[code] OTScanIt logfile created on: 3/23/2008 4:07:05 AM OTScanIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\pamdam.X2\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 894.47 Mb Total Physical Memory | 505.37 Mb Available Physical Memory | 56.50% Memory free 2.12 Gb Paging File | 1.67 Gb Available in Paging File | 78.82% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97.65 Gb Total Space | 78.45 Gb Free Space | 80.33% Space Free | Partition Type: NTFS Drive D: | 51.39 Gb Total Space | 30.86 Gb Free Space | 60.05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: X2 Current User Name: pamdam Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] bdmcon.exe -> %ProgramFiles%\Softwin\BitDefender10\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 15 | Size = 290816 bytes | Modified Date = 3/18/2008 3:26:13 PM | Attr = ] bdagent.exe -> %ProgramFiles%\Softwin\BitDefender10\bdagent.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 16 | Size = 69632 bytes | Modified Date = 3/27/2007 7:49:46 AM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 PM | Attr = ] e_fatibhp.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIBHP.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 131072 bytes | Modified Date = 2/23/2006 3:00:00 AM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.5.5 | Size = 16841216 bytes | Modified Date = 9/3/2007 3:52:22 PM | Attr = R ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 3/20/2008 9:24:23 AM | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0109 | Size = 163908 bytes | Modified Date = 4/6/2007 10:12:00 PM | Attr = ] xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> SOFTWIN S.R.L [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 11/10/2006 5:33:04 AM | Attr = ] bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 81920 bytes | Modified Date = 1/20/2007 8:12:56 AM | Attr = ] livesrv.exe -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 18 | Size = 237568 bytes | Modified Date = 3/18/2008 3:27:04 PM | Attr = ] vsserv.exe -> %ProgramFiles%\Softwin\BitDefender10\vsserv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 147 | Size = 462848 bytes | Modified Date = 3/18/2008 3:26:40 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/2/2008 6:07:41 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 3/19/2008 6:01:26 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 8:31:10 PM | Attr = ] (bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 81920 bytes | Modified Date = 1/20/2007 8:12:56 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 6:56:50 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3/19/2008 4:00:00 PM | Attr = ] (LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Update Service\livesrv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 18 | Size = 237568 bytes | Modified Date = 3/18/2008 3:27:04 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0109 | Size = 163908 bytes | Modified Date = 4/6/2007 10:12:00 PM | Attr = ] (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender10\vsserv.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 1, 147 | Size = 462848 bytes | Modified Date = 3/18/2008 3:26:40 PM | Attr = ] (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> SOFTWIN S.R.L [Ver = 1, 8, 11, 0 | Size = 86016 bytes | Modified Date = 11/10/2006 5:33:04 AM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys -> [Ver = | Size = 11000 bytes | Modified Date = 5/30/2007 8:10:42 PM | Attr = ] (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 8:10:42 PM | Attr = ] (bdfdll) bdfdll [Kernel | On_Demand | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdfdll.sys -> [Ver = | Size = 8704 bytes | Modified Date = 12/5/2006 8:51:44 AM | Attr = ] (BDFSDRV) BDFSDRV [Kernel | On_Demand | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdfsdrv.sys -> [Ver = | Size = 14145 bytes | Modified Date = 1/10/2006 10:50:34 AM | Attr = ] (bdpredir) bdpredir [Kernel | System | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdpredir.sys -> Softwin SRL [Ver = 1.0.0.15 | Size = 25984 bytes | Modified Date = 4/21/2007 5:29:44 AM | Attr = ] (BDRSDRV) BDRSDRV [Kernel | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender10\bdrsdrv.sys -> [Ver = | Size = 10768 bytes | Modified Date = 6/29/2006 9:13:54 AM | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:07:18 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:07:18 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5477 built by: WinDDK | Size = 4611072 bytes | Modified Date = 9/5/2007 5:31:30 PM | Attr = R ] (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.0109 | Size = 6724704 bytes | Modified Date = 4/6/2007 10:12:00 PM | Attr = ] (NVHDAMIN) Service for NVIDIA HDMI Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvhdamin.sys -> NVIDIA Corporation [Ver = 1.00.00 built by: WinDDK | Size = 18176 bytes | Modified Date = 5/14/2007 10:30:44 AM | Attr = R ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/11/2006 4:53:48 AM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/17/2006 8:51:08 AM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1050 | Size = 51440 bytes | Modified Date = 3/20/2008 9:24:23 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 PM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 8.61.2.3 built by: WinDDK | Size = 250496 bytes | Modified Date = 11/3/2006 12:01:00 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 PM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = R ] BDAgent -> %ProgramFiles%\Softwin\BitDefender10\bdagent.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 16 | Size = 69632 bytes | Modified Date = 3/27/2007 7:49:46 AM | Attr = ] BDMCon -> %ProgramFiles%\Softwin\BitDefender10\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 10, 2, 0, 15 | Size = 290816 bytes | Modified Date = 3/18/2008 3:26:13 PM | Attr = ] EPSON Stylus C59 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIBHP.