[code] OTScanIt logfile created on: 24/04/2008 17:16:29 OTScanIt by OldTimer - Version 1.0.11.5 Folder = C:\Users\steve\Desktop\OTScanIt Windows Vista (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16643) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.75% Memory free 4.00 Gb Paging File | 2.42 Gb Available in Paging File | 60.53% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.26 Gb Total Space | 87.49 Gb Free Space | 61.94% Space Free | Partition Type: NTFS Drive D: | 7.79 Gb Total Space | 2.07 Gb Free Space | 26.56% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAXIMUM-BOB Current User Name: steve Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 17272 bytes | Modified Date = 29/03/2008 18:11:18 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 144760 bytes | Modified Date = 29/03/2008 18:37:02 | Attr = ] apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.251 | Size = 159744 bytes | Modified Date = 11/03/2007 12:21:50 | Attr = ] iaanotif.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> Intel Corporation [Ver = 7.0.0.1020 | Size = 174872 bytes | Modified Date = 12/02/2007 15:37:58 | Attr = ] qpservice.exe -> %ProgramFiles%\HP\QuickPlay\QPService.exe -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 24/04/2007 02:11:20 | Attr = ] apmsgfwd.exe -> %ProgramFiles%\Apoint2K\ApMsgFwd.exe -> Alps Electric Co., Ltd. [Ver = 7, 0, 0, 15 | Size = 50736 bytes | Modified Date = 29/01/2007 20:07:18 | Attr = ] qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 2, 2, 1 | Size = 159744 bytes | Modified Date = 13/02/2007 19:38:36 | Attr = ] clcapsvc.exe -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [Ver = 5.00.2819 | Size = 262243 bytes | Modified Date = 24/04/2007 02:11:42 | Attr = ] hpwamain.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3, 0, 5, 1 | Size = 472776 bytes | Modified Date = 01/03/2007 21:18:36 | Attr = ] wifimsg.exe -> %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -> Hewlett-Packard Development Company, L.P. [Ver = 3.0.4.1 | Size = 317128 bytes | Modified Date = 11/01/2007 00:12:08 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 07:11:42 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 79224 bytes | Modified Date = 29/03/2008 18:37:13 | Attr = ] winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 14, 0, 2007, 1 | Size = 316728 bytes | Modified Date = 27/01/2008 06:38:16 | Attr = ] apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 7.0.1.26 | Size = 40960 bytes | Modified Date = 08/09/2006 16:06:08 | Attr = ] pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ] bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 6.0.1.3700 | Size = 719664 bytes | Modified Date = 20/12/2006 13:27:40 | Attr = ] iaantmon.exe -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.0.0.1020 | Size = 355096 bytes | Modified Date = 12/02/2007 15:38:04 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 15/12/2006 01:49:10 | Attr = ] psiservice_2.exe -> %CommonProgramFiles%\Protexis\License Service\PsiService_2.exe -> Protexis Inc. [Ver = 2.0.1.124 | Size = 185632 bytes | Modified Date = 24/07/2007 12:15:14 | Attr = ] btstackserver.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTStackServer.exe -> Broadcom Corporation. [Ver = 6.0.1.3700 | Size = 1600304 bytes | Modified Date = 20/12/2006 13:27:38 | Attr = ] pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 10/12/2007 14:53:44 | Attr = ] pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ] xaudio.exe -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 06:28:08 | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02/05/2006 22:41:28 | Attr = ] clsched.exe -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\CLSched.exe -> [Ver = 5.00.2819 | Size = 106593 bytes | Modified Date = 24/04/2007 02:11:44 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 247160 bytes | Modified Date = 29/03/2008 18:36:22 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 345464 bytes | Modified Date = 29/03/2008 18:30:47 | Attr = ] hpqtoaster.exe -> %ProgramFiles%\Hewlett-Packard\Shared\HpqToaster.exe -> [Ver = 1, 10, 1, 1 | Size = 677576 bytes | Modified Date = 30/01/2007 23:58:52 | Attr = ] hphc_service.exe -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.0.9.1 | Size = 62984 bytes | Modified Date = 14/03/2007 20:07:30 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.5 | Size = 370688 bytes | Modified Date = 24/04/2008 04:30:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 17272 bytes | Modified Date = 29/03/2008 18:11:18 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 144760 bytes | Modified Date = 29/03/2008 18:37:02 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 247160 bytes | Modified Date = 29/03/2008 18:36:22 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 345464 bytes | Modified Date = 29/03/2008 18:30:47 | Attr = ] (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found (CLCapSvc) CyberLink Background Capture Service (CBCS) [Win32_Own | Auto | Running] -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -> [Ver = 5.00.2819 | Size = 262243 bytes | Modified Date = 24/04/2007 02:11:42 | Attr = ] (CLSched) CyberLink Task Scheduler (CTS) [Win32_Own | Auto | Running] -> %ProgramFiles%\HP\QuickPlay\Kernel\TV\CLSched.exe -> [Ver = 5.00.2819 | Size = 106593 bytes | Modified Date = 24/04/2007 02:11:44 | Attr = ] (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found (HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Service.exe -> Hewlett-Packard [Ver = 2.0.9.1 | Size = 62984 bytes | Modified Date = 14/03/2007 20:07:30 | Attr = ] (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 9 | Size = 135168 bytes | Modified Date = 02/05/2006 22:41:28 | Attr = ] (IAANTMON) Intel(R) Matrix Storage Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> Intel Corporation [Ver = 7.0.0.1020 | Size = 355096 bytes | Modified Date = 12/02/2007 15:38:04 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 11:24:18 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 15/12/2006 01:49:10 | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found (PSI_SVC_2) Protexis Licensing V2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Protexis\License Service\PsiService_2.exe -> Protexis Inc. [Ver = 2.0.1.124 | Size = 185632 bytes | Modified Date = 24/07/2007 12:15:14 | Attr = ] (RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> Sonic Solutions [Ver = 9.0.5.98 | Size = 880640 bytes | Modified Date = 12/02/2007 17:36:58 | Attr = ] (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.1.0.902 | Size = 92792 bytes | Modified Date = 21/06/2007 21:55:52 | Attr = ] (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 10/12/2007 14:53:44 | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ] (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> MicroVision Development, Inc. [Ver = 1.2.560 | Size = 74656 bytes | Modified Date = 17/02/2007 15:31:12 | Attr = R ] (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Running] -> -> File not found (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found (XAudioService) XAudioService [Win32_Own | Auto | Running] -> %SystemRoot%\System32\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.00.12.00 | Size = 386560 bytes | Modified Date = 10/07/2007 06:28:08 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 22:16:38 | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 7.0.1.251 | Size = 159744 bytes | Modified Date = 11/03/2007 12:21:50 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 79224 bytes | Modified Date = 29/03/2008 18:37:13 | Attr = ] CloneCDTray -> %ProgramFiles%\SlySoft\CloneCD\CloneCDTray.exe ["C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s] -> SlySoft, Inc. [Ver = 5, 3, 0, 0 | Size = 57344 bytes | Modified Date = 28/09/2006 20:21:04 | Attr = ] HP Health Check Scheduler -> %ProgramFiles%\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> Hewlett-Packard [Ver = 2.0.9.1 | Size = 50696 bytes | Modified Date = 12/03/2007 19:54:24 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 17/02/2005 07:11:42 | Attr = ] hpWirelessAssistant -> [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe] -> File not found IAAnotif -> %ProgramFiles%\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe] -> Intel Corporation [Ver = 7.0.0.1020 | Size = 174872 bytes | Modified Date = 12/02/2007 15:37:58 | Attr = ] ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ] NvCplDaemon -> %SystemRoot%\System32\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.0119 | Size = 8429568 bytes | Modified Date = 29/04/2007 11:05:00 | Attr = ] NvMediaCenter -> %SystemRoot%\System32\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.0119 | Size = 81920 bytes | Modified Date = 29/04/2007 11:05:00 | Attr = ] NvSvc -> %SystemRoot%\System32\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.0119 | Size = 86016 bytes | Modified Date = 29/04/2007 11:05:00 | Attr = ] NWEReboot -> [] -> File not found QlbCtrl -> [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> File not found QPService -> %ProgramFiles%\HP\QuickPlay\QPService.exe ["C:\Program Files\HP\QuickPlay\QPService.exe"] -> CyberLink Corp. [Ver = 4.5.0.0000 | Size = 176128 bytes | Modified Date = 24/04/2007 02:11:20 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ] WAWifiMessage -> [%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe] -> File not found Windows Defender -> [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> BillP Studios [Ver = 14, 0, 2007, 1 | Size = 316728 bytes | Modified Date = 27/01/2008 06:38:16 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 11/08/2005 16:30:30 | Attr = ] < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> File not found < Run [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 11/08/2005 16:30:30 | Attr = ] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {B6DDE7E6-0034-4354-9885-79EB839FD3EB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\vadokmxt.dll [vadokmxt] -> File not found {2ACEE2D1-110E-4EDE-BE4D-922ED9BD251B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\wdpoefan.dll [wdpoefan] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoActiveDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\ClassicShell -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoThemesTab -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\ForceActiveDesktopOn -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoActiveDesktop -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoSaveSettings -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\ClassicShell -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoThemesTab -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\ForceActiveDesktopOn -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts -> ::1 localhost -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.co.uk -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://search.msn.com/intl/searchpane/en-au/prov2.htm -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://search.msn.com/intl/searchpane/en-au/prov2.htm -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\] > -> -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\: Main\\Local Page -> C:\Windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\: Main\\Search Bar -> http://search.msn.com/spbasic.htm -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\: Main\\Start Page -> http://www.msn.co.uk -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 04:25:19 | Attr = ] {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Send image to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 29/08/2006 16:12:28 | Attr = ] Send page to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 20:28:50 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\] > -> HKEY_USERS\S-1-5-21-2004156354-2581284973-3441749290-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Send image to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 29/08/2006 16:12:28 | Attr = ] Send page to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm -> [Ver = | Size = 5601 bytes | Modified Date = 26/10/2006 20:28:50 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {AF86946A-0FA2-4BC5-A99C-87D5EA717679} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {B4DC5B78-12A1-46E5-8FF1-FB54051AB728} -> () -> {C478EE68-8A8C-4467-B865-BE0A102102F4} -> (Marvell Yukon 88E8039 PCI-E Fast Ethernet Controller) -> < Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> ldap -> 4 = Restricted sites (Not a Default Protocol) -> news -> 4 = Restricted sites (Not a Default Protocol) -> nntp -> 4 = Restricted sites (Not a Default Protocol) -> oecmd -> 4 = Restricted sites (Not a Default Protocol) -> snews -> 4 = Restricted sites (Not a Default Protocol) -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> @ivt -> @ivt protocol not assigned -> file -> file protocol not assigned -> ftp -> ftp protocol not assigned -> http -> http protocol not assigned -> https -> https protocol not assigned -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {2357B3CF-7F8D-4451-8D81-FD6097610AEE}[HKEY_LOCAL_MACHINE] -> http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe[CamfrogWEB Advanced Unicode Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/System32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> [Registry - Additional Scans - Non-Microsoft Only] [Files/Folders - Created Within 90 days] BT3 -> %SystemDrive%\BT3 -> [Folder | Created Date = 21/04/2008 00:24:41 | Attr = ] CloneDVDTemp -> %SystemDrive%\CloneDVDTemp -> [Folder | Created Date = 24/03/2008 18:59:11 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] DVD_VIDEO -> %SystemDrive%\DVD_VIDEO -> [Folder | Created Date = 05/04/2008 17:51:09 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145771520 bytes | Created Date = 23/04/2008 19:10:18 | Attr = HS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 20/04/2008 22:56:03 | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 20/04/2008 22:56:03 | Attr = RHS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 01/03/2008 23:53:02 | Attr = HS] video -> %SystemDrive%\video -> [Folder | Created Date = 05/04/2008 18:55:29 | Attr = ] 103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMOBILE_CN10_Z.MRK -> %SystemRoot%\System32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMOBILE_CN10_Z.MRK -> [Ver = | Size = 0 bytes | Created Date = 01/03/2008 08:14:44 | Attr = RHS] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Created Date = 23/04/2008 02:03:56 | Attr = ] aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 50768 bytes | Created Date = 23/04/2008 02:03:14 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 23152 bytes | Created Date = 23/04/2008 01:50:51 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Created Date = 23/04/2008 02:03:56 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 42912 bytes | Created Date = 23/04/2008 01:50:51 | Attr = ] AvgArCln.sys -> %SystemRoot%\System32\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 23/04/2008 20:10:33 | Attr = ] CHDRT32.sys -> %SystemRoot%\System32\drivers\CHDRT32.sys -> Conexant Systems Inc. [Ver = 4.36.7.0 built by: WinDDK | Size = 188416 bytes | Created Date = 04/03/2008 02:32:00 | Attr = ] dvb7700all.sys -> %SystemRoot%\System32\drivers\dvb7700all.sys -> DiBcom [Ver = 2, 3, 0, 0 | Size = 427392 bytes | Created Date = 01/03/2008 08:33:41 | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 23/04/2008 01:00:07 | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 23/04/2008 01:00:07 | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 23/04/2008 01:00:07 | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 23/04/2008 01:00:07 | Attr = ] snpstd3.sys -> %SystemRoot%\System32\drivers\snpstd3.sys -> [Ver = 1, 1, 13, 1 | Size = 472960 bytes | Created Date = 23/03/2008 02:44:53 | Attr = ] yuanmodbda2.sys -> %SystemRoot%\System32\drivers\yuanmodbda2.sys -> DiBcom SA [Ver = 1.0.0.22 | Size = 32256 bytes | Created Date = 01/03/2008 08:33:41 | Attr = ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] ac3filter.ax -> %SystemRoot%\System32\ac3filter.ax -> [Ver = 0.70b | Size = 180224 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 23/04/2008 01:50:42 | Attr = ] actskn43.ocx -> %SystemRoot%\System32\actskn43.ocx -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 17/04/2008 20:50:02 | Attr = ] akttzn.exe -> %SystemRoot%\System32\akttzn.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] anticipator.dll -> %SystemRoot%\System32\anticipator.dll -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 1146232 bytes | Created Date = 23/04/2008 01:50:42 | Attr = ] AVASTSS.scr -> %SystemRoot%\System32\AVASTSS.scr -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 95608 bytes | Created Date = 23/04/2008 01:50:42 | Attr = ] awtoolb.dll -> %SystemRoot%\System32\awtoolb.dll -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] bdn.com -> %SystemRoot%\System32\bdn.com -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] BtwRSupport.dll -> %SystemRoot%\System32\BtwRSupport.dll -> Broadcom Corporation. [Ver = 6.0.1.3700 | Size = 229376 bytes | Created Date = 01/03/2008 08:16:19 | Attr = ] cdrvdl32.dll -> %SystemRoot%\System32\cdrvdl32.dll -> Willies Computer Software Co.(WCSC) [Ver = v16.1 | Size = 28672 bytes | Created Date = 22/04/2008 21:51:56 | Attr = R ] cdrvhf32.dll -> %SystemRoot%\System32\cdrvhf32.dll -> Willies Computer Software Co.(WCSC) [Ver = v16.1 | Size = 31744 bytes | Created Date = 22/04/2008 21:51:56 | Attr = R ] cdrvxf32.dll -> %SystemRoot%\System32\cdrvxf32.dll -> Willies Computer Software Co.(WCSC) [Ver = v16.1 | Size = 39424 bytes | Created Date = 22/04/2008 21:51:57 | Attr = R ] cfx4032.dll -> %SystemRoot%\System32\cfx4032.dll -> Software FX, Inc. [Ver = 5.0.14.1 | Size = 552960 bytes | Created Date = 22/04/2008 21:52:10 | Attr = R ] cfx4032.ocx -> %SystemRoot%\System32\cfx4032.ocx -> Software FX, Inc. [Ver = 5.0.14.1 | Size = 607432 bytes | Created Date = 22/04/2008 21:52:10 | Attr = R ] CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 09/03/2008 17:56:13 | Attr = ] CnxtAp32.dll -> %SystemRoot%\System32\CnxtAp32.dll -> Conexant Systems Inc. [Ver = 4.36.7.0 | Size = 2125312 bytes | Created Date = 04/03/2008 02:34:00 | Attr = ] coh.cache -> %SystemRoot%\System32\coh.cache -> [Ver = | Size = 16 bytes | Created Date = 14/03/2008 21:25:03 | Attr = ] commsc32.dll -> %SystemRoot%\System32\commsc32.dll -> Willies Computer Software Co.(WCSC) [Ver = v16.1 | Size = 18432 bytes | Created Date = 22/04/2008 21:51:58 | Attr = R ] CoreAAC.ax -> %SystemRoot%\System32\CoreAAC.ax -> [Ver = 1, 1, 0, 642 | Size = 167936 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] CoreAVC.ax -> %SystemRoot%\System32\CoreAVC.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 364032 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] csnpstd3.dll -> %SystemRoot%\System32\csnpstd3.dll -> [Ver = 0, 9, 0, 5 | Size = 61440 bytes | Created Date = 23/03/2008 02:44:53 | Attr = ] DiracSplitter.ax -> %SystemRoot%\System32\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 421888 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] dsnpstd3.ax -> %SystemRoot%\System32\dsnpstd3.ax -> [Ver = 1, 0, 3, 2 | Size = 36864 bytes | Created Date = 23/03/2008 02:44:53 | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] es-AR -> %SystemRoot%\System32\es-AR -> [Folder | Created Date = 01/03/2008 08:16:08 | Attr = ] es-MX -> %SystemRoot%\System32\es-MX -> [Folder | Created Date = 01/03/2008 08:16:08 | Attr = ] ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 7680 bytes | Created Date = 22/03/2008 04:31:06 | Attr = ] ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 22/03/2008 04:31:06 | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Created Date = 22/03/2008 03:49:11 | Attr = ] h@tkeysh@@k.dll -> %SystemRoot%\System32\h@tkeysh@@k.dll -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] hoproxy.dll -> %SystemRoot%\System32\hoproxy.dll -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] hxiwlgpm.dat -> %SystemRoot%\System32\hxiwlgpm.dat -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] hxiwlgpm.exe -> %SystemRoot%\System32\hxiwlgpm.