[code] OTScanIt logfile created on: 2008-06-10 09:02:24 OTScanIt by OldTimer - Version 1.0.15.12 Folder = C:\Documents and Settings\Public\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: yyyy-MM-dd 510.17 Mb Total Physical Memory | 138.79 Mb Available Physical Memory | 27.20% Memory free 1.22 Gb Paging File | 0.74 Gb Available in Paging File | 60.43% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48.83 Gb Total Space | 43.66 Gb Free Space | 89.41% Space Free | Partition Type: NTFS Drive D: | 37.08 Gb Total Space | 10.27 Gb Free Space | 27.69% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VAUNG Current User Name: Public Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 2005-06-28 22:55:40 | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 266295 bytes | Modified Date = 2007-02-27 17:35:04 | Attr = ] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 86016 bytes | Modified Date = 2005-06-03 01:25:56 | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 372809 bytes | Modified Date = 2005-06-03 01:28:34 | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 401408 bytes | Modified Date = 2005-05-31 22:46:16 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 2005-06-28 22:55:40 | Attr = ] wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 2, 10 | Size = 225353 bytes | Modified Date = 2005-05-31 22:51:36 | Attr = ] sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 2008-03-07 12:00:08 | Attr = ] 1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 2, 10 | Size = 245760 bytes | Modified Date = 2005-06-03 01:26:58 | Attr = ] avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.18 | Size = 147201 bytes | Modified Date = 2008-05-28 13:00:11 | Attr = ] oprotsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\OProtSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 98304 bytes | Modified Date = 2005-05-31 22:50:16 | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 139264 bytes | Modified Date = 2005-06-03 01:25:20 | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 2002-09-20 15:50:10 | Attr = ] avgnt.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 2008-02-12 10:06:50 | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 5, 0, 2, 1 | Size = 1388544 bytes | Modified Date = 2004-07-27 13:48:04 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 2005-06-28 21:05:00 | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 2005-03-04 19:01:56 | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 2004-08-17 17:37:00 | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 385024 bytes | Modified Date = 2005-06-03 01:31:50 | Attr = ] eouwiz.exe -> %ProgramFiles%\Intel\Wireless\Bin\EOUWiz.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 356352 bytes | Modified Date = 2005-05-31 22:50:54 | Attr = ] nslauncher.exe -> %ProgramFiles%\Nokia\Nokia Software Launcher\NSLauncher.exe -> [Ver = 1.6.76.0 | Size = 3096576 bytes | Modified Date = 2007-08-02 07:30:42 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ] prhyper.exe -> %ProgramFiles%\Le Robert\Le Petit Robert\PRHYPER.EXE -> [Ver = | Size = 22560 bytes | Modified Date = 2001-10-11 12:11:16 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 2008-06-06 07:33:10 | Attr = ] pcsuite.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> Nokia [Ver = 6, 86, 29, 12 | Size = 1079808 bytes | Modified Date = 2008-04-16 12:53:46 | Attr = ] pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 2008-03-26 18:41:50 | Attr = ] bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 561213 bytes | Modified Date = 2007-02-27 17:43:30 | Attr = ] btstac~1.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTStackServer.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 1409108 bytes | Modified Date = 2007-02-27 17:41:50 | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 7, 0, 8, 0 | Size = 430592 bytes | Modified Date = 2008-04-07 09:17:30 | Attr = ] mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> Nokia Corporation [Ver = 6.86.162.0 | Size = 474624 bytes | Modified Date = 2008-03-19 15:24:20 | Attr = ] yahoom~1.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] nclusbsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [Ver = 7, 0, 4, 0 | Size = 130560 bytes | Modified Date = 2008-03-10 09:58:18 | Attr = ] nclrssrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclRSSrv.exe -> [Ver = 7, 0, 1, 0 | Size = 120320 bytes | Modified Date = 2008-02-22 09:11:02 | Attr = ] nclbcbtsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclBCBTSrv.exe -> [Ver = 7, 0, 2, 0 | Size = 100864 bytes | Modified Date = 2008-02-18 10:36:52 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.12 | Size = 397312 bytes | Modified Date = 2008-06-07 11:09:00 | Attr = ] [Win32 Services - Non-Microsoft Only] (AntiVirScheduler) Avira AntiVir Personal – Free Antivirus Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 2008-03-07 12:00:08 | Attr = ] (AntiVirService) Avira AntiVir Personal – Free Antivirus Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.18 | Size = 147201 bytes | Modified Date = 2008-05-28 13:00:11 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Modified Date = 2005-06-28 22:55:40 | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 266295 bytes | Modified Date = 2007-02-27 17:35:04 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-03 12:26:50 | Attr = ] (EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 86016 bytes | Modified Date = 2005-06-03 01:25:56 | Attr = ] (OwnershipProtocol) OwnershipProtocol [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\OProtSvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 98304 bytes | Modified Date = 2005-05-31 22:50:16 | Attr = ] (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 139264 bytes | Modified Date = 2005-06-03 01:25:20 | Attr = ] (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 372809 bytes | Modified Date = 2005-06-03 01:28:34 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 7, 0, 8, 0 | Size = 430592 bytes | Modified Date = 2008-04-07 09:17:30 | Attr = ] (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 2002-09-20 15:50:10 | Attr = ] (WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 2, 10 | Size = 225353 bytes | Modified Date = 2005-05-31 22:51:36 | Attr = ] [Driver Services - Non-Microsoft Only] (ADDMEM) ADDMEM [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Public\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.6 | Size = 133200 bytes | Modified Date = 2004-05-17 17:23:48 | Attr = ] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 2008-05-28 10:39:42 | Attr = ] (AgereSoftModem) SENS LT56ADW Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:02:18 | Size = 1066278 bytes | Modified Date = 2005-03-04 19:02:20 | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6553 | Size = 1241088 bytes | Modified Date = 2005-06-28 23:01:58 | Attr = ] (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 2007-02-27 15:25:01 | Attr = ] (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.01.08 | Size = 49472 bytes | Modified Date = 2008-02-18 17:07:57 | Attr = ] (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Modified Date = 2008-03-04 13:28:53 | Attr = ] (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.47.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 2006-05-17 11:03:00 | Attr = R ] (btaudio) Bluetooth Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btaudio.sys -> Broadcom Corporation. [Ver = 5.1.0.2900 | Size = 530861 bytes | Modified Date = 2007-01-24 11:33:36 | Attr = ] (BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btport.sys -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 30459 bytes | Modified Date = 2006-10-09 18:00:24 | Attr = ] (BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btkrnl.sys -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 868042 bytes | Modified Date = 2007-02-27 11:02:38 | Attr = ] (BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btwdndis.sys -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 149123 bytes | Modified Date = 2006-10-15 10:01:54 | Attr = ] (btwhid) btwhid [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btwhid.sys -> Broadcom Corporation. [Ver = 5.1.0.2700 | Size = 47907 bytes | Modified Date = 2006-11-28 08:48:10 | Attr = ] (btwmodem) Bluetooth Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btwmodem.sys -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 30285 bytes | Modified Date = 2006-10-15 09:59:54 | Attr = ] (BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\btwusb.sys -> Broadcom Corporation. [Ver = 5.1.0.2900 | Size = 67960 bytes | Modified Date = 2007-01-24 11:27:28 | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-03 10:37:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-03 10:37:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2001-10-04 12:13:44 | Attr = ] (IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Modified Date = 2004-08-12 08:44:04 | Attr = ] (pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\pccsmcfd.sys -> Nokia [Ver = 6.85.3.0 | Size = 21632 bytes | Modified Date = 2007-09-17 15:53:26 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2001-10-04 12:16:00 | Attr = ] (rimsptsk) rimsptsk [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.05 | Size = 51328 bytes | Modified Date = 2004-12-06 15:51:10 | Attr = ] (risdptsk) risdptsk [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\risdptsk.sys -> REDC [Ver = 1.0.3.3 | Size = 27136 bytes | Modified Date = 2005-04-18 22:21:08 | Attr = ] (rismxdp) Ricoh xD-Picture Card Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.01.05 | Size = 307456 bytes | Modified Date = 2004-12-05 21:57:14 | Attr = ] (s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 11354 bytes | Modified Date = 2005-05-03 07:03:54 | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 2008-06-06 07:33:10 | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2006-02-16 16:51:08 | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 2008-06-06 07:33:12 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 03:25:53 | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5240 | Size = 259648 bytes | Modified Date = 2004-09-01 12:17:46 | Attr = ] (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 2007-03-01 10:34:22 | Attr = ] (truecrypt) truecrypt [Kernel | System | Running] -> %SystemRoot%\system32\drivers\truecrypt.sys -> TrueCrypt Foundation [Ver = 5.1a | Size = 223424 bytes | Modified Date = 2008-05-28 09:40:36 | Attr = ] (w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9002-25 Driver | Size = 3281408 bytes | Modified Date = 2005-04-30 16:01:56 | Attr = ] (wowfilter) WOW XT Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WOWFilter.sys -> [Ver = 1, 4, 3, 0 | Size = 17792 bytes | Modified Date = 2005-06-08 16:58:10 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.51 2.1.51 03/04/2005 12:01:54 | Size = 88209 bytes | Modified Date = 2005-03-04 19:01:56 | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe ["C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"] -> ATI Technologies, Inc. [Ver = 6.14.10.5157 | Size = 344064 bytes | Modified Date = 2005-06-28 21:05:00 | Attr = ] avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 2008-02-12 10:06:50 | Attr = ] EOUApp -> %ProgramFiles%\Intel\Wireless\Bin\EOUWiz.exe [C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe] -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 356352 bytes | Modified Date = 2005-05-31 22:50:54 | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 385024 bytes | Modified Date = 2005-06-03 01:31:50 | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe [C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe] -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 401408 bytes | Modified Date = 2005-05-31 22:46:16 | Attr = ] LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.75 | Size = 184320 bytes | Modified Date = 2004-08-17 17:37:00 | Attr = ] NSLauncher -> %ProgramFiles%\Nokia\Nokia Software Launcher\NSLauncher.exe [C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup] -> [Ver = 1.6.76.0 | Size = 3096576 bytes | Modified Date = 2007-08-02 07:30:42 | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] -> Analog Devices, Inc. [Ver = 5, 0, 2, 1 | Size = 1388544 bytes | Modified Date = 2004-07-27 13:48:04 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Le Petit Robert Hyperappel -> %ProgramFiles%\Le Robert\Le Petit Robert\PRHYPER.EXE [C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe] -> [Ver = | Size = 22560 bytes | Modified Date = 2001-10-11 12:11:16 | Attr = ] Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 2008-03-26 18:41:50 | Attr = ] PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray] -> Nokia [Ver = 6, 86, 29, 12 | Size = 1079808 bytes | Modified Date = 2008-04-16 12:53:46 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 2008-06-06 07:33:10 | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 2006-10-23 00:01:50 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 561213 bytes | Modified Date = 2007-02-27 17:43:30 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 2006-10-23 01:48:20 | Attr = ] < Public Startup Folder > -> C:\Documents and Settings\Public\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 2008-06-06 07:33:11 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2008-06-06 07:33:11 | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Modified Date = 2005-06-28 22:56:50 | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 2, 10 | Size = 110592 bytes | Modified Date = 2005-05-31 22:46:22 | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-03 10:29:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTEAC_DV-W28EA___________________________S.0A____\5&27c701d0&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aide pour le lien d'Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 2773 bytes | Modified Date = 2006-08-16 07:16:32 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0D8D43EC-8AB5-4B59-9BAC-F77433A6C041} -> (1394 Net Adapter) -> {5FB3754E-AC9F-478D-8883-320852C04050} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {CCB9F5A8-DACC-4E71-8ADD-5716DD651582} -> 202.56.215.6,202.56.230.6 (Broadcom 440x 10/100 Integrated Controller) -> {F12F027F-2B08-46A4-888B-5B55A42B2DEE} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[Reg Error: Key does not exist or could not be opened.] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdSignerADP.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdSignerADP.dll\\.Owner -> {88764F69-3831-4EC1-B40B-FF21D8381345} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdSignerADP.dll\\{88764F69-3831-4EC1-B40B-FF21D8381345} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdVerifierADP.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdVerifierADP.dll\\.Owner -> {88764F69-3831-4EC1-B40B-FF21D8381345} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdVerifierADP.dll\\{88764F69-3831-4EC1-B40B-FF21D8381345} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\.Owner -> {193C772A-87BE-4B19-A7BB-445B226FE9A1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ewidoOnlineScan.dll\\{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{88764F69-3831-4EC1-B40B-FF21D8381345} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{88764F69-3831-4EC1-B40B-FF21D8381345} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-03 12:26:44 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 10:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-03 12:26:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 07:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-23 21:37:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1252 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-03 12:26:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-03 12:26:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> C1 E4 85 FA 5D C0 5B 0F 0A 01 1C B5 C6 E0 55 98 30 37 35 31 63 61 32 32 00 FD 07 00 03 57 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 89 E5 99 17 9E E2 51 73 91 1C 3B 07 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> DA 97 B5 30 C6 23 79 D7 1E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 02 F5 F3 8A 04 D9 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2001-10-04 12:14:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> F7 35 6C 2D B0 CD D9 C1 86 AB 6F 35 22 6B 31 F2 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 04 4F D3 C6 96 C5 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 F2 64 CF 8F 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 F2 64 CF 8F 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 F2 64 CF 8F 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-03 12:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11845 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-03 12:26:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-03 12:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 05:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-03 12:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 2007-08-30 17:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 05:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -> %ProgramFiles%\VoipStunt.com\VoipStunt\VoipStunt.exe [C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt] -> VoipStunt [Ver = 4, 2, 487, 0 | Size = 8824112 bytes | Modified Date = 2007-12-13 16:31:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16640 (vista_gdr.080213-1606) | Size = 625664 bytes | Modified Date = 2008-02-29 01:55:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-03 12:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-03 12:26:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 21:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-03 12:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-03 12:26:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-03 12:26:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 21:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] 77b71b88c5deaebd98026c86806855bc -> %SystemDrive%\77b71b88c5deaebd98026c86806855bc -> [Folder | Created Date = 2008-05-29 09:21:36 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 2008-05-28 15:44:32 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 2008-05-28 08:24:53 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-06-06 10:01:30 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2008-06-07 23:15:51 | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 2008-05-28 15:44:32 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008-06-09 06:23:23 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 2008-05-28 08:25:28 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 2008-05-28 15:44:32 | Attr = RHS] LAROUSSE -> %SystemDrive%\LAROUSSE -> [Folder | Created Date = 2008-05-31 04:23:33 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 2008-05-28 15:44:32 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Created Date = 2008-05-28 08:27:43 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008-06-08 11:29:54 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 2008-05-28 08:25:27 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 2008-05-28 15:45:28 | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 2008-05-28 15:45:29 | Attr = ] cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 2008-05-28 15:45:36 | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 2008-05-28 15:45:40 | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 2008-05-28 15:45:29 | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:37 | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:37 | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:39 | Attr = ] c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:30 | Attr = ] c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 2008-05-28 15:45:31 | Attr = ] c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:27 | Attr = ] c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:32 | Attr = ] c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 2008-05-28 15:45:33 | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:32 | Attr = ] c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:37 | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:39 | Attr = ] c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:41 | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:32 | Attr = ] c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:39 | Attr = ] c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 15:45:34 | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 15:45:35 | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 15:45:35 | Attr = ] c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:32 | Attr = ] c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 15:45:35 | Attr = ] c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 2008-05-28 15:45:53 | Attr = ] esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 2008-05-28 15:45:54 | Attr = ] esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 2008-05-28 15:45:54 | Attr = ] FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 2008-05-28 15:45:57 | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 2008-05-28 15:46:02 | Attr = ] HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 2008-05-28 15:39:39 | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 2008-05-28 15:46:10 | Attr = ] IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 2008-05-28 15:46:25 | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 2008-05-28 15:46:27 | Attr = ] IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 2008-05-28 15:46:28 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 2008-05-28 15:41:20 | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 2008-05-28 15:46:37 | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 2008-05-28 15:46:38 | Attr = ] ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 2008-05-28 08:27:44 | Attr = ] MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 2008-05-28 08:27:07 | Attr = ] mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 2008-05-28 15:41:38 | Attr = ] msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 2008-05-28 15:41:23 | Attr = ] MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 2008-05-28 08:27:07 | Attr = ] msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 2008-05-28 08:27:07 | Attr = ] MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 2008-05-28 08:27:07 | Attr = ] nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 2008-05-28 15:42:32 | Attr = ] NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 2008-05-28 08:27:05 | Attr = ] NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 2008-05-28 08:27:04 | Attr = ] NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 2008-05-28 08:27:05 | Attr = ] OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 2008-05-28 15:39:07 | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 2008-05-28 15:47:03 | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 2008-05-28 15:47:05 | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 2008-05-28 15:47:05 | Attr = ] r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 2008-05-28 08:27:45 | Attr = ] rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 2008-05-28 15:47:12 | Attr = ] rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 2008-05-28 15:47:12 | Attr = ] rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 2008-05-28 15:47:12 | Attr = ] sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 2008-05-28 08:27:46 | Attr = ] sam.spd -> %SystemRoot%\System32\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 2008-05-28 08:27:46 | Attr = ] SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 2008-05-28 08:27:05 | Attr = ] spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 2008-05-28 15:41:52 | Attr = ] tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 2008-05-28 08:27:06 | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 2008-05-28 15:47:46 | Attr = ] aeaudio.sys -> %SystemRoot%\System32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.6 | Size = 133200 bytes | Created Date = 2008-05-28 09:05:46 | Attr = ] AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Created Date = 2008-05-28 10:39:42 | Attr = ] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.30 | Size = 41792 bytes | Created Date = 2008-05-28 16:45:58 | Attr = ] avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Created Date = 2008-05-28 16:45:58 | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Created Date = 2008-05-28 16:45:56 | Attr = ] bcm4sbxp.sys -> %SystemRoot%\System32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.47.0.0 built by: WinDDK | Size = 44544 bytes | Created Date = 2008-05-28 16:48:32 | Attr = R ] btaudio.sys -> %SystemRoot%\System32\drivers\btaudio.sys -> Broadcom Corporation. [Ver = 5.1.0.2900 | Size = 530861 bytes | Created Date = 2008-05-28 11:35:24 | Attr = ] btkrnl.sys -> %SystemRoot%\System32\drivers\btkrnl.sys -> Broadcom Corporation. [Ver = 5.1.0.3100 | Size = 868042 bytes | Created Date = 2008-05-28 11:35:25 | Attr = ] btport.sys -> %SystemRoot%\System32\drivers\btport.sys -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 30459 bytes | Created Date = 2008-05-28 11:35:26 | Attr = ] btwdndis.sys -> %SystemRoot%\System32\drivers\btwdndis.sys -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 149123 bytes | Created Date = 2008-05-28 11:35:27 | Attr = ] btwhid.sys -> %SystemRoot%\System32\drivers\btwhid.sys -> Broadcom Corporation. [Ver = 5.1.0.2700 | Size = 47907 bytes | Created Date = 2008-05-28 11:35:27 | Attr = ] btwmodem.sys -> %SystemRoot%\System32\drivers\btwmodem.sys -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 30285 bytes | Created Date = 2008-05-28 11:35:27 | Attr = ] btwusb.sys -> %SystemRoot%\System32\drivers\btwusb.sys -> Broadcom Corporation. [Ver = 5.1.0.2900 | Size = 67960 bytes | Created Date = 2008-05-28 11:35:28 | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 552 bytes | Created Date = 2008-05-28 11:25:57 | Attr = ] iwca.sys -> %SystemRoot%\System32\drivers\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Created Date = 2008-05-28 10:39:57 | Attr = ] iwca2k.sys -> %SystemRoot%\System32\drivers\iwca2k.sys -> Intel Corporation [Ver = 9.00.0.17 | Size = 21504 bytes | Created Date = 2008-05-28 10:34:46 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 2008-06-06 06:56:15 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 2008-06-06 06:56:15 | Attr = ] netiwca.inf -> %SystemRoot%\System32\drivers\netiwca.inf -> [Ver = | Size = 1960 bytes | Created Date = 2008-05-28 10:34:46 | Attr = ] netsiwca.inf -> %SystemRoot%\System32\drivers\netsiwca.inf -> [Ver = | Size = 3101 bytes | Created Date = 2008-05-28 10:34:46 | Attr = ] pccsmcfd.sys -> %SystemRoot%\System32\drivers\pccsmcfd.sys -> Nokia [Ver = 6.85.3.0 | Size = 21632 bytes | Created Date = 2008-06-07 23:16:11 | Attr = ] rimsptsk.sys -> %SystemRoot%\System32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.05 | Size = 51328 bytes | Created Date = 2008-05-28 09:12:14 | Attr = ] risdptsk.sys -> %SystemRoot%\System32\drivers\risdptsk.sys -> REDC [Ver = 1.0.3.3 | Size = 27136 bytes | Created Date = 2008-05-28 09:12:15 | Attr = ] rixdptsk.sys -> %SystemRoot%\System32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.01.05 | Size = 307456 bytes | Created Date = 2008-05-28 09:12:14 | Attr = ] smwdm.sys -> %SystemRoot%\System32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5240 | Size = 259648 bytes | Created Date = 2008-05-28 09:05:45 | Attr = ] ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Created Date = 2008-05-28 16:45:58 | Attr = ] truecrypt.sys -> %SystemRoot%\System32\drivers\truecrypt.sys -> TrueCrypt Foundation [Ver = 5.1a | Size = 223424 bytes | Created Date = 2008-05-28 09:40:36 | Attr = ] verfile.tic -> %SystemRoot%\System32\drivers\verfile.tic -> [Ver = | Size = 13 bytes | Created Date = 2008-05-28 10:33:13 | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 2008-05-28 08:24:48 | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] 3ivx.dll -> %SystemRoot%\System32\3ivx.dll -> 3ivx.com [Ver = 4, 5, 1, 30 | Size = 1024000 bytes | Created Date = 2008-05-31 04:06:29 | Attr = ] 3ivxVfWCodec.dll -> %SystemRoot%\System32\3ivxVfWCodec.dll -> 3ivx.com [Ver = 4, 5, 1, 30 | Size = 286720 bytes | Created Date = 2008-05-31 04:06:29 | Attr = ] ac3acm.acm -> %SystemRoot%\System32\ac3acm.acm -> fccHandler [Ver = 1, 21, 0, 0 | Size = 118784 bytes | Created Date = 2008-05-31 04:06:31 | Attr = ] agrsmdel.exe -> %SystemRoot%\System32\agrsmdel.exe -> Agere Systems [Ver = 1.67 | Size = 64512 bytes | Created Date = 2008-05-28 09:15:52 | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 2008-05-28 15:44:21 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 2008-05-31 10:44:36 | Attr = ] ati64hl2.stb -> %SystemRoot%\System32\ati64hl2.stb -> [Ver = | Size = 22 bytes | Created Date = 2008-05-28 09:35:59 | Attr = ] ati64hlp.stb -> %SystemRoot%\System32\ati64hlp.stb -> [Ver = | Size = 22 bytes | Created Date = 2008-05-28 09:36:09 | Attr = ] AudFile.dll -> %SystemRoot%\System32\AudFile.dll -> NCT Company Ltd. [Ver = 2,6,2,570 | Size = 1986560 bytes | Created Date = 2008-05-31 05:06:53 | Attr = ] AudioInfos.dll -> %SystemRoot%\System32\AudioInfos.dll -> NCT Company Ltd. [Ver = 2,6,1,254 | Size = 1212416 bytes | Created Date = 2008-05-31 05:06:53 | Attr = ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 2008-05-28 08:27:23 | Attr = ] bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 2008-05-28 15:39:31 | Attr = ] btw_ci.dll -> %SystemRoot%\System32\btw_ci.dll -> Broadcom Corporation. [Ver = 5.1.0.2400 | Size = 106557 bytes | Created Date = 2008-05-28 11:35:26 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Created Date = 2008-05-28 08:26:47 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 2008-05-28 08:26:47 | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 2008-05-28 15:42:55 | Attr = RH ] CleanUp.exe -> %SystemRoot%\System32\CleanUp.exe -> adi [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Created Date = 2008-05-28 09:05:45 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Created Date = 2008-05-28 15:39:00 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 2008-05-28 15:44:32 | Attr = ] c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:37 | Attr = ] c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:37 | Attr = ] c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:39 | Attr = ] c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:27 | Attr = ] C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:32 | Attr = ] C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:37 | Attr = ] C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:39 | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:41 | Attr = ] c_737.nls -> %SystemRoot%\System32\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_852.nls -> %SystemRoot%\System32\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:29 | Attr = ] c_855.nls -> %SystemRoot%\System32\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:32 | Attr = ] c_857.nls -> %SystemRoot%\System32\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:39 | Attr = ] c_866.nls -> %SystemRoot%\System32\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:32 | Attr = ] c_869.nls -> %SystemRoot%\System32\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] c_875.nls -> %SystemRoot%\System32\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 2008-05-28 08:27:34 | Attr = ] desktop.ini -> %SystemRoot%\System32\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 2008-05-28 15:41:59 | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Created Date = 2008-05-28 15:42:23 | Attr = ] divx.dll -> %SystemRoot%\System32\divx.dll -> DivX, Inc. [Ver = 6.2.2.3 | Size = 619156 bytes | Created Date = 2008-05-31 04:06:25 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = RHS] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 90112 bytes | Created Date = 2008-05-31 04:06:26 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 2008-05-28 11:32:41 | Attr = ] DSndUp.exe -> %SystemRoot%\System32\DSndUp.exe -> Analog Devices Inc. [Ver = 1, 0, 0, 10 | Size = 49152 bytes | Created Date = 2008-05-28 09:05:45 | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 200704 bytes | Created Date = 2008-05-31 04:06:26 | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 2008-05-28 15:40:33 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 2008-05-29 09:56:18 | Attr = ] EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 5120 bytes | Created Date = 2008-05-31 04:06:24 | Attr = ] ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 2008-05-31 04:06:24 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 241536 bytes | Created Date = 2008-05-28 08:25:27 | Attr = ] gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 2008-05-28 15:39:31 | Attr = ] GIF89.DLL -> %SystemRoot%\System32\GIF89.DLL -> [Ver = 1, 0, 0, 1 | Size = 44544 bytes | Created Date = 2008-05-31 05:06:55 | Attr = ] hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 2008-05-28 15:39:39 | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 2008-05-28 15:39:06 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] IME -> %SystemRoot%\System32\IME -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 2008-05-28 15:41:20 | Attr = ] iwca.dll -> %SystemRoot%\System32\iwca.dll -> [Ver = | Size = 16384 bytes | Created Date = 2008-05-28 10:39:57 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-06-05 07:20:26 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 2008-06-05 07:20:26 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-06-05 07:20:26 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 2008-06-05 07:20:26 | Attr = ] kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2008-06-06 10:04:26 | Attr = ] korean.uce -> %SystemRoot%\System32\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] lame_enc.dll -> %SystemRoot%\System32\lame_enc.dll -> [Ver = | Size = 237568 bytes | Created Date = 2008-05-31 05:06:52 | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8 | Size = 1044480 bytes | Created Date = 2008-05-31 04:06:26 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 2008-06-02 10:52:15 | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 2008-05-28 15:43:03 | Attr = RH ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 2008-05-28 15:41:41 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Created Date = 2008-05-28 15:49:15 | Attr = S] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Created Date = 2008-05-28 15:39:02 | Attr = ] msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 2008-05-28 15:39:28 | Attr = ] msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 2008-05-28 15:39:28 | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2008-05-28 15:42:55 | Attr = RH ] NCTWMAProfiles.prx -> %SystemRoot%\System32\NCTWMAProfiles.prx -> [Ver = | Size = 116296 bytes | Created Date = 2008-05-31 05:06:53 | Attr = ] nmwcdcls.dll -> %SystemRoot%\System32\nmwcdcls.dll -> Nokia [Ver = 6.80.5.0 | Size = 48128 bytes | Created Date = 2008-05-28 11:32:39 | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 2008-05-28 15:44:21 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2008-05-28 15:42:55 | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] pdfcmnnt.dll -> %SystemRoot%\System32\pdfcmnnt.dll -> [Ver = | Size = 116224 bytes | Created Date = 2008-05-31 04:05:33 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356096 bytes | Created Date = 2008-05-28 08:27:51 | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 2008-05-28 20:30:12 | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 2008-05-31 04:06:27 | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Created Date = 2008-05-28 09:08:52 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Created Date = 2008-05-28 15:41:21 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2008-05-28 15:42:55 | Attr = RH ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] SMMedia.dll -> %SystemRoot%\System32\SMMedia.dll -> Analog Devices [Ver = 1, 0, 0, 8 | Size = 1285632 bytes | Created Date = 2008-05-28 09:05:46 | Attr = ] snymsico.dll -> %SystemRoot%\System32\snymsico.dll -> Sony Corporation [Ver = 1, 0, 0, 09120 | Size = 90112 bytes | Created Date = 2008-05-28 09:12:14 | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 2008-05-28 08:06:05 | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 2008-05-28 08:27:26 | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8 | Size = 200704 bytes | Created Date = 2008-05-31 04:06:27 | Attr = ] SSubTmr6.dll -> %SystemRoot%\System32\SSubTmr6.dll -> vbAccelerator [Ver = 1.01.0003 | Size = 40960 bytes | Created Date = 2008-05-31 05:06:53 | Attr = ] subrange.uce -> %SystemRoot%\System32\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] SYSTHK.DLX -> %SystemRoot%\System32\SYSTHK.DLX -> [Ver = | Size = 89 bytes | Created Date = 2008-05-31 04:25:17 | Attr = ] tslabels.h -> %SystemRoot%\System32\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 2008-05-28 15:39:30 | Attr = ] tslabels.ini -> %SystemRoot%\System32\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 2008-05-28 15:39:30 | Attr = ] unrar.dll -> %SystemRoot%\System32\unrar.dll -> [Ver = | Size = 157696 bytes | Created Date = 2008-05-31 04:06:39 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 2008-05-28 15:39:30 | Attr = ] vbalExpBar6.ocx -> %SystemRoot%\System32\vbalExpBar6.ocx -> vbAccelerator [Ver = 1.00.0015 | Size = 200704 bytes | Created Date = 2008-05-31 05:06:55 | Attr = ] VGAD3.VXD -> %SystemRoot%\System32\VGAD3.VXD -> [Ver = | Size = 89 bytes | Created Date = 2008-05-31 04:25:17 | Attr = ] vorbis.acm -> %SystemRoot%\System32\vorbis.acm -> HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 2008-05-31 04:06:31 | Attr = ] W29MLRES.DLL -> %SystemRoot%\System32\W29MLRES.DLL -> Intel Corporation [Ver = 9, 0, 1, 81 | Size = 1671168 bytes | Created Date = 2008-05-28 10:33:13 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] wdmioctl.dll -> %SystemRoot%\System32\wdmioctl.dll -> Analog Devices Inc. [Ver = 2, 0, 0, 3 | Size = 30208 bytes | Created Date = 2008-05-28 09:05:46 | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 2008-05-28 15:43:03 | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] WMAFile.dll -> %SystemRoot%\System32\WMAFile.dll -> NCT Company Ltd. [Ver = 2,4,1,113 | Size = 348160 bytes | Created Date = 2008-05-31 05:06:53 | Attr = ] wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 2008-05-28 15:39:22 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 2008-05-28 15:42:55 | Attr = RH ] x264vfw.dll -> %SystemRoot%\System32\x264vfw.dll -> [Ver = | Size = 568850 bytes | Created Date = 2008-05-31 04:06:29 | Attr = ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 2008-05-28 15:44:58 | Attr = ] xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 856064 bytes | Created Date = 2008-05-31 04:06:27 | Attr = ] xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [Ver = | Size = 217088 bytes | Created Date = 2008-05-31 04:06:27 | Attr = ] LAIPAREG.FOT -> %SystemRoot%\System\LAIPAREG.FOT -> [Ver = | Size = 1409 bytes | Created Date = 2008-05-31 04:23:33 | Attr = ] LAIPAREG.TTF -> %SystemRoot%\System\LAIPAREG.TTF -> [Ver = | Size = 34620 bytes | Created Date = 2008-05-31 04:23:33 | Attr = ] SYSTHK.DLX -> %SystemRoot%\System\SYSTHK.DLX -> [Ver = | Size = 89 bytes | Created Date = 2008-05-31 04:25:17 | Attr = ] VGAD3.VXD -> %SystemRoot%\System\VGAD3.VXD -> [Ver = | Size = 89 bytes | Created Date = 2008-05-31 04:25:17 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 2008-05-28 20:30:09 | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 2008-05-28 12:49:48 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 2008-05-29 09:53:34 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 2008-05-29 09:53:07 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 2008-05-28 15:48:00 | Attr = S] Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 2008-05-28 15:44:32 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 2008-05-28 15:41:59 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 2008-05-28 15:43:03 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-05-29 06:54:11 | Attr = ] FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = R S] Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 2008-05-29 09:54:02 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 2008-05-30 08:21:19 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 2008-05-28 08:27:51 | Attr = HS] IsUn040c.exe -> %SystemRoot%\IsUn040c.exe -> InstallShield Software Corporation [Ver = 5.10.146.0 | Size = 305664 bytes | Created Date = 2008-05-31 04:26:59 | Attr = ] java -> %SystemRoot%\java -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] LAROUSSE.INI -> %SystemRoot%\LAROUSSE.INI -> [Ver = | Size = 866 bytes | Created Date = 2008-05-31 04:23:33 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 2008-05-29 09:44:44 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 2008-05-31 04:38:32 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 2008-05-28 08:27:50 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 2008-05-28 15:43:03 | Attr = R ] Options -> %SystemRoot%\Options -> [Folder | Created Date = 2008-05-28 09:15:35 | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] PR1V2.INI -> %SystemRoot%\PR1V2.INI -> [Ver = | Size = 145 bytes | Created Date = 2008-05-31 05:21:58 | Attr = ] Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 2008-05-28 15:49:16 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 2008-05-28 15:40:10 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 2008-05-28 15:49:00 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 2008-05-31 04:34:46 | Attr = ] Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 2008-05-28 15:39:32 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 2008-05-28 15:49:18 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 2008-05-28 15:41:42 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 2008-05-31 08:39:58 | Attr = ] system -> %SystemRoot%\system -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 2008-05-28 15:41:47 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2008-06-06 06:54:39 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] unvise32.exe -> %SystemRoot%\unvise32.exe -> MindVision Software [Ver = 3.1.1 | Size = 86016 bytes | Created Date = 2008-05-31 04:25:19 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 2008-05-28 15:40:16 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 2008-05-28 15:40:16 | Attr = ] vw.ini -> %SystemRoot%\vw.ini -> [Ver = | Size = 380 bytes | Created Date = 2008-05-31 04:24:22 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 2008-05-29 09:56:20 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 2008-05-27 12:42:00 | Attr = R ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 2008-05-28 15:42:55 | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 2008-05-28 15:41:59 | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 2008-05-28 15:41:59 | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 2008-05-27 12:42:01 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 2008-05-28 15:44:20 | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 2008-05-28 15:39:33 | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 2008-05-28 15:41:47 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 2008-05-28 15:49:16 | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 2008-05-31 04:04:11 | Attr = ] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Created Date = 2008-05-28 16:45:56 | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2008-05-28 08:33:40 | Attr = HS] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Created Date = 2008-05-28 11:31:48 | Attr = ] Intel -> %AllUsersProfile%\Application Data\Intel -> [Folder | Created Date = 2008-05-28 10:39:24 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2008-06-06 10:04:28 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2008-05-31 19:57:20 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Created Date = 2008-05-28 08:33:08 | Attr = S] PC Suite -> %AllUsersProfile%\Application Data\PC Suite -> [Folder | Created Date = 2008-05-28 11:33:57 | Attr = ] PrevxCSI -> %AllUsersProfile%\Application Data\PrevxCSI -> [Folder | Created Date = 2008-05-28 12:14:48 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-05-31 21:04:14 | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 2008-05-29 19:52:52 | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Created Date = 2008-05-29 06:50:43 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 2008-05-28 20:01:09 | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2008-05-28 15:50:55 | Attr = HS] Help -> %AppData%\Help -> [Folder | Created Date = 2008-05-28 09:17:29 | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 2008-05-28 15:51:04 | Attr = ] Intel -> %AppData%\Intel -> [Folder | Created Date = 2008-05-28 10:34:57 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 2008-05-28 19:59:09 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-05-31 19:57:22 | Attr = ] Media Player Classic -> %AppData%\Media Player Classic -> [Folder | Created Date = 2008-05-31 04:07:05 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 2008-05-28 15:50:54 | Attr = S] Nokia -> %AppData%\Nokia -> [Folder | Created Date = 2008-05-28 11:33:23 | Attr = ] NSeries -> %AppData%\NSeries -> [Folder | Created Date = 2008-05-29 10:09:26 | Attr = ] PC Suite -> %AppData%\PC Suite -> [Folder | Created Date = 2008-05-28 11:32:51 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 2008-05-31 08:39:57 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-05-31 21:04:04 | Attr = ] TrueCrypt -> %AppData%\TrueCrypt -> [Folder | Created Date = 2008-05-28 09:40:19 | Attr = ] VoipStunt -> %AppData%\VoipStunt -> [Folder | Created Date = 2008-05-29 11:06:50 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 2008-06-02 07:42:14 | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 2008-05-29 07:04:23 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 2008-05-31 04:04:50 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 4608 bytes | Created Date = 2008-05-30 10:43:04 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 64368 bytes | Created Date = 2008-05-28 15:51:39 | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 2008-05-28 09:17:29 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5886734 bytes | Created Date = 2008-05-28 15:57:33 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 2008-05-28 15:50:54 | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 2008-05-28 08:33:40 | Attr = HS] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Created Date = 2008-05-28 15:40:00 | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Created Date = 2008-05-28 15:41:01 | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Created Date = 2008-05-28 15:38:47 | Attr = R ] Bluetooth Exchange Folder -> %UserProfile%\My Documents\Bluetooth Exchange Folder -> [Folder | Created Date = 2008-05-28 11:37:23 | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 77 bytes | Created Date = 2008-05-28 15:50:58 | Attr = HS] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 2008-05-28 15:50:59 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 2008-05-28 15:50:58 | Attr = ] NOTEBOOK.DBF -> %UserProfile%\My Documents\NOTEBOOK.DBF -> [Ver = | Size = 226 bytes | Created Date = 2008-05-31 05:21:59 | Attr = ] Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Created Date = 2008-05-31 07:33:09 | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 2008-05-31 04:04:28 | Attr = ] AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Created Date = 2008-05-28 16:46:06 | Attr = ] Le Petit Robert.lnk -> %AllUsersProfile%\Desktop\Le Petit Robert.lnk -> [Ver = | Size = 1680 bytes | Created Date = 2008-05-31 04:28:26 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 2008-06-06 06:56:16 | Attr = ] Nokia Nseries PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia Nseries PC Suite.lnk -> [Ver = | Size = 943 bytes | Created Date = 2008-05-28 12:50:49 | Attr = ] Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk -> [Ver = | Size = 1896 bytes | Created Date = 2008-06-07 23:17:17 | Attr = ] PDFCreator.lnk -> %AllUsersProfile%\Desktop\PDFCreator.lnk -> [Ver = | Size = 706 bytes | Created Date = 2008-05-31 04:05:45 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 2008-06-06 06:57:04 | Attr = ] TrueCrypt.lnk -> %AllUsersProfile%\Desktop\TrueCrypt.lnk -> [Ver = | Size = 640 bytes | Created Date = 2008-05-28 09:40:37 | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Created Date = 2008-05-29 06:44:27 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 2008-06-10 08:40:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 2008-06-08 11:28:28 | Attr = ] ccsetup208.exe -> %UserProfile%\Desktop\ccsetup208.exe -> Piriform Ltd [Ver = 2.0.0.0 | Size = 2914296 bytes | Created Date = 2008-06-08 11:27:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ccsetup208.exe:Zone.Identifier cc_20080608_1131.reg -> %UserProfile%\Desktop\cc_20080608_1131.reg -> [Ver = | Size = 77174 bytes | Created Date = 2008-06-08 11:31:14 | Attr = ] cc_20080608_1132.reg -> %UserProfile%\Desktop\cc_20080608_1132.reg -> [Ver = | Size = 6852 bytes | Created Date = 2008-06-08 11:32:04 | Attr = ] COED11.lnk -> %UserProfile%\Desktop\COED11.lnk -> [Ver = | Size = 654 bytes | Created Date = 2008-05-31 04:26:22 | Attr = ] Dss -> %UserProfile%\Desktop\Dss -> [Folder | Created Date = 2008-06-04 07:29:20 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 2008-06-04 07:19:27 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Free Easy Burner.lnk -> %UserProfile%\Desktop\Free Easy Burner.lnk -> [Ver = | Size = 768 bytes | Created Date = 2008-05-31 05:06:55 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2008-06-01 01:24:10 | Attr = ] HJT -> %UserProfile%\Desktop\HJT -> [Folder | Created Date = 2008-05-31 11:12:35 | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Created Date = 2008-06-05 07:18:03 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier Khmer English Dictionary.lnk -> %UserProfile%\Desktop\Khmer English Dictionary.lnk -> [Ver = | Size = 941 bytes | Created Date = 2008-05-31 04:25:18 | Attr = ] Malwarebytes' Anti-Malware -> %UserProfile%\Desktop\Malwarebytes' Anti-Malware -> [Folder | Created Date = 2008-05-31 20:11:43 | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1756760 bytes | Created Date = 2008-06-04 06:14:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier Online scan -> %UserProfile%\Desktop\Online scan -> [Folder | Created Date = 2008-05-31 12:01:33 | Attr = ] Orkida Dictionary.lnk -> %UserProfile%\Desktop\Orkida Dictionary.lnk -> [Ver = | Size = 871 bytes | Created Date = 2008-05-31 04:25:18 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 2008-06-05 