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 131072 bytes | Modified Date = 2/23/2006 3:00:00 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.0109 | Size = 8429568 bytes | Modified Date = 4/6/2007 10:12:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.0109 | Size = 81920 bytes | Modified Date = 4/6/2007 10:12:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 4/6/2007 10:12:00 PM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.5.5 | Size = 16841216 bytes | Modified Date = 9/3/2007 3:52:22 PM | Attr = R ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 3/20/2008 9:24:23 AM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] < All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> < pamdam.X2 Startup Folder > -> C:\Documents and Settings\pamdam.X2\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> sockspy.dll -> %SystemRoot%\system32\sockspy.dll -> [Ver = | Size = 73728 bytes | Modified Date = 1/27/2006 12:19:52 PM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 PM | Attr = ] {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/21/2006 4:55:48 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> peanut.bat -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 3/20/2008 9:24:23 AM | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/19/2007 5:49:22 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/19/2007 5:49:22 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/13/2007 6:09:42 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 3/19/2008 3:59:58 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 3/19/2008 3:59:58 PM | Attr = R ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/19/2007 5:49:22 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 3/19/2008 3:59:58 PM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! ¤u¨ã¦C] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/19/2007 5:49:22 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/13/2007 6:09:42 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/13/2007 6:09:42 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1CADC349-C1D4-4ED5-A265-4635398A0474} -> (Generic Marvell Yukon Chipset based Ethernet Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:56:44 AM | Attr = ] C:\WINDOWS\system32\jkhfg.dll -> %SystemRoot%\system32\jkhfg.dll -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/16/2005 1:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 6:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 6:56:48 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 752 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 6:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 6:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 3989 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 6:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/28/2006 7:16:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/28/2006 7:37:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/28/2006 7:03:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 3/22/2008 12:23:49 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\PortableApps\utorrent\utorrent.exe -> F:\PortableApps\utorrent\utorrent.exe [F:\PortableApps\utorrent\utorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 6:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 6:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 6:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 3/4/2008 11:32:17 PM | Attr = RH ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 3/18/2008 2:50:21 PM | Attr = RH ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 3/18/2008 6:12:02 PM | Attr = ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 3/18/2008 12:21:45 PM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 3/18/2008 12:21:45 PM | Attr = ] cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 3/18/2008 12:21:53 PM | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 3/18/2008 12:21:55 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 3/18/2008 12:21:46 PM | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 3/18/2008 12:21:46 PM | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 3/18/2008 12:21:46 PM | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:46 PM | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:46 PM | Attr = ] c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:43 AM | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:44 AM | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:45 AM | Attr = ] c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:47 PM | Attr = ] c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 3/18/2008 12:21:48 PM | Attr = ] c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:37 AM | Attr = ] c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:49 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 3/18/2008 12:21:50 PM | Attr = ] c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:51 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:51 PM | Attr = ] c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:41 AM | Attr = ] c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:44 AM | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:51 PM | Attr = ] c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:46 AM | Attr = ] c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:47 AM | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:51 PM | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 12:21:51 PM | Attr = ] c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:41 AM | Attr = ] c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:45 AM | Attr = ] c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 12:21:51 PM | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 12:21:52 PM | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 12:21:52 PM | Attr = ] c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:41 AM | Attr = ] c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 12:21:52 PM | Attr = ] c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 3/18/2008 12:22:07 PM | Attr = ] esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 3/18/2008 12:22:07 PM | Attr = ] esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 3/18/2008 12:22:07 PM | Attr = ] FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 3/18/2008 12:22:09 PM | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 3/18/2008 12:22:13 PM | Attr = ] HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 3/18/2008 12:22:18 PM | Attr = ] IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 3/18/2008 12:22:27 PM | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 3/18/2008 12:22:29 PM | Attr = ] IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 3/18/2008 12:22:30 PM | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 3/18/2008 12:18:46 PM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 3/18/2008 12:22:37 PM | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 3/18/2008 12:22:38 PM | Attr = ] MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 3/18/2008 12:18:48 PM | Attr = ] MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 3/18/2008 12:19:32 PM | Attr = ] NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 3/18/2008 4:11:24 AM | Attr = ] NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 3/18/2008 4:11:24 AM | Attr = ] NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 3/18/2008 12:23:02 PM | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 3/18/2008 12:23:04 PM | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 3/18/2008 12:23:04 PM | Attr = ] rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 3/18/2008 12:23:11 PM | Attr = ] rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 3/18/2008 12:23:11 PM | Attr = ] rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 3/18/2008 12:23:11 PM | Attr = ] SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 3/18/2008 12:19:01 PM | Attr = ] tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 3/18/2008 4:11:25 AM | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 3/18/2008 12:23:46 PM | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 3/19/2008 2:21:10 AM | Attr = ] nvhdamin.sys -> %SystemRoot%\System32\drivers\nvhdamin.sys -> NVIDIA Corporation [Ver = 1.00.00 built by: WinDDK | Size = 18176 bytes | Created Date = 3/19/2008 5:58:40 PM | Attr = R ] RtkHDAud.sys -> %SystemRoot%\System32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5477 built by: WinDDK | Size = 4611072 bytes | Created Date = 3/19/2008 5:48:47 PM | Attr = R ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 3/18/2008 4:09:31 AM | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 3/19/2008 6:46:43 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ALSndMgr.cpl -> %SystemRoot%\System32\ALSndMgr.cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 10 | Size = 299008 bytes | Created Date = 3/19/2008 5:48:31 PM | Attr = R ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 3/18/2008 12:21:04 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 3/11/2008 9:11:31 PM | Attr = ] asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 3/19/2008 6:47:36 AM | Attr = ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 3/18/2008 4:11:34 AM | Attr = ] bdod.bin -> %SystemRoot%\System32\bdod.bin -> [Ver = | Size = 81984 bytes | Created Date = 3/18/2008 12:47:18 PM | Attr = ] bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 3/18/2008 12:17:40 PM | Attr = ] BuzzingBee.wav -> %SystemRoot%\System32\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Created Date = 3/19/2008 5:55:38 PM | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/18/2008 12:19:47 PM | Attr = RH ] ChCfg.exe -> %SystemRoot%\System32\ChCfg.exe -> [Ver = | Size = 49152 bytes | Created Date = 3/19/2008 5:50:04 PM | Attr = R ] CMMGR32.EXE -> %SystemRoot%\System32\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 3/19/2008 2:37:05 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 3/18/2008 12:21:08 PM | Attr = ] c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:43 AM | Attr = ] c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:44 AM | Attr = ] c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:45 AM | Attr = ] c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:37 AM | Attr = ] C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:41 AM | Attr = ] C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:44 AM | Attr = ] C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:46 AM | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:47 AM | Attr = ] c_737.nls -> %SystemRoot%\System32\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_852.nls -> %SystemRoot%\System32\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:39 AM | Attr = ] c_855.nls -> %SystemRoot%\System32\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:41 AM | Attr = ] c_857.nls -> %SystemRoot%\System32\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:45 AM | Attr = ] c_866.nls -> %SystemRoot%\System32\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:41 AM | Attr = ] c_869.nls -> %SystemRoot%\System32\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] c_875.nls -> %SystemRoot%\System32\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 3/18/2008 4:11:42 AM | Attr = ] desktop.ini -> %SystemRoot%\System32\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 3/18/2008 12:19:07 PM | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 2/24/2008 3:08:36 PM | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 3/18/2008 12:18:18 PM | Attr = ] EPPICLocal_BP.cfg -> %SystemRoot%\System32\EPPICLocal_BP.cfg -> [Ver = | Size = 6347 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_CF.cfg -> %SystemRoot%\System32\EPPICLocal_CF.cfg -> [Ver = | Size = 6195 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_DU.cfg -> %SystemRoot%\System32\EPPICLocal_DU.cfg -> [Ver = | Size = 6122 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_EN.cfg -> %SystemRoot%\System32\EPPICLocal_EN.cfg -> [Ver = | Size = 13732 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_ES.cfg -> %SystemRoot%\System32\EPPICLocal_ES.cfg -> [Ver = | Size = 6103 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_FR.cfg -> %SystemRoot%\System32\EPPICLocal_FR.cfg -> [Ver = | Size = 6195 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_GE.cfg -> %SystemRoot%\System32\EPPICLocal_GE.cfg -> [Ver = | Size = 6335 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_IT.cfg -> %SystemRoot%\System32\EPPICLocal_IT.cfg -> [Ver = | Size = 6442 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_KO.cfg -> %SystemRoot%\System32\EPPICLocal_KO.cfg -> [Ver = | Size = 5817 bytes | Created Date = 3/19/2008 2:24:08 AM | Attr = ] EPPICLocal_PT.cfg -> %SystemRoot%\System32\EPPICLocal_PT.cfg -> [Ver = | Size = 6347 bytes | Created Date = 3/19/2008 2:24:07 AM | Attr = ] EPPICLocal_RU.cfg -> %SystemRoot%\System32\EPPICLocal_RU.cfg -> [Ver = | Size = 2889 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICLocal_SC.cfg -> %SystemRoot%\System32\EPPICLocal_SC.cfg -> [Ver = | Size = 5436 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICLocal_TC.cfg -> %SystemRoot%\System32\EPPICLocal_TC.cfg -> [Ver = | Size = 2426 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPicMgr.dll -> %SystemRoot%\System32\EPPicMgr.dll -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 65536 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern1.dat -> %SystemRoot%\System32\EPPICPattern1.dat -> [Ver = | Size = 26154 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern121.dat -> %SystemRoot%\System32\EPPICPattern121.dat -> [Ver = | Size = 27417 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern131.dat -> %SystemRoot%\System32\EPPICPattern131.dat -> [Ver = | Size = 31053 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern2.dat -> %SystemRoot%\System32\EPPICPattern2.dat -> [Ver = | Size = 20148 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern3.dat -> %SystemRoot%\System32\EPPICPattern3.dat -> [Ver = | Size = 24903 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern4.dat -> %SystemRoot%\System32\EPPICPattern4.dat -> [Ver = | Size = 11811 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern5.dat -> %SystemRoot%\System32\EPPICPattern5.dat -> [Ver = | Size = 21390 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPattern6.dat -> %SystemRoot%\System32\EPPICPattern6.dat -> [Ver = | Size = 4943 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_BP.dat -> %SystemRoot%\System32\EPPICPresetData_BP.dat -> [Ver = | Size = 1139 