[code] OTScanIt logfile created on: 6/6/2008 3:00:36 PM OTScanIt by OldTimer - Version 1.0.15.11 Folder = C:\Documents and Settings\Hussamofe\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.48 Mb Total Physical Memory | 410.12 Mb Available Physical Memory | 53.44% Memory free 1.83 Gb Paging File | 1.45 Gb Available in Paging File | 79.32% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15.80 Gb Total Space | 4.32 Gb Free Space | 27.34% Space Free | Partition Type: NTFS Drive D: | 29.34 Gb Total Space | 1.07 Gb Free Space | 3.63% Space Free | Partition Type: FAT32 Drive E: | 29.33 Gb Total Space | 4.66 Gb Free Space | 15.90% Space Free | Partition Type: FAT32 Drive F: | 37.26 Gb Total Space | 8.25 Gb Free Space | 22.13% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 55.67 Gb Total Space | 5.41 Gb Free Space | 9.72% Space Free | Partition Type: FAT32 Computer Name: HUSSAM Current User Name: Hussamofe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> MD5 = 1C51917C9B30530A781F438F6A4AC49F | Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 3/7/2008 12:00:08 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> MD5 = 2AA15ADEF712D1EF9AE651A4DE7FFD4D | Lavasoft AB [Ver = 7, 0, 1, 6 | Size = 557056 bytes | Modified Date = 7/20/2007 4:21:34 PM | Attr = ] avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> MD5 = 3D87AB245DAEF20865D590978073DD2A | Avira GmbH [Ver = 8.00.01.18 | Size = 147201 bytes | Modified Date = 6/4/2008 2:03:30 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> MD5 = 3A4982DF893F198A2DFBCCD4CE10F93A | Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 2:28:18 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 0FEBE37DB6650FAA5965C00545009D1D | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] psctrls.exe -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\PsCtrlS.exe -> MD5 = 5731CB4D1D167793F8B27301B845AB9A | Panda Software International [Ver = 3.06.02.00 | Size = 169264 bytes | Modified Date = 7/12/2007 10:08:48 AM | Attr = ] psimsvc.exe -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\PsImSvc.exe -> MD5 = AB75889B63CB3B761FB71072AC79DF94 | Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 10:31:26 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> MD5 = B93C4070F24E46B0097648C276B5039E | Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 12/10/2006 10:52:38 PM | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> MD5 = 5369A26E89C68E9420AE9B9CC6305834 | Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 8:54:31 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> MD5 = 04A9F0C58B170F30445BCC0683EF9FFC | Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> MD5 = 89D583FC41D48328128A974C25AFAEB7 | RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 5/31/2008 8:58:22 PM | Attr = ] avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> MD5 = 42A1FA44622A6E247EB6FF5C4ADCC0FE | Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 2/12/2008 10:06:50 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> MD5 = E8C086DA635EB410FEF106CB279ADFBF | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> MD5 = 1BA45CDEF852381DA4A95D056DDB4B48 | Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 1/2/2007 10:40:10 PM | Attr = ] fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> MD5 = 227846995AFEEFA70D328BF5334A86A5 | Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/1/2008 8:45:43 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = 1CB96E83FD76EB5580451CEF29E24303 | Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> MD5 = 95967BA44CCC51382BEB882A15E314D2 | Hewlett-Packard Co. [Ver = 82.0.201.000 | Size = 271960 bytes | Modified Date = 1/18/2007 3:35:40 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> MD5 = 33D699215A812BDFBCABB360434A40CC | OldTimer Tools [Ver = 1.0.15.11 | Size = 397824 bytes | Modified Date = 6/3/2008 6:00:48 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> MD5 = 2AA15ADEF712D1EF9AE651A4DE7FFD4D | Lavasoft AB [Ver = 7, 0, 1, 6 | Size = 557056 bytes | Modified Date = 7/20/2007 4:21:34 PM | Attr = ] (AntiVirScheduler) Avira AntiVir Personal – Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> MD5 = 1C51917C9B30530A781F438F6A4AC49F | Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 3/7/2008 12:00:08 PM | Attr = ] (AntiVirService) Avira AntiVir Personal – Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> MD5 = 3D87AB245DAEF20865D590978073DD2A | Avira GmbH [Ver = 8.00.01.18 | Size = 147201 bytes | Modified Date = 6/4/2008 2:03:30 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> MD5 = 3A4982DF893F198A2DFBCCD4CE10F93A | Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 2:28:18 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> MD5 = 554C7CB178FE3BD12450B81AD63ADBC3 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:50 