11:15:30 AM | Attr =  H ]
sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 12/30/2007 10:38:08 PM | Attr =  H ]
sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 12/31/2007 10:15:28 AM | Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/1/2008 5:38:39 PM | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/2/2008 10:37:23 AM | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 1/2/2008 5:55:05 PM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/2/2008 6:09:30 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/4/2008 8:05:58 PM | Attr =  H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 12/29/2007 10:38:49 AM | Attr =  H ]
sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 12/29/2007 11:15:30 AM | Attr =  H ]
sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 12/30/2007 10:38:07 PM | Attr =  H ]
sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 12/31/2007 10:15:28 AM | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/1/2008 5:38:39 PM | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/2/2008 10:37:23 AM | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 1/2/2008 5:55:05 PM | Attr =  H ]
TEMP -> %SystemDrive%\TEMP ->  [Folder | Modified Date = 1/14/2008 6:49:02 PM | Attr =	]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 1/19/2008 6:34:27 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/20/2008 1:13:34 PM | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/14/2008 10:46:05 AM | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/14/2008 10:45:42 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/19/2008 5:12:10 PM | Attr =	]
dla -> %System32%\dla ->  [Folder | Modified Date = 1/14/2008 7:27:39 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/19/2008 11:56:48 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/20/2008 1:11:02 PM | Attr =	]
nvapps.xml -> %System32%\nvapps.xml ->  [Ver =  | Size = 163353 bytes | Modified Date = 1/5/2008 7:22:01 PM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/20/2008 1:11:10 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/9/2008 7:12:16 AM | Attr =  H ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 1/14/2008 1:12:45 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/20/2008 1:10:02 PM | Attr =   S]
CAVTemp -> %SystemRoot%\CAVTemp ->  [Folder | Modified Date = 1/20/2008 11:43:23 AM | Attr =	]
dellstat.ini -> %SystemRoot%\dellstat.ini ->  [Ver =  | Size = 657 bytes | Modified Date = 1/19/2008 12:21:21 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/18/2008 7:26:09 PM | Attr =   S]
FLV Player -> %SystemRoot%\FLV Player ->  [Folder | Modified Date = 1/19/2008 2:02:57 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 12/30/2007 10:14:56 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/9/2008 9:57:33 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/19/2008 3:57:00 PM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/8/2008 8:06:56 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1903 bytes | Modified Date = 1/1/2008 11:54:02 PM | Attr =	]
nview -> %SystemRoot%\nview ->  [Folder | Modified Date = 12/30/2007 10:14:53 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/20/2008 1:11:27 PM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 1/8/2008 7:50:58 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 1/14/2008 6:26:49 PM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 1/20/2008 1:09:29 PM | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 1/19/2008 12:21:24 PM | Attr =	]
UpdReg .EXE -> %SystemRoot%\UpdReg .EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 1/14/2008 8:48:17 AM | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 953 bytes | Modified Date = 1/14/2008 6:26:49 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/14/2008 1:14:36 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/20/2008 1:10:19 PM | Attr =  H ]
Scan for Viruses.job -> %SystemRoot%\tasks\Scan for Viruses.job ->  [Ver =  | Size = 342 bytes | Modified Date = 1/18/2008 10:00:00 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
AOL -> %AllUsersAppData%\AOL ->  [Folder | Modified Date = 1/15/2008 6:44:43 AM | Attr =	]
AOL Downloads -> %AllUsersAppData%\AOL Downloads ->  [Folder | Modified Date = 1/15/2008 6:46:44 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 1/14/2008 12:02:06 PM | Attr =	]
SUPERAntiSpyware.com -> %AllUsersAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 1/19/2008 12:05:03 PM | Attr =	]
TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Modified Date = 1/14/2008 8:49:45 AM | Attr =	]