06:50:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-06-10 08:44:10 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Created Date = 2008-06-10 08:43:29 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier SFTPMSI.exe -> %UserProfile%\Desktop\SFTPMSI.exe -> SmartSoft Ltd [Ver = 3.0.1016.13 | Size = 7528200 bytes | Created Date = 2008-05-31 12:22:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SFTPMSI.exe:Zone.Identifier Spywares -> %UserProfile%\Desktop\Spywares -> [Folder | Created Date = 2008-05-31 21:58:54 | Attr = ] stay anchorage.tif -> %UserProfile%\Desktop\stay anchorage.tif -> [Ver = | Size = 24348 bytes | Created Date = 2008-06-02 08:51:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\stay anchorage.tif:Zone.Identifier SuperAntiSpyware -> %UserProfile%\Desktop\SuperAntiSpyware -> [Folder | Created Date = 2008-05-31 22:02:40 | Attr = ] TTPod_s60v3x_3[1].0.0.rar -> %UserProfile%\Desktop\TTPod_s60v3x_3[1].0.0.rar -> [Ver = | Size = 847995 bytes | Created Date = 2008-06-02 07:15:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\TTPod_s60v3x_3[1].0.0.rar:Zone.Identifier VoipStunt.lnk -> %UserProfile%\Desktop\VoipStunt.lnk -> [Ver = | Size = 760 bytes | Created Date = 2008-05-29 11:06:13 | Attr = ] When fuel prices go High.wmv -> %UserProfile%\Desktop\When fuel prices go High.wmv -> [Ver = | Size = 1477254 bytes | Created Date = 2008-06-05 11:16:59 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\When fuel prices go High.wmv:Zone.Identifier wrar371.exe -> %UserProfile%\Desktop\wrar371.exe -> [Ver = | Size = 1206366 bytes | Created Date = 2008-06-02 07:40:29 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\wrar371.exe:Zone.Identifier Adobe Reader Synchronizer.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> [Ver = | Size = 1788 bytes | Created Date = 2008-05-31 04:04:28 | Attr = ] Bluetooth.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> [Ver = | Size = 637 bytes | Created Date = 2008-05-28 11:35:17 | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 2008-05-28 08:33:40 | Attr = HS] Lancement rapide d'Adobe Reader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk -> [Ver = | Size = 1746 bytes | Created Date = 2008-05-31 04:04:28 | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 2008-05-28 15:50:54 | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2008-05-31 04:03:45 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 2008-05-31 04:35:39 | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 2008-05-31 19:54:21 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 2008-05-28 09:05:36 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2008-06-05 07:19:43 | Attr = ] L&H -> %CommonProgramFiles%\L&H -> [Folder | Created Date = 2008-05-31 04:37:07 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Created Date = 2008-05-28 08:27:43 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Created Date = 2008-05-28 15:41:46 | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Created Date = 2008-06-07 23:17:09 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Created Date = 2008-05-28 08:27:50 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Created Date = 2008-06-07 23:17:09 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Created Date = 2008-05-28 15:41:50 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Created Date = 2008-05-28 08:27:44 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Created Date = 2008-05-28 15:41:06 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2008-06-06 06:56:49 | Attr = ] Adobe -> %ProgramFiles%\Adobe -> [Folder | Created Date = 2008-05-31 04:03:45 | Attr = ] Analog Devices -> %ProgramFiles%\Analog Devices -> [Folder | Created Date = 2008-05-28 09:05:45 | Attr = ] ATI Technologies -> %ProgramFiles%\ATI Technologies -> [Folder | Created Date = 2008-05-28 09:14:31 | Attr = ] Avira -> %ProgramFiles%\Avira -> [Folder | Created Date = 2008-05-28 16:45:56 | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 2008-06-08 11:28:27 | Attr = ] COED11 -> %ProgramFiles%\COED11 -> [Folder | Created Date = 2008-05-31 04:26:01 | Attr = ] Common Files -> %CommonProgramFiles% -> [Folder | Created Date = 2008-05-28 08:27:43 | Attr = ] ComPlus Applications -> %ProgramFiles%\ComPlus Applications -> [Folder | Created Date = 2008-05-28 15:40:19 | Attr = ] DIFX -> %ProgramFiles%\DIFX -> [Folder | Created Date = 2008-05-28 11:33:22 | Attr = ] Free Easy Burner -> %ProgramFiles%\Free Easy Burner -> [Folder | Created Date = 2008-05-31 05:06:51 | Attr = ] InstallShield Installation Information -> %ProgramFiles%\InstallShield Installation Information -> [Folder | Created Date = 2008-05-28 09:05:45 | Attr = H ] Intel -> %ProgramFiles%\Intel -> [Folder | Created Date = 2008-05-28 09:09:30 | Attr = ] Internet Explorer -> %ProgramFiles%\Internet Explorer -> [Folder | Created Date = 2008-05-28 15:41:02 | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 2008-06-05 07:19:46 | Attr = ] K-Lite Codec Pack -> %ProgramFiles%\K-Lite Codec Pack -> [Folder | Created Date = 2008-05-31 04:06:22 | Attr = ] Le Robert -> %ProgramFiles%\Le Robert -> [Folder | Created Date = 2008-05-31 04:27:14 | Attr = ] ltmoh -> %ProgramFiles%\ltmoh -> [Folder | Created Date = 2008-05-28 09:15:52 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 2008-06-06 06:56:15 | Attr = ] Messenger -> %ProgramFiles%\Messenger -> [Folder | Created Date = 2008-05-28 15:39:53 | Attr = ] Microsoft ActiveSync -> %ProgramFiles%\Microsoft ActiveSync -> [Folder | Created Date = 2008-05-31 04:36:31 | Attr = ] microsoft frontpage -> %ProgramFiles%\microsoft frontpage -> [Folder | Created Date = 2008-05-28 15:44:57 | Attr = ] Microsoft Office -> %ProgramFiles%\Microsoft Office -> [Folder | Created Date = 2008-05-31 04:34:34 | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 2008-05-29 08:42:36 | Attr = ] Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio -> [Folder | Created Date = 2008-05-31 04:35:17 | Attr = ] Microsoft Works -> %ProgramFiles%\Microsoft Works -> [Folder | Created Date = 2008-05-31 04:35:30 | Attr = ] Microsoft.NET -> %ProgramFiles%\Microsoft.NET -> [Folder | Created Date = 2008-05-31 04:36:50 | Attr = ] Movie Maker -> %ProgramFiles%\Movie Maker -> [Folder | Created Date = 2008-05-28 15:41:31 | Attr = ] MSN -> %ProgramFiles%\MSN -> [Folder | Created Date = 2008-05-28 15:39:08 | Attr = ] MSN Gaming Zone -> %ProgramFiles%\MSN Gaming Zone -> [Folder | Created Date = 2008-05-28 15:39:49 | Attr = ] MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 2008-05-29 11:40:40 | Attr = ] NetMeeting -> %ProgramFiles%\NetMeeting -> [Folder | Created Date = 2008-05-28 15:41:16 | Attr = ] New Khmer Dictionary -> %ProgramFiles%\New Khmer Dictionary -> [Folder | Created Date = 2008-05-31 04:25:16 | Attr = ] Nokia -> %ProgramFiles%\Nokia -> [Folder | Created Date = 2008-05-28 11:32:38 | Attr = ] Online Services -> %ProgramFiles%\Online Services -> [Folder | Created Date = 2008-05-28 15:40:00 | Attr = ] Outlook Express -> %ProgramFiles%\Outlook Express -> [Folder | Created Date = 2008-05-28 15:41:13 | Attr = ] PC Connectivity Solution -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Created Date = 2008-06-07 23:16:04 | Attr = ] PDFCreator -> %ProgramFiles%\PDFCreator -> [Folder | Created Date = 2008-05-31 04:05:31 | Attr = ] SRS Labs -> %ProgramFiles%\SRS Labs -> [Folder | Created Date = 2008-05-28 09:06:34 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 2008-05-31 21:04:04 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 2008-05-29 07:02:24 | Attr = ] TrueCrypt -> %ProgramFiles%\TrueCrypt -> [Folder | Created Date = 2008-05-28 09:40:32 | Attr = ] Uninstall Information -> %ProgramFiles%\Uninstall Information -> [Folder | Created Date = 2008-05-28 15:51:02 | Attr = H ] VoipStunt.com -> %ProgramFiles%\VoipStunt.com -> [Folder | Created Date = 2008-05-29 11:06:11 | Attr = ] WIDCOMM -> %ProgramFiles%\WIDCOMM -> [Folder | Created Date = 2008-05-28 11:35:13 | Attr = ] Windows Media Player -> %ProgramFiles%\Windows Media Player -> [Folder | Created Date = 2008-05-28 15:40:00 | Attr = ] Windows NT -> %ProgramFiles%\Windows NT -> [Folder | Created Date = 2008-05-28 15:39:05 | Attr = ] WindowsUpdate -> %ProgramFiles%\WindowsUpdate -> [Folder | Created Date = 2008-05-28 15:42:49 | Attr = H ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 2008-06-02 07:40:59 | Attr = ] xerox -> %ProgramFiles%\xerox -> [Folder | Created Date = 2008-05-28 15:44:58 | Attr = ] Yahoo! -> %ProgramFiles%\Yahoo! -> [Folder | Created Date = 2008-05-29 06:44:17 | Attr = ] [Files/Folders - Modified Within 30 days] 77b71b88c5deaebd98026c86806855bc -> %SystemDrive%\77b71b88c5deaebd98026c86806855bc -> [Folder | Modified Date = 2008-05-29 09:21:40 | Attr = ] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2008-05-28 15:37:46 | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-06-06 10:01:40 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-06-08 08:34:07 | Attr = HS] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008-06-09 06:23:23 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2008-05-28 08:48:35 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = RHS] LAROUSSE -> %SystemDrive%\LAROUSSE -> [Folder | Modified Date = 2008-05-31 04:23:33 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-06-08 11:28:27 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2008-06-08 11:29:54 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-06-06 10:02:00 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-06-08 13:13:01 | Attr = ] AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 2008-05-28 10:39:42 | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-06-03 09:28:07 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-06-03 09:28:07 | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 552 bytes | Modified Date = 2008-06-10 04:25:04 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 2008-06-05 16:04:12 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 2008-06-05 16:04:16 | Attr = ] truecrypt.sys -> %SystemRoot%\System32\drivers\truecrypt.sys -> TrueCrypt Foundation [Ver = 5.1a | Size = 223424 bytes | Modified Date = 2008-05-28 09:40:36 | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 