AM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> MD5 = 227846995AFEEFA70D328BF5334A86A5 | Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2/1/2008 8:45:43 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> MD5 = 1CB96E83FD76EB5580451CEF29E24303 | Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> MD5 = 0FEBE37DB6650FAA5965C00545009D1D | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] (Panda Software Controller) Panda Software Controller [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\PsCtrlS.exe -> MD5 = 5731CB4D1D167793F8B27301B845AB9A | Panda Software International [Ver = 3.06.02.00 | Size = 169264 bytes | Modified Date = 7/12/2007 10:08:48 AM | Attr = ] (PAVSRV) Panda anti-virus service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE -> MD5 = C37842E4E473A064B21755D6235F5497 | Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 3:14:22 PM | Attr = ] (PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\PsImSvc.exe -> MD5 = AB75889B63CB3B761FB71072AC79DF94 | Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 10:31:26 AM | Attr = ] (setup_7.0.0.180_18.05.2008_22-36) setup_7.0.0.180_18.05.2008_22-36 [Win32_Own | Auto | Stopped] -> %AllUsersProfile%\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe -> MD5 = 20ECBA6168AFCC4FA7087B7DD412C0D4 | Kaspersky Lab [Ver = 7.0.0.180 | Size = 212992 bytes | Modified Date = 10/12/2007 4:29:52 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Ad-Watch Connect Filter) Ad-Watch Connect Kernel Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NSDriver.sys -> MD5 = 45D4685A049EE5CAC5840DAFA72E9B83 | Lavasoft AB [Ver = 1.0.0.0 | Size = 9344 bytes | Modified Date = 6/4/2007 4:18:48 PM | Attr = ] (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> MD5 = 53D688E5F619EDD01232B649A0C06008 | Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 2/27/2007 3:25:01 PM | Attr = ] (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> MD5 = 509BB9F79F7986CB0D4D7A7BEF35C6D5 | Avira GmbH [Ver = 7.00.02.06 | Size = 52032 bytes | Modified Date = 6/4/2008 2:03:45 PM | Attr = ] (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> MD5 = 1A1068D7C0E1C836164ED924390CB407 | Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Modified Date = 3/4/2008 1:28:53 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> MD5 = C0FBB516E06E243F0CF31F597E7EBF7D | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:18 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> MD5 = F5E7B358A732D09F4BCF2824B88B9E28 | Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:18 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> MD5 = E9317282A63CA4D188C0DF5E09C6AC5F | Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ] (ENTECH) ENTECH [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Entech.sys -> MD5 = 16EBD8BF1D5090923694CC972C7CE1B4 | EnTech Taiwan [Ver = 1.0 | Size = 27672 bytes | Modified Date = 9/7/2007 3:55:04 PM | Attr = ] (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\es1371mp.sys -> MD5 = A55DD7D8CED5D2624A9EE2DDA7BE0319 | Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 40704 bytes | Modified Date = 8/17/2001 3:19:34 PM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> MD5 = 5DC17164F66380CBFEFD895C18467773 | GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (klif) klif [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> MD5 = 214B9713C850A8C798AD76147F82EDF7 | Kaspersky Lab [Ver = 7.0.0.144 | Size = 134160 bytes | Modified Date = 7/5/2007 2:34:52 PM | Attr = ] (nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ccdcmb.sys -> MD5 = 65AC8BAA2F916EE9203EE48D7FCEE605 | Nokia [Ver = 6.86.4.5 | Size = 16896 bytes | Modified Date = 11/29/2007 10:39:42 AM | Attr = ] (nmwcdc) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ccdcmbo.sys -> MD5 = 29AF182734A247240D89A0FE63DBEF03 | Nokia [Ver = 6.86.4.5 | Size = 19328 bytes | Modified Date = 11/29/2007 10:39:40 AM | Attr = ] (nmwcdnsu) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdnsu.sys -> MD5 = BE7FD9CA07E7D39F77C78BA5756930D9 | Nokia [Ver = 6.85.6.18 | Size = 138112 bytes | Modified Date = 2/1/2008 3:17:12 PM | Attr = ] (nmwcdnsuc) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmwcdnsuc.sys -> MD5 = 94651F5808D3328D28EF967A9E853B8F | Nokia [Ver = 6.85.6.18 | Size = 8320 bytes | Modified Date = 2/1/2008 3:17:06 PM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> MD5 = BA1B732C1A70CFEA0C1B64F2850BF44F | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 3994624 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] (pavdrv) pavdrv [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\pavdrv51.sys -> MD5 = 828B8ADA82AB135CACED43994CCB8D66 | Panda Software International [Ver = 7.1.1.0 (av07_rtm.070323-1018) | Size = 83640 bytes | Modified Date = 6/6/2007 12:43:32 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD | Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 3:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> MD5 = 81088114178112618B1C414A65E50F7C | Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 8/25/2006 6:47:00 AM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> MD5 = D507C1400284176573224903819FFDA3 | Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 1:31:34 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> File not found (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> File not found (SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys -> File not found (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> MD5 = 90A3935D05B494A5A39D37E71F09A677 | Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 1:25:53 PM | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> Unable to obtain MD5 | [Ver = | Size = 715248 bytes | Modified Date = 1/31/2008 12:32:38 AM | Attr = ] (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> MD5 = 3D2829FDE1C52FC64DA5413889CE4DEE | Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 3/1/2007 10:34:22 AM | Attr = ] (upperdev) upperdev [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser_lowerflt.sys -> MD5 = 2522747BA661514E3770E508CCE45B64 | Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Modified Date = 11/29/2007 10:39:42 AM | Attr = ] (UsbserFilt) UsbserFilt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbser_lowerfltj.sys -> MD5 = 8AA5F86A6C3B3234BEED9556D145BFAC | Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Modified Date = 11/29/2007 10:39:52 AM | Attr = ] (zntport) NTPort Library Driver [Kernel | Auto | Stopped] -> %SystemRoot%\system32\zntport.sys -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> MD5 = 5369A26E89C68E9420AE9B9CC6305834 | Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 8:54:31 PM | Attr = ] avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> MD5 = 42A1FA44622A6E247EB6FF5C4ADCC0FE | Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 2/12/2008 10:06:50 AM | Attr = ] AVP -> %AllUsersProfile%\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe ["C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36.exe"] -> MD5 = 20ECBA6168AFCC4FA7087B7DD412C0D4 | Kaspersky Lab [Ver = 7.0.0.180 | Size = 212992 bytes | Modified Date = 10/12/2007 4:29:52 PM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> MD5 = B93C4070F24E46B0097648C276B5039E | Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 12/10/2006 10:52:38 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> MD5 = 04A9F0C58B170F30445BCC0683EF9FFC | Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> MD5 = C1EA489DD8B5E57B03E2FD5A1500621B | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> MD5 = 1FF171FBAF6E5A29C07B1F8D318B607A | NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> MD5 = 0294E2A5E89BF786F24A9CC2FD753191 | [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> MD5 = 6DF76965A0FB8237E9C3B3CAB9815EC2 | Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 3/28/2008 11:37:20 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> MD5 = E8C086DA635EB410FEF106CB279ADFBF | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> MD5 = 89D583FC41D48328128A974C25AFAEB7 | RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 5/31/2008 8:58:22 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe"] -> MD5 = D32D9228786B7803D5586F15E756A398 | DT Soft Ltd [Ver = 4.11.1.0 | Size = 486856 bytes | Modified Date = 12/19/2007 11:13:05 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> MD5 = C7048E3DD4D9FA3AF7BC2747EF5C433F | Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe"] -> MD5 = D32D9228786B7803D5586F15E756A398 | DT Soft Ltd [Ver = 4.11.1.0 | Size = 486856 bytes | Modified Date = 12/19/2007 11:13:05 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> MD5 = C7048E3DD4D9FA3AF7BC2747EF5C433F | Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> MD5 = 1BA45CDEF852381DA4A95D056DDB4B48 | Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 1/2/2007 10:40:10 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Hussamofe Startup Folder > -> C:\Documents and Settings\Hussamofe\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> avldr -> %SystemRoot%\system32\avldr.dll -> MD5 = 98D088248766C34A05614A7EC0CBB658 | Panda Software International [Ver = 2, 1, 0, 2 | Size = 50736 bytes | Modified Date = 2/15/2007 8:02:20 PM | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> MD5 = 7B53584D94E9D8716B2DE91D5F1CB42D | Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_qfe.070425-0225) | Size = 62592 bytes | Modified Date = 9/20/2007 7:48:49 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> SCSI\CdRom&Ven_EG0243B&Prod_YGT368J&Rev_1.01\5&36e5972&0&000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Modified Date = 1/30/2008 11:39:30 PM | Attr = ] autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [Folder | Modified Date = 6/6/2008 1:26:20 PM | Attr = RHS] autorun.inf [] -> D:\autorun.inf [ FAT32 ] -> [Folder | Modified Date = 5/28/2008 3:42:34 PM | Attr = RHS] autorun.inf [] -> E:\autorun.inf [ FAT32 ] -> [Folder | Modified Date = 5/28/2008 3:42:34 PM | Attr = RHS] autorun.inf [] -> F:\autorun.inf [ NTFS ] -> [Folder | Modified Date = 5/28/2008 3:42:33 PM | Attr = RHS] autorun.inf [] -> J:\autorun.inf [ FAT32 ] -> [Folder | Modified Date = 6/6/2008 1:26:22 PM | Attr = RHS] < HOSTS File > (244641 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/?wl=true -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\] > -> -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\: Main\\Start Page -> http://www.msn.com/?wl=true -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4508 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4508 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4508 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4508 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4508 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> MD5 = C11F6A1F61481E24BE3FDC06EA6F7D2A | Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> MD5 = 33440A3EF90AF7ED74EE55CA634A9CFA | RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 5/31/2008 8:59:01 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> MD5 = CA1E733B9B003530C38390EDF7E05B61 | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> MD5 = 5522AFEAB77DD6D401F3FE5C0A46122E | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> MD5 = CA1E733B9B003530C38390EDF7E05B61 | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1844237615-1993962763-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> MD5 = FF29E3FB75E7726EE002B65A9F2D4A6E | Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 11:47:03 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office12\EXCEL.EXE -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {826616FC-8609-4444-8E01-B17159298E23} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %ProgramFiles%\Panda Security\Panda Antivirus 2008\pavlsp.dll -> MD5 = EC2E4ABC71D89ABB8A8A13AA408E1396 | Panda Software International [Ver = 7, 5, 21, 501 | Size = 177456 bytes | Modified Date = 6/22/2007 10:22:20 AM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00000055-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB[Reg Error: Key does not exist or could not be opened.] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.systemrequirementslab.com/sysreqlab2.cab[System Requirements Lab Class] -> {6B75345B-AA36-438A-BBE6-4078B4C6984D}[HKEY_LOCAL_MACHINE] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab[HpProductDetection Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/auc_lib.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\.Owner -> {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gatelauncher.exe\\{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\.Owner -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> -> [Files/Folders - Created Within 90 days] 23990098.$$$ -> %SystemDrive%\23990098.$$$ -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Created Date = 5/30/2008 10:00:12 AM | Attr = ] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 6/6/2008 1:26:20 PM | Attr = RHS] Boot.bak -> %SystemDrive%\Boot.bak -> MD5 = FA579938B0733B87066546AFE951082C | [Ver = | Size = 211 bytes | Created Date = 5/28/2008 2:58:35 PM | Attr = ] cmldr -> %SystemDrive%\cmldr -> MD5 = 94E5450C43E4CF78E1D3AD4816966909 | [Ver = | Size = 260272 bytes | Created Date = 5/28/2008 2:58:31 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/6/2008 11:32:08 AM | Attr = ] EES_AV -> %SystemDrive%\EES_AV -> [Folder | Created Date = 4/20/2008 2:55:22 PM | Attr = ] fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Created Date = 5/28/2008 3:44:50 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 804835328 bytes | Created Date = 5/30/2008 10:03:57 AM | Attr = HS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 6/1/2008 11:11:48 AM | Attr = RH ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 5/28/2008 9:55:58 PM | Attr = HS] TypingTutor.zip -> %SystemDrive%\TypingTutor.zip -> MD5 = 45E10727225ABCBC2CA3AE1DD00EBC3F | [Ver = | Size = 1923646 bytes | Created Date = 4/1/2008 7:22:35 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/5/2008 3:06:22 PM | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> MD5 = 1DBBCC1B712C2674BDF29A05A5DD366E | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:06 AM | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> MD5 = 72233F1A1D788A84D4687A258CC97CBF | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:02 AM | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> MD5 = F3C139AD492C4F73353057442E6995CE | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:30:57 AM | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> MD5 = 4D4C7CED88E5621F21A4911A44CADACC | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:06 AM | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> MD5 = 77F127766D758EB2C6451E221A0C7F7D | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:05 AM | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> MD5 = C050215D8D21DF5658E94187973FB89C | [Ver = | Size = 66594 bytes | Created Date = 5/23/2008 6:31:05 AM | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> MD5 = A99203A3397A9DB352C5D8DFBDA230A8 | [Ver = | Size = 66594 bytes | Created Date = 5/23/2008 6:31:02 AM | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> MD5 = C58563DF50115E935BC811FFBCE1FC89 | [Ver = | Size = 66594 bytes | Created Date = 5/23/2008 6:31:05 AM | Attr = ] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> MD5 = 3529A0D29EC13AEBCF1D6B93FEC5F6B7 | Avira GmbH [Ver = 6.39.00.30 | Size = 41792 bytes | Created Date = 6/1/2008 11:18:07 AM | Attr = ] avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> MD5 = 0E529566454158CEC5A65DE16D9AAB10 | Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 6/1/2008 11:18:08 AM | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> MD5 = 1A1068D7C0E1C836164ED924390CB407 | Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Created Date = 6/1/2008 11:18:04 AM | Attr = ] ccdcmb.sys -> %SystemRoot%\System32\drivers\ccdcmb.sys -> MD5 = 65AC8BAA2F916EE9203EE48D7FCEE605 | Nokia [Ver = 6.86.4.5 | Size = 16896 bytes | Created Date = 5/21/2008 3:59:10 PM | Attr = ] ccdcmbo.sys -> %SystemRoot%\System32\drivers\ccdcmbo.sys -> MD5 = 29AF182734A247240D89A0FE63DBEF03 | Nokia [Ver = 6.86.4.5 | Size = 19328 bytes | Created Date = 5/21/2008 3:59:11 PM | Attr = ] cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> MD5 = BF79E659C506674C0497CC9C61F1A165 | Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> MD5 = 2C41CD49D82D5FD85C72D57B6CA25471 | Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> Unable to obtain MD5 | [Ver = | Size = 1034272 bytes | Created Date = 6/5/2008 3:20:59 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> Unable to obtain MD5 | [Ver = | Size = 13736 bytes | Created Date = 6/5/2008 3:20:59 PM | Attr = HS] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> MD5 = 214B9713C850A8C798AD76147F82EDF7 | Kaspersky Lab [Ver = 7.0.0.144 | Size = 134160 bytes | Created Date = 6/5/2008 3:20:56 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> MD5 = 1DB1627841247BEA1172B02B790ABA38 | [Ver = | Size = 15864 bytes | Created Date = 5/22/2008 12:37:38 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> MD5 = EBADDA3C3C5086EADF1868CAB64BDF45 | [Ver = | Size = 34296 bytes | Created Date = 5/22/2008 12:37:38 PM | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Created Date = 5/21/2008 4:04:01 PM | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Created Date = 5/21/2008 4:04:01 PM | Attr = H ] nmwcdnsu.sys -> %SystemRoot%\System32\drivers\nmwcdnsu.sys -> MD5 = BE7FD9CA07E7D39F77C78BA5756930D9 | Nokia [Ver = 6.85.6.18 | Size = 138112 bytes | Created Date = 5/21/2008 3:59:31 PM | Attr = ] nmwcdnsuc.sys -> %SystemRoot%\System32\drivers\nmwcdnsuc.sys -> MD5 = 94651F5808D3328D28EF967A9E853B8F | Nokia [Ver = 6.85.6.18 | Size = 8320 bytes | Created Date = 5/21/2008 3:59:31 PM | Attr = ] pavdrv51.sys -> %SystemRoot%\System32\drivers\pavdrv51.sys -> MD5 = 828B8ADA82AB135CACED43994CCB8D66 | Panda Software International [Ver = 7.1.1.0 (av07_rtm.070323-1018) | Size = 83640 bytes | Created Date = 5/25/2008 7:22:42 AM | Attr = ] PxHelp20.sys -> %SystemRoot%\System32\drivers\PxHelp20.sys -> MD5 = 81088114178112618B1C414A65E50F7C | Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> MD5 = 3D2829FDE1C52FC64DA5413889CE4DEE | Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 6/1/2008 11:18:07 AM | Attr = ] usbser_lowerflt.sys -> %SystemRoot%\System32\drivers\usbser_lowerflt.sys -> MD5 = 2522747BA661514E3770E508CCE45B64 | Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Created Date = 5/21/2008 3:59:12 PM | Attr = ] usbser_lowerfltj.sys -> %SystemRoot%\System32\drivers\usbser_lowerfltj.sys -> MD5 = 8AA5F86A6C3B3234BEED9556D145BFAC | Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Created Date = 5/21/2008 3:59:13 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 3/31/2008 10:16:11 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> avldr.dll -> %SystemRoot%\System32\avldr.dll -> MD5 = 98D088248766C34A05614A7EC0CBB658 | Panda Software International [Ver = 2, 1, 0, 2 | Size = 50736 bytes | Created Date = 5/25/2008 7:22:22 AM | Attr = ] c_10004.nls -> %SystemRoot%\System32\c_10004.nls -> MD5 = 1DBBCC1B712C2674BDF29A05A5DD366E | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:06 AM | Attr = ] c_10005.nls -> %SystemRoot%\System32\c_10005.nls -> MD5 = 72233F1A1D788A84D4687A258CC97CBF | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:02 AM | Attr = ] c_10021.nls -> %SystemRoot%\System32\c_10021.nls -> MD5 = F3C139AD492C4F73353057442E6995CE | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:30:57 AM | Attr = ] C_28596.NLS -> %SystemRoot%\System32\C_28596.NLS -> MD5 = 4D4C7CED88E5621F21A4911A44CADACC | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:06 AM | Attr = ] c_708.nls -> %SystemRoot%\System32\c_708.nls -> MD5 = 77F127766D758EB2C6451E221A0C7F7D | [Ver = | Size = 66082 bytes | Created Date = 5/23/2008 6:31:05 AM | Attr = ] c_720.nls -> %SystemRoot%\System32\c_720.nls -> MD5 = C050215D8D21DF5658E94187973FB89C | [Ver = | Size = 66594 bytes | Created Date = 5/23/2008 6:31:05 AM | Attr = ] c_862.nls -> %SystemRoot%\System32\c_862.nls -> MD5 = A99203A3397A9DB352C5D8DFBDA230A8 | [Ver = | Size = 66594 bytes | Created Date = 5/23/2008 6:31:02 AM | Attr = ] c_864.nls -> %SystemRoot%\System32\c_864.nls -> MD5 = C58563DF50115E935BC811FFBCE1FC89 | [Ver = | Size = 66594 bytes | Created Date = 5/23/2008 6:31:05 AM | Attr = ] Futuremark -> %SystemRoot%\System32\Futuremark -> [Folder | Created Date = 3/14/2008 6:24:59 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> MD5 = 22C9BEB9DFFF9CA19E29A22E96B94720 | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 5/31/2008 8:50:52 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> MD5 = 5C9CDBB245B6FAA2B9B11CC779EC03A1 | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 5/31/2008 8:50:52 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> MD5 = 3AE529B86E4BF6A1EF9267A000ED0713 | Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 5/31/2008 8:50:52 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 5/28/2008 7:29:27 AM | Attr = ] nmwcdcocls.dll -> %SystemRoot%\System32\nmwcdcocls.dll -> MD5 = 535FF95403A481C93ABFAB2CA060ABB1 | Nokia [Ver = 6.86.4.5 | Size = 95744 bytes | Created Date = 5/21/2008 3:59:10 PM | Attr = ] PAV -> %SystemRoot%\System32\PAV -> [Folder | Created Date = 5/25/2008 7:22:34 AM | Attr = ] pavcpl.cpl -> %SystemRoot%\System32\pavcpl.cpl -> MD5 = A8991A85F8A5466DF3C887D1A15E52F4 | Panda Software [Ver = 1, 0, 2, 0 | Size = 54832 bytes | Created Date = 5/25/2008 7:22:29 AM | Attr = ] PavCPL.dat -> %SystemRoot%\System32\PavCPL.dat -> MD5 = 15F9F15E739402C0525AF4B015FF09C6 | [Ver = | Size = 248 bytes | Created Date = 5/25/2008 7:22:42 AM | Attr = ] px.dll -> %SystemRoot%\System32\px.dll -> MD5 = 82D8BF4593099D47F4E5C30643A04386 | Sonic Solutions [Ver = 3.2.40.500 | Size = 514808 bytes | Created Date = 4/2/2008 8:46:54 PM | Attr = ] pxafs.dll -> %SystemRoot%\System32\pxafs.dll -> MD5 = D96D0C96D19322B2FFE53AB86C721B67 | Sonic Solutions [Ver = 3.2.40.500 | Size = 129784 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxcpya64.exe -> %SystemRoot%\System32\pxcpya64.exe -> MD5 = 352D393E4FCABBEFB3D0C285239A0E01 | Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxdrv.dll -> %SystemRoot%\System32\pxdrv.dll -> MD5 = 4C50727BD596375D7CAF0C2434D2E211 | Sonic Solutions [Ver = 1.01.93B | Size = 477944 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxhpinst.exe -> %SystemRoot%\System32\pxhpinst.exe -> MD5 = 7C250F7AE212668E1F1B0F3E6FA22EED | Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxinsa64.exe -> %SystemRoot%\System32\pxinsa64.exe -> MD5 = DDB9ACA150B67AA48D451FCF55D01FF8 | Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxinsi64.exe -> %SystemRoot%\System32\pxinsi64.exe -> MD5 = 4E190E2C5324435E03135E9A66457FC6 | Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxmas.dll -> %SystemRoot%\System32\pxmas.dll -> MD5 = 7321874D1C32BD545163D8E426399ED8 | Sonic Solutions [Ver = 3.2.40.500 | Size = 183032 bytes | Created Date = 4/2/2008 8:46:54 PM | Attr = ] pxsfs.dll -> %SystemRoot%\System32\pxsfs.dll -> MD5 = BE8DDA79FD4A97A7D22FA1C32FBC3314 | Sonic Solutions [Ver = 3.2.40.500 | Size = 1309432 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] pxwave.dll -> %SystemRoot%\System32\pxwave.dll -> MD5 = 5F3707330DEE4DEAEE7B5B79C243AAB7 | Sonic Solutions [Ver = 3.2.40.500 | Size = 379640 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> MD5 = AA7ADD441FFEDF36E3385A21434C9B46 | Apple Inc. [Ver = 7.4.5 | Size = 57344 bytes | Created Date = 3/28/2008 11:37:26 PM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> MD5 = 33CCF7837E03510ADA9A7F87C2514147 | Apple Inc. [Ver = 7.4.5 | Size = 90112 bytes | Created Date = 3/28/2008 11:37:26 PM | Attr = ] vxblock.dll -> %SystemRoot%\System32\vxblock.dll -> MD5 = D6898382E591DD85EB7AF5B269736CC5 | Sonic Solutions [Ver = 1.00.72a | Size = 39672 bytes | Created Date = 4/2/2008 8:46:55 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 5/20/2008 12:56:16 PM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/6/2008 11:32:41 AM | Attr = ] GMouse.ini -> %SystemRoot%\GMouse.ini -> MD5 = E9CDBF4598DBCFAF58ADC80AC00555C6 | [Ver = | Size = 110 