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] ISUSPM.cpl -> %SystemRoot%\System32\ISUSPM.cpl -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 73728 bytes | Created Date = 05/03/2008 15:47:35 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 02/04/2008 19:20:05 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 02/04/2008 19:20:05 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 02/04/2008 19:20:05 | Attr = ] LOG -> %SystemRoot%\System32\LOG -> [Ver = | Size = 81 bytes | Created Date = 01/03/2008 08:07:49 | Attr = ] MatroskaSplitter.ax -> %SystemRoot%\System32\MatroskaSplitter.ax -> Gabest [Ver = 1, 0, 2, 7 | Size = 421888 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] Microsoft.VC80.CRT.manifest -> %SystemRoot%\System32\Microsoft.VC80.CRT.manifest -> [Ver = | Size = 1869 bytes | Created Date = 12/04/2008 22:17:09 | Attr = ] Mp3Lib.zor -> %SystemRoot%\System32\Mp3Lib.zor -> [Ver = | Size = 33 bytes | Created Date = 12/04/2008 22:10:08 | Attr = ] msgp.exe -> %SystemRoot%\System32\msgp.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] mssecu.exe -> %SystemRoot%\System32\mssecu.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] mtr2.exe -> %SystemRoot%\System32\mtr2.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] mwin32.exe -> %SystemRoot%\System32\mwin32.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] netode.exe -> %SystemRoot%\System32\netode.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] newsd32.exe -> %SystemRoot%\System32\newsd32.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] ps1.exe -> %SystemRoot%\System32\ps1.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] rasctrnm.h -> %SystemRoot%\System32\rasctrnm.h -> [Ver = | Size = 1820 bytes | Created Date = 22/03/2008 04:05:23 | Attr = ] RealMediaSplitter.ax -> %SystemRoot%\System32\RealMediaSplitter.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 421888 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] regm64.dll -> %SystemRoot%\System32\regm64.dll -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] RLAPEDec.ax -> %SystemRoot%\System32\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] RLMPCDec.ax -> %SystemRoot%\System32\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 98304 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] RLOgg.ax -> %SystemRoot%\System32\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 487424 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] RLSpeexDec.ax -> %SystemRoot%\System32\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 139264 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] RLTheoraDec.ax -> %SystemRoot%\System32\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 212992 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] RLVorbisDec.ax -> %SystemRoot%\System32\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 212992 bytes | Created Date = 09/03/2008 02:48:00 | Attr = RHS] rsnpstd3.dll -> %SystemRoot%\System32\rsnpstd3.dll -> [Ver = 1, 0, 0, 6 | Size = 57344 bytes | Created Date = 23/03/2008 02:44:53 | Attr = ] Rundl1.exe -> %SystemRoot%\System32\Rundl1.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] sfxbar.dll -> %SystemRoot%\System32\sfxbar.dll -> Software FX, Inc. [Ver = 1.0.23.0 | Size = 134144 bytes | Created Date = 22/04/2008 21:52:11 | Attr = R ] ShellDHCP -> %SystemRoot%\System32\ShellDHCP -> [Folder | Created Date = 09/03/2008 02:48:11 | Attr = HS] SmitfraudFix -> %SystemRoot%\System32\SmitfraudFix -> [Folder | Created Date = 23/04/2008 19:01:56 | Attr = ] smitRem -> %SystemRoot%\System32\smitRem -> [Folder | Created Date = 23/04/2008 19:02:36 | Attr = ] smp -> %SystemRoot%\System32\smp -> [Folder | Created Date = 22/04/2008 21:22:57 | Attr = ] SpoonUninstall.exe -> %SystemRoot%\System32\SpoonUninstall.exe -> [Ver = | Size = 505208 bytes | Created Date = 11/04/2008 22:03:00 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\SpoonUninstall.exe:Zone.Identifier SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] ssvchost.exe -> %SystemRoot%\System32\ssvchost.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] sysreq.exe -> %SystemRoot%\System32\sysreq.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] taack.dat -> %SystemRoot%\System32\taack.dat -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] taack.exe -> %SystemRoot%\System32\taack.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] temp#01.exe -> %SystemRoot%\System32\temp#01.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 6648 bytes | Created Date = 23/04/2008 18:26:30 | Attr = ] unrar.dll -> %SystemRoot%\System32\unrar.dll -> [Ver = | Size = 164352 bytes | Created Date = 22/03/2008 04:31:07 | Attr = ] URTTEMP -> %SystemRoot%\System32\URTTEMP -> [Folder | Created Date = 22/04/2008 21:50:44 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] VBIEWER.OCX -> %SystemRoot%\System32\VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] vsnpstd3.dll -> %SystemRoot%\System32\vsnpstd3.dll -> [Ver = 1, 0, 3, 0 | Size = 36864 bytes | Created Date = 23/03/2008 02:44:53 | Attr = ] winlogonpc.exe -> %SystemRoot%\System32\winlogonpc.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] winsystem.exe -> %SystemRoot%\System32\winsystem.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] WINWGPX.EXE -> %SystemRoot%\System32\WINWGPX.EXE -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] wlan.tmf -> %SystemRoot%\System32\wlan.tmf -> [Ver = | Size = 1655289 bytes | Created Date = 22/03/2008 04:03:51 | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 23/04/2008 18:26:11 | Attr = ] XButton.ocx -> %SystemRoot%\System32\XButton.ocx -> Acrotech Solutions [Ver = 1.00 | Size = 57344 bytes | Created Date = 17/04/2008 20:50:02 | Attr = ] hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [Ver = | Size = 44 bytes | Created Date = 01/03/2008 08:14:18 | Attr = ] avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Created Date = 22/03/2008 16:26:08 | Attr = ] Content.IE5 -> %SystemRoot%\Content.IE5 -> [Folder | Created Date = 23/04/2008 19:07:53 | Attr = ] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 23/04/2008 04:00:11 | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 130 bytes | Created Date = 23/04/2008 02:00:17 | Attr = ] olgdqarf.exe -> %SystemRoot%\olgdqarf.exe -> [Ver = | Size = 94208 bytes | Created Date = 22/04/2008 21:22:52 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 22/04/2008 23:35:12 | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] snpstd3.ini -> %SystemRoot%\snpstd3.ini -> [Ver = | Size = 15498 bytes | Created Date = 23/03/2008 02:44:55 | Attr = ] snpstd3.src -> %SystemRoot%\snpstd3.src -> [Ver = | Size = 13023 bytes | Created Date = 23/03/2008 02:44:55 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 31/03/2008 17:10:04 | Attr = ] super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 23638 bytes | Created Date = 09/03/2008 02:48:00 | Attr = H ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 23/04/2008 19:07:53 | Attr = ] uninstall -> %SystemRoot%\uninstall -> [Folder | Created Date = 20/04/2008 13:09:46 | Attr = ] usnpstd3.exe -> %SystemRoot%\usnpstd3.exe -> [Ver = 1, 0, 1, 0 | Size = 20480 bytes | Created Date = 23/03/2008 02:44:53 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] vsnpstd3.exe -> %SystemRoot%\vsnpstd3.exe -> Sonix [Ver = 1, 0, 1, 5 | Size = 339968 bytes | Created Date = 23/03/2008 02:44:55 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 23/04/2008 03:59:31 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] .zreglib -> %AllUsersProfile%\.zreglib -> [Ver = | Size = 124 bytes | Created Date = 22/03/2008 00:15:30 | Attr = HS] Application Data -> %AllUsersProfile%\Application Data -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] 16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> avg8 -> %AllUsersProfile%\avg8 -> [Folder | Created Date = 19/04/2008 14:39:25 | Attr = ] Avira -> %AllUsersProfile%\Avira -> [Folder | Created Date = 22/04/2008 23:24:06 | Attr = ] Corel -> %AllUsersProfile%\Corel -> [Folder | Created Date = 03/03/2008 02:35:40 | Attr = ] D172C11D73.sys -> %AllUsersProfile%\D172C11D73.sys -> [Ver = | Size = 88 bytes | Created Date = 03/03/2008 02:49:17 | Attr = RHS] Desktop -> %AllUsersProfile%\Desktop -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] Documents -> %AllUsersProfile%\Documents -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] DVD Shrink -> %AllUsersProfile%\DVD Shrink -> [Folder | Created Date = 21/03/2008 23:22:40 | Attr = ] Favorites -> %AllUsersProfile%\Favorites -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] InstallShield -> %AllUsersProfile%\InstallShield -> [Folder | Created Date = 05/03/2008 15:56:12 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersProfile%\Kaspersky Lab Setup Files -> [Folder | Created Date = 19/04/2008 15:10:43 | Attr = ] KGyGaAvL.sys -> %AllUsersProfile%\KGyGaAvL.sys -> [Ver = | Size = 2828 bytes | Created Date = 03/03/2008 02:49:16 | Attr = HS] muvee Technologies -> %AllUsersProfile%\muvee Technologies -> [Folder | Created Date = 22/03/2008 05:08:33 | Attr = ] obavspsh -> %AllUsersProfile%\obavspsh -> [Folder | Created Date = 22/04/2008 21:22:51 | Attr = ] PassMark -> %AllUsersProfile%\PassMark -> [Folder | Created Date = 22/04/2008 20:08:01 | Attr = ] SlySoft -> %AllUsersProfile%\SlySoft -> [Folder | Created Date = 22/03/2008 00:15:36 | Attr = ] Start Menu -> %AllUsersProfile%\Start Menu -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Created Date = 22/04/2008 23:00:58 | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Created Date = 22/03/2008 05:07:54 | Attr = ] @Alternate Data Stream - 107 bytes -> %AllUsersProfile%\TEMP:A6CD15C3 @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\TEMP:B7177954 @Alternate Data Stream - 113 bytes -> %AllUsersProfile%\TEMP:BE76DBCF @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2 Templates -> %AllUsersProfile%\Templates -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] AccurateRip -> %AppData%\AccurateRip -> [Folder | Created Date = 11/04/2008 22:03:01 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 01/03/2008 08:18:20 | Attr = ] Atari -> %AppData%\Atari -> [Folder | Created Date = 09/03/2008 17:56:26 | Attr = ] Audacity -> %AppData%\Audacity -> [Folder | Created Date = 11/04/2008 22:24:13 | Attr = ] CamfrogWEB -> %AppData%\CamfrogWEB -> [Folder | Created Date = 31/03/2008 16:45:42 | Attr = ] Corel -> %AppData%\Corel -> [Folder | Created Date = 03/03/2008 02:49:11 | Attr = ] CyberLink -> %AppData%\CyberLink -> [Folder | Created Date = 01/03/2008 08:47:37 | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Created