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_CF.dat -> %SystemRoot%\System32\EPPICPresetData_CF.dat -> [Ver = | Size = 1129 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_DU.dat -> %SystemRoot%\System32\EPPICPresetData_DU.dat -> [Ver = | Size = 1146 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_EN.dat -> %SystemRoot%\System32\EPPICPresetData_EN.dat -> [Ver = | Size = 1104 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_ES.dat -> %SystemRoot%\System32\EPPICPresetData_ES.dat -> [Ver = | Size = 1136 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_FR.dat -> %SystemRoot%\System32\EPPICPresetData_FR.dat -> [Ver = | Size = 1129 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_GE.dat -> %SystemRoot%\System32\EPPICPresetData_GE.dat -> [Ver = | Size = 1107 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_IT.dat -> %SystemRoot%\System32\EPPICPresetData_IT.dat -> [Ver = | Size = 1120 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPresetData_PT.dat -> %SystemRoot%\System32\EPPICPresetData_PT.dat -> [Ver = | Size = 1139 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EPPICPrinterDB.dat -> %SystemRoot%\System32\EPPICPrinterDB.dat -> [Ver = | Size = 111932 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EpPicPrt.dll -> %SystemRoot%\System32\EpPicPrt.dll -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 114688 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] E_DCINST.DLL -> %SystemRoot%\System32\E_DCINST.DLL -> SEIKO EPSON CORP. [Ver = 1, 0, 0, 5 | Size = 49152 bytes | Created Date = 3/19/2008 2:23:11 AM | Attr = ] E_FD4BBHP.DLL -> %SystemRoot%\System32\E_FD4BBHP.DLL -> SEIKO EPSON CORPORATION [Ver = 1, 1, 0, 0 | Size = 62976 bytes | Created Date = 3/19/2008 2:23:09 AM | Attr = ] E_FLBBHP.DLL -> %SystemRoot%\System32\E_FLBBHP.DLL -> SEIKO EPSON CORPORATION [Ver = 1, 4, 0, 0 | Size = 73216 bytes | Created Date = 3/19/2008 2:23:09 AM | Attr = ] ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 7680 bytes | Created Date = 3/19/2008 12:24:53 AM | Attr = ] ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 3/19/2008 12:24:53 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 291680 bytes | Created Date = 3/18/2008 4:10:42 AM | Attr = ] gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 3/19/2008 6:46:48 AM | Attr = ] hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 3/18/2008 12:17:47 PM | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 3/18/2008 12:17:31 PM | Attr = ] ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 3/18/2008 12:18:46 PM | Attr = ] kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] korean.uce -> %SystemRoot%\System32\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 3/18/2008 12:19:55 PM | Attr = RH ] LoopyMusic.wav -> %SystemRoot%\System32\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Created Date = 3/19/2008 5:55:37 PM | Attr = ] msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 3/18/2008 12:17:38 PM | Attr = ] msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 3/18/2008 12:17:38 PM | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/18/2008 12:19:47 PM | Attr = RH ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 3/18/2008 12:21:04 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 111544 bytes | Created Date = 3/18/2008 12:31:39 PM | Attr = ] nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 17177 bytes | Created Date = 3/18/2008 12:31:12 PM | Attr = ] nvsmb.nvu -> %SystemRoot%\System32\nvsmb.nvu -> [Ver = | Size = 1864 bytes | Created Date = 3/18/2008 12:30:52 PM | Attr = R ] nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 3/18/2008 12:31:12 PM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 3/18/2008 12:30:44 PM | Attr = ] nvusmb.exe -> %SystemRoot%\System32\nvusmb.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 3/18/2008 12:30:52 PM | Attr = R ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/18/2008 12:19:47 PM | Attr = RH ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 3/19/2008 6:46:46 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 3/18/2008 4:11:51 AM | Attr = ] PICEntry.dll -> %SystemRoot%\System32\PICEntry.dll -> SEIKO EPSON CORPORATION [Ver = 3.0.0.1 | Size = 77824 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] PICSDK.dll -> %SystemRoot%\System32\PICSDK.dll -> SEIKO EPSON CORPORATION [Ver = 3.0.0.0 | Size = 73728 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] PICSDK.ini -> %SystemRoot%\System32\PICSDK.ini -> [Ver = | Size = 97 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] PICSDK2.dll -> %SystemRoot%\System32\PICSDK2.dll -> SEIKO EPSON CORPORATION [Ver = 3.0.1.2 | Size = 495616 bytes | Created Date = 3/19/2008 2:24:09 AM | Attr = ] RTSndMgr.cpl -> %SystemRoot%\System32\RTSndMgr.cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 9 | Size = 282624 bytes | Created Date = 3/19/2008 5:48:50 PM | Attr = R ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/18/2008 12:19:47 PM | Attr = RH ] shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 3/18/2008 4:11:36 AM | Attr = ] subrange.uce -> %SystemRoot%\System32\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] tslabels.h -> %SystemRoot%\System32\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 3/18/2008 12:17:39 PM | Attr = ] tslabels.ini -> %SystemRoot%\System32\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 3/18/2008 12:17:39 PM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 3/19/2008 6:46:48 AM | Attr = ] unrar.dll -> %SystemRoot%\System32\unrar.dll -> [Ver = | Size = 164352 bytes | Created Date = 3/19/2008 12:24:57 AM | Attr = ] usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 3/18/2008 12:17:39 PM | Attr = ] vp6vfw.dll -> %SystemRoot%\System32\vp6vfw.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Created Date = 3/18/2008 3:38:24 PM | Attr = R ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 3/18/2008 12:19:55 PM | Attr = RH ] wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 3/18/2008 12:17:32 PM | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 3/18/2008 12:19:47 PM | Attr = RH ] ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 3/19/2008 6:47:36 AM | Attr = ] Alcmtr.exe -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Created Date = 3/19/2008 5:48:34 PM | Attr = R ] alcwzrd.exe -> %SystemRoot%\alcwzrd.exe -> RealTek Semicoductor Corp. [Ver = 1.1.0.36 | Size = 2808832 bytes | Created Date = 3/19/2008 5:48:33 PM | Attr = R ] Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 3/18/2008 12:17:41 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 3/18/2008 12:24:00 PM | Attr = S] CDE C59Asia.ini -> %SystemRoot%\CDE C59Asia.ini -> [Ver = | Size = 25 bytes | Created Date = 3/19/2008 2:19:51 AM | Attr = ] Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 3/18/2008 12:21:08 PM | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 3/18/2008 12:19:07 PM | Attr = ] FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Created Date = 3/19/2008 5:47:51 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 3/18/2008 4:11:55 AM | Attr = ] MicCal.exe -> %SystemRoot%\MicCal.exe -> Realtek Semiconductor Corp. [Ver = 1.1.1.8 | Size = 2165760 bytes | Created Date = 3/19/2008 5:48:42 PM | Attr = R ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1158 bytes | Created Date = 3/19/2008 4:35:57 AM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 3/18/2008 5:33:48 PM | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 3/18/2008 4:11:50 AM | Attr = ] Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 3/18/2008 12:25:22 PM | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] RTHDCPL.