[code] OTScanIt logfile created on: 04.06.2008 00:15:11 OTScanIt by OldTimer - Version 1.0.15.10 Folder = C:\Documents and Settings\65C\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy 383,36 Mb Total Physical Memory | 109,66 Mb Available Physical Memory | 28,61% Memory free 920,25 Mb Paging File | 544,74 Mb Available in Paging File | 59,19% Paging File free Paging file location(s): C:\pagefile.sys 576 1152; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 18,34 Gb Free Space | 75,11% Space Free | Partition Type: NTFS Drive D: | 50,11 Gb Total Space | 10,07 Gb Free Space | 20,11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 363,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 65C-2D30CF2C80B Current User Name: 65C Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 08.03.2006 17:42:00 | Attr = ] ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 08.04.2005 15:54:52 | Attr = ] ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 08.04.2005 15:52:32 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 08.03.2006 17:42:00 | Attr = ] hcontrol.exe -> %SystemRoot%\ATK0100\HControl.exe -> [Ver = 1043, 2, 15, 56 | Size = 106496 bytes | Modified Date = 23.02.2006 07:40:40 | Attr = R ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Modified Date = 08.03.2006 21:05:00 | Attr = ] sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.11.06 | Size = 544768 bytes | Modified Date = 20.01.2006 07:34:26 | Attr = R ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.1.1 | Size = 16270848 bytes | Modified Date = 14.11.2006 12:21:28 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 761945 bytes | Modified Date = 21.10.2005 09:26:48 | Attr = ] daemon.exe -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.46.0.0 | Size = 81920 bytes | Modified Date = 12.03.2004 22:43:18 | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 08.04.2005 15:52:30 | Attr = ] vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 17.04.2005 12:30:48 | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 22.10.2006 23:24:02 | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 17.04.2005 12:30:32 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19.10.2006 13:52:24 | Attr = ] devdetect.exe -> %CommonProgramFiles%\ACD Systems\EN\DevDetect.exe -> ACD Systems, Ltd. [Ver = 3,0,9,0 | Size = 282624 bytes | Modified Date = 01.09.2004 18:22:38 | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 17.04.2005 12:30:40 | Attr = ] atkosd.exe -> %SystemRoot%\ATK0100\ATKOSD.exe -> [Ver = 1043, 2, 15, 56 | Size = 2170880 bytes | Modified Date = 21.02.2006 10:25:58 | Attr = R ] fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 02.06.2008 20:32:34 | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 30.08.2007 17:43:18 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.10 | Size = 373760 bytes | Modified Date = 02.06.2008 00:37:14 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 02.06.2008 21:00:04 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 08.03.2006 17:42:00 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 185968 bytes | Modified Date = 08.04.2005 15:52:32 | Attr = ] (ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 83568 bytes | Modified Date = 08.04.2005 15:54:50 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 103.5.1.9 | Size = 161392 bytes | Modified Date = 08.04.2005 15:54:52 | Attr = ] (DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 19648 bytes | Modified Date = 17.04.2005 12:30:32 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 02.06.2008 20:32:34 | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 19.10.2006 13:52:24 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 23.12.2006 17:54:04 | Attr = ] (SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.0.0.359 | Size = 124608 bytes | Modified Date = 17.04.2005 12:30:42 | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05.04.2005 11:17:22 | Attr = ] (SPBBCSvc) Symantec SPBBCSvc [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,5,1,3 | Size = 992864 bytes | Modified Date = 30.03.2005 21:48:22 | Attr = ] (Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.0.0.359 | Size = 1706176 bytes | Modified Date = 17.04.2005 12:30:40 | Attr = ] [Driver Services - Non-Microsoft Only] (ASNDIS5) ASNDIS5 Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\ASNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16269 bytes | Modified Date = 09.09.2002 19:54:06 | Attr = ] (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> [Ver = | Size = 95360 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6601 | Size = 1506816 bytes | Modified Date = 08.03.2006 17:49:20 | Attr = ] (BCM43XX) ASUS 802.11 Network Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.64.0 built by: WinDDK | Size = 371712 bytes | Modified Date = 11.02.2005 21:46:22 | Attr = ] (d346bus) d346bus [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d346bus.sys -> [Ver = 3.46.0.0 built by: WinDDK | Size = 156800 bytes | Modified Date = 12.03.2004 22:41:28 | Attr = ] (d346prt) d346prt [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\d346prt.sys -> [Ver = 3.46.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 12.03.2004 22:41:42 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 15.05.2008 17:21:16 | Attr = ] (EraserUtilDrv10741) EraserUtilDrv10741 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilDrv10741.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 15.05.2008 17:21:16 | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 07.01.2005 17:07:18 | Attr = ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5324 built by: WinDDK | Size = 4225920 bytes | Modified Date = 15.11.2006 09:34:40 | Attr = R ] (MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 02.06.2008 18:05:09 | Attr = ] (MTsensor) ATK0100 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ATKACPI.sys -> [Ver = 1043, 2, 15, 46 | Size = 5632 bytes | Modified Date = 17.02.2005 18:07:48 | Attr = R ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080602.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 15.05.2008 17:21:16 | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080602.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 15.05.2008 17:21:16 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 08.03.2007 02:51:00 | Attr = ] (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 12.07.2005 19:00:30 | Attr = ] (risdptsk) risdptsk [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\risdptsk.sys -> REDC [Ver = 1.0.3.6 | Size = 27904 bytes | Modified Date = 14.07.2005 12:14:34 | Attr = ] (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5,639,0118,2006 built by: WinDDK | Size = 80512 bytes | Modified Date = 18.01.2006 13:41:58 | Attr = R ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 04.08.2004 01:31:34 | Attr = ] (SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 324232 bytes | Modified Date = 04.02.2005 20:14:30 | Attr = ] (SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> Symantec Corporation [Ver = 9.5.0.41 | Size = 53896 bytes | Modified Date = 04.02.2005 20:14:32 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] (smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smserial.sys -> Motorola Inc. [Ver = SM56 Rel. 6.11 Build 06 | Size = 862340 bytes | Modified Date = 20.01.2006 07:44:42 | Attr = R ] (SPBBCDrv) SPBBCDrv [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,5,1,3 | Size = 372832 bytes | Modified Date = 30.03.2005 21:48:20 | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.1.1 | Size = 123200 bytes | Modified Date = 01.04.2005 20:36:04 | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 05.04.2005 11:17:00 | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 05.04.2005 11:17:02 | Attr = ] (SynMini) USB2.0 1.3M WebCam [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynMini.sys -> [Ver = | Size = 1056512 bytes | Modified Date = 03.07.2006 05:33:24 | Attr = R ] (SynScan) USB2.0 1.3M WebCam Still Image [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynScan.sys -> [Ver = | Size = 8064 bytes | Modified Date = 30.06.2006 05:40:52 | Attr = R ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 191936 bytes | Modified Date = 21.10.2005 09:13:08 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 22.10.2006 23:24:02 | Attr = ] Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 03.05.2005 13:43:28 | Attr = R ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Modified Date = 08.03.2006 21:05:00 | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 103.5.1.9 | Size = 48752 bytes | Modified Date = 08.04.2005 15:52:30 | Attr = ] DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe ["C:\Program Files\D-Tools\daemon.exe" -lang 1033] -> DAEMON'S HOME [Ver = 3.46.0.0 | Size = 81920 bytes | Modified Date = 12.03.2004 22:43:18 | Attr = ] Device Detector -> [DevDetect.exe -autorun] -> File not found HControl -> %SystemRoot%\ATK0100\HControl.exe [C:\WINDOWS\ATK0100\HControl.exe] -> [Ver = 1043, 2, 15, 56 | Size = 106496 bytes | Modified Date = 23.02.2006 07:40:40 | Attr = R ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12.01.2006 15:40:44 | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.1.1 | Size = 16270848 bytes | Modified Date = 14.11.2006 12:21:28 | Attr = ] SkyTel -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 16.05.2006 13:04:26 | Attr = R ] SMSERIAL -> %SystemRoot%\sm56hlpr.exe [sm56hlpr.exe] -> Motorola Inc. [Ver = 6.11.06 | Size = 544768 bytes | Modified Date = 20.01.2006 07:34:26 | Attr = R ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 761945 bytes | Modified Date = 21.10.2005 09:26:48 | Attr = ] vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> Symantec Corporation [Ver = 10.0.0.359 | Size = 85184 bytes | Modified Date = 17.04.2005 12:30:48 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30.08.2007 17:43:18 | Attr = ] < Run [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30.08.2007 17:43:18 | Attr = ] < 65C Startup Folder > -> C:\Documents and Settings\65C\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16.03.2005 19:16:50 | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe -> [Ver = | Size = 295606 bytes | Modified Date = 02.06.2008 20:31:59 | Attr = R ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23.10.2006 00:01:50 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 08.03.2006 17:43:14 | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> Symantec Corporation [Ver = 10.0.0.359 | Size = 43712 bytes | Modified Date = 17.04.2005 12:30:56 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-L632D_______________AS05____\5&16e4bc8c&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&242632de&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = ] autorun.inf [;m | [AutoRun] | ;ak9Aldalo4a9w80ASwAO1aDaqd7a2dlkw2fjK4sqi2aa2kwD3Keisfan1e2r5jsiD3Kkw3l | open=i1rbfq.bat | ;40il0dws4a9wSjJA3ed10OK2LJsASawjDD3p31SiFpfArwqel2A5aso24Ljl3f93d05mjJD33on5irw4aJiraoUsCkkdw2lfqskwkD2ileqr2Dfl61wwawKpK2os5K | shell\open\Command=i1rbfq.bat | ; | shell\open\Default=1 | ;aDk2kkDko5A5wjs2JKiska22iAiardaAfSAiZwwdkD42003kwaDq53edLcpf04nqwK4jl5aj0is2kKDj2JDa4rF7dLoLls | shell\explore\Command=i1rbfq.bat | ;ww1D9KF3a8s5Dqs3kolKL | ] -> %SystemDrive%\autorun.inf [ NTFS ] -> [Ver = | Size = 446 bytes | Modified Date = 03.06.2008 17:58:24 | Attr = RHS] autorun.inf [;m | [AutoRun] | ;ak9Aldalo4a9w80ASwAO1aDaqd7a2dlkw2fjK4sqi2aa2kwD3Keisfan1e2r5jsiD3Kkw3l | open=i1rbfq.bat | ;40il0dws4a9wSjJA3ed10OK2LJsASawjDD3p31SiFpfArwqel2A5aso24Ljl3f93d05mjJD33on5irw4aJiraoUsCkkdw2lfqskwkD2ileqr2Dfl61wwawKpK2os5K | shell\open\Command=i1rbfq.bat | ; | shell\open\Default=1 | ;aDk2kkDko5A5wjs2JKiska22iAiardaAfSAiZwwdkD42003kwaDq53edLcpf04nqwK4jl5aj0is2kKDj2JDa4rF7dLoLls | shell\explore\Command=i1rbfq.bat | ;ww1D9KF3a8s5Dqs3kolKL | ] -> D:\autorun.inf [ NTFS ] -> [Ver = | Size = 446 bytes | Modified Date = 03.06.2008 17:58:24 | Attr = RHS] AUTORUN.INF [[autorun] | open=Setup.exe -auto | icon=Setup.exe,0 | ] -> F:\AUTORUN.INF [ CDFS ] -> [Ver = | Size = 49 bytes | Modified Date = 17.06.2004 06:36:10 | Attr = R ] AutoPlay [] -> F:\AutoPlay [ CDFS ] -> [Folder | Modified Date = 03.03.2005 07:31:21 | Attr = R ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\] > -> -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\] > -> HKEY_USERS\S-1-5-21-583907252-1123561945-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 22.10.2006 23:20:26 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {C812A1B7-CF5F-4943-B786-46CBA1279117} -> (ASUS 802.11g