Date = 23/03/2008 03:33:36 | Attr = ] ESTsoft -> %AppData%\ESTsoft -> [Folder | Created Date = 22/03/2008 02:45:29 | Attr = ] GetValue.vbs -> %AppData%\GetValue.vbs -> [Ver = | Size = 691 bytes | Created Date = 23/04/2008 18:54:00 | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 01/03/2008 08:27:46 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Created Date = 22/03/2008 04:37:47 | Attr = ] Hewlett-Packard -> %AppData%\Hewlett-Packard -> [Folder | Created Date = 01/03/2008 08:10:04 | Attr = ] HP -> %AppData%\HP -> [Folder | Created Date = 01/03/2008 08:47:25 | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 01/03/2008 08:17:54 | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 09/03/2008 17:55:58 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 01/03/2008 08:10:49 | Attr = ] Media Center Programs -> %AppData%\Media Center Programs -> [Folder | Created Date = 01/03/2008 08:07:43 | Attr = ] Media Player Classic -> %AppData%\Media Player Classic -> [Folder | Created Date = 02/04/2008 23:03:29 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 01/03/2008 08:07:43 | Attr = S] muvee Technologies -> %AppData%\muvee Technologies -> [Folder | Created Date = 22/03/2008 05:08:34 | Attr = ] NetMedia Providers -> %AppData%\NetMedia Providers -> [Folder | Created Date = 14/04/2008 00:52:17 | Attr = ] nvModes.001 -> %AppData%\nvModes.001 -> [Ver = | Size = 70339 bytes | Created Date = 01/03/2008 17:50:09 | Attr = ] nvModes.dat -> %AppData%\nvModes.dat -> [Ver = | Size = 70339 bytes | Created Date = 01/03/2008 13:56:47 | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 23/04/2008 00:59:57 | Attr = ] PeerNetworking -> %AppData%\PeerNetworking -> [Folder | Created Date = 22/03/2008 04:55:10 | Attr = ] Publish Providers -> %AppData%\Publish Providers -> [Folder | Created Date = 14/04/2008 00:52:17 | Attr = ] Roxio -> %AppData%\Roxio -> [Folder | Created Date = 03/03/2008 03:34:13 | Attr = ] SetValue.bat -> %AppData%\SetValue.bat -> [Ver = | Size = 35 bytes | Created Date = 23/04/2008 18:54:00 | Attr = ] SlySoft -> %AppData%\SlySoft -> [Folder | Created Date = 22/03/2008 00:16:39 | Attr = ] Sony -> %AppData%\Sony -> [Folder | Created Date = 14/04/2008 00:53:27 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 22/04/2008 23:00:51 | Attr = ] Template -> %AppData%\Template -> [Folder | Created Date = 31/03/2008 00:53:55 | Attr = ] UserTile.png -> %AppData%\UserTile.png -> [Ver = | Size = 26340 bytes | Created Date = 22/03/2008 04:55:10 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 21/03/2008 23:14:15 | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 08/03/2008 11:22:35 | Attr = ] WildPackets -> %AppData%\WildPackets -> [Folder | Created Date = 22/04/2008 21:52:42 | Attr = ] WinPatrol -> %AppData%\WinPatrol -> [Folder | Created Date = 23/04/2008 03:18:23 | Attr = ] Wireshark -> %AppData%\Wireshark -> [Folder | Created Date = 21/04/2008 00:57:20 | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 0 bytes | Created Date = 08/03/2008 18:09:41 | Attr = ] Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Created Date = 01/03/2008 08:28:37 | Attr = ] Application Data -> %UserProfile%\AppData\Local\Application Data -> [Folder | Created Date = 01/03/2008 08:07:44 | Attr = HS] ApplicationHistory -> %UserProfile%\AppData\Local\ApplicationHistory -> [Folder | Created Date = 23/04/2008 03:51:03 | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 7592 bytes | Created Date = 22/03/2008 17:39:03 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 34816 bytes | Created Date = 01/03/2008 09:09:19 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 93712 bytes | Created Date = 01/03/2008 08:18:23 | Attr = ] Google -> %UserProfile%\AppData\Local\Google -> [Folder | Created Date = 01/03/2008 08:27:46 | Attr = ] History -> %UserProfile%\AppData\Local\History -> [Folder | Created Date = 01/03/2008 08:07:44 | Attr = HS] HP -> %UserProfile%\AppData\Local\HP -> [Folder | Created Date = 22/03/2008 05:54:04 | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 5268961 bytes | Created Date = 23/04/2008 09:39:05 | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Created Date = 01/03/2008 08:07:43 | Attr = ] Microsoft Games -> %UserProfile%\AppData\Local\Microsoft Games -> [Folder | Created Date = 01/03/2008 08:39:20 | Attr = ] QuickPlay -> %UserProfile%\AppData\Local\QuickPlay -> [Folder | Created Date = 01/03/2008 08:18:38 | Attr = ] Sony -> %UserProfile%\AppData\Local\Sony -> [Folder | Created Date = 14/04/2008 00:52:11 | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Created Date = 23/04/2008 19:07:35 | Attr = ] Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Created Date = 01/03/2008 08:07:44 | Attr = HS] VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Created Date = 01/03/2008 08:16:25 | Attr = ] MCE Logs -> %SystemDrive%\Users\Public\Documents\MCE Logs -> [Folder | Created Date = 22/03/2008 16:33:44 | Attr = HS] My Karaoke -> %SystemDrive%\Users\Public\Documents\My Karaoke -> [Folder | Created Date = 22/03/2008 17:28:59 | Attr = ] My Music -> %SystemDrive%\Users\Public\Documents\My Music -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] My Pictures -> %SystemDrive%\Users\Public\Documents\My Pictures -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] My PlayLists -> %SystemDrive%\Users\Public\Documents\My PlayLists -> [Folder | Created Date = 01/03/2008 19:57:09 | Attr = ] My Videos -> %SystemDrive%\Users\Public\Documents\My Videos -> [Folder | Created Date = 01/03/2008 08:01:15 | Attr = HS] AnyDVDHD -> %UserProfile%\Documents\AnyDVDHD -> [Folder | Created Date = 22/03/2008 04:25:34 | Attr = ] Black & White 2 -> %UserProfile%\Documents\Black & White 2 -> [Folder | Created Date = 09/03/2008 21:40:42 | Attr = ] Bluetooth Exchange Folder -> %UserProfile%\Documents\Bluetooth Exchange Folder -> [Folder | Created Date = 01/03/2008 08:18:21 | Attr = ] Corel User Files -> %UserProfile%\Documents\Corel User Files -> [Folder | Created Date = 04/03/2008 00:04:56 | Attr = ] desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Created Date = 01/03/2008 08:18:02 | Attr = HS] Downloads -> %UserProfile%\Documents\Downloads -> [Folder | Created Date = 21/03/2008 23:18:12 | Attr = ] DSS DJ Data -> %UserProfile%\Documents\DSS DJ Data -> [Folder | Created Date = 12/04/2008 22:17:12 | Attr = ] Graphic1.cdr -> %UserProfile%\Documents\Graphic1.cdr -> [Ver = | Size = 26825 bytes | Created Date = 04/03/2008 00:13:40 | Attr = ] Graphic11.cdr -> %UserProfile%\Documents\Graphic11.cdr -> [Ver = | Size = 479238 bytes | Created Date = 08/03/2008 23:01:06 | Attr = ] green logo.cgm -> %UserProfile%\Documents\green logo.cgm -> [Ver = | Size = 1489940 bytes | Created Date = 08/03/2008 23:07:28 | Attr = ] My Music -> %UserProfile%\Documents\My Music -> [Folder | Created Date = 01/03/2008 08:07:44 | Attr = HS] My muvees -> %UserProfile%\Documents\My muvees -> [Folder | Created Date = 22/03/2008 05:08:36 | Attr = ] My Pictures -> %UserProfile%\Documents\My Pictures -> [Folder | Created Date = 01/03/2008 08:07:44 | Attr = HS] My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Created Date = 31/03/2008 17:11:09 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 553 bytes | Created Date = 31/03/2008 17:12:21 | Attr = ] My Videos -> %UserProfile%\Documents\My Videos -> [Folder | Created Date = 01/03/2008 08:07:44 | Attr = HS] OK -> %UserProfile%\Documents\OK -> [Ver = | Size = 39422464 bytes | Created Date = 23/03/2008 02:52:49 | Attr = ] OneNote Notebooks -> %UserProfile%\Documents\OneNote Notebooks -> [Folder | Created Date = 21/03/2008 23:52:03 | Attr = ] RCT3 -> %UserProfile%\Documents\RCT3 -> [Folder | Created Date = 09/03/2008 17:56:26 | Attr = ] Register ACID Pro.htm -> %UserProfile%\Documents\Register ACID Pro.htm -> [Ver = | Size = 2536 bytes | Created Date = 11/04/2008 22:22:49 | Attr = ] Sony -> %UserProfile%\Documents\Sony -> [Folder | Created Date = 11/04/2008 22:10:55 | Attr = ] Sony ACID Pro 6.0 Projects -> %UserProfile%\Documents\Sony ACID Pro 6.0 Projects -> [Folder | Created Date = 14/04/2008 00:52:11 | Attr = ] Uncensored Japanese teen sex with young cosplay schoolgirl -> %UserProfile%\Documents\Uncensored Japanese teen sex with young cosplay schoolgirl -> [Folder | Created Date = 11/04/2008 21:53:31 | Attr = ] Untitled.wma -> %UserProfile%\Documents\Untitled.wma -> [Ver = | Size = 54367 bytes | Created Date = 09/04/2008 18:23:42 | Attr = ] Updater5 -> %UserProfile%\Documents\Updater5 -> [Folder | Created Date = 01/03/2008 08:28:59 | Attr = ] Virtual Sex With Tera Patrick [DVDRIP][English](www.pornorip.net) -> %UserProfile%\Documents\Virtual Sex With Tera Patrick [DVDRIP][English](www.pornorip.net) -> [Folder | Created Date = 22/03/2008 02:21:30 | Attr = ] a-squared HiJackFree.lnk -> %SystemDrive%\Users\Public\Desktop\a-squared HiJackFree.lnk -> [Ver = | Size = 832 bytes | Created Date = 22/04/2008 22:46:23 | Attr = ] AVG Anti-Rootkit Free.