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.5.5 | Size = 16841216 bytes | Created Date = 3/19/2008 5:48:43 PM | Attr = R ] RTLCPL.exe -> %SystemRoot%\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.65 | Size = 9715200 bytes | Created Date = 3/19/2008 5:48:48 PM | Attr = R ] RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 8 | Size = 520192 bytes | Created Date = 3/19/2008 5:47:51 PM | Attr = R ] RtlUpd.exe -> %SystemRoot%\RtlUpd.exe -> Realtek Semiconductor Corp. [Ver = 2, 7, 0, 7 | Size = 1191936 bytes | Created Date = 3/19/2008 5:48:51 PM | Attr = R ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] SkyTel.exe -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 2.0.1.20 | Size = 1826816 bytes | Created Date = 3/19/2008 5:48:52 PM | Attr = R ] Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] SoundMan.exe -> %SystemRoot%\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 30 | Size = 86016 bytes | Created Date = 3/19/2008 5:48:52 PM | Attr = R ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 3/18/2008 12:18:10 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 3/18/2008 12:18:10 PM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 3/18/2008 12:19:47 PM | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 3/18/2008 12:19:07 PM | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 3/18/2008 12:19:07 PM | Attr = HS] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 3/18/2008 12:21:03 PM | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 3/18/2008 12:17:42 PM | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 3/18/2008 12:19:00 PM | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 3/18/2008 12:26:35 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 3/21/2008 11:25:45 AM | Attr = ] BitDefender -> %AllUsersProfile%\Application Data\BitDefender -> [Folder | Created Date = 3/18/2008 12:41:55 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 3/18/2008 4:11:26 AM | Attr = HS] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 3/19/2008 4:00:03 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 3/19/2008 2:20:52 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Created Date = 3/18/2008 4:11:08 AM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 3/18/2008 2:53:01 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 3/19/2008 2:32:04 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 3/19/2008 4:01:59 PM | Attr = ] @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:0F8F5844 Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Created Date = 3/21/2008 7:27:18 PM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Created Date = 3/22/2008 10:57:36 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 3/18/2008 1:28:39 PM | Attr = ] Bitdefender -> %AppData%\Bitdefender -> [Folder | Created Date = 3/18/2008 12:42:20 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 3/18/2008 12:27:13 PM | Attr = HS] Google -> %AppData%\Google -> [Folder | Created Date = 3/20/2008 12:34:49 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 3/19/2008 2:25:30 AM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 3/18/2008 12:27:20 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Created Date = 3/18/2008 12:30:41 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 3/18/2008 1:28:40 PM | Attr = ] Media Player Classic -> %AppData%\Media Player Classic -> [Folder | Created Date = 3/19/2008 11:31:57 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 3/18/2008 12:27:12 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 3/18/2008 5:32:59 PM | Attr = ] Sibelius Software -> %AppData%\Sibelius Software -> [Folder | Created Date = 3/21/2008 11:03:39 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 3/19/2008 2:31:50 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 3/22/2008 12:23:45 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 3/23/2008 3:48:57 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 3/22/2008 10:57:36 AM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 3/21/2008 11:26:14 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 6144 bytes | Created Date = 3/20/2008 11:16:51 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 12328 bytes | Created Date = 3/18/2008 1:23:30 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 3/20/2008 12:34:49 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5888176 bytes | Created Date = 3/18/2008 12:55:17 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 3/18/2008 12:27:12 PM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 3/18/2008 2:55:49 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 3/18/2008 5:32:59 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 3/18/2008 4:11:26 AM | Attr = HS] EA Games -> %AllUsersProfile%\Documents\EA Games -> [Folder | Created Date = 3/18/2008 4:08:19 PM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Created Date = 3/18/2008 12:17:58 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Created Date = 3/18/2008 12:18:38 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Created Date = 3/18/2008 12:17:10 PM | Attr = R ] beowulf -> %UserProfile%\My Documents\beowulf -> [Folder | Created Date = 3/19/2008 3:37:09 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 77 bytes | Created Date = 3/18/2008 12:27:16 PM | Attr = HS] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 3/22/2008 12:27:55 PM | Attr = ] EA Games -> %UserProfile%\My Documents\EA Games -> [Folder | Created Date = 3/18/2008 3:57:20 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 3/18/2008 12:27:16 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 3/18/2008 12:27:16 PM | Attr = R ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 3/21/2008 11:25:50 AM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 3/19/2008 2:21:14 AM | Attr = ] BitDefender Antivirus Plus v10.lnk -> %AllUsersProfile%\Desktop\BitDefender Antivirus Plus v10.lnk -> [Ver = | Size = 1795 bytes | Created Date = 3/18/2008 12:42:09 PM | Attr = ] ESC58_59 User's Guide.lnk -> %AllUsersProfile%\Desktop\ESC58_59 User's