Network Adapter) -> {E92F1F1E-949A-48A6-B896-D3513C08687E} -> () -> {EB8800D9-0D11-4D63-B87D-CBED805800F3} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 692 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 4F F5 C8 3B 52 A1 BD 56 65 81 EE 3B AB B3 96 AD 65 65 66 37 64 63 30 64 00 FD 07 00 E2 4A 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 31 63 C6 E9 98 22 F7 6A 0E 7D FB EE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 71 A6 56 A6 A9 14 24 95 1F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 01 90 37 8C EB F7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 2D 63 68 D0 25 B6 84 9B 4B BD 79 37 54 47 23 40 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B0 38 56 BB 98 C5 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 380 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30.08.2007 17:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 30.08.2007 17:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\StrongDC++\StrongDC.exe -> %ProgramFiles%\StrongDC++\StrongDC.exe [C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++] -> Big Muscle, KohlSoft® Corporation ;-) [Ver = 0, 6, 7, 3 | Size = 2887680 bytes | Modified Date = 24.07.2005 16:00:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < MountPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 03 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\\MUIVerb -> @shell32.dll -> -> File not found -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda2-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\\MUIVerb -> @shell32.dll -> -> File not found -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4200bda3-3193-11dd-9223-0018f33b3d73}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32d40fe-30b7-11dd-9217-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32d40fe-30b7-11dd-9217-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32d40fe-30b7-11dd-9217-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32d40fe-30b7-11dd-9217-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32d40fe-30b7-11dd-9217-806d6172696f}\_Autorun\DefaultIcon\ -> -> *~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32d40fe-30b7-11dd-9217-806d6172696f}\_Autorun\DefaultIcon\\ -> F:\Setup.exe -> F:\Setup.exe -> Adobe Systems Incorporated [Ver = 4.0 | Size = 159744 bytes | Modified Date = 03.08.2004 07:34:56 | Attr = R ] 0 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d510-30c2-11dd-8e0d-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d510-30c2-11dd-8e0d-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d510-30c2-11dd-8e0d-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 10 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d510-30c2-11dd-8e0d-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d510-30c2-11dd-8e0d-806d6172696f}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d510-30c2-11dd-8e0d-806d6172696f}\_Autorun\DefaultIcon\\ -> E:\Nero7.ico [E:\Nero7.ico] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d511-30c2-11dd-8e0d-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d511-30c2-11dd-8e0d-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d512-30c2-11dd-8e0d-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daf4d512-30c2-11dd-8e0d-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F 00 01 00 01 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 09 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\\ -> Open -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\Autoplay\\MUIVerb -> @shell32.dll -> -> File not found -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\AutoRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\AutoRun\\Extended -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\AutoRun\command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\AutoRun\command\\ -> G:\yi3trxvn.bat [G:\yi3trxvn.bat] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\explore\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\explore\Command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\explore\Command\\ -> G:\yi3trxvn.bat [G:\yi3trxvn.bat] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\open\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\open\Command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\open\Command\\ -> G:\yi3trxvn.bat [G:\yi3trxvn.bat] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\open\Default\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4517857-30c3-11dd-9218-0018f33b3d73}\Shell\open\Default\\ -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b32d40fe-30b7-11dd-9217-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b32d40fe-30b7-11dd-9217-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b32d40fe-30b7-11dd-9217-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d510-30c2-11dd-8e0d-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d510-30c2-11dd-8e0d-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d510-30c2-11dd-8e0d-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d511-30c2-11dd-8e0d-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d511-30c2-11dd-8e0d-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d511-30c2-11dd-8e0d-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d512-30c2-11dd-8e0d-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d512-30c2-11dd-8e0d-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{daf4d512-30c2-11dd-8e0d-806d6172696f}\\Generation -> 1 -> [Files/Folders - Created Within 90 days] ASWL2K.ini -> %SystemDrive%\ASWL2K.ini -> [Ver = | Size = 162 bytes | Created Date = 02.06.2008 18:06:24 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 02.06.2008 17:28:19 | Attr = ] autorun.inf -> %SystemDrive%\autorun.inf -> [Ver = | Size = 446 bytes | Created Date = 02.06.2008 18:20:53 | Attr = RHS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 02.06.2008 20:05:33 | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 02.06.2008 17:28:19 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 02.06.2008 20:06:22 | Attr = ] i1rbfq.bat -> %SystemDrive%\i1rbfq.bat -> [Ver = | Size = 165784 bytes | Created Date = 03.06.2008 15:40:33 | Attr = RHS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 02.06.2008 17:28:19 | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 02.06.2008 17:28:19 | Attr = RHS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 02.06.2008 19:23:43 | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Created Date = 02.06.2008 20:07:35 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 02.06.2008 19:51:31 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 02.06.2008 19:58:59 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Created Date = 03.06.2008 20:41:07 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] yi3trxvn.bat -> %SystemDrive%\yi3trxvn.bat -> [Ver = | Size = 164024 bytes | Created Date = 02.06.2008 18:20:53 | Attr = RHS] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 02.06.2008 17:29:18 | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 02.06.2008 17:29:18 | Attr = ] cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 02.06.2008 17:29:28 | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 02.06.2008 17:29:32 | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 02.06.2008 17:29:19 | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 02.06.2008 17:29:19 | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 02.06.2008 17:29:20 | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:20 | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:20 | Attr = ] c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:30 | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 02.06.2008 17:29:20 | Attr = ] c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:30 | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:20 | Attr = ] c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:32 | Attr = ] c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:20 | Attr = ] c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:21 | Attr = ] c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:22 | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 02.06.2008 17:29:22 | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 02.06.2008 17:29:22 | Attr = ] c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 02.06.2008 17:29:22 | Attr = ] c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 02.06.2008 17:29:22 | Attr = ] c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 02.06.2008 17:29:22 | Attr = ] c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:24 | Attr = ] c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:23 | Attr = ] c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:24 | Attr = ] c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:25 | Attr = ] c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:27 | Attr = ] c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:30 | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:26 | Attr = ] c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:32 | Attr = ] c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:34 | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:26 | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 17:29:26 | Attr = ] c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:27 | Attr = ] c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:32 | Attr = ] c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 17:29:26 | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 17:29:27 | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 17:29:27 | Attr = ] c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:27 | Attr = ] c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 17:29:27 | Attr = ] c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 02.06.2008 20:07:23 | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 02.06.2008 20:07:23 | Attr = ] eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 02.06.2008 20:07:22 | Attr = ] esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 02.06.2008 17:29:45 | Attr = ] esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 02.06.2008 17:29:45 | Attr = ] esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 02.06.2008 17:29:45 | Attr = ] FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 02.06.2008 17:29:50 | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 02.06.2008 17:29:56 | Attr = ] HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 02.06.2008 17:23:22 | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 02.06.2008 17:30:06 | Attr = ] IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 02.06.2008 17:30:24 | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 02.06.2008 17:30:27 | Attr = ] IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 02.06.2008 17:30:28 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 02.06.2008 17:25:01 | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 02.06.2008 17:30:38 | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 02.06.2008 17:30:39 | Attr = ] ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 02.06.2008 20:07:36 | Attr = ] MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 02.06.2008 17:25:20 | Attr = ] msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 02.06.2008 17:25:04 | Attr = ] MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 02.06.2008 17:26:15 | Attr = ] NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 02.06.2008 20:07:08 | Attr = ] NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 02.06.2008 20:07:08 | Attr = ] NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 02.06.2008 17:22:43 | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 02.06.2008 17:31:05 | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 02.06.2008 17:31:07 | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 02.06.2008 17:31:08 | Attr = ] r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 02.06.2008 20:07:37 | Attr = ] rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 02.06.2008 17:31:15 | Attr = ] rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 02.06.2008 17:31:15 | Attr = ] rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 02.06.2008 17:31:15 | Attr = ] sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 02.06.2008 20:07:37 | Attr = ] sam.spd -> %SystemRoot%\System32\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 02.06.2008 20:07:37 | Attr = ] SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 02.06.2008 20:07:08 | Attr = ] spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 02.06.2008 20:07:23 | Attr = ] srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 02.06.2008 17:25:35 | Attr = ] tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 02.06.2008 20:07:09 | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 02.06.2008 17:31:53 | Attr = ] ativcaxx.cpa -> %SystemRoot%\System32\drivers\ativcaxx.cpa -> [Ver = | Size = 1114674 bytes | Created Date = 02.06.2008 17:44:24 | Attr = R ] ativcaxx.vp -> %SystemRoot%\System32\drivers\ativcaxx.vp -> [Ver = | Size = 929 bytes | Created Date = 02.06.2008 17:44:24 | Attr = R ] ativckxx.vp -> %SystemRoot%\System32\drivers\ativckxx.vp -> [Ver = | Size = 58560 bytes | Created Date = 02.06.2008 17:44:24 | Attr = R ] ativvpxx.vp -> %SystemRoot%\System32\drivers\ativvpxx.vp -> [Ver = | Size = 27280 bytes | Created Date = 02.06.2008 17:44:24 | Attr = R ] ATKACPI.sys -> %SystemRoot%\System32\drivers\ATKACPI.sys -> [Ver = 1043, 2, 15, 46 | Size = 5632 bytes | Created Date = 02.06.2008 17:42:01 | Attr = R ] BCMWL5.SYS -> %SystemRoot%\System32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 3.100.64.0 built by: WinDDK | Size = 371712 bytes | Created Date = 02.06.2008 18:04:42 | Attr = ] cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9336 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9464 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] d346bus.sys -> %SystemRoot%\System32\drivers\d346bus.sys -> [Ver = 3.46.0.0 built by: WinDDK | Size = 156800 bytes | Created Date = 02.06.2008 18:21:34 | Attr = ] d346prt.sys -> %SystemRoot%\System32\drivers\d346prt.sys -> [Ver = 3.46.0.0 built by: WinDDK | Size = 5248 bytes | Created Date = 02.06.2008 18:21:34 | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] mdc8021x.sys -> %SystemRoot%\System32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Created Date = 02.06.2008 18:05:09 | Attr = ] MMIOPORT.SYS -> %SystemRoot%\System32\drivers\MMIOPORT.SYS -> [Ver = | Size = 7424 bytes | Created Date = 02.06.2008 17:39:04 | Attr = R ] PxHelp20.sys -> %SystemRoot%\System32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] rimsptsk.sys -> %SystemRoot%\System32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Created Date = 02.06.2008 17:58:07 | Attr = ] risdptsk.sys -> %SystemRoot%\System32\drivers\risdptsk.sys -> REDC [Ver = 1.0.3.6 | Size = 27904 bytes | Created Date = 02.06.2008 17:58:09 | Attr = ] RtkHDAud.Sys -> %SystemRoot%\System32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5324 built by: WinDDK | Size = 4225920 bytes | Created Date = 02.06.2008 17:48:54 | Attr = R ] RTL8139.sys -> %SystemRoot%\System32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 02.06.2008 20:09:08 | Attr = ] Rtnicxp.sys -> %SystemRoot%\System32\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5,639,0118,2006 built by: WinDDK | Size = 80512 bytes | Created Date = 02.06.2008 17:53:47 | Attr = R ] smserial.sys -> %SystemRoot%\System32\drivers\smserial.sys -> Motorola Inc. [Ver = SM56 Rel. 6.11 Build 06 | Size = 862340 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.1.1 | Size = 123200 bytes | Created Date = 02.06.2008 18:24:41 | Attr = ] SynCamd.sys -> %SystemRoot%\System32\drivers\SynCamd.sys -> [Ver = | Size = 30592 bytes | Created Date = 02.06.2008 18:00:44 | Attr = R ] SynMini.sys -> %SystemRoot%\System32\drivers\SynMini.sys -> [Ver = | Size = 1056512 bytes | Created Date = 02.06.2008 18:00:43 | Attr = R ] SynPin.sys -> %SystemRoot%\System32\drivers\SynPin.sys -> [Ver = | Size = 498688 bytes | Created Date = 02.06.2008 18:00:44 | Attr = R ] SynPipe.sys -> %SystemRoot%\System32\drivers\SynPipe.sys -> Syntek America Inc. [Ver = 1.0.0.2 | Size = 12322304 bytes | Created Date = 02.06.2008 18:00:44 | Attr = R ] SynSam.sys -> %SystemRoot%\System32\drivers\SynSam.sys -> [Ver = | Size = 14848 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] SynScan.sys -> %SystemRoot%\System32\drivers\SynScan.sys -> [Ver = | Size = 8064 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] SynTP.sys -> %SystemRoot%\System32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 191936 bytes | Created Date = 02.06.2008 17:54:59 | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 02.06.2008 20:05:29 | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ac3filter.cpl -> %SystemRoot%\System32\ac3filter.cpl -> [Ver = 1.01a | Size = 417792 bytes | Created Date = 02.06.2008 20:07:54 | Attr = ] ALSndMgr.Cpl -> %SystemRoot%\System32\ALSndMgr.Cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 10 | Size = 299008 bytes | Created Date = 02.06.2008 17:48:43 | Attr = R ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 02.06.2008 17:28:15 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 03.06.2008 12:19:32 | Attr = ] ASNDIS3.vxd -> %SystemRoot%\System32\ASNDIS3.vxd -> [Ver = | Size = 15577 bytes | Created Date = 02.06.2008 18:04:42 | Attr = ] ASNDIS5.sys -> %SystemRoot%\System32\ASNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16269 bytes | Created Date = 02.06.2008 18:04:42 | Attr = ] ASUSW32N50.dll -> %SystemRoot%\System32\ASUSW32N50.dll -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 61440 bytes | Created Date = 02.06.2008 18:04:42 | Attr = ] ASWL2K.exe -> %SystemRoot%\System32\ASWL2K.exe -> [Ver = | Size = 516096 bytes | Created Date = 02.06.2008 18:04:42 | Attr = ] ASWLSVC.exe -> %SystemRoot%\System32\ASWLSVC.exe -> [Ver = | Size = 496640 bytes | Created Date = 02.06.2008 18:04:43 | Attr = ] atifglpf.xml -> %SystemRoot%\System32\atifglpf.xml -> [Ver = | Size = 6005 bytes | Created Date = 02.06.2008 17:44:26 | Attr = R ] atiicdxx.dat -> %SystemRoot%\System32\atiicdxx.dat -> [Ver = | Size = 124376 bytes | Created Date = 02.06.2008 17:44:25 | Attr = R ] atiiiexx.dll -> %SystemRoot%\System32\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 02.06.2008 17:44:28 | Attr = R ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 02.06.2008 20:07:20 | Attr = ] bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] BuzzingBee.wav -> %SystemRoot%\System32\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Created Date = 02.06.2008 17:51:23 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Created Date = 02.06.2008 20:06:55 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 02.06.2008 20:06:55 | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 02.06.2008 17:26:37 | Attr = RH ] ChCfg.exe -> %SystemRoot%\System32\ChCfg.exe -> [Ver = | Size = 49152 bytes | Created Date = 02.06.2008 17:49:40 | Attr = R ] ClientCpl.cpl -> %SystemRoot%\System32\ClientCpl.cpl -> [Ver = | Size = 141824 bytes | Created Date = 02.06.2008 18:04:42 | Attr = ] codecs.bat -> %SystemRoot%\System32\codecs.bat -> [Ver = | Size = 243 bytes | Created Date = 27.05.2008 16:15:04 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Created Date = 02.06.2008 17:22:36 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 02.06.2008 17:28:19 | Attr = ] cpuinf32.dll -> %SystemRoot%\System32\cpuinf32.dll -> [Ver = | Size = 19968 bytes | Created Date = 02.06.2008 20:08:00 | Attr = ] c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:30 | Attr = ] c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:30 | Attr = ] c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:32 | Attr = ] c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:24 | Attr = ] C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:27 | Attr = ] C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:30 | Attr = ] C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:32 | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:34 | Attr = ] c_737.nls -> %SystemRoot%\System32\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_852.nls -> %SystemRoot%\System32\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:25 | Attr = ] c_855.nls -> %SystemRoot%\System32\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:27 | Attr = ] c_857.nls -> %SystemRoot%\System32\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:32 | Attr = ] c_866.nls -> %SystemRoot%\System32\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:27 | Attr = ] c_869.nls -> %SystemRoot%\System32\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] c_875.nls -> %SystemRoot%\System32\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 02.06.2008 20:07:29 | Attr = ] desktop.ini -> %SystemRoot%\System32\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 02.06.2008 17:25:42 | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 02.06.2008 20:07:23 | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 02.06.2008 20:07:23 | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Created Date = 02.06.2008 17:26:07 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 02.06.2008 17:24:13 | Attr = ] EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 02.06.2008 20:07:22 | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 242328 bytes | Created Date = 02.06.2008 20:06:21 | Attr = ] gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] gorun.exe -> %SystemRoot%\System32\gorun.exe -> NTWind Software [Ver = 2.2.0.0 | Size = 16792 bytes | Created Date = 27.05.2008 16:15:04 | Attr = ] hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 02.06.2008 17:23:22 | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2180 | Size = 345088 bytes | Created Date = 02.06.2008 17:22:42 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] IME -> %SystemRoot%\System32\IME -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 02.06.2008 17:25:01 | Attr = ] ISUSPM.cpl -> %SystemRoot%\System32\ISUSPM.cpl -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 73728 bytes | Created Date = 02.06.2008 17:53:34 | Attr = ] kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] korean.uce -> %SystemRoot%\System32\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Created Date = 02.06.2008 17:51:22 | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 02.06.2008 17:26:44 | Attr = RH ] LoopyMusic.wav -> %SystemRoot%\System32\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Created Date = 02.06.2008 17:51:23 | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 02.06.2008 17:25:23 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Created Date = 02.06.2008 17:35:02 | Attr = S] mplaa6.dll -> %SystemRoot%\System32\mplaa6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 77824 bytes | Created Date = 02.06.2008 20:08:00 | Attr = ] mplam6.dll -> %SystemRoot%\System32\mplam6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 65536 bytes | Created Date = 02.06.2008 20:08:00 | Attr = ] mplapx.dll -> %SystemRoot%\System32\mplapx.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 65536 bytes | Created Date = 02.06.2008 20:08:00 | Attr = ] mplaw7.dll -> %SystemRoot%\System32\mplaw7.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 77824 bytes | Created Date = 02.06.2008 20:08:00 | Attr = ] mplva6.dll -> %SystemRoot%\System32\mplva6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1650688 bytes | Created Date = 02.06.2008 20:08:01 | Attr = ] mplvm6.dll -> %SystemRoot%\System32\mplvm6.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1552384 bytes | Created Date = 02.06.2008 20:08:01 | Attr = ] mplvpx.dll -> %SystemRoot%\System32\mplvpx.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1122304 bytes | Created Date = 02.06.2008 20:08:01 | Attr = ] mplvw7.dll -> %SystemRoot%\System32\mplvw7.dll -> Ligos Corporation [Ver = 1.0.0.3 | Size = 1581056 bytes | Created Date = 02.06.2008 20:08:00 | Attr = ] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Created Date = 02.06.2008 17:22:38 | Attr = ] msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 02.06.2008 17:23:12 | Attr = ] msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 02.06.2008 17:23:12 | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 02.06.2008 17:26:37 | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 02.06.2008 17:28:15 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 02.06.2008 17:26:37 | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 02.06.2008 20:07:41 | Attr = ] px.dll -> %SystemRoot%\System32\px.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 547576 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxafs.dll -> %SystemRoot%\System32\pxafs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 129784 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxcpya64.exe -> %SystemRoot%\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.40a | Size = 64760 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxdrv.dll -> %SystemRoot%\System32\pxdrv.dll -> Sonic Solutions [Ver = 1.02.05a | Size = 510712 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxhpinst.exe -> %SystemRoot%\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 72440 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxinsa64.exe -> %SystemRoot%\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.56a | Size = 64760 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxmas.dll -> %SystemRoot%\System32\pxmas.