Viewpoint -> %AllUsersAppData%\Viewpoint ->  [Folder | Modified Date = 1/18/2008 7:26:35 PM | Attr =	]
Aim -> %UserAppData%\Aim ->  [Folder | Modified Date = 1/5/2008 6:58:57 PM | Attr =	]
AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 1/15/2008 8:00:08 AM | Attr =	]
LimeWire -> %UserAppData%\LimeWire ->  [Folder | Modified Date = 1/19/2008 12:58:45 AM | Attr =	]
SUPERAntiSpyware.com -> %UserAppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 1/19/2008 12:04:39 PM | Attr =	]
uTorrent -> %UserAppData%\uTorrent ->  [Folder | Modified Date = 1/11/2008 1:41:09 AM | Attr =	]
WinRAR -> %UserAppData%\WinRAR ->  [Folder | Modified Date = 1/5/2008 8:01:59 PM | Attr =	]
AOL -> %LocalAppData%\AOL ->  [Folder | Modified Date = 1/16/2008 7:45:51 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 136704 bytes | Modified Date = 1/12/2008 1:56:32 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 1581784 bytes | Modified Date = 1/8/2008 12:29:07 AM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/19/2008 2:12:25 PM | Attr =	]
Paint.NET -> %LocalAppData%\Paint.NET ->  [Folder | Modified Date = 1/14/2008 12:20:27 PM | Attr =	]
Desktop -> %AllUsersDocuments%\Desktop ->  [Folder | Modified Date = 1/20/2008 1:12:56 PM | Attr =	]
Shared -> %AllUsersDocuments%\Shared ->  [Folder | Modified Date = 1/7/2008 2:08:38 AM | Attr =	]
bkl001.jpg -> %UserDocuments%\bkl001.jpg ->  [Ver =  | Size = 238196 bytes | Modified Date = 1/5/2008 3:33:28 PM | Attr =	]
Chargers.PNG -> %UserDocuments%\Chargers.PNG ->  [Ver =  | Size = 286803 bytes | Modified Date = 1/20/2008 11:04:54 AM | Attr =	]
Daft Punk 2.mp3 -> %UserDocuments%\Daft Punk 2.mp3 ->  [Ver =  | Size = 400680 bytes | Modified Date = 1/20/2008 10:48:58 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Daft Punk 2.mp3:Zone.Identifier
Daft Punk short.mp3 -> %UserDocuments%\Daft Punk short.mp3 ->  [Ver =  | Size = 321552 bytes | Modified Date = 1/20/2008 10:46:55 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\Daft Punk short.mp3:Zone.Identifier
er.rtf -> %UserDocuments%\er.rtf ->  [Ver =  | Size = 166 bytes | Modified Date = 1/9/2008 9:48:49 PM | Attr =	]
Jon's Music -> %UserDocuments%\Jon's Music ->  [Folder | Modified Date = 1/18/2008 2:25:28 PM | Attr =	]
MAES LAYOUT 1-15-08.rtf -> %UserDocuments%\MAES LAYOUT 1-15-08.rtf ->  [Ver =  | Size = 36632 bytes | Modified Date = 1/15/2008 9:23:06 PM | Attr =	]
missing!.PNG -> %UserDocuments%\missing!.PNG ->  [Ver =  | Size = 49250 bytes | Modified Date = 1/18/2008 7:18:11 PM | Attr =	]
MY LAYOUT CODE 1-15-08.rtf -> %UserDocuments%\MY LAYOUT CODE 1-15-08.rtf ->  [Ver =  | Size = 23927 bytes | Modified Date = 1/15/2008 9:18:37 PM | Attr =	]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/18/2008 7:24:19 PM | Attr =	]
My Received Files -> %UserDocuments%\My Received Files ->  [Folder | Modified Date = 1/17/2008 8:31:18 PM | Attr =	]
My Videos -> %UserDocuments%\My Videos ->  [Folder | Modified Date = 1/12/2008 1:56:31 PM | Attr =	]
New d.doc -> %UserDocuments%\New d.doc ->  [Ver =  | Size = 818176 bytes | Modified Date = 1/17/2008 9:49:15 PM | Attr =	]
Outsiders - Tulsa Times.doc -> %UserDocuments%\Outsiders - Tulsa Times.doc ->  [Ver =  | Size = 818176 bytes | Modified Date = 1/17/2008 10:13:00 PM | Attr =	]
outsiders word.rtf -> %UserDocuments%\outsiders word.rtf ->  [Ver =  | Size = 3592 bytes | Modified Date = 1/17/2008 10:46:59 PM | Attr =	]
param_table.bin -> %UserDocuments%\param_table.bin ->  [Ver =  | Size = 3644 bytes | Modified Date = 1/18/2008 11:27:52 PM | Attr =	]
phrases.rtf -> %UserDocuments%\phrases.rtf ->  [Ver =  | Size = 261 bytes | Modified Date = 12/31/2007 9:14:14 PM | Attr =	]
plmn_text_table.bin -> %UserDocuments%\plmn_text_table.bin ->  [Ver =  | Size = 9629 bytes | Modified Date = 1/18/2008 11:25:54 PM | Attr =	]
Print out.rtf -> %UserDocuments%\Print out.rtf ->  [Ver =  | Size = 4985 bytes | Modified Date = 1/19/2008 12:17:41 PM | Attr =	]
Programs -> %UserDocuments%\Programs ->  [Folder | Modified Date = 1/20/2008 9:27:08 AM | Attr =	]
ralph-layout-headline-aboutme.rtf -> %UserDocuments%\ralph-layout-headline-aboutme.rtf ->  [Ver =  | Size = 23923 bytes | Modified Date = 1/5/2008 2:55:36 AM | Attr =	]
Runescape -> %UserDocuments%\Runescape ->  [Folder | Modified Date = 1/4/2008 4:38:32 AM | Attr =	]
Text Documents -> %UserDocuments%\Text Documents ->  [Folder | Modified Date = 1/7/2008 6:16:11 PM | Attr =	]
Thumbs.db -> %UserDocuments%\Thumbs.db ->  [Ver =  | Size = 235008 bytes | Modified Date = 1/17/2008 8:31:25 PM | Attr =  HS]