Guide.lnk -> [Ver = | Size = 1822 bytes | Created Date = 3/19/2008 2:23:40 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 3/18/2008 5:26:25 PM | Attr = ] pamdam.lnk -> %AllUsersProfile%\Desktop\pamdam.lnk -> [Ver = | Size = 552 bytes | Created Date = 3/18/2008 1:22:15 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 3/19/2008 2:31:54 AM | Attr = ] The Sims™ 2 Deluxe.lnk -> %AllUsersProfile%\Desktop\The Sims™ 2 Deluxe.lnk -> [Ver = | Size = 1894 bytes | Created Date = 3/18/2008 3:58:35 PM | Attr = ] Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Created Date = 3/21/2008 7:27:20 PM | Attr = ] AdbeRdr812_en_US.exe -> %UserProfile%\Desktop\AdbeRdr812_en_US.exe -> [Ver = 1.0.0.921 | Size = 23454528 bytes | Created Date = 3/21/2008 11:14:01 AM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 3/19/2008 2:08:40 AM | Attr = ] avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Created Date = 3/19/2008 2:13:09 AM | Attr = ] exultet.mp3 -> %UserProfile%\Desktop\exultet.mp3 -> [Ver = | Size = 9725996 bytes | Created Date = 3/21/2008 11:34:18 AM | Attr = ] exultet.nwc -> %UserProfile%\Desktop\exultet.nwc -> [Ver = | Size = 2842 bytes | Created Date = 3/21/2008 11:37:18 AM | Attr = ] exultet.pdf -> %UserProfile%\Desktop\exultet.pdf -> [Ver = | Size = 1141687 bytes | Created Date = 3/21/2008 11:37:02 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 3/19/2008 7:03:13 AM | Attr = ] klcodec380s.exe -> %UserProfile%\Desktop\klcodec380s.exe -> [Ver = 3.8.0.0 | Size = 7535763 bytes | Created Date = 3/19/2008 12:21:21 AM | Attr = ] msgr8us.exe -> %UserProfile%\Desktop\msgr8us.exe -> Yahoo! Inc. [Ver = 2008.03.14.02 | Size = 446000 bytes | Created Date = 3/21/2008 7:18:55 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 3/23/2008 4:05:32 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 482640 bytes | Created Date = 3/23/2008 4:03:17 AM | Attr = ] scan logs -> %UserProfile%\Desktop\scan logs -> [Folder | Created Date = 3/19/2008 11:22:04 AM | Attr = ] script o the senakulo.doc -> %UserProfile%\Desktop\script o the senakulo.doc -> [Ver = | Size = 28160 bytes | Created Date = 3/21/2008 12:52:11 AM | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Created Date = 3/19/2008 2:28:22 AM | Attr = ] University_Rev_A_Installer.dmg -> %UserProfile%\Desktop\University_Rev_A_Installer.dmg -> [Ver = | Size = 30901480 bytes | Created Date = 3/19/2008 4:14:37 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 3/18/2008 4:11:26 AM | Attr = HS] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 3/18/2008 12:27:13 PM | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2/27/2008 11:11:53 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 2/24/2008 3:08:14 PM | Attr = ] Cisco Systems -> %CommonProgramFiles%\Cisco Systems -> [Folder | Created Date = 3/14/2008 10:56:09 AM | Attr = ] Softwin -> %CommonProgramFiles%\Softwin -> [Folder | Created Date = 3/18/2008 12:40:55 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 3/19/2008 2:31:35 AM | Attr = ] [Files/Folders - Modified Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 3/14/2008 8:03:24 AM | Attr = RH ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 3/18/2008 12:16:42 PM | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 3/19/2008 9:50:09 AM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 3/18/2008 2:50:21 PM | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/22/2008 12:23:49 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 3/18/2008 12:28:02 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 3/18/2008 12:26:37 PM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 3/18/2008 6:12:02 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/20/2008 3:07:32 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/18/2008 4:06:48 AM | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 3/18/2008 12:24:00 PM | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 3/18/2008 4:06:24 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 3/19/2008 7:42:03 AM | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 3/18/2008 12:21:04 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 3/11/2008 9:11:31 PM | Attr = ] bdod.bin -> %SystemRoot%\System32\bdod.bin -> [Ver = | Size = 81984 bytes | Modified Date = 3/23/2008 4:06:22 AM | Attr = ] BuzzingBee.wav -> %SystemRoot%\System32\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Modified Date = 3/19/2008 5:55:38 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/23/2008 12:13:36 AM | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/18/2008 12:19:47 PM | Attr = RH ] CMMGR32.EXE -> %SystemRoot%\System32\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Modified Date = 3/19/2008 2:37:05 AM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 3/19/2008 1:44:12 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/19/2008 7:42:22 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 3/18/2008 12:21:08 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/20/2008 2:55:42 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/20/2008 2:55:35 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2/24/2008 3:08:36 PM | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 3/18/2008 12:18:18 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 291680 bytes | Modified Date = 3/21/2008 6:06:25 PM | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 3/19/2008 6:46:48 AM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 3/18/2008 12:20:37 PM | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 3/18/2008 4:06:45 AM | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 3/18/2008 12:19:55 PM | Attr = RH ] LoopyMusic.wav -> %SystemRoot%\System32\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Modified Date = 3/19/2008 5:55:38 PM | Attr = ] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Modified Date = 3/18/2008 12:18:03 PM | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/18/2008 12:19:47 PM | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 3/18/2008 4:08:38 AM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 3/18/2008 12:21:04 PM | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/18/2008 12:19:47 PM | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 3/18/2008 12:19:10 PM | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 3/19/2008 6:46:48 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 3/23/2008 3:50:01 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 3/23/2008 3:50:01 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 3/23/2008 3:50:01 AM | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 3/18/2008 4:06:49 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 3/18/2008 12:26:37 PM | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Modified Date = 3/19/2008 5:50:04 PM | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/18/2008 