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 187128 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxsfs.dll -> %SystemRoot%\System32\pxsfs.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 1628920 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] pxwave.dll -> %SystemRoot%\System32\pxwave.dll -> Sonic Solutions [Ver = 3.6.36.500 | Size = 379640 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Created Date = 02.06.2008 17:53:46 | Attr = ] RemSvc.exe -> %SystemRoot%\System32\RemSvc.exe -> [Ver = 1, 1, 0, 0 | Size = 159827 bytes | Created Date = 02.06.2008 18:04:43 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Created Date = 02.06.2008 17:25:02 | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Created Date = 02.06.2008 17:49:12 | Attr = ] RTSndMgr.Cpl -> %SystemRoot%\System32\RTSndMgr.Cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 9 | Size = 282624 bytes | Created Date = 02.06.2008 17:49:01 | Attr = R ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.6.1.2 | Size = 91856 bytes | Created Date = 02.06.2008 18:24:41 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 02.06.2008 17:26:37 | Attr = RH ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] sm56co.dll -> %SystemRoot%\System32\sm56co.dll -> Motorola Inc. [Ver = 6.11.06 | Size = 131072 bytes | Created Date = 02.06.2008 17:47:51 | Attr = R ] snymsico.dll -> %SystemRoot%\System32\snymsico.dll -> Sony Corporation [Ver = 1, 0, 0, 09120 | Size = 90112 bytes | Created Date = 02.06.2008 17:58:07 | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 02.06.2008 20:07:23 | Attr = ] subrange.uce -> %SystemRoot%\System32\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 02.06.2008 17:23:15 | Attr = ] SynCOM.dll -> %SystemRoot%\System32\SynCOM.dll -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 82012 bytes | Created Date = 02.06.2008 17:54:58 | Attr = ] SynCtrl.dll -> %SystemRoot%\System32\SynCtrl.dll -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 114688 bytes | Created Date = 02.06.2008 17:54:58 | Attr = ] SynProp.ax -> %SystemRoot%\System32\SynProp.ax -> Syntek America Inc. [Ver = 1.0.0.2 | Size = 69632 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] SynSvc_.exe -> %SystemRoot%\System32\SynSvc_.exe -> [Ver = | Size = 24576 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] SynTPAPI.dll -> %SystemRoot%\System32\SynTPAPI.dll -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 94297 bytes | Created Date = 02.06.2008 17:54:59 | Attr = ] SynTPCo2.dll -> %SystemRoot%\System32\SynTPCo2.dll -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 81920 bytes | Created Date = 02.06.2008 17:54:59 | Attr = ] SynTPFcs.dll -> %SystemRoot%\System32\SynTPFcs.dll -> Synaptics, Inc. [Ver = 8.2.0 21Oct05 | Size = 69721 bytes | Created Date = 02.06.2008 17:55:02 | Attr = ] SynUSD.dll -> %SystemRoot%\System32\SynUSD.dll -> Syntek America Inc. [Ver = 1.0.0.2 | Size = 28672 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] SynVFW.dll -> %SystemRoot%\System32\SynVFW.dll -> Syntek America Inc. [Ver = 1.0.0.2 | Size = 57344 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] systemcore.inf -> %SystemRoot%\System32\systemcore.inf -> [Ver = | Size = 1155 bytes | Created Date = 27.05.2008 16:15:04 | Attr = ] systemcore.ocx -> %SystemRoot%\System32\systemcore.ocx -> SopCast.com [Ver = 1.00 | Size = 61440 bytes | Created Date = 27.05.2008 16:15:04 | Attr = ] tslabels.h -> %SystemRoot%\System32\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 02.06.2008 17:23:13 | Attr = ] tslabels.ini -> %SystemRoot%\System32\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 02.06.2008 17:23:13 | Attr = ] unrar.dll -> %SystemRoot%\System32\unrar.dll -> [Ver = | Size = 152064 bytes | Created Date = 02.06.2008 20:07:59 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 02.06.2008 17:23:13 | Attr = ] vxblock.dll -> %SystemRoot%\System32\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Created Date = 02.06.2008 18:27:06 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 02.06.2008 17:26:44 | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 02.06.2008 17:23:05 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 02.06.2008 17:26:37 | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 02.06.2008 17:28:43 | Attr = ] xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 761856 bytes | Created Date = 02.06.2008 20:07:57 | Attr = ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Alcmtr.exe -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Created Date = 02.06.2008 17:48:42 | Attr = R ] alcwzrd.exe -> %SystemRoot%\alcwzrd.exe -> RealTek Semicoductor Corp. [Ver = 1.1.0.36 | Size = 2808832 bytes | Created Date = 02.06.2008 17:48:42 | Attr = R ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ARJ.PIF -> %SystemRoot%\ARJ.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:07 | Attr = ] ATK0100 -> %SystemRoot%\ATK0100 -> [Folder | Created Date = 02.06.2008 17:42:01 | Attr = ] Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 02.06.2008 17:32:05 | Attr = S] Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 02.06.2008 17:28:19 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 02.06.2008 17:25:42 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 02.06.2008 18:21:23 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 02.06.2008 17:26:44 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = R S] Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4326 bytes | Created Date = 02.06.2008 20:07:44 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 02.06.2008 20:07:41 | Attr = HS] java -> %SystemRoot%\java -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] LHA.PIF -> %SystemRoot%\LHA.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:07 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] MicCal.exe -> %SystemRoot%\MicCal.exe -> Realtek Semiconductor Corp. [Ver = 1.1.1.6 | Size = 2157568 bytes | Created Date = 02.06.2008 17:48:44 | Attr = R ] Motorola -> %SystemRoot%\Motorola -> [Folder | Created Date = 02.06.2008 17:47:50 | Attr = ] mplayer -> %SystemRoot%\mplayer -> [Folder | Created Date = 02.06.2008 20:03:44 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 02.06.2008 20:56:17 | Attr = ] NOCLOSE.PIF -> %SystemRoot%\NOCLOSE.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:07 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 02.06.2008 19:37:40 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 02.06.2008 20:07:40 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 02.06.2008 17:26:44 | Attr = R ] OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Created Date = 02.06.2008 17:53:34 | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] PKUNZIP.PIF -> %SystemRoot%\PKUNZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:08 | Attr = ] PKZIP.PIF -> %SystemRoot%\PKZIP.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:08 | Attr = ] Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 02.06.2008 17:35:03 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 03.06.2008 15:27:09 | Attr = ] RAR.PIF -> %SystemRoot%\RAR.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:08 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 02.06.2008 18:13:41 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 02.06.2008 17:23:52 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 02.06.2008 17:32:59 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] RTHDCPL.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.1.1 | Size = 16270848 bytes | Created Date = 02.06.2008 17:48:45 | Attr = ] RTLCPL.exe -> %SystemRoot%\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.64 | Size = 9709568 bytes | Created Date = 02.06.2008 17:48:56 | Attr = R ] RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 4 | Size = 499712 bytes | Created Date = 02.06.2008 17:48:34 | Attr = R ] RtlUpd.exe -> %SystemRoot%\RtlUpd.exe -> Realtek Semiconductor Corp. [Ver = 2, 7, 0, 2 | Size = 1183744 bytes | Created Date = 02.06.2008 17:49:00 | Attr = R ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 02.06.2008 17:23:17 | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 02.06.2008 19:29:37 | Attr = ] SkyTel.exe -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Created Date = 02.06.2008 17:49:01 | Attr = R ] sm56brz.dll -> %SystemRoot%\sm56brz.dll -> [Ver = | Size = 69632 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56chs.dll -> %SystemRoot%\sm56chs.dll -> [Ver = | Size = 49152 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56cht.dll -> %SystemRoot%\sm56cht.dll -> [Ver = | Size = 49152 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56eng.dll -> %SystemRoot%\sm56eng.dll -> [Ver = | Size = 69632 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56fra.dll -> %SystemRoot%\sm56fra.dll -> [Ver = | Size = 61440 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56ger.dll -> %SystemRoot%\sm56ger.dll -> [Ver = | Size = 61440 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.11.06 | Size = 544768 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56itl.dll -> %SystemRoot%\sm56itl.dll -> [Ver = | Size = 69632 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56jpn.dll -> %SystemRoot%\sm56jpn.dll -> [Ver = | Size = 53248 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] sm56spn.dll -> %SystemRoot%\sm56spn.dll -> [Ver = | Size = 69632 bytes | Created Date = 02.06.2008 17:47:49 | Attr = R ] Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 02.06.2008 17:23:16 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 02.06.2008 17:35:27 | Attr = ] SoundMan.exe -> %SystemRoot%\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 30 | Size = 86016 bytes | Created Date = 02.06.2008 17:49:02 | Attr = R ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 02.06.2008 17:25:24 | Attr = ] StkUnist.exe -> %SystemRoot%\StkUnist.exe -> [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] Syn112X.exe -> %SystemRoot%\Syn112X.exe -> Syntek America Inc. [Ver = 1.0.0.2 | Size = 98304 bytes | Created Date = 02.06.2008 18:00:49 | Attr = R ] system -> %SystemRoot%\system -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 02.06.2008 17:25:30 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] UC.PIF -> %SystemRoot%\UC.PIF -> [Ver = | Size = 545 bytes | Created Date = 03.06.2008 20:41:08 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 02.06.2008 17:23:58 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 02.06.2008 17:23:58 | Attr = ] vpc32.INI -> %SystemRoot%\vpc32.INI -> [Ver = | Size = 0 bytes | Created Date = 02.06.2008 19:10:15 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = R ] win3 -> %SystemRoot%\win3 -> [Folder | Created Date = 03.06.2008 21:44:37 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 2207 bytes | Created Date = 03.06.2008 20:41:07 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 02.06.2008 17:26:37 | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 02.06.2008 17:25:42 | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 02.06.2008 17:25:42 | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 02.06.2008 19:56:45 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 02.06.2008 17:28:14 | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 02.06.2008 17:23:17 | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 02.06.2008 17:25:30 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 02.06.2008 17:35:03 | Attr = H ] [Files/Folders - Modified Within 90 days] ASWL2K.ini -> %SystemDrive%\ASWL2K.ini -> [Ver = | Size = 162 bytes | Modified Date = 02.06.2008 18:06:25 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = ] autorun.inf -> %SystemDrive%\autorun.inf -> [Ver = | Size = 446 bytes | Modified Date = 03.06.2008 17:58:24 | Attr = RHS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 03.06.2008 16:00:39 | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 02.06.2008 18:53:40 | Attr = ] i1rbfq.bat -> %SystemDrive%\i1rbfq.bat -> [Ver = | Size = 165784 bytes | Modified Date = 03.06.2008 17:06:36 | Attr = RHS] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = RHS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 02.06.2008 19:23:43 | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 04.06.2008 00:07:48 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 02.06.2008 19:51:31 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 02.06.2008 17:35:19 | Attr = HS] totalcmd -> %SystemDrive%\totalcmd -> [Folder | Modified Date = 03.06.2008 20:42:13 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 03.06.2008 22:10:29 | Attr = ] yi3trxvn.bat -> %SystemDrive%\yi3trxvn.bat -> [Ver = | Size = 164024 bytes | Modified Date = 02.06.2008 21:46:33 | Attr = RHS] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 02.06.2008 19:59:18 | Attr = ] mdc8021x.sys -> %SystemRoot%\System32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 02.06.2008 18:05:09 | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 02.06.2008 17:32:05 | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 02.06.2008 19:58:20 | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 02.06.2008 17:28:15 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 03.06.2008 12:19:32 | Attr = ] BuzzingBee.wav -> %SystemRoot%\System32\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Modified Date = 02.06.2008 17:51:23 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 02.06.2008 17:57:35 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 03.06.2008 20:33:55 | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 02.06.2008 17:26:37 | Attr = RH ] codecs.bat -> %SystemRoot%\System32\codecs.bat -> [Ver = | Size = 243 bytes | Modified Date = 27.05.2008 16:12:42 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 02.06.2008 17:24:14 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 02.06.2008 17:32:44 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 02.06.2008 18:13:08 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 03.06.2008 21:26:10 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 04.06.2008 00:05:54 | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 02.06.2008 17:24:13 | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 242328 bytes | Modified Date = 02.06.2008 22:01:54 | Attr = ] gorun.exe -> %SystemRoot%\System32\gorun.exe -> NTWind Software [Ver = 2.2.0.0 | Size = 16792 bytes | Modified Date = 27.05.2008 02:03:56 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 02.06.2008 17:27:46 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 02.06.2008 19:59:08 | Attr = ] IME -> %SystemRoot%\System32\IME -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Modified Date = 02.06.2008 17:51:22 | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 02.06.2008 17:26:44 | Attr = RH ] LoopyMusic.wav -> %SystemRoot%\System32\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Modified Date = 02.06.2008 17:51:23 | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 02.06.2008 17:25:23 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 02.06.2008 17:35:02 | Attr = S] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Modified Date = 02.06.2008 17:23:51 | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 02.06.2008 17:26:37 | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 02.06.2008 20:04:14 | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 02.06.2008 17:28:15 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 02.06.2008 17:26:37 | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 02.06.2008 17:25:58 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 40326 bytes | Modified Date = 02.06.2008 18:14:09 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 311938 bytes | Modified Date = 02.06.2008 18:14:09 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 02.06.2008 18:14:09 | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 02.06.2008 19:59:38 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 02.06.2008 17:53:46 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 02.06.2008 17:35:18 | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Modified Date = 02.06.2008 17:49:40 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 02.06.2008 17:26:37 | Attr = RH ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 02.06.2008 20:05:19 | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 02.06.2008 17:20:09 | Attr = ] systemcore.inf -> %SystemRoot%\System32\systemcore.inf -> [Ver = | Size = 1155 bytes | Modified Date = 27.05.2008 13:46:43 | Attr = ] systemcore.ocx -> %SystemRoot%\System32\systemcore.ocx -> SopCast.com [Ver = 1.00 | Size = 61440 bytes | Modified Date = 27.05.2008 13:32:00 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 02.06.2008 20:05:06 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 02.06.2008 17:28:43 | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 02.06.2008 17:26:44 | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 02.06.2008 17:36:35 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 02.06.2008 17:26:37 | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Modified Date = 02.06.2008 17:28:43 | Attr = ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 02.06.2008 20:04:56 | Attr = ] ATK0100 -> %SystemRoot%\ATK0100 -> [Folder | Modified Date = 02.06.2008 17:42:05 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 04.06.2008 00:07:55 | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 17:28:19 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 02.06.2008 17:23:27 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 02.06.2008 20:06:25 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 02.06.2008 21:06:49 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 02.06.2008 17:53:34 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 02.06.2008 20:04:46 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 02.06.2008 20:21:52 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 02.06.2008 19:29:24 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 02.06.2008 17:28:43 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4326 bytes | Modified Date = 02.06.2008 17:32:11 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 02.06.2008 19:30:33 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 03.06.2008 15:41:22 | Attr = HS] java -> %SystemRoot%\java -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 02.06.2008 20:09:45 | Attr = ] Motorola -> %SystemRoot%\Motorola -> [Folder | Modified Date = 02.06.2008 17:47:50 | Attr = ] mplayer -> %SystemRoot%\mplayer -> [Folder | Modified Date = 02.06.2008 20:03:53 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 02.06.2008 20:04:06 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 02.06.2008 20:04:47 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 02.06.2008 20:56:42 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 02.06.2008 19:37:42 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 02.06.2008 17:28:04 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 02.06.2008 17:26:44 | Attr = R ] OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Modified Date = 02.06.2008 17:53:34 | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 02.06.2008 17:25:09 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 02.06.2008 20:04:31 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 04.06.2008 00:13:04 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 03.06.2008 15:27:47 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 02.06.2008 18:14:07 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 02.06.2008 17:27:59 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 02.06.2008 17:32:59 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 02.06.2008 17:28:42 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 02.06.2008 19:56:45 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 02.06.2008 18:16:59 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 02.06.2008 19:32:04 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 02.06.2008 17:36:13 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 02.06.2008 17:26:17 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 02.06.2008 19:23:52 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 03.06.2008 16:00:39 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 03.06.2008 21:26:02 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 02.06.2008 17:35:03 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 04.06.2008 00:08:47 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 02.06.2008 20:00:09 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 02.06.2008 17:23:58 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 02.06.2008 17:23:58 | Attr = ] vpc32.INI -> %SystemRoot%\vpc32.INI -> [Ver = | Size = 0 bytes | Modified Date = 02.06.2008 19:10:15 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 02.06.2008 17:26:48 | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 573 bytes | Modified Date = 03.06.2008 16:00:39 | Attr = ] win3 -> %SystemRoot%\win3 -> [Folder | Modified Date = 03.06.2008 21:44:50 | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 2207 bytes | Modified Date = 03.06.2008 23:05:41 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 02.06.2008 17:26:37 | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 02.06.2008 20:23:03 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 02.06.2008 18:14:00 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 04.06.2008 00:08:00 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 02.06.2008 22:23:07 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 02.06.2008 22:23:07 | Attr = ] C:\Documents and Settings\65C\Local Settings\Temp\ -> C:\Documents and Settings\65C\Local Settings\Temp -> [Folder | Modified Date = 04.06.2008 00:13:11 | Attr = ] mj.dll -> C:\Documents and Settings\65C\Local Settings\Temp\mj.dll -> [Ver = | Size = 31067 bytes | Modified Date = 03.06.2008 15:39:49 | Attr = H ] ulv.dll -> C:\Documents and Settings\65C\Local Settings\Temp\ulv.dll -> [Ver = | Size = 30802 bytes | Modified Date = 03.06.2008 17:56:52 | Attr = H ] 16 C:\Documents and Settings\65C\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\65C\Local Settings\Temp\*.tmp -> [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] Application Data -> C:\Documents and Settings\65C\Application Data -> [Folder | Modified Date = 03.06.2008 21:46:12 | Attr = RH ] ACD Systems -> C:\Documents and Settings\65C\Application Data\ACD Systems -> [Folder | Modified Date = 03.06.2008 12:13:27 | Attr = ] ACDSee -> C:\Documents and Settings\65C\Application Data\ACD Systems\ACDSee -> [Folder | Modified Date = 03.06.2008 12:14:01 | Attr = ] 70 -> C:\Documents and Settings\65C\Application Data\ACD Systems\ACDSee\70 -> [Folder | Modified Date = 03.06.2008 12:14:01 | Attr = ] Favorites -> C:\Documents and Settings\65C\Application Data\ACD Systems\ACDSee\Favorites -> [Folder | Modified Date = 03.06.2008 12:13:19 | Attr = ] Catalogs -> C:\Documents and Settings\65C\Application Data\ACD Systems\Catalogs -> [Folder | Modified Date = 03.06.2008 12:13:27 | Attr = ] 70 -> C:\Documents and Settings\65C\Application Data\ACD Systems\Catalogs\70 -> [Folder | Modified Date = 03.06.2008 12:13:27 | Attr = ] Default -> C:\Documents and Settings\65C\Application Data\ACD Systems\Catalogs\70\Default -> [Folder | Modified Date = 03.06.2008 12:13:28 | Attr = ] Adobe -> C:\Documents and Settings\65C\Application Data\Adobe -> [Folder | Modified Date = 02.06.2008 21:06:01 | Attr = ] Acrobat -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 02.06.2008 20:34:41 | Attr = ] 8.0 -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\8.0 -> [Folder | Modified Date = 02.06.2008 21:30:31 | Attr = ] Collab -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\8.0\Collab -> [Folder | Modified Date = 02.06.2008 20:34:48 | Attr = ] Preferences -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\8.0\Preferences -> [Folder | Modified Date = 02.06.2008 20:34:48 | Attr = ] Synchronizer -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\8.0\Synchronizer -> [Folder | Modified Date = 04.06.2008 00:08:29 | Attr = ] metadata -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata -> [Folder | Modified Date = 04.06.2008 00:08:29 | Attr = ] Distiller 8 -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\Distiller 8 -> [Folder | Modified Date = 02.06.2008 20:33:14 | Attr = ] Cache -> C:\Documents and Settings\65C\Application Data\Adobe\Acrobat\Distiller 8\Cache -> [Folder | Modified Date = 02.06.2008 20:33:14 | Attr = ] Adobe PDF -> C:\Documents and Settings\65C\Application Data\Adobe\Adobe PDF -> [Folder | Modified Date = 02.06.2008 20:32:56 | Attr = ] Distiller -> C:\Documents and Settings\65C\Application Data\Adobe\Adobe