bytes | Created Date = 5/13/2008 3:52:37 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 3/21/2008 9:48:28 PM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Created Date = 4/5/2008 5:38:30 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 5/31/2008 10:31:44 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = 9F4EAF6C203B9AB8254A49E4894DC942 | [Ver = | Size = 1409 bytes | Created Date = 6/1/2008 7:46:47 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Created Date = 6/1/2008 7:46:47 PM | Attr = H ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 5/28/2008 3:02:50 PM | Attr = ] uninst.exe -> %SystemRoot%\uninst.exe -> MD5 = AEDE1BF4042E5960BD177D2D4C32ABE8 | Stirling Technologies, Inc. [Ver = 2.20.911.0 | Size = 283648 bytes | Created Date = 5/13/2008 3:34:57 AM | Attr = ] [Files/Folders - Modified Within 60 days] 23990098.$$$ -> %SystemDrive%\23990098.$$$ -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Modified Date = 5/30/2008 10:00:12 AM | Attr = ] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Modified Date = 6/6/2008 1:26:20 PM | Attr = RHS] boot.ini -> %SystemDrive%\boot.ini -> MD5 = F3EC57BCE3A2E24CEA02018019E0CA87 | [Ver = | Size = 281 bytes | Modified Date = 5/31/2008 10:32:05 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/6/2008 12:53:12 PM | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/6/2008 11:32:08 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 5/28/2008 2:59:48 PM | Attr = ] EES_AV -> %SystemDrive%\EES_AV -> [Folder | Modified Date = 5/28/2008 11:11:41 AM | Attr = ] fsaua.data -> %SystemDrive%\fsaua.data -> [Folder | Modified Date = 5/28/2008 3:44:50 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> Unable to obtain MD5 | [Ver = | Size = 804835328 bytes | Modified Date = 6/6/2008 1:28:11 PM | Attr = HS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 6/1/2008 11:11:48 AM | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/6/2008 12:55:24 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 5/28/2008 9:55:58 PM | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 5/31/2008 5:23:34 PM | Attr = HS] TypingTutor.zip -> %SystemDrive%\TypingTutor.zip -> MD5 = 45E10727225ABCBC2CA3AE1DD00EBC3F | [Ver = | Size = 1923646 bytes | Modified Date = 4/26/2008 5:38:52 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/6/2008 11:32:41 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/5/2008 3:06:22 PM | Attr = ] pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> MD5 = 2BA71093C32C6150E57C9A3205063DC6 | Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Modified Date = 5/23/2008 5:55:03 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/1/2008 10:53:31 AM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> MD5 = EEE0082831D1CF36B315569AF5493D6A | [Ver = | Size = 244641 bytes | Modified Date = 5/31/2008 6:03:44 PM | Attr = R ] hosts.idx -> %SystemRoot%\System32\drivers\etc\hosts.idx -> MD5 = 46E3456A474F9D194A48815AE6889997 | [Ver = | Size = 67868 bytes | Modified Date = 6/1/2008 10:53:31 AM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> Unable to obtain MD5 | [Ver = | Size = 1034272 bytes | Modified Date = 6/6/2008 2:57:53 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> Unable to obtain MD5 | [Ver = | Size = 13736 bytes | Modified Date = 6/6/2008 1:27:03 PM | Attr = HS] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> MD5 = 1DB1627841247BEA1172B02B790ABA38 | [Ver = | Size = 15864 bytes | Modified Date = 5/29/2008 8:27:28 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> MD5 = EBADDA3C3C5086EADF1868CAB64BDF45 | [Ver = | Size = 34296 bytes | Modified Date = 5/29/2008 8:27:34 PM | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Modified Date = 5/21/2008 4:04:01 PM | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> MD5 = D41D8CD98F00B204E9800998ECF8427E | [Ver = | Size = 0 bytes | Modified Date = 5/21/2008 4:04:01 PM | Attr = H ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/6/2008 1:31:50 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/31/2008 9:03:34 PM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> MD5 = 01C47C2ECED034EF6F8C1552A97CFF00 | [Ver = | Size = 2577 bytes | Modified Date = 5/31/2008 10:17:45 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/28/2008 7:12:10 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/5/2008 3:20:59 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 5/31/2008 8:36:03 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> MD5 = FD16090A0AB08C32817EEE6342B581B7 | [Ver = | Size = 325912 bytes | Modified Date = 5/23/2008 8:17:44 AM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 5/28/2008 7:29:27 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 5/13/2008 2:56:27 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> MD5 = 716F042C8DA4FB90C527B9CD4DD5D874 | [Ver = | Size = 95552 bytes | Modified