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 968 bytes | Created Date = 23/04/2008 20:10:33 | Attr = ] Black & White 2.lnk -> %SystemDrive%\Users\Public\Desktop\Black & White 2.lnk -> [Ver = | Size = 1695 bytes | Created Date = 09/03/2008 21:36:23 | Attr = ] HP Accessory Shop.lnk -> %SystemDrive%\Users\Public\Desktop\HP Accessory Shop.lnk -> [Ver = | Size = 2132 bytes | Created Date = 01/03/2008 08:17:42 | Attr = ] Medieval - Total War - Gold Edition.lnk -> %SystemDrive%\Users\Public\Desktop\Medieval - Total War - Gold Edition.lnk -> [Ver = | Size = 2196 bytes | Created Date = 05/03/2008 15:56:32 | Attr = ] RollerCoaster Tycoon 2.lnk -> %SystemDrive%\Users\Public\Desktop\RollerCoaster Tycoon 2.lnk -> [Ver = | Size = 1927 bytes | Created Date = 06/03/2008 00:11:37 | Attr = ] RollerCoaster Tycoon 3.lnk -> %SystemDrive%\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk -> [Ver = | Size = 1004 bytes | Created Date = 09/03/2008 17:54:47 | Attr = ] Spyware Doctor.lnk -> %SystemDrive%\Users\Public\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1759 bytes | Created Date = 23/04/2008 01:00:08 | Attr = ] SUPER © Uninstall.lnk -> %SystemDrive%\Users\Public\Desktop\SUPER © Uninstall.lnk -> [Ver = | Size = 1829 bytes | Created Date = 09/03/2008 02:48:02 | Attr = ] SUPER ©.lnk -> %SystemDrive%\Users\Public\Desktop\SUPER ©.lnk -> [Ver = | Size = 1807 bytes | Created Date = 09/03/2008 02:48:02 | Attr = ] VideoMail.lnk -> %SystemDrive%\Users\Public\Desktop\VideoMail.lnk -> [Ver = | Size = 943 bytes | Created Date = 23/03/2008 02:45:44 | Attr = ] VideoMonitor.lnk -> %SystemDrive%\Users\Public\Desktop\VideoMonitor.lnk -> [Ver = | Size = 952 bytes | Created Date = 23/03/2008 02:45:44 | Attr = ] CloneCD.lnk -> %UserProfile%\Desktop\CloneCD.lnk -> [Ver = | Size = 930 bytes | Created Date = 22/03/2008 00:15:24 | Attr = ] CloneDVD2.lnk -> %UserProfile%\Desktop\CloneDVD2.lnk -> [Ver = | Size = 958 bytes | Created Date = 22/03/2008 00:20:00 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1773372 bytes | Created Date = 23/04/2008 03:57:20 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Created Date = 01/03/2008 08:18:02 | Attr = HS] DSS DJ 5.6.lnk -> %UserProfile%\Desktop\DSS DJ 5.6.lnk -> [Ver = | Size = 916 bytes | Created Date = 12/04/2008 22:17:10 | Attr = ] DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk -> [Ver = | Size = 1757 bytes | Created Date = 21/03/2008 23:23:06 | Attr = ] DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [Ver = | Size = 792 bytes | Created Date = 21/03/2008 23:22:40 | Attr = ] Easy Video Joiner.lnk -> %UserProfile%\Desktop\Easy Video Joiner.lnk -> [Ver = | Size = 785 bytes | Created Date = 18/04/2008 20:48:22 | Attr = ] EditorFKWP1.5.exe -> %UserProfile%\Desktop\EditorFKWP1.5.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] EditorFKWP2.0.exe -> %UserProfile%\Desktop\EditorFKWP2.0.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] filemanagerclient.exe -> %UserProfile%\Desktop\filemanagerclient.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] fkwp1.5.exe -> %UserProfile%\Desktop\fkwp1.5.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] fkwp2.0.exe -> %UserProfile%\Desktop\fkwp2.0.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] fwebd.exe -> %UserProfile%\Desktop\fwebd.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] FWebdEditor.exe -> %UserProfile%\Desktop\FWebdEditor.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 23/04/2008 04:16:57 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier ImTOO AVI to DVD Converter.lnk -> %UserProfile%\Desktop\ImTOO AVI to DVD Converter.lnk -> [Ver = | Size = 1050 bytes | Created Date = 22/03/2008 04:44:54 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 24/04/2008 17:11:22 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Created Date = 24/04/2008 17:10:50 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Trojan.Win32.BlackBird.exe -> %UserProfile%\Desktop\Trojan.Win32.BlackBird.exe -> [Ver = | Size = 4096 bytes | Created Date = 22/04/2008 21:22:57 | Attr = ] virii -> %UserProfile%\Desktop\virii -> [Folder | Created Date = 22/04/2008 21:22:57 | Attr = ] wep -> %UserProfile%\Desktop\wep -> [Folder | Created Date = 22/04/2008 19:50:38 | Attr = ] WinAVIVideoConverter.lnk -> %UserProfile%\Desktop\WinAVIVideoConverter.lnk -> [Ver = | Size = 800 bytes | Created Date = 22/03/2008 02:59:53 | Attr = ] µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [Ver = | Size = 752 bytes | Created Date = 21/03/2008 23:14:30 | Attr = ] Bluetooth.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> [Ver = | Size = 743 bytes | Created Date = 01/03/2008 08:16:17 | Attr = ] desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Created Date = 01/03/2008 08:18:02 | Attr = HS] OneNote 2007 Screen Clipper and Launcher.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 1111 bytes | Created Date = 21/03/2008 23:52:02 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 23/04/2008 00:31:19 | Attr = ] Corel -> %CommonProgramFiles%\Corel -> [Folder | Created Date = 03/03/2008 02:33:33 | Attr = ] Protexis -> %CommonProgramFiles%\Protexis -> [Folder | Created Date = 03/03/2008 02:35:41 | Attr = ] snpstd3 -> %CommonProgramFiles%\snpstd3 -> [Folder | Created Date = 23/03/2008 02:44:53 | Attr = ] WildPackets -> %CommonProgramFiles%\WildPackets -> [Folder | Created Date = 22/04/2008 21:51:52 | Attr = ] [Files/Folders - Modified Within 90 days] $RECYCLE.BIN -> %SystemDrive%\$RECYCLE.BIN -> [Folder | Modified Date = 22/03/2008 02:25:39 | Attr = HS] CloneDVDTemp -> %SystemDrive%\CloneDVDTemp -> [Folder | Modified Date = 24/03/2008 18:59:11 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] DVD_VIDEO -> %SystemDrive%\DVD_VIDEO -> [Folder | Modified Date = 05/04/2008 17:51:09 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145771520 bytes | Modified Date = 24/04/2008 16:20:24 | Attr = HS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 20/04/2008 22:56:03 | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 20/04/2008 22:56:03 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 24/04/2008 16:28:27 | Attr = R ] ProgramData -> %AllUsersProfile% -> [Folder | Modified Date = 22/04/2008 23:24:06 | Attr = H ] SwSetup -> %SystemDrive%\SwSetup -> [Folder | Modified Date = 01/03/2008 08:17:38 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 24/04/2008 17:05:10 | Attr = HS] System.sav -> %SystemDrive%\System.sav -> [Folder | Modified Date = 01/03/2008 08:17:38 | Attr = H ] Users -> %SystemDrive%\Users -> [Folder | Modified Date = 01/03/2008 08:07:43 | Attr = R ] video -> %SystemDrive%\video -> [Folder | Modified Date = 05/04/2008 18:55:29 | Attr = ] Windows -> %SystemRoot% -> [Folder | Modified Date = 24/04/2008 09:13:03 | Attr = ] 103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMOBILE_CN10_Z.MRK -> %SystemRoot%\System32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMOBILE_CN10_Z.MRK -> [Ver = | Size = 0 bytes | Modified Date = 01/03/2008 08:14:44 | Attr = RHS] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Modified Date = 29/03/2008 18:35:49 | Attr = ] aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 50768 bytes | Modified Date = 29/03/2008 18:32:42 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 23152 bytes | Modified Date = 29/03/2008 18:29:08 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Modified Date = 29/03/2008 18:31:34 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 42912 bytes | Modified Date = 29/03/2008 18:27:33 | Attr = ] CHDRT32.sys -> %SystemRoot%\System32\drivers\CHDRT32.sys -> Conexant Systems Inc. [Ver = 4.36.7.0 built by: WinDDK | Size = 188416 bytes | Modified Date = 04/03/2008 02:32:00 | Attr = ] en-US -> %SystemRoot%\System32\drivers\en-US -> [Folder | Modified Date = 22/03/2008 04:07:28 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 22/03/2008 00:38:47 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 761 bytes | Modified Date = 23/04/2008 18:53:56 | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 375 bytes | Modified Date = 22/03/2008 15:51:11 | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 01/03/2008 09:24:18 | Attr = ] Msft_User_WpdFs_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 01/03/2008 09:22:39 | Attr = H ] Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 01/03/2008 09:24:18 | Attr = H ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 23/04/2008 08:12:28 | Attr = ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3200 bytes | Modified Date = 24/04/2008 16:20:37 | Attr = H ] 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3200 bytes | Modified Date = 24/04/2008 16:20:38 | Attr = H ] akttzn.exe -> %SystemRoot%\System32\akttzn.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] anticipator.dll -> %SystemRoot%\System32\anticipator.dll -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 1146232 bytes | Modified Date = 29/03/2008 18:45:49 | Attr = ] AVASTSS.scr -> %SystemRoot%\System32\AVASTSS.scr -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 95608 bytes | Modified Date = 29/03/2008 18:23:22 | Attr = ] awtoolb.dll -> %SystemRoot%\System32\awtoolb.dll -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] bdn.com -> %SystemRoot%\System32\bdn.com -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] catroot -> %SystemRoot%\System32\catroot -> [Folder | Modified Date = 24/04/2008 16:36:17 | Attr = ] catroot2 -> %SystemRoot%\System32\catroot2 -> [Folder | Modified Date = 24/04/2008 16:36:16 | Attr = ] CmdLineExt03.dll -> %SystemRoot%\System32\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 09/03/2008 17:56:13 | Attr = ] CnxtAp32.dll -> %SystemRoot%\System32\CnxtAp32.dll -> Conexant Systems Inc. [Ver = 4.36.7.0 | Size = 2125312 bytes | Modified Date = 04/03/2008 02:34:00 | Attr = ] coh.cache -> %SystemRoot%\System32\coh.cache -> [Ver = | Size = 16 bytes | Modified Date = 14/03/2008 21:25:03 | Attr = ] config.nt -> %SystemRoot%\System32\config.nt -> [Ver = | Size = 2577 bytes | Modified Date = 23/04/2008 02:11:24 | Attr = ] da-DK -> %SystemRoot%\System32\da-DK -> [Folder | Modified Date = 01/03/2008 08:16:07 | Attr = ] de-DE -> %SystemRoot%\System32\de-DE -> [Folder | Modified Date = 01/03/2008 08:16:07 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 24/04/2008 16:21:00 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 17/04/2008 00:58:41 | Attr = ] es-AR -> %SystemRoot%\System32\es-AR -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] es-ES -> %SystemRoot%\System32\es-ES -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] es-MX -> %SystemRoot%\System32\es-MX -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] fi-FI -> %SystemRoot%\System32\fi-FI -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 355448 bytes | Modified Date = 17/04/2008 16:49:55 | Attr = ] fr-FR -> %SystemRoot%\System32\fr-FR -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> Microsoft [Ver = 1.0.0.1 | Size = 4247552 bytes | Modified Date = 22/03/2008 03:49:11 | Attr = ] h@tkeysh@@k.dll -> %SystemRoot%\System32\h@tkeysh@@k.dll -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] hoproxy.dll -> %SystemRoot%\System32\hoproxy.dll -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] hxiwlgpm.dat -> %SystemRoot%\System32\hxiwlgpm.dat -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] hxiwlgpm.exe -> %SystemRoot%\System32\hxiwlgpm.