PDF\Distiller -> [Folder | Modified Date = 02.06.2008 20:32:56 | Attr = ] Data -> C:\Documents and Settings\65C\Application Data\Adobe\Adobe PDF\Distiller\Data -> [Folder | Modified Date = 02.06.2008 20:32:56 | Attr = ] Startup -> C:\Documents and Settings\65C\Application Data\Adobe\Adobe PDF\Distiller\Startup -> [Folder | Modified Date = 02.06.2008 20:32:56 | Attr = ] Settings -> C:\Documents and Settings\65C\Application Data\Adobe\Adobe PDF\Settings -> [Folder | Modified Date = 02.06.2008 20:32:56 | Attr = ] Color -> C:\Documents and Settings\65C\Application Data\Adobe\Color -> [Folder | Modified Date = 02.06.2008 21:05:30 | Attr = ] Proofing -> C:\Documents and Settings\65C\Application Data\Adobe\Color\Proofing -> [Folder | Modified Date = 02.06.2008 21:05:30 | Attr = ] Settings -> C:\Documents and Settings\65C\Application Data\Adobe\Color\Settings -> [Folder | Modified Date = 02.06.2008 21:05:30 | Attr = ] Flash Player -> C:\Documents and Settings\65C\Application Data\Adobe\Flash Player -> [Folder | Modified Date = 02.06.2008 19:22:22 | Attr = ] AssetCache -> C:\Documents and Settings\65C\Application Data\Adobe\Flash Player\AssetCache -> [Folder | Modified Date = 02.06.2008 19:22:22 | Attr = ] AZXTUPYJ -> C:\Documents and Settings\65C\Application Data\Adobe\Flash Player\AssetCache\AZXTUPYJ -> [Folder | Modified Date = 02.06.2008 20:45:06 | Attr = ] Linguistics -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics -> [Folder | Modified Date = 02.06.2008 20:35:11 | Attr = ] Dictionaries -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries -> [Folder | Modified Date = 02.06.2008 20:35:11 | Attr = ] Adobe Custom Dictionary -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary -> [Folder | Modified Date = 02.06.2008 20:35:28 | Attr = ] all -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all -> [Folder | Modified Date = 02.06.2008 20:35:11 | Attr = ] brt -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt -> [Folder | Modified Date = 02.06.2008 20:35:14 | Attr = ] brz -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz -> [Folder | Modified Date = 02.06.2008 20:35:17 | Attr = ] bul -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul -> [Folder | Modified Date = 02.06.2008 20:35:19 | Attr = ] can -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can -> [Folder | Modified Date = 02.06.2008 20:35:21 | Attr = ] cfr -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr -> [Folder | Modified Date = 02.06.2008 20:35:17 | Attr = ] ctl -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl -> [Folder | Modified Date = 02.06.2008 20:35:18 | Attr = ] cze -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze -> [Folder | Modified Date = 02.06.2008 20:35:19 | Attr = ] dan -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan -> [Folder | Modified Date = 02.06.2008 20:35:15 | Attr = ] dut -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut -> [Folder | Modified Date = 02.06.2008 20:35:16 | Attr = ] eng -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng -> [Folder | Modified Date = 02.06.2008 20:35:13 | Attr = ] est -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est -> [Folder | Modified Date = 02.06.2008 20:35:22 | Attr = ] fin -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin -> [Folder | Modified Date = 02.06.2008 20:35:18 | Attr = ] frn -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn -> [Folder | Modified Date = 02.06.2008 20:35:13 | Attr = ] gre -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre -> [Folder | Modified Date = 02.06.2008 20:35:20 | Attr = ] grm -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm -> [Folder | Modified Date = 02.06.2008 20:35:13 | Attr = ] hrv -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv -> [Folder | Modified Date = 02.06.2008 20:35:22 | Attr = ] hun -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun -> [Folder | Modified Date = 02.06.2008 20:35:21 | Attr = ] itl -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl -> [Folder | Modified Date = 02.06.2008 20:35:14 | Attr = ] lav -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav -> [Folder | Modified Date = 02.06.2008 20:35:27 | Attr = ] lit -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit -> [Folder | Modified Date = 02.06.2008 20:35:27 | Attr = ] nrw -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw -> [Folder | Modified Date = 02.06.2008 20:35:15 | Attr = ] nyn -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn -> [Folder | Modified Date = 02.06.2008 20:35:17 | Attr = ] pol -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol -> [Folder | Modified Date = 02.06.2008 20:35:19 | Attr = ] prt -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt -> [Folder | Modified Date = 02.06.2008 20:35:16 | Attr = ] rum -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum -> [Folder | Modified Date = 02.06.2008 20:35:20 | Attr = ] rus -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus -> [Folder | Modified Date = 02.06.2008 20:35:18 | Attr = ] sgr -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr -> [Folder | Modified Date = 02.06.2008 20:35:17 | Attr = ] slo -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo -> [Folder | Modified Date = 02.06.2008 20:35:21 | Attr = ] slv -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv -> [Folder | Modified Date = 02.06.2008 20:35:28 | Attr = ] spn -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn -> [Folder | Modified Date = 02.06.2008 20:35:14 | Attr = ] swd -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd -> [Folder | Modified Date = 02.06.2008 20:35:15 | Attr = ] tur -> C:\Documents and Settings\65C\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur -> [Folder | Modified Date = 02.06.2008 20:35:20 | Attr = ] Photoshop -> C:\Documents and Settings\65C\Application Data\Adobe\Photoshop -> [Folder | Modified Date = 02.06.2008 21:05:06 | Attr = ] 9.0 -> C:\Documents and Settings\65C\Application Data\Adobe\Photoshop\9.0 -> [Folder | Modified Date = 02.06.2008 21:05:06 | Attr = ] Adobe Photoshop CS2 Settings -> C:\Documents and Settings\65C\Application Data\Adobe\Photoshop\9.0\Adobe Photoshop CS2 Settings -> [Folder | Modified Date = 03.06.2008 18:24:30 | Attr = ] WorkSpaces -> C:\Documents and Settings\65C\Application Data\Adobe\Photoshop\9.0\Adobe Photoshop CS2 Settings\WorkSpaces -> [Folder | Modified Date = 02.06.2008 21:05:25 | Attr = ] Updater -> C:\Documents and Settings\65C\Application Data\Adobe\Updater -> [Folder | Modified Date = 02.06.2008 21:06:04 | Attr = ] Workflow -> C:\Documents and Settings\65C\Application Data\Adobe\Workflow -> [Folder | Modified Date = 03.06.2008 17:10:51 | Attr = ] Ahead -> C:\Documents and Settings\65C\Application Data\Ahead -> [Folder | Modified Date = 03.06.2008 10:10:47 | Attr = ] Nero Burning ROM -> C:\Documents and Settings\65C\Application Data\Ahead\Nero Burning ROM -> [Folder | Modified Date = 03.06.2008 10:31:35 | Attr = ] Identities -> C:\Documents and Settings\65C\Application Data\Identities -> [Folder | Modified Date = 02.06.2008 17:36:45 | Attr = ] {D7861FBD-F01D-4318-88EF-9C7C20293DD7} -> C:\Documents and Settings\65C\Application Data\Identities\{D7861FBD-F01D-4318-88EF-9C7C20293DD7} -> [Folder | Modified Date = 02.06.2008 17:36:45 | Attr = ] Macromedia -> C:\Documents and Settings\65C\Application Data\Macromedia -> [Folder | Modified Date = 02.06.2008 19:55:36 | Attr = ] Flash Player -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 02.06.2008 19:55:36 | Attr = ] #SharedObjects -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 02.06.2008 19:55:36 | Attr = ] NHVWPWVA -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA -> [Folder | Modified Date = 03.06.2008 15:37:32 | Attr = ] localhost -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\localhost -> [Folder | Modified Date = 03.06.2008 22:04:43 | Attr = ] login.yahoo.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\login.yahoo.com -> [Folder | Modified Date = 02.06.2008 20:08:58 | Attr = ] mee.tokbox.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\mee.tokbox.com -> [Folder | Modified Date = 03.06.2008 16:36:32 | Attr = ] assets -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\mee.tokbox.com\assets -> [Folder | Modified Date = 02.06.2008 20:45:10 | Attr = ] flash -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\mee.tokbox.com\assets\flash -> [Folder | Modified Date = 03.06.2008 12:34:43 | Attr = ] fx_meebo_146b7e7.swf -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\mee.tokbox.com\assets\flash\fx_meebo_146b7e7.swf -> [Folder | Modified Date = 02.06.2008 20:45:10 | Attr = ] fx_meebo_d32499a.swf -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\mee.tokbox.com\assets\flash\fx_meebo_d32499a.swf -> [Folder | Modified Date = 03.06.2008 16:09:27 | Attr = ] pagead2.googlesyndication.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\pagead2.googlesyndication.com -> [Folder | Modified Date = 03.06.2008 15:45:19 | Attr = ] pagead -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\pagead2.googlesyndication.com\pagead -> [Folder | Modified Date = 03.06.2008 15:45:19 | Attr = ] googleadplayer.swf -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\pagead2.googlesyndication.com\pagead\googleadplayer.swf -> [Folder | Modified Date = 03.06.2008 15:45:19 | Attr = ] webmessenger.yahoo.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\webmessenger.yahoo.com -> [Folder | Modified Date = 02.06.2008 21:20:42 | Attr = ] www.youtube.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\#SharedObjects\NHVWPWVA\www.youtube.com -> [Folder | Modified Date = 02.06.2008 20:16:56 | Attr = ] macromedia.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com -> [Folder | Modified Date = 02.06.2008 19:55:36 | Attr = ] support -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support -> [Folder | Modified Date = 02.06.2008 19:55:36 | Attr = ] flashplayer -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer -> [Folder | Modified Date = 02.06.2008 19:55:36 | Attr = ] sys -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys -> [Folder | Modified Date = 03.06.2008 15:45:19 | Attr = ] #local -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local -> [Folder | Modified Date = 03.06.2008 15:37:32 | Attr = ] #login.yahoo.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com -> [Folder | Modified Date = 02.06.2008 20:08:58 | Attr = ] #mee.tokbox.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mee.tokbox.com -> [Folder | Modified Date = 03.06.2008 16:36:37 | Attr = ] #pagead2.googlesyndication.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pagead2.googlesyndication.com -> [Folder | Modified Date = 03.06.2008 15:45:19 | Attr = ] #webmessenger.yahoo.