12:19:47 PM | Attr = RH ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 3/18/2008 4:09:25 AM | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 3/19/2008 6:46:49 AM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 3/18/2008 4:09:17 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 3/19/2008 7:47:33 AM | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 3/18/2008 12:19:55 PM | Attr = RH ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 3/23/2008 3:50:44 AM | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/18/2008 12:19:47 PM | Attr = RH ] $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 3/18/2008 7:00:54 PM | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 3/19/2008 7:36:34 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/23/2008 3:44:45 AM | Attr = S] CDE C59Asia.ini -> %SystemRoot%\CDE C59Asia.ini -> [Ver = | Size = 25 bytes | Modified Date = 3/19/2008 2:19:51 AM | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 3/18/2008 12:21:08 PM | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 3/18/2008 12:17:52 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/19/2008 2:10:00 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3/19/2008 7:36:39 AM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 3/18/2008 4:09:02 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/21/2008 11:02:08 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/19/2008 12:15:21 AM | Attr = ] HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 3/19/2008 5:47:51 PM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 3/18/2008 4:09:02 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 3/20/2008 2:55:38 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 3/20/2008 4:37:02 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 3/21/2008 11:26:26 AM | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 3/18/2008 4:09:00 AM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1158 bytes | Modified Date = 3/19/2008 4:35:59 AM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 3/19/2008 2:14:45 PM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 3/18/2008 4:09:03 AM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 3/18/2008 5:33:48 PM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 3/18/2008 12:56:26 PM | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 3/18/2008 12:20:53 PM | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 3/18/2008 12:19:55 PM | Attr = R ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 3/18/2008 4:08:50 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/23/2008 4:05:07 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 3/19/2008 7:40:19 AM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 3/18/2008 12:25:22 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 3/18/2008 12:21:21 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 3/18/2008 12:55:43 PM | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 3/18/2008 3:02:46 PM | Attr = H ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 3/19/2008 7:41:56 AM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 3/18/2008 12:19:33 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 3/18/2008 4:11:36 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 3/18/2008 4:11:47 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/23/2008 3:50:01 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/18/2008 12:26:35 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/23/2008 4:03:54 AM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 3/18/2008 4:06:54 AM | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 3/18/2008 12:18:10 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 3/18/2008 12:18:10 PM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 3/18/2008 12:19:58 PM | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 749 bytes | Modified Date = 3/23/2008 12:34:05 AM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 3/18/2008 12:19:47 PM | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 3/18/2008 3:03:48 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 3/18/2008 12:21:05 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/23/2008 3:44:46 AM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 3/20/2008 11:25:00 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 3/20/2008 11:25:00 AM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3/18/2008 3:23:45 PM | Attr = ] ose00000.exe -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 10/28/2006 12:14:30 PM | Attr = R ] VP6Install.exe -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\VP6Install.exe -> [Ver = | Size = 23040 bytes | Modified Date = 4/5/2007 6:39:06 AM | Attr = R ] _is6B.exe -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\_is6B.exe -> Macrovision Corporation [Ver = 12.0.49974 | Size = 455600 bytes | Modified Date = 5/24/2006 8:10:42 PM | Attr = R ] 3 C:\Documents and Settings\pamdam.X2\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\*.tmp -> VP6VFW.dll -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\VP6VFW.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Modified Date = 4/5/2007 6:39:06 AM | Attr = R ] 3 C:\Documents and Settings\pamdam.X2\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\*.tmp -> ISSetup.dll -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\{0D110CC0-C95E-4E81-9EEB-5A8DC59F2B52}\ISSetup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 552214 bytes | Modified Date = 3/9/2007 8:38:50 PM | Attr = R ] _Setup.dll -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\{0D110CC0-C95E-4E81-9EEB-5A8DC59F2B52}\_Setup.dll -> Macrovision Corporation [Ver = 12.0.49974 | Size = 373680 bytes | Modified Date = 5/17/2006 7:21:08 PM | Attr = R ] {AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 602 bytes | Modified Date = 3/21/2008 11:25:14 AM | Attr = ] 3 C:\Documents and Settings\pamdam.X2\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\pamdam.X2\Local Settings\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 3/21/2008 11:26:15 AM | Attr = ] BitDefender -> %AllUsersProfile%\Application Data\BitDefender -> [Folder | Modified Date = 3/18/2008 12:42:15 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 3/18/2008 4:11:26 AM | Attr = HS] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 3/19/2008 4:00:03 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 3/19/2008 2:20:52 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 3/18/2008 3:58:37 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 3/18/2008 3:08:16 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 3/19/2008 2:32:04 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 3/19/2008 4:06:28 PM | Attr = ] @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\Application Data\TEMP:0F8F5844 Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Modified Date = 3/22/2008 