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 22/03/2008 04:07:35 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 23/04/2008 08:12:28 | Attr = ] it-IT -> %SystemRoot%\System32\it-IT -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] ja-JP -> %SystemRoot%\System32\ja-JP -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 01:23:35 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 22/02/2008 01:23:39 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 22/02/2008 02:33:32 | Attr = ] ko-KR -> %SystemRoot%\System32\ko-KR -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] LOG -> %SystemRoot%\System32\LOG -> [Ver = | Size = 81 bytes | Modified Date = 01/03/2008 08:07:49 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 21/03/2008 22:48:46 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 01/03/2008 08:16:19 | Attr = S] migration -> %SystemRoot%\System32\migration -> [Folder | Modified Date = 17/04/2008 00:58:38 | Attr = ] Mp3Lib.zor -> %SystemRoot%\System32\Mp3Lib.zor -> [Ver = | Size = 33 bytes | Modified Date = 12/04/2008 22:10:08 | Attr = ] msgp.exe -> %SystemRoot%\System32\msgp.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] mssecu.exe -> %SystemRoot%\System32\mssecu.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] mtr2.exe -> %SystemRoot%\System32\mtr2.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] mwin32.exe -> %SystemRoot%\System32\mwin32.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] nb-NO -> %SystemRoot%\System32\nb-NO -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] NDF -> %SystemRoot%\System32\NDF -> [Folder | Modified Date = 04/03/2008 11:25:22 | Attr = ] netode.exe -> %SystemRoot%\System32\netode.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] newsd32.exe -> %SystemRoot%\System32\newsd32.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] nl-NL -> %SystemRoot%\System32\nl-NL -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 116108 bytes | Modified Date = 24/04/2008 17:04:36 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 635754 bytes | Modified Date = 24/04/2008 17:04:36 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 738142 bytes | Modified Date = 24/04/2008 17:04:29 | Attr = ] pl-PL -> %SystemRoot%\System32\pl-PL -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] ps1.exe -> %SystemRoot%\System32\ps1.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] pt-BR -> %SystemRoot%\System32\pt-BR -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 22/03/2008 04:07:35 | Attr = ] rasctrnm.h -> %SystemRoot%\System32\rasctrnm.h -> [Ver = | Size = 1820 bytes | Modified Date = 22/03/2008 04:05:23 | Attr = ] regm64.dll -> %SystemRoot%\System32\regm64.dll -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] restore -> %SystemRoot%\System32\restore -> [Folder | Modified Date = 01/03/2008 08:14:49 | Attr = ] ru-RU -> %SystemRoot%\System32\ru-RU -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] Rundl1.exe -> %SystemRoot%\System32\Rundl1.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] ShellDHCP -> %SystemRoot%\System32\ShellDHCP -> [Folder | Modified Date = 22/03/2008 05:37:04 | Attr = HS] SLUI -> %SystemRoot%\System32\SLUI -> [Folder | Modified Date = 22/03/2008 04:07:17 | Attr = ] SmitfraudFix -> %SystemRoot%\System32\SmitfraudFix -> [Folder | Modified Date = 23/04/2008 19:01:57 | Attr = ] smitRem -> %SystemRoot%\System32\smitRem -> [Folder | Modified Date = 23/04/2008 19:02:37 | Attr = ] smp -> %SystemRoot%\System32\smp -> [Folder | Modified Date = 22/04/2008 21:22:57 | Attr = ] SpoonUninstall.exe -> %SystemRoot%\System32\SpoonUninstall.exe -> [Ver = | Size = 505208 bytes | Modified Date = 11/04/2008 22:41:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\SpoonUninstall.exe:Zone.Identifier ssvchost.exe -> %SystemRoot%\System32\ssvchost.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] sv-SE -> %SystemRoot%\System32\sv-SE -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] sysreq.exe -> %SystemRoot%\System32\sysreq.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] taack.dat -> %SystemRoot%\System32\taack.dat -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] taack.exe -> %SystemRoot%\System32\taack.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] Tasks -> %SystemRoot%\System32\Tasks -> [Folder | Modified Date = 01/03/2008 09:30:00 | Attr = ] temp#01.exe -> %SystemRoot%\System32\temp#01.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 6648 bytes | Modified Date = 23/04/2008 18:53:59 | Attr = ] URTTEMP -> %SystemRoot%\System32\URTTEMP -> [Folder | Modified Date = 22/04/2008 21:50:44 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 14/04/2008 19:28:11 | Attr = ] VBIEWER.OCX -> %SystemRoot%\System32\VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 22/03/2008 04:07:33 | Attr = ] WDI -> %SystemRoot%\System32\WDI -> [Folder | Modified Date = 22/03/2008 16:33:18 | Attr = ] winlogonpc.exe -> %SystemRoot%\System32\winlogonpc.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] winsystem.exe -> %SystemRoot%\System32\winsystem.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] WINWGPX.EXE -> %SystemRoot%\System32\WINWGPX.EXE -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] wlan.tmf -> %SystemRoot%\System32\wlan.tmf -> [Ver = | Size = 1655289 bytes | Modified Date = 22/03/2008 04:03:51 | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 22/03/2008 04:07:29 | Attr = ] zh-CN -> %SystemRoot%\System32\zh-CN -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] zh-TW -> %SystemRoot%\System32\zh-TW -> [Folder | Modified Date = 01/03/2008 08:16:08 | Attr = ] hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [Ver = | Size = 44 bytes | Modified Date = 01/03/2008 08:14:18 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 17/04/2008 00:58:38 | Attr = ] 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 22/04/2008 21:51:17 | Attr = R S] avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 28/03/2008 23:15:16 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 24/04/2008 16:20:28 | Attr = S] bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 1660 bytes | Modified Date = 24/04/2008 09:14:44 | Attr = ] Content.IE5 -> %SystemRoot%\Content.IE5 -> [Folder | Modified Date = 23/04/2008 19:07:53 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 24/04/2008 00:30:41 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 24/04/2008 16:27:11 | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 22/03/2008 04:07:05 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 23/04/2008 04:00:11 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 03/03/2008 02:34:17 | Attr = R S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 24/04/2008 17:04:28 | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 23/04/2008 20:35:29 | Attr = HS] LiveKernelReports -> %SystemRoot%\LiveKernelReports -> [Folder | Modified Date = 09/03/2008 22:52:44 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 22/03/2008 04:13:03 | Attr = ] ModemLogs -> %SystemRoot%\ModemLogs -> [Folder | Modified Date = 29/03/2008 20:00:51 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 130 bytes | Modified Date = 23/04/2008 02:00:19 | Attr = ] olgdqarf.exe -> %SystemRoot%\olgdqarf.exe -> [Ver = | Size = 94208 bytes | Modified Date = 22/04/2008 20:01:50 | Attr = ] panther -> %SystemRoot%\panther -> [Folder | Modified Date = 01/03/2008 23:53:26 | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 22/04/2008 23:35:12 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 24/04/2008 17:12:27 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 23/04/2008 03:51:00 | Attr = ] rescache -> %SystemRoot%\rescache -> [Folder | Modified Date = 22/03/2008 04:11:07 | Attr = ] servicing -> %SystemRoot%\servicing -> [Folder | Modified Date = 31/03/2008 18:10:17 | Attr = ] SMINST -> %SystemRoot%\SMINST -> [Folder | Modified Date = 23/04/2008 03:15:08 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 22/03/2008 03:43:54 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 31/03/2008 17:10:04 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 01/03/2008 08:14:18 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 215 bytes | Modified Date = 23/04/2008 18:00:35 | Attr = ] System32 -> %SystemRoot%\System32 -> [Folder | Modified Date = 24/04/2008 17:04:36 | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 24/04/2008 17:12:24 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 23/03/2008 02:44:55 | Attr = ] uninstall -> %SystemRoot%\uninstall -> [Folder | Modified Date = 20/04/2008 13:17:22 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 23/04/2008 04:00:40 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 306 bytes | Modified Date = 23/03/2008 02:53:14 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 22/03/2008 04:11:25 | Attr = RH ] winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 24/04/2008 17:16:09 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 24/04/2008 16:20:35 | Attr = H ] C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys -> [Folder | Modified Date = 24/04/2008 17:03:46 | Attr = ] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> [Ver = | Size = 8 bytes | Modified Date = 24/07/2007 20:50:36 | Attr = ] C:\ProgramData\Microsoft\Network\Downloader\ -> C:\ProgramData\Microsoft\Network\Downloader -> [Folder | Modified Date = 02/11/2006 14:04:06 | Attr = ] qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 10794 bytes | Modified Date = 24/04/2008 16:50:02 | Attr = ] qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9316 bytes | Modified Date = 24/04/2008 16:50:02 | Attr = ] C:\ProgramData\Microsoft\OFFICE\DATA\ -> C:\ProgramData\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 03/03/2008 23:19:21 | Attr = ] opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8308 bytes | Modified Date = 21/04/2008 03:58:46 | Attr = ] C:\ProgramData\Microsoft\RAC\PublishedData\ -> C:\ProgramData\Microsoft\RAC\PublishedData -> [Folder | Modified Date = 03/03/2008 23:20:22 | Attr = ] PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [Ver = | Size = 8832 bytes | Modified Date = 24/04/2008 00:30:44 | Attr = ] PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 24/04/2008 00:30:45 | Attr = ] PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [Ver = | Size = 0 bytes | Modified Date = 24/04/2008 00:30:44 | Attr = ] PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [Ver = | Size = 1296 bytes | Modified Date = 24/04/2008 