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#webmessenger.yahoo.com -> [Folder | Modified Date = 02.06.2008 19:55:41 | Attr = ] #www.youtube.com -> C:\Documents and Settings\65C\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com -> [Folder | Modified Date = 02.06.2008 20:13:26 | Attr = ] Malwarebytes -> C:\Documents and Settings\65C\Application Data\Malwarebytes -> [Folder | Modified Date = 03.06.2008 16:16:28 | Attr = ] Malwarebytes' Anti-Malware -> C:\Documents and Settings\65C\Application Data\Malwarebytes\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 03.06.2008 16:16:41 | Attr = ] Logs -> C:\Documents and Settings\65C\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs -> [Folder | Modified Date = 03.06.2008 18:09:57 | Attr = ] Quarantine -> C:\Documents and Settings\65C\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine -> [Folder | Modified Date = 03.06.2008 17:58:21 | Attr = ] Microsoft -> C:\Documents and Settings\65C\Application Data\Microsoft -> [Folder | Modified Date = 03.06.2008 17:21:44 | Attr = S] AddIns -> C:\Documents and Settings\65C\Application Data\Microsoft\AddIns -> [Folder | Modified Date = 02.06.2008 22:23:04 | Attr = ] Credentials -> C:\Documents and Settings\65C\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 02.06.2008 17:36:38 | Attr = S] S-1-5-21-583907252-1123561945-1801674531-1003 -> C:\Documents and Settings\65C\Application Data\Microsoft\Credentials\S-1-5-21-583907252-1123561945-1801674531-1003 -> [Folder | Modified Date = 02.06.2008 17:36:38 | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\65C\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Content -> C:\Documents and Settings\65C\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 03.06.2008 16:15:42 | Attr = S] MetaData -> C:\Documents and Settings\65C\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 03.06.2008 16:15:42 | Attr = S] Crypto -> C:\Documents and Settings\65C\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 02.06.2008 17:39:14 | Attr = S] RSA -> C:\Documents and Settings\65C\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 02.06.2008 17:39:14 | Attr = S] S-1-5-21-583907252-1123561945-1801674531-1003 -> C:\Documents and Settings\65C\Application Data\Microsoft\Crypto\RSA\S-1-5-21-583907252-1123561945-1801674531-1003 -> [Folder | Modified Date = 02.06.2008 18:08:33 | Attr = S] Excel -> C:\Documents and Settings\65C\Application Data\Microsoft\Excel -> [Folder | Modified Date = 03.06.2008 10:32:33 | Attr = ] XLSTART -> C:\Documents and Settings\65C\Application Data\Microsoft\Excel\XLSTART -> [Folder | Modified Date = 02.06.2008 22:23:04 | Attr = ] HTML Help -> C:\Documents and Settings\65C\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 03.06.2008 12:27:49 | Attr = ] Installer -> C:\Documents and Settings\65C\Application Data\Microsoft\Installer -> [Folder | Modified Date = 02.06.2008 18:03:28 | Attr = ] {1DBD1F12-ED93-49C0-A7CC-56CBDE488158} -> C:\Documents and Settings\65C\Application Data\Microsoft\Installer\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158} -> [Folder | Modified Date = 02.06.2008 18:03:28 | Attr = ] Internet Explorer -> C:\Documents and Settings\65C\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 02.06.2008 17:36:45 | Attr = ] Quick Launch -> C:\Documents and Settings\65C\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 04.06.2008 00:05:53 | Attr = R ] Media Player -> C:\Documents and Settings\65C\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = ] Office -> C:\Documents and Settings\65C\Application Data\Microsoft\Office -> [Folder | Modified Date = 03.06.2008 17:28:34 | Attr = ] Recent -> C:\Documents and Settings\65C\Application Data\Microsoft\Office\Recent -> [Folder | Modified Date = 03.06.2008 22:43:00 | Attr = S] Proof -> C:\Documents and Settings\65C\Application Data\Microsoft\Proof -> [Folder | Modified Date = 03.06.2008 17:21:44 | Attr = ] Protect -> C:\Documents and Settings\65C\Application Data\Microsoft\Protect -> [Folder | Modified Date = 02.06.2008 17:39:14 | Attr = S] S-1-5-21-583907252-1123561945-1801674531-1003 -> C:\Documents and Settings\65C\Application Data\Microsoft\Protect\S-1-5-21-583907252-1123561945-1801674531-1003 -> [Folder | Modified Date = 02.06.2008 17:39:14 | Attr = S] SystemCertificates -> C:\Documents and Settings\65C\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] My -> C:\Documents and Settings\65C\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Certificates -> C:\Documents and Settings\65C\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CRLs -> C:\Documents and Settings\65C\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CTLs -> C:\Documents and Settings\65C\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Templates -> C:\Documents and Settings\65C\Application Data\Microsoft\Templates -> [Folder | Modified Date = 03.06.2008 22:43:30 | Attr = ] Windows -> C:\Documents and Settings\65C\Application Data\Microsoft\Windows -> [Folder | Modified Date = 02.06.2008 21:33:41 | Attr = ] Themes -> C:\Documents and Settings\65C\Application Data\Microsoft\Windows\Themes -> [Folder | Modified Date = 03.06.2008 20:25:24 | Attr = ] Word -> C:\Documents and Settings\65C\Application Data\Microsoft\Word -> [Folder | Modified Date = 03.06.2008 17:21:42 | Attr = ] STARTUP -> C:\Documents and Settings\65C\Application Data\Microsoft\Word\STARTUP -> [Folder | Modified Date = 03.06.2008 17:21:42 | Attr = ] vlc -> C:\Documents and Settings\65C\Application Data\vlc -> [Folder | Modified Date = 03.06.2008 21:46:12 | Attr = ] cache -> C:\Documents and Settings\65C\Application Data\vlc\cache -> [Folder | Modified Date = 03.06.2008 21:46:12 | Attr = ] Winamp -> C:\Documents and Settings\65C\Application Data\Winamp -> [Folder | Modified Date = 02.06.2008 18:28:49 | Attr = ] Plugins -> C:\Documents and Settings\65C\Application Data\Winamp\Plugins -> [Folder | Modified Date = 02.06.2008 18:28:19 | Attr = ] ml -> C:\Documents and Settings\65C\Application Data\Winamp\Plugins\ml -> [Folder | Modified Date = 04.06.2008 00:06:34 | Attr = ] cache -> C:\Documents and Settings\65C\Application Data\Winamp\Plugins\ml\cache -> [Folder | Modified Date = 02.06.2008 18:28:18 | Attr = ] Application Data -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = RH ] Adobe -> C:\Documents and Settings\Administrator\Application Data\Adobe -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] Acrobat -> C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] 8.0 -> C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\8.0 -> [Folder | Modified Date = 02.06.2008 21:24:31 | Attr = ] Synchronizer -> C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\8.0\Synchronizer -> [Folder | Modified Date = 02.06.2008 21:43:14 | Attr = ] metadata -> C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata -> [Folder | Modified Date = 02.06.2008 21:43:14 | Attr = ] Distiller 8 -> C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\Distiller 8 -> [Folder | Modified Date = 02.06.2008 21:25:31 | Attr = ] Cache -> C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\Distiller 8\Cache -> [Folder | Modified Date = 02.06.2008 21:25:31 | Attr = ] Adobe PDF -> C:\Documents and Settings\Administrator\Application Data\Adobe\Adobe PDF -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] Distiller -> C:\Documents and Settings\Administrator\Application Data\Adobe\Adobe PDF\Distiller -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] Data -> C:\Documents and Settings\Administrator\Application Data\Adobe\Adobe PDF\Distiller\Data -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] Startup -> C:\Documents and Settings\Administrator\Application Data\Adobe\Adobe PDF\Distiller\Startup -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] Settings -> C:\Documents and Settings\Administrator\Application Data\Adobe\Adobe PDF\Settings -> [Folder | Modified Date = 02.06.2008 21:25:05 | Attr = ] Flash Player -> C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player -> [Folder | Modified Date = 02.06.2008 18:53:44 | Attr = ] AssetCache -> C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache -> [Folder | Modified Date = 02.06.2008 18:53:44 | Attr = ] JNMXSB6A -> C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\AssetCache\JNMXSB6A -> [Folder | Modified Date = 02.06.2008 18:53:44 | Attr = ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 02.06.2008 21:24:02 | Attr = ] {E8015986-E19B-4D3F-9387-5DA91391A5EB} -> C:\Documents and Settings\Administrator\Application Data\Identities\{E8015986-E19B-4D3F-9387-5DA91391A5EB} -> [Folder | Modified Date = 02.06.2008 21:24:02 | Attr = ] Macromedia -> C:\Documents and Settings\Administrator\Application Data\Macromedia -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] Flash Player -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] #SharedObjects -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] T9B2R93M -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\T9B2R93M -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] localhost -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\T9B2R93M\localhost -> [Folder | Modified Date = 02.06.2008 21:44:44 | Attr = ] macromedia.com -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] support -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] flashplayer -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] sys -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] #local -> C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local -> [Folder | Modified Date = 02.06.2008 21:25:54 | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 02.06.2008 18:53:42 | Attr = S] Credentials -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 02.06.2008 18:53:42 | Attr = S] S-1-5-21-583907252-1123561945-1801674531-500 -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-583907252-1123561945-1801674531-500 -> [Folder | Modified Date = 02.06.2008 18:53:42 | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Content -> C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] MetaData -> C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Internet Explorer -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 02.06.2008 21:24:02 | Attr = ] Quick Launch -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch -> [Folder | Modified Date = 02.06.2008 21:24:09 | Attr = R ] Media Player -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = ] SystemCertificates -> C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] My -> C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Certificates -> C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CRLs -> C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CTLs -> C:\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Application Data -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 03.06.2008 16:16:20 | Attr = RH ] ACD Systems -> C:\Documents and Settings\All Users\Application Data\ACD Systems -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] ACDPhotoEditor -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDPhotoEditor -> [Folder | Modified Date = 03.06.2008 15:41:00 | Attr = ] 3.1 -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDPhotoEditor\3.1 -> [Folder | Modified Date = 03.06.2008 15:41:00 | Attr = ] ACDInTouch -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDPhotoEditor\3.1\ACDInTouch -> [Folder | Modified Date = 03.06.2008 15:41:00 | Attr = ] EN -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDPhotoEditor\3.1\ACDInTouch\EN -> [Folder | Modified Date = 03.06.2008 15:41:00 | Attr = ] StaticPages -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDPhotoEditor\3.1\ACDInTouch\EN\StaticPages -> [Folder | Modified Date = 03.06.2008 15:41:00 | Attr = ] Images -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDPhotoEditor\3.1\ACDInTouch\EN\StaticPages\Images -> [Folder | Modified Date = 03.06.2008 15:41:00 | Attr = ] ACDSee -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee -> [Folder | Modified Date = 03.06.2008 12:25:49 | Attr = ] 7.0 -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\7.0 -> [Folder | Modified Date = 03.06.2008 12:25:49 | Attr = ] ACDInTouch -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\7.0\ACDInTouch -> [Folder | Modified Date = 03.06.2008 12:25:49 | Attr = ] EN -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\7.0\ACDInTouch\EN -> [Folder | Modified Date = 03.06.2008 15:41:01 | Attr = ] StaticPages -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\7.0\ACDInTouch\EN\StaticPages -> [Folder | Modified Date = 03.06.2008 15:41:01 | Attr = ] Images -> C:\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\7.0\ACDInTouch\EN\StaticPages\Images -> [Folder | Modified Date = 03.06.2008 15:41:01 | Attr = ] FotoSlate -> C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoSlate -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] 3.1 -> C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoSlate\3.1 -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] ACDInTouch -> C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoSlate\3.1\ACDInTouch -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] EN -> C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoSlate\3.1\ACDInTouch\EN -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] StaticPages -> C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoSlate\3.1\ACDInTouch\EN\StaticPages -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] Images -> C:\Documents and Settings\All Users\Application Data\ACD Systems\FotoSlate\3.1\ACDInTouch\EN\StaticPages\Images -> [Folder | Modified Date = 03.06.2008 15:41:10 | Attr = ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 02.06.2008 21:00:18 | Attr = ] Product licenses -> C:\Documents and Settings\All Users\Application Data\Adobe Systems\Product licenses -> [Folder | Modified Date = 02.06.2008 21:00:18 | Attr = ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 02.06.2008 20:59:04 | Attr = ] Acrobat -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat -> [Folder | Modified Date = 02.06.2008 20:22:57 | Attr = ] 8.0 -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0 -> [Folder | Modified Date = 02.06.2008 20:22:57 | Attr = ] Replicate -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate -> [Folder | Modified Date = 02.06.2008 20:22:57 | Attr = ] Security -> C:\Documents and Settings\All Users\Application Data\Adobe\Acrobat\8.0\Replicate\Security -> [Folder | Modified Date = 02.06.2008 20:22:57 | Attr = ] Adobe PDF -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF -> [Folder | Modified Date = 02.06.2008 20:28:40 | Attr = ] Distiller -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF\Distiller -> [Folder | Modified Date = 02.06.2008 20:22:11 | Attr = ] Data -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF\Distiller\Data -> [Folder | Modified Date = 02.06.2008 20:22:11 | Attr = ] Example Files -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF\Distiller\Example Files -> [Folder | Modified Date = 02.06.2008 20:22:10 | Attr = ] Startup -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF\Distiller\Startup -> [Folder | Modified Date = 02.06.2008 20:22:10 | Attr = ] Extras -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF\Extras -> [Folder | Modified Date = 02.06.2008 20:28:40 | Attr = ] Settings -> C:\Documents and Settings\All Users\Application Data\Adobe\Adobe PDF\Settings -> [Folder | Modified Date = 02.06.2008 20:28:40 | Attr = ] ALM -> C:\Documents and Settings\All Users\Application Data\Adobe\ALM -> [Folder | Modified Date = 02.06.2008 20:32:21 | Attr = ] Updater -> C:\Documents and Settings\All Users\Application Data\Adobe\Updater -> [Folder | Modified Date = 03.06.2008 18:13:49 | Attr = ] Certs -> C:\Documents and Settings\All Users\Application Data\Adobe\Updater\Certs -> [Folder | Modified Date = 02.06.2008 21:04:34 | Attr = ] Updater5 -> C:\Documents and Settings\All Users\Application Data\Adobe\Updater5 -> [Folder | Modified Date = 02.06.2008 20:32:20 | Attr = ] FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [Folder | Modified Date = 02.06.2008 20:32:41 | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 02.06.2008 17:53:51 | Attr = ] UpdateService -> C:\Documents and Settings\All Users\Application Data\InstallShield\UpdateService -> [Folder | Modified Date = 02.06.2008 17:53:51 | Attr = ] Database -> C:\Documents and Settings\All Users\Application Data\InstallShield\UpdateService\Database -> [Folder | Modified Date = 02.06.2008 17:53:51 | Attr = ] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [Folder | Modified Date = 03.06.2008 16:16:20 | Attr = ] Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 04.06.2008 00:05:53 | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 02.06.2008 19:29:06 | Attr = S] Crypto -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] DSS -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] MachineKeys -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] RSA -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA -> [Folder | Modified Date = 02.06.2008 20:06:49 | Attr = S] MachineKeys -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys -> [Folder | Modified Date = 02.06.2008 20:06:49 | Attr = S] S-1-5-18 -> C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 -> [Folder | Modified Date = 02.06.2008 17:35:02 | Attr = S] HTML Help -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 02.06.2008 17:28:43 | Attr = ] Machine Debug Manager -> C:\Documents and Settings\All Users\Application Data\Microsoft\Machine Debug Manager -> [Folder | Modified Date = 02.06.2008 19:38:03 | Attr = ] Media Index -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = ] Media Player -> C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 02.06.2008 17:28:17 | Attr = ] MSDAIPP -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP -> [Folder | Modified Date = 02.06.2008 19:29:06 | Attr = ] OFFLINE -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\OFFLINE -> [Folder | Modified Date = 02.06.2008 19:29:06 | Attr = ] Network -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network -> [Folder | Modified Date = 02.06.2008 17:19:38 | Attr = ] Connections -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections -> [Folder | Modified Date = 02.06.2008 17:20:29 | Attr = ] Cm -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm -> [Folder | Modified Date = 02.06.2008 17:20:29 | Attr = ] Pbk -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk -> [Folder | Modified Date = 02.06.2008 18:48:54 | Attr = ] OFFICE -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE -> [Folder | Modified Date = 02.06.2008 19:29:06 | Attr = ] DATA -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 02.06.2008 22:23:07 | Attr = ] Provisioning -> C:\Documents and Settings\All Users\Application Data\Microsoft\Provisioning -> [Folder | Modified Date = 02.06.2008 18:05:05 | Attr = ] User Account Pictures -> C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures -> [Folder | Modified Date = 02.06.2008 21:24:12 | Attr = ] Default Pictures -> C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures -> [Folder | Modified Date = 02.06.2008 17:25:37 | Attr = ] Nero -> C:\Documents and Settings\All Users\Application Data\Nero -> [Folder | Modified Date = 02.06.2008 18:14:27 | Attr = ] DrWeb -> C:\Documents and Settings\All Users\Application Data\Nero\DrWeb -> [Folder | Modified Date = 02.06.2008 18:15:03 | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 02.06.2008 18:24:31 | Attr = ] Common Client -> C:\Documents and Settings\All Users\Application Data\Symantec\Common Client -> [Folder | Modified Date = 04.06.2008 00:07:59 | Attr = ] LiveUpdate -> C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate -> [Folder | Modified Date = 02.06.2008 19:07:39 | Attr = ] Downloads -> C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads -> [Folder | Modified Date = 02.06.2008 19:07:39 | Attr = ] Symantec AntiVirus Corporate Edition -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition -> [Folder | Modified Date = 02.06.2008 18:24:27 | Attr = ] 7.5 -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 -> [Folder | Modified Date = 04.06.2008 00:08:18 | Attr = ] APTemp -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp -> [Folder | Modified Date = 03.06.2008 18:02:34 | Attr = ] BadPatts -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\BadPatts -> [Folder | Modified Date = 02.06.2008 18:24:27 | Attr = ] I2_LDVP.TMP -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.TMP -> [Folder | Modified Date = 04.06.2008 00:08:18 | Attr = ] I2_LDVP.VDB -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDB -> [Folder | Modified Date = 02.06.2008 18:24:27 | Attr = ] Logs -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs -> [Folder | Modified Date = 02.06.2008 18:25:18 | Attr = ] Quarantine -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine -> [Folder | Modified Date = 03.06.2008 18:02:34 | Attr = ] xfer_tmp -> C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp -> [Folder | Modified Date = 02.06.2008 18:24:27 | Attr = ] Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! -> [Folder | Modified Date = 02.06.2008 18:52:41 | Attr = ] Messenger -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger -> [Folder | Modified Date = 03.06.2008 15:37:27 | Attr = ] Cache -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Cache -> [Folder | Modified Date = 02.06.2008 18:54:38 | Attr = ] branding -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Cache\branding -> [Folder | Modified Date = 02.06.2008 18:54:36 | Attr = ] SearchBar -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Cache\SearchBar -> [Folder | Modified Date = 02.06.2008 18:54:38 | Attr = ] logs -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\logs -> [Folder | Modified Date = 02.06.2008 18:54:36 | Attr = ] Plugin -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin -> [Folder | Modified Date = 03.06.2008 15:37:30 | Attr = ] 180d3dd3-7325-4e8b-6385-963052cdb259.yplugin -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\180d3dd3-7325-4e8b-6385-963052cdb259.yplugin -> [Folder | Modified Date = 03.06.2008 15:37:28 | Attr = ] MANIFEST -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\180d3dd3-7325-4e8b-6385-963052cdb259.yplugin\MANIFEST -> [Folder | Modified Date = 03.06.2008 15:37:28 | Attr = ] 4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin -> [Folder | Modified Date = 02.06.2008 21:25:56 | Attr = ] MANIFEST -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST -> [Folder | Modified Date = 02.06.2008 21:25:57 | Attr = ] Test -> C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\Test -> [Folder | Modified Date = 02.06.2008 18:54:37 | Attr = ] Application Data -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 02.06.2008 20:07:10 | Attr = RH ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\Default User\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Content -> C:\Documents and Settings\Default User\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] MetaData -> C:\Documents and Settings\Default User\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Internet Explorer -> C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 02.06.2008 17:28:03 | Attr = ] Media Player -> C:\Documents and Settings\Default User\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = ] SystemCertificates -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] My -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Certificates -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CRLs -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CTLs -> C:\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Application Data -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 02.06.2008 17:35:00 | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = S] Credentials -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 02.06.2008 17:35:01 | Attr = S] S-1-5-19 -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Credentials\S-1-5-19 -> [Folder | Modified Date = 02.06.2008 17:35:01 | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\LocalService\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Content -> C:\Documents and Settings\LocalService\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] MetaData -> C:\Documents and Settings\LocalService\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Internet Explorer -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 02.06.2008 17:28:03 | Attr = ] Media Player -> C:\Documents and Settings\LocalService\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = ] SystemCertificates -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] My -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Certificates -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CRLs -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CTLs -> C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Application Data -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 02.06.2008 17:32:56 | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = S] Credentials -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials -> [Folder | Modified Date = 02.06.2008 17:32:57 | Attr = S] S-1-5-20 -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Credentials\S-1-5-20 -> [Folder | Modified Date = 02.06.2008 17:32:57 | Attr = S] CryptnetUrlCache -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\CryptnetUrlCache -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Content -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\CryptnetUrlCache\Content -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] MetaData -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\CryptnetUrlCache\MetaData -> [Folder | Modified Date = 02.06.2008 17:27:35 | Attr = S] Internet Explorer -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer -> [Folder | Modified Date = 02.06.2008 17:28:03 | Attr = ] Media Player -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\Media Player -> [Folder | Modified Date = 02.06.2008 17:28:16 | Attr = ] SystemCertificates -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] My -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] Certificates -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CRLs -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] CTLs -> C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs -> [Folder | Modified Date = 02.06.2008 20:06:50 | Attr = S] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 02.06.2008 17:35:03 | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 04.08.2004 15:00:00 | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 04.06.2008 00:08:00 | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]