3:05:56 AM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Modified Date = 3/22/2008 10:57:36 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 3/21/2008 11:28:14 AM | Attr = ] Bitdefender -> %AppData%\Bitdefender -> [Folder | Modified Date = 3/18/2008 12:42:20 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 3/18/2008 4:11:26 AM | Attr = HS] Google -> %AppData%\Google -> [Folder | Modified Date = 3/20/2008 12:34:49 PM | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 3/19/2008 2:25:30 AM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 3/18/2008 12:27:20 PM | Attr = ] InstallShield -> %AppData%\InstallShield -> [Folder | Modified Date = 3/18/2008 12:30:41 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 3/18/2008 1:28:40 PM | Attr = ] Media Player Classic -> %AppData%\Media Player Classic -> [Folder | Modified Date = 3/19/2008 11:32:39 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 3/19/2008 12:18:55 AM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 3/18/2008 5:32:59 PM | Attr = ] Sibelius Software -> %AppData%\Sibelius Software -> [Folder | Modified Date = 3/21/2008 11:03:39 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 3/19/2008 2:31:50 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 3/23/2008 3:43:41 AM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 3/23/2008 3:48:57 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 3/22/2008 12:03:05 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 3/21/2008 11:28:21 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 6144 bytes | Modified Date = 3/22/2008 3:58:05 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 12328 bytes | Modified Date = 3/18/2008 1:23:30 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 3/20/2008 12:34:50 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5888176 bytes | Modified Date = 3/21/2008 2:03:30 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 3/18/2008 1:25:20 PM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Modified Date = 3/18/2008 2:55:49 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 3/18/2008 5:32:59 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 3/18/2008 4:11:26 AM | Attr = HS] EA Games -> %AllUsersProfile%\Documents\EA Games -> [Folder | Modified Date = 3/18/2008 4:08:19 PM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 3/18/2008 12:19:08 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 3/18/2008 12:19:07 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 3/18/2008 12:17:10 PM | Attr = R ] beowulf -> %UserProfile%\My Documents\beowulf -> [Folder | Modified Date = 3/19/2008 3:51:04 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 77 bytes | Modified Date = 3/18/2008 12:27:27 PM | Attr = HS] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 3/22/2008 1:21:37 PM | Attr = ] EA Games -> %UserProfile%\My Documents\EA Games -> [Folder | Modified Date = 3/18/2008 3:57:20 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 3/21/2008 7:27:20 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 3/21/2008 7:27:20 PM | Attr = R ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 3/21/2008 11:25:50 AM | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 3/19/2008 2:21:14 AM | Attr = ] BitDefender Antivirus Plus v10.lnk -> %AllUsersProfile%\Desktop\BitDefender Antivirus Plus v10.lnk -> [Ver = | Size = 1795 bytes | Modified Date = 3/18/2008 12:42:09 PM | Attr = ] ESC58_59 User's Guide.lnk -> %AllUsersProfile%\Desktop\ESC58_59 User's Guide.lnk -> [Ver = | Size = 1822 bytes | Modified Date = 3/19/2008 2:23:40 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 3/18/2008 5:26:25 PM | Attr = ] pamdam.lnk -> %AllUsersProfile%\Desktop\pamdam.lnk -> [Ver = | Size = 552 bytes | Modified Date = 3/18/2008 1:22:15 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 3/19/2008 2:31:54 AM | Attr = ] The Sims™ 2 Deluxe.lnk -> %AllUsersProfile%\Desktop\The Sims™ 2 Deluxe.lnk -> [Ver = | Size = 1894 bytes | Modified Date = 3/18/2008 3:58:35 PM | Attr = ] Yahoo! Mail.lnk -> %AllUsersProfile%\Desktop\Yahoo! Mail.lnk -> [Ver = | Size = 1535 bytes | Modified Date = 3/21/2008 7:27:20 PM | Attr = ] AdbeRdr812_en_US.exe -> %UserProfile%\Desktop\AdbeRdr812_en_US.exe -> [Ver = 1.0.0.921 | Size = 23454528 bytes | Modified Date = 3/21/2008 11:22:32 AM | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Desktop\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/19/2008 2:08:40 AM | Attr = ] avgas-setup-7.5.1.43-3339.exe -> %UserProfile%\Desktop\avgas-setup-7.5.1.43-3339.exe -> [Ver = | Size = 14113576 bytes | Modified Date = 3/19/2008 2:18:37 AM | Attr = ] exultet.mp3 -> %UserProfile%\Desktop\exultet.mp3 -> [Ver = | Size = 9725996 bytes | Modified Date = 3/21/2008 11:50:11 AM | Attr = ] exultet.nwc -> %UserProfile%\Desktop\exultet.nwc -> [Ver = | Size = 2842 bytes | Modified Date = 3/21/2008 11:37:22 AM | Attr = ] exultet.pdf -> %UserProfile%\Desktop\exultet.pdf -> [Ver = | Size = 1141687 bytes | Modified Date = 3/21/2008 11:37:51 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 3/19/2008 7:03:13 AM | Attr = ] klcodec380s.exe -> %UserProfile%\Desktop\klcodec380s.exe -> [Ver = 3.8.0.0 | Size = 7535763 bytes | Modified Date = 3/19/2008 12:24:43 AM | Attr = ] msgr8us.exe -> %UserProfile%\Desktop\msgr8us.exe -> Yahoo! Inc. [Ver = 2008.03.14.02 | Size = 446000 bytes | Modified Date = 3/21/2008 7:19:01 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 3/23/2008 4:05:32 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 482640 bytes | Modified Date = 3/23/2008 4:02:52 AM | Attr = ] scan logs -> %UserProfile%\Desktop\scan logs -> [Folder | Modified Date = 3/19/2008 11:22:18 AM | Attr = ] script o the senakulo.doc -> %UserProfile%\Desktop\script o the senakulo.doc -> [Ver = | Size = 28160 bytes | Modified Date = 3/21/2008 1:24:37 AM | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 3/19/2008 2:30:30 AM | Attr = ] University_Rev_A_Installer.dmg -> %UserProfile%\Desktop\University_Rev_A_Installer.dmg -> [Ver = | Size = 30901480 bytes | Modified Date = 3/19/2008 4:27:14 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 3/18/2008 12:21:11 PM | Attr = HS] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 3/18/2008 12:21:11 PM | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2/27/2008 11:12:03 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 2/24/2008 3:08:14 PM | Attr = ] Cisco Systems -> %CommonProgramFiles%\Cisco Systems -> [Folder | Modified Date = 3/14/2008 10:56:09 AM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/18/2008 3:03:51 PM | Attr = ] Softwin -> %CommonProgramFiles%\Softwin -> [Folder | Modified Date = 3/18/2008 12:41:59 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 3/19/2008 1:44:42 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 3/19/2008 2:31:35 AM | Attr = ] < End of report > [/code]