2008-05-28 15:48:00 | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 2008-05-28 08:17:53 | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 2008-05-28 15:44:21 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 2008-05-31 10:44:36 | Attr = ] ati64hl2.stb -> %SystemRoot%\System32\ati64hl2.stb -> [Ver = | Size = 22 bytes | Modified Date = 2008-05-28 09:35:59 | Attr = ] ati64hlp.stb -> %SystemRoot%\System32\ati64hlp.stb -> [Ver = | Size = 22 bytes | Modified Date = 2008-05-28 09:36:09 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008-06-01 01:31:30 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-06-09 06:23:51 | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2008-05-28 15:42:55 | Attr = RH ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 2008-05-29 11:44:42 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-05-29 09:56:23 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 2008-05-28 15:42:23 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-05-30 08:21:47 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-06-07 23:16:12 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008-06-07 23:17:35 | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 2008-05-28 15:40:32 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 2008-05-30 08:21:46 | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 241536 bytes | Modified Date = 2008-05-31 08:37:23 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 2008-05-28 15:43:51 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 2008-05-28 08:18:44 | Attr = ] IME -> %SystemRoot%\System32\IME -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2008-06-06 10:04:26 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 2008-06-02 10:52:15 | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 2008-05-28 15:43:03 | Attr = RH ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 2008-05-29 06:17:23 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 2008-05-28 11:35:28 | Attr = S] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Modified Date = 2008-05-28 15:40:09 | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2008-05-28 15:42:55 | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 2008-05-28 08:22:52 | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 2008-05-28 15:44:21 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2008-05-28 15:42:55 | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 2008-05-28 15:42:14 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 40394 bytes | Modified Date = 2008-05-29 20:09:15 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 312172 bytes | Modified Date = 2008-05-29 20:09:15 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356096 bytes | Modified Date = 2008-05-29 20:09:15 | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Modified Date = 2008-05-28 20:30:12 | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 2008-05-28 08:18:52 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 2008-05-28 09:09:28 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-06-06 10:02:00 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2008-05-28 15:42:55 | Attr = RH ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 2008-05-28 08:24:32 | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Modified Date = 2008-05-28 08:06:05 | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 2008-05-28 15:38:12 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 2008-05-28 08:24:12 | Attr = ] VGAD3.VXD -> %SystemRoot%\System32\VGAD3.VXD -> [Ver = | Size = 89 bytes | Modified Date = 2008-06-01 01:28:51 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-05-28 15:44:58 | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 2008-05-28 15:43:03 | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-06-05 06:34:25 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 2008-05-28 15:42:55 | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Modified Date = 2008-05-28 15:44:58 | Attr = ] LAIPAREG.FOT -> %SystemRoot%\System\LAIPAREG.FOT -> [Ver = | Size = 1409 bytes | Modified Date = 2008-05-31 04:23:33 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-05-30 08:21:25 | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 2008-05-28 12:49:58 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 2008-05-29 09:53:34 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 2008-05-29 09:53:07 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2008-05-28 08:23:55 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-06-10 04:12:00 | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-28 15:44:32 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 2008-05-28 15:39:45 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-06-08 11:29:54 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-06-06 10:04:28 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 2008-05-28 09:15:52 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2008-05-28 08:23:41 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-06-06 10:01:34 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-05-31 04:37:23 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2008-05-31 04:34:39 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 2008-05-29 09:55:49 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2008-05-30 08:21:19 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 2008-05-28 15:44:58 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-06-07 23:17:36 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-06-07 23:17:41 | Attr = HS] java -> %SystemRoot%\java -> [Folder | Modified Date = 2008-05-27 12:42:00 | Attr = ] LAROUSSE.INI -> %SystemRoot%\LAROUSSE.INI -> [Ver = | Size = 866 bytes | Modified Date = 2008-05-31 04:24:22 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 2008-05-29 09:56:09 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 2008-05-29 19:50:00 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 2008-05-28 08:23:42 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2008-05-29 09:44:44 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 2008-05-31 04:38:33 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 2008-05-28 15:44:08 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 2008-05-28 15:43:03 | Attr = R ] Options -> %SystemRoot%\Options -> [Folder | Modified Date = 2008-05-28 09:15:35 | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 2008-05-31 04:34:34 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 2008-05-28 08:23:16 | Attr = ] PR1V2.INI -> %SystemRoot%\PR1V2.INI -> [Ver = | Size = 145 bytes | Modified Date = 2008-06-09 20:26:23 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-06-10 09:00:55 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2008-05-28 15:44:02 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 2008-05-28 15:49:00 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 2008-05-28 15:44:57 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 2008-05-27 12:42:01 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 2008-05-28 15:57:38 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2008-05-31 04:36:47 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2008-05-28 08:06:16 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 2008-05-28 15:42:33 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 2008-05-31 08:39:58 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-05-31 04:33:02 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-06-06 06:53:44 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-06-07 23:17:09 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-05-28 15:49:16 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008-06-10 08:37:40 | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 2008-05-28 08:19:02 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 2008-05-28 15:40:16 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 2008-05-28 15:40:16 | Attr = ] vw.ini -> %SystemRoot%\vw.ini -> [Ver = | Size = 380 bytes | Modified Date = 2008-05-31 04:24:22 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 2008-05-29 09:56:20 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 2008-05-28 15:43:08 | Attr = R ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 627 bytes | Modified Date = 2008-05-31 04:37:56 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 2008-05-28 15:42:55 | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008-05-31 04:04:18 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 2008-05-31 05:06:50 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-06-10 04:12:03 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2008-05-28 19:51:44 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 8708 bytes | Modified Date = 2008-06-10 04:13:06 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8708 bytes | Modified Date = 2008-06-10 04:13:06 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2008-05-31 04:38:59 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2008-05-31 04:38:59 | Attr = ] C:\Documents and Settings\Public\Local Settings\Temp\ -> C:\Documents and Settings\Public\Local Settings\Temp -> [Folder | Modified Date = 2008-06-10 08:42:13 | Attr = ] Perflib_Perfdata_45c.dat -> C:\Documents and Settings\Public\Local Settings\Temp\Perflib_Perfdata_45c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-06-10 07:35:16 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2008-05-31 04:04:50 | Attr = ] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 2008-05-28 16:45:56 | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2008-05-28 08:33:40 | Attr = HS] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Modified Date = 2008-06-07 23:11:16 | Attr = ] Intel -> %AllUsersProfile%\Application Data\Intel -> [Folder | Modified Date = 2008-05-28 10:39:24 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2008-06-06 10:04:28 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2008-05-31 19:57:20 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-05-31 04:38:38 | Attr = S] PC Suite -> %AllUsersProfile%\Application Data\PC Suite -> [Folder | Modified Date = 2008-05-28 11:33:57 | Attr = ] PrevxCSI -> %AllUsersProfile%\Application Data\PrevxCSI -> [Folder | Modified