Date = 6/6/2008 1:29:05 PM | Attr = ] PAV -> %SystemRoot%\System32\PAV -> [Folder | Modified Date = 5/25/2008 7:56:22 AM | Attr = ] PavCPL.dat -> %SystemRoot%\System32\PavCPL.dat -> MD5 = 15F9F15E739402C0525AF4B015FF09C6 | [Ver = | Size = 248 bytes | Modified Date = 5/25/2008 7:22:42 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> MD5 = 7995A39CCFE5C5B7C8C6BD1A7872B31A | [Ver = | Size = 59644 bytes | Modified Date = 5/25/2008 7:28:13 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> MD5 = 68546A8C5B78D524C8E5AA35E4ADA8E6 | [Ver = | Size = 395530 bytes | Modified Date = 5/25/2008 7:28:13 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> MD5 = 958EF4BCD44D2D39FBE562932A845DF4 | [Ver = | Size = 462344 bytes | Modified Date = 5/25/2008 7:28:13 AM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> MD5 = 13001EB0A58B4DE96126B16AB15FD8CC | Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 5/31/2008 8:58:28 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> MD5 = 33833B3EDA1B07EBD367FA9B38B23E60 | RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 5/31/2008 8:58:33 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> MD5 = B74E422BC81236042529DC8A42A18423 | RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 5/31/2008 8:58:33 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/5/2008 6:18:45 PM | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> MD5 = E59DBB77BD41937DE144DADC6307A02D | RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Modified Date = 5/31/2008 8:58:48 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> MD5 = 1643063E422793F45C0D8D9789983CDE | [Ver = | Size = 2206 bytes | Modified Date = 6/3/2008 4:44:27 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> MD5 = 6A2CB42966136854F4464516FBB4AE72 | [Ver = | Size = 2048 bytes | Modified Date = 6/6/2008 1:28:12 PM | Attr = S] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 5/20/2008 12:56:16 PM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/6/2008 11:35:54 AM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/6/2008 11:32:41 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/23/2008 6:31:08 AM | Attr = R S] GMouse.ini -> %SystemRoot%\GMouse.ini -> MD5 = E9CDBF4598DBCFAF58ADC80AC00555C6 | [Ver = | Size = 110 bytes | Modified Date = 5/23/2008 10:01:20 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/23/2008 6:31:08 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/6/2008 2:25:10 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/6/2008 12:53:12 PM | Attr = HS] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 4/28/2008 5:01:14 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/6/2008 2:56:38 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 5/31/2008 10:32:03 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> MD5 = 9F4EAF6C203B9AB8254A49E4894DC942 | [Ver = | Size = 1409 bytes | Modified Date = 6/1/2008 7:46:47 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> MD5 = DBA91CD5A3A68302967C03213E52BDE8 | [Ver = | Size = 54156 bytes | Modified Date = 6/6/2008 1:29:19 PM | Attr = H ] system.ini -> %SystemRoot%\system.ini -> MD5 = F4D021E764F6FA554606F4A735A3151B | [Ver = | Size = 227 bytes | Modified Date = 5/31/2008 10:32:05 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/6/2008 12:51:21 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 6/6/2008 1:28:41 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> MD5 = F23AA3AFB7B5F2E7D159E833A452C05A | [Ver = | Size = 582 bytes | Modified Date = 5/31/2008 10:32:05 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/21/2008 3:57:57 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8 | [Ver = | Size = 6 bytes | Modified Date = 6/6/2008 1:28:15 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2/1/2008 4:54:27 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> Unable to obtain MD5 | [Ver = | Size = 25573 bytes | Modified Date = 6/6/2008 1:29:51 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> Unable to obtain MD5 | [Ver = | Size = 25573 bytes | Modified Date = 6/6/2008 1:29:51 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 1/31/2008 1:00:00 AM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> MD5 = 0E7E24ED21BD5DA96B0D882D5A043AD4 | [Ver = | Size = 8206 bytes | Modified Date = 1/31/2008 1:00:00 AM | Attr = ] C:\Documents and Settings\Hussamofe\Local Settings\Temp\ -> C:\Documents and Settings\Hussamofe\Local Settings\Temp -> [Folder | Modified Date = 6/6/2008 2:21:39 PM | Attr = ] nircmd.exe -> C:\Documents and Settings\Hussamofe\Local Settings\Temp\nircmd.exe -> MD5 = 52903F11F704E68FC8A20745A7E63664 | NirSoft [Ver = 1.85 | Size = 26112 bytes | Modified Date = 7/24/2006 1:38:26 AM | Attr = ] 14 C:\Documents and Settings\Hussamofe\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Hussamofe\Local Settings\Temp\*.tmp -> < End of report > [/code]