00:30:37 | Attr = ] PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [Ver = | Size = 828 bytes | Modified Date = 24/04/2008 00:30:45 | Attr = ] PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [Ver = | Size = 65888 bytes | Modified Date = 24/04/2008 00:30:43 | Attr = ] C:\ProgramData\Microsoft\User Account Pictures\ -> C:\ProgramData\Microsoft\User Account Pictures -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = ] steve.dat -> C:\ProgramData\Microsoft\User Account Pictures\steve.dat -> [Ver = | Size = 0 bytes | Modified Date = 01/03/2008 08:07:44 | Attr = ] C:\ProgramData\Microsoft\Works\ -> C:\ProgramData\Microsoft\Works -> [Folder | Modified Date = 08/03/2008 18:10:39 | Attr = ] wkcalcat.dat -> C:\ProgramData\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/03/2008 18:09:44 | Attr = ] wklntsk1.dat -> C:\ProgramData\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 155262 bytes | Modified Date = 08/03/2008 18:10:39 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] .zreglib -> %AllUsersProfile%\.zreglib -> [Ver = | Size = 124 bytes | Modified Date = 22/04/2008 19:02:04 | Attr = HS] Adobe -> %AllUsersProfile%\Adobe -> [Folder | Modified Date = 23/04/2008 00:31:32 | Attr = ] 16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> Application Data -> %AllUsersProfile%\Application Data -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] avg8 -> %AllUsersProfile%\avg8 -> [Folder | Modified Date = 19/04/2008 15:01:12 | Attr = ] Avira -> %AllUsersProfile%\Avira -> [Folder | Modified Date = 23/04/2008 02:58:55 | Attr = ] Corel -> %AllUsersProfile%\Corel -> [Folder | Modified Date = 03/03/2008 02:35:42 | Attr = ] CyberLink -> %AllUsersProfile%\CyberLink -> [Folder | Modified Date = 01/03/2008 09:03:40 | Attr = ] D172C11D73.sys -> %AllUsersProfile%\D172C11D73.sys -> [Ver = | Size = 88 bytes | Modified Date = 05/04/2008 18:35:25 | Attr = RHS] Desktop -> %AllUsersProfile%\Desktop -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] Documents -> %AllUsersProfile%\Documents -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] DVD Shrink -> %AllUsersProfile%\DVD Shrink -> [Folder | Modified Date = 24/03/2008 20:01:23 | Attr = ] Favorites -> %AllUsersProfile%\Favorites -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] Google -> %AllUsersProfile%\Google -> [Folder | Modified Date = 05/04/2008 17:28:21 | Attr = ] HP -> %AllUsersProfile%\HP -> [Folder | Modified Date = 01/03/2008 08:47:25 | Attr = ] InstallShield -> %AllUsersProfile%\InstallShield -> [Folder | Modified Date = 05/03/2008 15:56:12 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersProfile%\Kaspersky Lab Setup Files -> [Folder | Modified Date = 19/04/2008 15:10:43 | Attr = ] KGyGaAvL.sys -> %AllUsersProfile%\KGyGaAvL.sys -> [Ver = | Size = 2828 bytes | Modified Date = 05/04/2008 18:35:28 | Attr = HS] Microsoft -> %AllUsersProfile%\Microsoft -> [Folder | Modified Date = 22/03/2008 04:51:05 | Attr = S] muvee Technologies -> %AllUsersProfile%\muvee Technologies -> [Folder | Modified Date = 22/03/2008 05:08:33 | Attr = ] Napster -> %AllUsersProfile%\Napster -> [Folder | Modified Date = 14/03/2008 21:22:42 | Attr = ] obavspsh -> %AllUsersProfile%\obavspsh -> [Folder | Modified Date = 22/04/2008 23:14:23 | Attr = ] PassMark -> %AllUsersProfile%\PassMark -> [Folder | Modified Date = 22/04/2008 20:08:01 | Attr = ] Roxio -> %AllUsersProfile%\Roxio -> [Folder | Modified Date = 20/04/2008 17:29:26 | Attr = ] SlySoft -> %AllUsersProfile%\SlySoft -> [Folder | Modified Date = 22/03/2008 00:15:36 | Attr = ] Sonic -> %AllUsersProfile%\Sonic -> [Folder | Modified Date = 21/03/2008 23:54:29 | Attr = ] Start Menu -> %AllUsersProfile%\Start Menu -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [Folder | Modified Date = 22/04/2008 23:00:58 | Attr = ] Symantec -> %AllUsersProfile%\Symantec -> [Folder | Modified Date = 15/03/2008 00:06:24 | Attr = ] TEMP -> %AllUsersProfile%\TEMP -> [Folder | Modified Date = 24/04/2008 16:20:56 | Attr = ] @Alternate Data Stream - 107 bytes -> %AllUsersProfile%\TEMP:A6CD15C3 @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\TEMP:B7177954 @Alternate Data Stream - 113 bytes -> %AllUsersProfile%\TEMP:BE76DBCF @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2 Templates -> %AllUsersProfile%\Templates -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] AccurateRip -> %AppData%\AccurateRip -> [Folder | Modified Date = 11/04/2008 22:03:01 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 01/04/2008 00:59:57 | Attr = ] Atari -> %AppData%\Atari -> [Folder | Modified Date = 09/03/2008 17:56:26 | Attr = ] Audacity -> %AppData%\Audacity -> [Folder | Modified Date = 12/04/2008 00:26:48 | Attr = ] CamfrogWEB -> %AppData%\CamfrogWEB -> [Folder | Modified Date = 31/03/2008 16:45:42 | Attr = ] Corel -> %AppData%\Corel -> [Folder | Modified Date = 03/03/2008 02:49:22 | Attr = ] CyberLink -> %AppData%\CyberLink -> [Folder | Modified Date = 01/03/2008 08:47:37 | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 22/04/2008 19:21:59 | Attr = ] ESTsoft -> %AppData%\ESTsoft -> [Folder | Modified Date = 22/03/2008 04:57:03 | Attr = ] GetValue.vbs -> %AppData%\GetValue.vbs -> [Ver = | Size = 691 bytes | Modified Date = 23/04/2008 18:54:00 | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 21/03/2008 23:04:44 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Modified Date = 22/03/2008 04:38:29 | Attr = ] Hewlett-Packard -> %AppData%\Hewlett-Packard -> [Folder | Modified Date = 01/03/2008 08:10:04 | Attr = ] HP -> %AppData%\HP -> [Folder | Modified Date = 01/03/2008 08:47:25 | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 01/03/2008 08:17:54 | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Modified Date = 09/03/2008 17:55:58 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 01/03/2008 08:10:49 | Attr = ] Media Player Classic -> %AppData%\Media Player Classic -> [Folder | Modified Date = 02/04/2008 23:03:31 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 19/04/2008 14:58:50 | Attr = S] muvee Technologies -> %AppData%\muvee Technologies -> [Folder | Modified Date = 22/03/2008 05:08:40 | Attr = ] NetMedia Providers -> %AppData%\NetMedia Providers -> [Folder | Modified Date = 14/04/2008 00:52:17 | Attr = ] nvModes.001 -> %AppData%\nvModes.001 -> [Ver = | Size = 70339 bytes | Modified Date = 24/04/2008 16:21:23 | Attr = ] nvModes.dat -> %AppData%\nvModes.dat -> [Ver = | Size = 70339 bytes | Modified Date = 24/04/2008 16:21:25 | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 23/04/2008 00:59:57 | Attr = ] PeerNetworking -> %AppData%\PeerNetworking -> [Folder | Modified Date = 22/03/2008 04:55:10 | Attr = ] Publish Providers -> %AppData%\Publish Providers -> [Folder | Modified Date = 14/04/2008 00:52:17 | Attr = ] Roxio -> %AppData%\Roxio -> [Folder | Modified Date = 21/03/2008 00:59:20 | Attr = ] SetValue.bat -> %AppData%\SetValue.bat -> [Ver = | Size = 35 bytes | Modified Date = 23/04/2008 18:54:00 | Attr = ] SlySoft -> %AppData%\SlySoft -> [Folder | Modified Date = 22/03/2008 00:16:39 | Attr = ] Sony -> %AppData%\Sony -> [Folder | Modified Date = 14/04/2008 00:53:27 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 23/04/2008 02:18:51 | Attr = ] Template -> %AppData%\Template -> [Folder | Modified Date = 31/03/2008 00:53:55 | Attr = ] UserTile.png -> %AppData%\UserTile.png -> [Ver = | Size = 26340 bytes | Modified Date = 22/03/2008 04:55:10 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 24/04/2008 09:11:38 | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 08/03/2008 11:22:35 | Attr = ] WildPackets -> %AppData%\WildPackets -> [Folder | Modified Date = 22/04/2008 21:52:42 | Attr = ] WinPatrol -> %AppData%\WinPatrol -> [Folder | Modified Date = 23/04/2008 03:18:23 | Attr = ] Wireshark -> %AppData%\Wireshark -> [Folder | Modified Date = 21/04/2008 00:59:10 | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 0 bytes | Modified Date = 08/03/2008 18:09:41 | Attr = ] Adobe -> %UserProfile%\AppData\Local\Adobe -> [Folder | Modified Date = 23/04/2008 03:03:43 | Attr = ] Application Data -> %UserProfile%\AppData\Local\Application Data -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = HS] ApplicationHistory -> %UserProfile%\AppData\Local\ApplicationHistory -> [Folder | Modified Date = 23/04/2008 03:51:56 | Attr = ] d3d9caps.dat -> %UserProfile%\AppData\Local\d3d9caps.dat -> [Ver = | Size = 7592 bytes | Modified Date = 16/04/2008 17:36:45 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 34816 bytes | Modified Date = 24/04/2008 00:28:43 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\AppData\Local\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 93712 bytes | Modified Date = 03/03/2008 18:24:34 | Attr = ] Google -> %UserProfile%\AppData\Local\Google -> [Folder | Modified Date = 01/03/2008 08:27:46 | Attr = ] History -> %UserProfile%\AppData\Local\History -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = HS] HP -> %UserProfile%\AppData\Local\HP -> [Folder | Modified Date = 22/03/2008 05:54:04 | Attr = ] IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [Ver = | Size = 5268961 bytes | Modified Date = 24/04/2008 09:14:32 | Attr = H ] Microsoft -> %UserProfile%\AppData\Local\Microsoft -> [Folder | Modified Date = 19/04/2008 14:58:50 | Attr = ] Microsoft Games -> %UserProfile%\AppData\Local\Microsoft Games -> [Folder | Modified Date = 01/03/2008 18:01:48 | Attr = ] QuickPlay -> %UserProfile%\AppData\Local\QuickPlay -> [Folder | Modified Date = 21/03/2008 22:57:55 | Attr = ] Sony -> %UserProfile%\AppData\Local\Sony -> [Folder | Modified Date = 14/04/2008 00:52:11 | Attr = ] Temp -> %UserProfile%\AppData\Local\Temp -> [Folder | Modified Date = 24/04/2008 16:58:30 | Attr = ] Temporary Internet Files -> %UserProfile%\AppData\Local\Temporary Internet Files -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = HS] VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [Folder | Modified Date = 13/03/2008 22:43:31 | Attr = ] desktop.ini -> %SystemDrive%\Users\Public\Documents\desktop.ini -> [Ver = | Size = 280 bytes | Modified Date = 22/03/2008 04:11:25 | Attr = HS] hpqp.ini -> %SystemDrive%\Users\Public\Documents\hpqp.ini -> [Ver = | Size = 148 bytes | Modified Date = 24/04/2008 16:21:16 | Attr = ] MCE Logs -> %SystemDrive%\Users\Public\Documents\MCE Logs -> [Folder | Modified Date = 22/03/2008 16:33:44 | Attr = HS] My Karaoke -> %SystemDrive%\Users\Public\Documents\My Karaoke -> [Folder | Modified Date = 22/03/2008 17:28:59 | Attr = ] My Music -> %SystemDrive%\Users\Public\Documents\My Music -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] My Pictures -> %SystemDrive%\Users\Public\Documents\My Pictures -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] My PlayLists -> %SystemDrive%\Users\Public\Documents\My PlayLists -> [Folder | Modified Date = 01/03/2008 19:57:35 | Attr = ] My Videos -> %SystemDrive%\Users\Public\Documents\My Videos -> [Folder | Modified Date = 01/03/2008 08:01:15 | Attr = HS] AnyDVDHD -> %UserProfile%\Documents\AnyDVDHD -> [Folder | Modified Date = 22/03/2008 04:25:34 | Attr = ] Black & White 2 -> %UserProfile%\Documents\Black & White 2 -> [Folder | Modified Date = 09/03/2008 21:42:50 | Attr = ] Bluetooth Exchange Folder -> %UserProfile%\Documents\Bluetooth Exchange Folder -> [Folder | Modified Date = 09/04/2008 17:16:47 | Attr = ] Corel User Files -> %UserProfile%\Documents\Corel User Files -> [Folder | Modified Date = 09/04/2008 17:23:39 | Attr = ] desktop.ini -> %UserProfile%\Documents\desktop.ini -> [Ver = | Size = 402 bytes | Modified Date = 22/03/2008 04:15:53 | Attr = HS] Downloads -> %UserProfile%\Documents\Downloads -> [Folder | Modified Date = 21/03/2008 23:57:33 | Attr = ] DSS DJ Data -> %UserProfile%\Documents\DSS DJ Data -> [Folder | Modified Date = 12/04/2008 22:30:22 | Attr = ] Graphic1.cdr -> %UserProfile%\Documents\Graphic1.cdr -> [Ver = | Size = 26825 bytes | Modified Date = 04/03/2008 00:13:40 | Attr = ] Graphic11.cdr -> %UserProfile%\Documents\Graphic11.cdr -> [Ver = | Size = 479238 bytes | Modified Date = 08/03/2008 23:01:07 | Attr = ] green logo.cgm -> %UserProfile%\Documents\green logo.cgm -> [Ver = | Size = 1489940 bytes | Modified Date = 08/03/2008 23:07:33 | Attr = ] My Music -> %UserProfile%\Documents\My Music -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = HS] My muvees -> %UserProfile%\Documents\My muvees -> [Folder | Modified Date = 22/03/2008 05:08:36 | Attr = ] My Pictures -> %UserProfile%\Documents\My Pictures -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = HS] My Received Files -> %UserProfile%\Documents\My Received Files -> [Folder | Modified Date = 16/04/2008 21:59:41 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\Documents\My Sharing Folders.lnk -> [Ver = | Size = 553 bytes | Modified Date = 23/04/2008 22:38:45 | Attr = ] My Videos -> %UserProfile%\Documents\My Videos -> [Folder | Modified Date = 01/03/2008 08:07:44 | Attr = HS] OK -> %UserProfile%\Documents\OK -> [Ver = | Size = 39422464 bytes | Modified Date = 23/03/2008 02:53:01 | Attr = ] OneNote Notebooks -> %UserProfile%\Documents\OneNote Notebooks -> [Folder | Modified Date = 21/03/2008 23:52:04 | Attr = ] RCT3 -> %UserProfile%\Documents\RCT3 -> [Folder | Modified Date = 09/03/2008 18:01:07 | Attr = ] Register ACID Pro.htm -> %UserProfile%\Documents\Register ACID Pro.htm -> [Ver = | Size = 2536 bytes | Modified Date = 11/04/2008 22:22:50 | Attr = ] Sony -> %UserProfile%\Documents\Sony -> [Folder | Modified Date = 11/04/2008 22:10:55 | Attr = ] Sony ACID Pro 6.0 Projects -> %UserProfile%\Documents\Sony ACID Pro 6.0 Projects -> [Folder | Modified Date = 14/04/2008 00:54:44 | Attr = ] Uncensored Japanese teen sex with young cosplay schoolgirl -> %UserProfile%\Documents\Uncensored Japanese teen sex with young cosplay schoolgirl -> [Folder | Modified Date = 11/04/2008 22:43:56 | Attr = ] Untitled.wma -> %UserProfile%\Documents\Untitled.wma -> [Ver = | Size = 54367 bytes | Modified Date = 09/04/2008 18:23:42 | Attr = ] Updater5 -> %UserProfile%\Documents\Updater5 -> [Folder | Modified Date = 19/04/2008 14:25:37 | Attr = ] Virtual Sex With Tera Patrick [DVDRIP][English](www.pornorip.net) -> %UserProfile%\Documents\Virtual Sex With Tera Patrick [DVDRIP][English](www.pornorip.net) -> [Folder | Modified Date = 04/04/2008 02:58:26 | Attr = ] a-squared HiJackFree.lnk -> %SystemDrive%\Users\Public\Desktop\a-squared HiJackFree.lnk -> [Ver = | Size = 832 bytes | Modified Date = 22/04/2008 22:46:23 | Attr = ] AVG Anti-Rootkit Free.lnk -> %SystemDrive%\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 968 bytes | Modified Date = 23/04/2008 20:10:33 | Attr = ] Black & White 2.lnk -> %SystemDrive%\Users\Public\Desktop\Black & White 2.lnk -> [Ver = | Size = 1695 bytes | Modified Date = 09/03/2008 21:36:23 | Attr = ] desktop.ini -> %SystemDrive%\Users\Public\Desktop\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 22/03/2008 04:11:25 | Attr = HS] Medieval - Total War - Gold Edition.lnk -> %SystemDrive%\Users\Public\Desktop\Medieval - Total War - Gold Edition.lnk -> [Ver = | Size = 2196 bytes | Modified Date = 05/03/2008 15:56:32 | Attr = ] RollerCoaster Tycoon 2.lnk -> %SystemDrive%\Users\Public\Desktop\RollerCoaster Tycoon 2.lnk -> [Ver = | Size = 1927 bytes | Modified Date = 06/03/2008 00:11:37 | Attr = ] RollerCoaster Tycoon 3.lnk -> %SystemDrive%\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk -> [Ver = | Size = 1004 bytes | Modified Date = 09/03/2008 17:54:47 | Attr = ] Spyware Doctor.lnk -> %SystemDrive%\Users\Public\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1759 bytes | Modified Date = 23/04/2008 01:00:08 | Attr = ] SUPER © Uninstall.lnk -> %SystemDrive%\Users\Public\Desktop\SUPER © Uninstall.lnk -> [Ver = | Size = 1829 bytes | Modified Date = 09/03/2008 02:48:02 | Attr = ] SUPER ©.lnk -> %SystemDrive%\Users\Public\Desktop\SUPER ©.lnk -> [Ver = | Size = 1807 bytes | Modified Date = 09/03/2008 02:48:02 | Attr = ] VideoMail.lnk -> %SystemDrive%\Users\Public\Desktop\VideoMail.lnk -> [Ver = | Size = 943 bytes | Modified Date = 23/03/2008 02:45:44 | Attr = ] VideoMonitor.lnk -> %SystemDrive%\Users\Public\Desktop\VideoMonitor.lnk -> [Ver = | Size = 952 bytes | Modified Date = 23/03/2008 02:45:44 | Attr = ] CloneCD.lnk -> %UserProfile%\Desktop\CloneCD.lnk -> [Ver = | Size = 930 bytes | Modified Date = 22/03/2008 00:15:24 | Attr = ] CloneDVD2.lnk -> %UserProfile%\Desktop\CloneDVD2.lnk -> [Ver = | Size = 958 bytes | Modified Date = 22/03/2008 00:20:00 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1773372 bytes | Modified Date = 23/04/2008 03:57:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier desktop.ini -> %UserProfile%\Desktop\desktop.ini -> [Ver = | Size = 282 bytes | Modified Date = 22/03/2008 04:15:53 | Attr = HS] DSS DJ 5.6.lnk -> %UserProfile%\Desktop\DSS DJ 5.6.lnk -> [Ver = | Size = 916 bytes | Modified Date = 12/04/2008 22:17:10 | Attr = ] DVD Decrypter.lnk -> %UserProfile%\Desktop\DVD Decrypter.lnk -> [Ver = | Size = 1757 bytes | Modified Date = 21/03/2008 23:23:06 | Attr = ] DVD Shrink 3.2.lnk -> %UserProfile%\Desktop\DVD Shrink 3.2.lnk -> [Ver = | Size = 792 bytes | Modified Date = 21/03/2008 23:22:40 | Attr = ] Easy Video Joiner.lnk -> %UserProfile%\Desktop\Easy Video Joiner.lnk -> [Ver = | Size = 785 bytes | Modified Date = 18/04/2008 20:48:22 | Attr = ] EditorFKWP1.5.exe -> %UserProfile%\Desktop\EditorFKWP1.5.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] EditorFKWP2.0.exe -> %UserProfile%\Desktop\EditorFKWP2.0.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] filemanagerclient.exe -> %UserProfile%\Desktop\filemanagerclient.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] fkwp1.5.exe -> %UserProfile%\Desktop\fkwp1.5.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] fkwp2.0.exe -> %UserProfile%\Desktop\fkwp2.0.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] fwebd.exe -> %UserProfile%\Desktop\fwebd.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] FWebdEditor.exe -> %UserProfile%\Desktop\FWebdEditor.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 23/04/2008 04:17:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HiJackThis.exe:Zone.Identifier ImTOO AVI to DVD Converter.lnk -> %UserProfile%\Desktop\ImTOO AVI to DVD Converter.lnk -> [Ver = | Size = 1050 bytes | Modified Date = 22/03/2008 04:44:54 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 24/04/2008 17:11:22 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 541685 bytes | Modified Date = 24/04/2008 17:11:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Trojan.Win32.BlackBird.exe -> %UserProfile%\Desktop\Trojan.Win32.BlackBird.exe -> [Ver = | Size = 4096 bytes | Modified Date = 22/04/2008 21:22:57 | Attr = ] virii -> %UserProfile%\Desktop\virii -> [Folder | Modified Date = 23/04/2008 21:04:09 | Attr = ] wep -> %UserProfile%\Desktop\wep -> [Folder | Modified Date = 23/04/2008 21:41:58 | Attr = ] WinAVIVideoConverter.lnk -> %UserProfile%\Desktop\WinAVIVideoConverter.lnk -> [Ver = | Size = 800 bytes | Modified Date = 22/03/2008 02:59:53 | Attr = ] µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk -> [Ver = | Size = 752 bytes | Modified Date = 21/03/2008 23:14:30 | Attr = ] Bluetooth.lnk -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> [Ver = | Size = 743 bytes | Modified Date = 01/03/2008 08:16:17 | Attr = ] desktop.ini -> %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 22/03/2008 04:11:25 | Attr = HS] desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 174 bytes | Modified Date = 22/03/2008 04:15:53 | Attr = HS] OneNote 2007 Screen Clipper and Launcher.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 1111 bytes | Modified Date = 21/03/2008 23:52:02 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 23/04/2008 00:31:39 | Attr = ] Corel -> %CommonProgramFiles%\Corel -> [Folder | Modified Date = 03/03/2008 02:33:33 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 05/03/2008 15:47:34 | Attr = ] microsoft shared -> %CommonProgramFiles%\microsoft shared -> [Folder | Modified Date = 19/04/2008 14:38:52 | Attr = ] Protexis -> %CommonProgramFiles%\Protexis -> [Folder | Modified Date = 03/03/2008 02:35:41 | Attr = ] snpstd3 -> %CommonProgramFiles%\snpstd3 -> [Folder | Modified Date = 23/03/2008 02:48:44 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 14/03/2008 21:28:54 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 22/03/2008 04:07:33 | Attr = ] WildPackets -> %CommonProgramFiles%\WildPackets -> [Folder | Modified Date = 22/04/2008 21:51:56 | Attr = ] < End of report > [/code]