username.rtf -> %UserDocuments%\username.rtf ->  [Ver =  | Size = 365 bytes | Modified Date = 1/12/2008 3:36:38 PM | Attr =	]
WTF.PNG -> %UserDocuments%\WTF.PNG ->  [Ver =  | Size = 23358 bytes | Modified Date = 1/13/2008 9:57:24 AM | Attr =	]
wtf2.PNG -> %UserDocuments%\wtf2.PNG ->  [Ver =  | Size = 46494 bytes | Modified Date = 1/13/2008 10:41:16 AM | Attr =	]
DivX Player.lnk -> %AllUsersDesktop%\DivX Player.lnk ->  [Ver =  | Size = 795 bytes | Modified Date = 1/4/2008 4:05:14 AM | Attr =	]
FastStone Image Viewer.lnk -> %AllUsersDesktop%\FastStone Image Viewer.lnk ->  [Ver =  | Size = 780 bytes | Modified Date = 1/7/2008 1:26:53 PM | Attr =	]
CS - Source.lnk -> %AllUsersDocuments%\Desktop\CS - Source.lnk ->  [Ver =  | Size = 1852 bytes | Modified Date = 12/31/2007 12:42:38 PM | Attr =	]
DivX Movies.lnk -> %AllUsersDocuments%\Desktop\DivX Movies.lnk ->  [Ver =  | Size = 1427 bytes | Modified Date = 1/4/2008 4:05:31 AM | Attr =	]
FLV Player.lnk -> %AllUsersDocuments%\Desktop\FLV Player.lnk ->  [Ver =  | Size = 707 bytes | Modified Date = 1/14/2008 1:30:02 PM | Attr =	]
HijackThis.lnk -> %AllUsersDocuments%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 842 bytes | Modified Date = 1/14/2008 10:41:01 AM | Attr =	]
StepMania.lnk -> %AllUsersDocuments%\Desktop\StepMania.lnk ->  [Ver =  | Size = 1713 bytes | Modified Date = 1/19/2008 11:30:39 AM | Attr =	]
SUPERAntiSpyware Free Edition.lnk -> %AllUsersDocuments%\Desktop\SUPERAntiSpyware Free Edition.lnk ->  [Ver =  | Size = 786 bytes | Modified Date = 1/19/2008 12:04:48 PM | Attr =	]
SUPERAntiSpyware.exe -> %AllUsersDocuments%\Desktop\SUPERAntiSpyware.exe ->  [Ver =  | Size = 5914648 bytes | Modified Date = 1/19/2008 12:03:04 PM | Attr =	]
uTorrent.lnk -> %AllUsersDocuments%\Desktop\uTorrent.lnk ->  [Ver =  | Size = 688 bytes | Modified Date = 1/6/2008 8:12:55 AM | Attr =	]
VundoFix.exe -> %AllUsersDocuments%\Desktop\VundoFix.exe -> Atribune.org [Ver = 6.07.0007 | Size = 132608 bytes | Modified Date = 1/19/2008 12:23:03 PM | Attr =	]
WinPFind35u -> %AllUsersDocuments%\Desktop\WinPFind35u ->  [Folder | Modified Date = 1/20/2008 1:13:34 PM | Attr =	]
WinPFind35u.exe -> %AllUsersDocuments%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 477315 bytes | Modified Date = 1/20/2008 1:12:44 PM | Attr =	]
AOL -> %CommonProgramFiles%\AOL ->  [Folder | Modified Date = 1/5/2008 7:03:53 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/19/2008 12:03:13 PM | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg ->  [Ver =  | Size = 2327 bytes | Modified Date = 8/3/2006 2:23:21 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 ->  [Ver =  | Size = 6800 bytes | Modified Date = 1/20/2008 1:11:41 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 ->  [Ver =  | Size = 6800 bytes | Modified Date = 1/20/2008 1:11:41 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11 ->  [Ver =  | Size = 8206 bytes | Modified Date = 6/2/2007 7:32:21 PM | Attr =	]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12 ->  [Ver =  | Size = 8458 bytes | Modified Date = 3/30/2007 7:14:39 PM | Attr =	]

< End of report >

Attached Files



#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:46 AM

Posted 20 January 2008 - 05:04 PM

Hi iSayChris. Everything in the new log looks good :thumbsup: How are things running? Any issues?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 20 January 2008 - 06:43 PM

Everything works great now :D, Except the details box is still not showing. i think the file to it got deleted.
Thanks you very much for your help.

do you know whats the file called or how to fix it.
Posted Image

Edited by iSayChris, 20 January 2008 - 06:48 PM.


#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:46 AM

Posted 20 January 2008 - 08:09 PM

Hi iSayChris. That's just a setting in your view preferences.

Click View-> Arrange Icons By -> Show in Groups

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 20 January 2008 - 08:34 PM

hmm i tried that, and its not it.

heres what im talking about. i made a while drawn picture

Posted Image

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:46 AM

Posted 20 January 2008 - 08:47 PM

Then go to Tools -> Folder Options ->

In the Tasks section choose Show Common Tasks in Folder

Cheers.

TO
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 iSayChris

iSayChris
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 20 January 2008 - 08:50 PM

Wow lol, thanks you very much :D!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users