Date = 2008-05-31 10:43:34 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-05-31 21:04:14 | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 2008-05-29 19:52:52 | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Modified Date = 2008-05-31 10:42:39 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008-05-31 07:33:04 | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2008-05-28 08:33:40 | Attr = HS] Help -> %AppData%\Help -> [Folder | Modified Date = 2008-05-28 09:17:29 | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 2008-05-28 15:51:04 | Attr = ] Intel -> %AppData%\Intel -> [Folder | Modified Date = 2008-05-28 10:40:08 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 2008-05-28 19:59:09 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-05-31 19:57:22 | Attr = ] Media Player Classic -> %AppData%\Media Player Classic -> [Folder | Modified Date = 2008-05-31 04:07:07 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-05-31 04:38:58 | Attr = S] Nokia -> %AppData%\Nokia -> [Folder | Modified Date = 2008-05-28 12:51:10 | Attr = ] NSeries -> %AppData%\NSeries -> [Folder | Modified Date = 2008-05-29 10:09:26 | Attr = ] PC Suite -> %AppData%\PC Suite -> [Folder | Modified Date = 2008-05-28 11:43:08 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 2008-05-31 08:39:57 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-06-06 06:57:04 | Attr = ] TrueCrypt -> %AppData%\TrueCrypt -> [Folder | Modified Date = 2008-05-28 09:41:52 | Attr = ] VoipStunt -> %AppData%\VoipStunt -> [Folder | Modified Date = 2008-05-31 05:35:08 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 2008-06-02 07:42:14 | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 2008-05-31 10:42:39 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 2008-06-02 08:49:54 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 4608 bytes | Modified Date = 2008-05-30 10:43:12 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 64368 bytes | Modified Date = 2008-06-06 06:37:05 | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 2008-05-28 09:17:29 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5886734 bytes | Modified Date = 2008-05-30 20:30:49 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-05-31 04:34:34 | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 2008-05-28 08:33:40 | Attr = HS] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 2008-05-28 15:42:00 | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 2008-05-28 15:41:59 | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 2008-05-28 15:38:47 | Attr = R ] Bluetooth Exchange Folder -> %UserProfile%\My Documents\Bluetooth Exchange Folder -> [Folder | Modified Date = 2008-05-28 11:37:23 | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 77 bytes | Modified Date = 2008-05-29 10:08:40 | Attr = HS] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008-05-31 10:42:40 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-05-29 10:08:40 | Attr = ] NOTEBOOK.DBF -> %UserProfile%\My Documents\NOTEBOOK.DBF -> [Ver = | Size = 226 bytes | Modified Date = 2008-06-09 20:26:23 | Attr = ] Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Modified Date = 2008-06-02 08:46:24 | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 2008-05-31 04:04:28 | Attr = ] AntiVir PE Classic.lnk -> %AllUsersProfile%\Desktop\AntiVir PE Classic.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 2008-05-28 16:46:06 | Attr = ] Le Petit Robert.lnk -> %AllUsersProfile%\Desktop\Le Petit Robert.lnk -> [Ver = | Size = 1680 bytes | Modified Date = 2008-05-31 04:28:26 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 2008-06-06 06:56:16 | Attr = ] Nokia Nseries PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia Nseries PC Suite.lnk -> [Ver = | Size = 943 bytes | Modified Date = 2008-05-28 12:50:49 | Attr = ] Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk -> [Ver = | Size = 1896 bytes | Modified Date = 2008-06-07 23:17:17 | Attr = ] PDFCreator.lnk -> %AllUsersProfile%\Desktop\PDFCreator.lnk -> [Ver = | Size = 706 bytes | Modified Date = 2008-05-31 04:05:45 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2008-06-06 06:57:04 | Attr = ] TrueCrypt.lnk -> %AllUsersProfile%\Desktop\TrueCrypt.lnk -> [Ver = | Size = 640 bytes | Modified Date = 2008-05-28 09:40:37 | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Desktop\Yahoo! Messenger.lnk -> [Ver = | Size = 812 bytes | Modified Date = 2008-05-29 06:44:27 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-06-10 08:40:59 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 2008-06-08 11:28:28 | Attr = ] ccsetup208.exe -> %UserProfile%\Desktop\ccsetup208.exe -> Piriform Ltd [Ver = 2.0.0.0 | Size = 2914296 bytes | Modified Date = 2008-06-08 11:27:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ccsetup208.exe:Zone.Identifier cc_20080608_1131.reg -> %UserProfile%\Desktop\cc_20080608_1131.reg -> [Ver = | Size = 77174 bytes | Modified Date = 2008-06-08 11:31:31 | Attr = ] cc_20080608_1132.reg -> %UserProfile%\Desktop\cc_20080608_1132.reg -> [Ver = | Size = 6852 bytes | Modified Date = 2008-06-08 11:32:08 | Attr = ] COED11.lnk -> %UserProfile%\Desktop\COED11.lnk -> [Ver = | Size = 654 bytes | Modified Date = 2008-05-31 04:26:22 | Attr = ] Dss -> %UserProfile%\Desktop\Dss -> [Folder | Modified Date = 2008-06-04 07:29:37 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2008-06-04 07:19:27 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier Free Easy Burner.lnk -> %UserProfile%\Desktop\Free Easy Burner.lnk -> [Ver = | Size = 768 bytes | Modified Date = 2008-05-31 05:06:55 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008-06-01 01:24:10 | Attr = ] HJT -> %UserProfile%\Desktop\HJT -> [Folder | Modified Date = 2008-06-05 07:28:44 | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Modified Date = 2008-06-05 07:18:03 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier Khmer English Dictionary.lnk -> %UserProfile%\Desktop\Khmer English Dictionary.lnk -> [Ver = | Size = 941 bytes | Modified Date = 2008-05-31 04:25:18 | Attr = ] Malwarebytes' Anti-Malware -> %UserProfile%\Desktop\Malwarebytes' Anti-Malware -> [Folder | Modified Date = 2008-06-04 06:24:39 | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1756760 bytes | Modified Date = 2008-06-04 06:14:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier Online scan -> %UserProfile%\Desktop\Online scan -> [Folder | Modified Date = 2008-05-31 21:58:09 | Attr = ] Orkida Dictionary.lnk -> %UserProfile%\Desktop\Orkida Dictionary.lnk -> [Ver = | Size = 871 bytes | Modified Date = 2008-05-31 04:25:18 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 2008-06-05 06:50:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-06-10 08:44:10 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Modified Date = 2008-06-10 08:43:29 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier SFTPMSI.exe -> %UserProfile%\Desktop\SFTPMSI.exe -> SmartSoft Ltd [Ver = 3.0.1016.13 | Size = 7528200 bytes | Modified Date = 2008-05-31 12:22:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SFTPMSI.exe:Zone.Identifier Spywares -> %UserProfile%\Desktop\Spywares -> [Folder | Modified Date = 2008-05-31 21:59:12 | Attr = ] stay anchorage.tif -> %UserProfile%\Desktop\stay anchorage.tif -> [Ver = | Size = 24348 bytes | Modified Date = 2008-06-02 08:51:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\stay anchorage.tif:Zone.Identifier SuperAntiSpyware -> %UserProfile%\Desktop\SuperAntiSpyware -> [Folder | Modified Date = 2008-06-04 07:16:57 | Attr = ] TTPod_s60v3x_3[1].0.0.rar -> %UserProfile%\Desktop\TTPod_s60v3x_3[1].0.0.rar -> [Ver = | Size = 847995 bytes | Modified Date = 2008-06-02 07:15:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\TTPod_s60v3x_3[1].0.0.rar:Zone.Identifier VoipStunt.lnk -> %UserProfile%\Desktop\VoipStunt.lnk -> [Ver = | Size = 760 bytes | Modified Date = 2008-05-29 11:06:13 | Attr = ] When fuel prices go High.wmv -> %UserProfile%\Desktop\When fuel prices go High.wmv -> [Ver = | Size = 1477254 bytes | Modified Date = 2008-06-05 11:17:00 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\When fuel prices go High.wmv:Zone.Identifier wrar371.exe -> %UserProfile%\Desktop\wrar371.exe -> [Ver = | Size = 1206366 bytes | Modified Date = 2008-06-02 07:40:29 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\wrar371.exe:Zone.Identifier Adobe Reader Synchronizer.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk -> [Ver = | Size = 1788 bytes | Modified Date = 2008-05-31 04:04:28 | Attr = ] Bluetooth.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> [Ver = | Size = 637 bytes | Modified Date = 2008-05-28 11:35:17 | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2008-05-28 15:44:40 | Attr = HS] Lancement rapide d'Adobe Reader.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk -> [Ver = | Size = 1746 bytes | Modified Date = 2008-05-31 04:04:28 | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 2008-05-28 15:44:40 | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2008-05-31 04:04:25 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 2008-05-31 04:35:39 | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 2008-05-31 19:54:21 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 2008-05-28 09:08:41 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2008-06-05 07:19:43 | Attr = ] L&H -> %CommonProgramFiles%\L&H -> [Folder | Modified Date = 2008-05-31 04:37:08 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2008-05-31 04:37:26 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Modified Date = 2008-05-28 15:41:46 | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Modified Date = 2008-06-07 23:17:10 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Modified Date = 2008-05-28 08:27:50 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Modified Date = 2008-06-07 23:17:10 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 2008-05-28 15:41:50 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Modified Date = 2008-05-28 08:27:44 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2008-05-31 04:34:56 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-06-06 06:56:49 | Attr = ] < End of report > [/code]