[code] OTScanIt logfile created on: 3/07/2008 10:11:15 OTScanIt by OldTimer - Version 1.0.15.18 Folder = C:\Documents and Settings\Dominique\Bureaublad\geektogo\OTScanIt\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 1023,36 Mb Total Physical Memory | 664,75 Mb Available Physical Memory | 64,96% Memory free 2,40 Gb Paging File | 2,13 Gb Available in Paging File | 88,44% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 39,90 Gb Free Space | 53,54% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOMINIQUE-LAPTO Current User Name: Dominique Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 10/06/2004 22:44:56 | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 17/05/2008 13:41:58 | Attr = ] nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 23/06/2008 19:55:32 | Attr = ] slserv.exe -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 19/04/2004 14:12:08 | Attr = ] spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 1/03/2007 20:24:14 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 10/06/2004 22:44:56 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5113 | Size = 339968 bytes | Modified Date = 10/06/2004 21:10:00 | Attr = ] syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 98393 bytes | Modified Date = 18/03/2005 15:35:46 | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 688217 bytes | Modified Date = 18/03/2005 15:34:42 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 12/04/2008 16:45:54 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 4:25:21 | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 17/05/2008 13:42:02 | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 17/05/2008 13:42:03 | Attr = ] daemon.exe -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe -> DT Soft Ltd [Ver = 4.12.3.0 | Size = 486856 bytes | Modified Date = 1/04/2008 11:39:48 | Attr = ] otscanit.exe -> %UserProfile%\Bureaublad\geektogo\OTScanIt\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.18 | Size = 397312 bytes | Modified Date = 27/06/2008 15:53:14 | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 10/06/2004 22:44:56 | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 17/05/2008 13:41:58 | Attr = ] (dmadmin) Logical Disk Manager Administrative-service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 39 | Size = 552064 bytes | Modified Date = 23/06/2008 19:55:32 | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 2 | Size = 356920 bytes | Modified Date = 5/06/2008 14:44:46 | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.10 | Size = 1072008 bytes | Modified Date = 10/06/2008 21:22:56 | Attr = ] (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 19/04/2004 14:12:08 | Attr = ] (WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 3379264 bytes | Modified Date = 1/03/2007 20:24:14 | Attr = ] [Driver Services - Non-Microsoft Only] (AMON) AMON [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Modified Date = 23/06/2008 19:55:32 | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6458 | Size = 746496 bytes | Modified Date = 10/06/2004 22:57:04 | Attr = ] (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 17/05/2008 13:42:23 | Attr = ] (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 17/05/2008 13:42:12 | Attr = ] (CONAN) CONAN [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\o2mmb.sys -> O2 Micro [Ver = 1, 0, 7, 1 | Size = 191092 bytes | Modified Date = 12/02/2004 1:18:00 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] (dmio) Stuurprogramma voor Schijfbeheer [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153856 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] (IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Modified Date = 2/06/2008 15:19:12 | Attr = ] (IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 2/06/2008 15:19:16 | Attr = ] (IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Modified Date = 10/06/2008 21:22:52 | Attr = ] (MbxStby) MbxStby [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MbxStby.sys -> O2 Micro [Ver = 1, 0, 0, 6 | Size = 6100 bytes | Modified Date = 27/01/2004 23:00:00 | Attr = ] (Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mtlmnt5.sys -> [Ver = Apr 19 2004 11:33:20 | Size = 230656 bytes | Modified Date = 19/04/2004 11:33:24 | Attr = ] (Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlstrm.sys -> [Ver = Apr 19 2004 11:25:58 | Size = 1301488 bytes | Modified Date = 19/04/2004 11:26:08 | Attr = ] (nod32drv) nod32drv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 23/06/2008 19:55:32 | Attr = ] (NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ntmtlfax.sys -> [Ver = Apr 19 2004 11:15:09 | Size = 180664 bytes | Modified Date = 19/04/2004 11:15:12 | Attr = ] (Ptilink) Stuurprogramma voor Directe parallelle verbinding [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 21/03/2008 22:30:04 | Attr = ] (RecAgent) RecAgent [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\RecAgent.sys -> [Ver = Apr 19 2004 11:50:18 | Size = 13912 bytes | Modified Date = 19/04/2004 11:50:20 | Attr = ] (RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.612.0413.2004 built by: WinDDK | Size = 70144 bytes | Modified Date = 13/04/2004 20:14:12 | Attr = ] (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 4/08/2004 0:31:34 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 12:25:55 | Attr = ] (Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slntamr.sys -> [Ver = Apr 19 2004 11:42:16 | Size = 635152 bytes | Modified Date = 19/04/2004 11:42:26 | Attr = ] (SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slnthal.sys -> [Ver = Apr 19 2004 11:34:33 | Size = 95760 bytes | Modified Date = 19/04/2004 11:34:36 | Attr = ] (SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slwdmsup.sys -> [Ver = Apr 19 2004 11:04:45 | Size = 13312 bytes | Modified Date = 19/04/2004 11:04:48 | Attr = ] (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 5/04/2008 15:24:27 | Attr = ] (SSFS0509) Spy Sweeper File System Filer Driver: 0509 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 20544 bytes | Modified Date = 1/03/2007 19:54:16 | Attr = ] (SSHRMD) Spy Sweeper Hookrack MiniDriver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 22080 bytes | Modified Date = 1/03/2007 19:54:16 | Attr = ] (SSIDRV) Spy Sweeper Interdiction Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 144960 bytes | Modified Date = 1/03/2007 19:54:18 | Attr = ] (SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 21056 bytes | Modified Date = 1/03/2007 19:54:22 | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 188928 bytes | Modified Date = 18/03/2005 15:22:46 | Attr = ] (VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4060 built by: WinDDK | Size = 159488 bytes | Modified Date = 23/07/2004 16:43:26 | Attr = ] (w22n51) Stuurprogramma Intel(R) PRO/Wireless 2200 Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w22n51.sys -> Intel® Corporation [Ver = 80012-20000 Driver | Size = 1657344 bytes | Modified Date = 8/03/2004 3:43:10 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 22:16:38 | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.14.10.5113 | Size = 339968 bytes | Modified Date = 10/06/2004 21:10:00 | Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 17/05/2008 13:42:02 | Attr = ] Hitman Pro Expiration Helper -> %ProgramFiles%\Hitman Pro\xphelper.exe ["C:\Program Files\Hitman Pro\xphelper.exe"] -> Mark Loman [Ver = 2.6.0.0 | Size = 596760 bytes | Modified Date = 30/01/2007 14:41:24 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 4:25:21 | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 688217 bytes | Modified Date = 18/03/2005 15:34:42 | Attr = ] SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 98393 bytes | Modified Date = 18/03/2005 15:35:46 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 12/04/2008 16:45:54 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.12.3.0 | Size = 486856 bytes | Modified Date = 1/04/2008 11:39:48 | Attr = ] < Run [HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite\daemon.exe ["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun] -> DT Soft Ltd [Ver = 4.12.3.0 | Size = 486856 bytes | Modified Date = 1/04/2008 11:39:48 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten -> < Dominique Startup Folder > -> C:\Documents and Settings\Dominique\Menu Start\Programma's\Opstarten -> %UserProfile%\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr = ] -> %UserProfile%\Menu Start\Programma's\Opstarten\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 2/06/2008 19:56:55 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 10/06/2004 22:46:34 | Attr = ] WRNotifier -> %SystemRoot%\system32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Modified Date = 1/03/2007 20:24:12 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003] > -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Cd-rom-stuurprogramma -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD-RW_GCA-4080N_______________0W34____\304b303150423435313220362020202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_FI3025B&Prod_JCQ135O&Rev_1.01\5&36e5972&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = ] < HOSTS File > (776 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.be/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\] > -> -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\: Main\\Start Page -> http://www.google.be/ -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5576 domain(s) found. -> 46 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4606 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4606 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4606 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4606 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5576 domain(s) found. -> 46 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\] > -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 4:25:19 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 4:25:19 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 4:25:19 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.cdx -> %ProgramFiles%\Internet Explorer\PLUGINS\NPCDP32.DLL [CS ChemDraw Pro Plugin] -> CambridgeSoft.Com [Ver = 7.0.1 | Size = 5818008 bytes | Modified Date = 8/02/2002 16:37:08 | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7DFADE28-7F09-4EC8-BB3D-7F9586786B2A} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {7F904842-EA9D-482B-B672-957B4B90D601} -> 10.20.0.1 (Intel(R) PRO/Wireless 2200BG Network Connection) -> {F859A251-DCD4-4150-8B49-488FDB08410A} -> (1394-netwerkkaart) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 17/05/2008 13:42:07 | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab[CKAVWebScan Object] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207399089796[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210099246_a1f647e8b0781280d7a91ba1c0e2d511&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 11/05/2007 3:06:38 | Attr = ] AVGSE.DLL -> %ProgramFiles%\AVG\AVG8\avgse.dll [C:\PROGRA~1\AVG\AVG8\avgse.dll] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 108824 bytes | Modified Date = 17/05/2008 13:42:02 | Attr = ] CFW.exe -> %ProgramFiles%\ChemOffice2002\ChemFinder\CFW.exe [C:\Program Files\ChemOffice2002\ChemFinder\CFW.exe] -> CambridgeSoft Corp. [Ver = 7.0.1 | Size = 4867728 bytes | Modified Date = 5/02/2002 11:53:12 | Attr = ] CFWord.exe -> %ProgramFiles%\ChemOffice2002\ChemFinder\CFWord.exe [C:\Program Files\ChemOffice2002\ChemFinder\CFWord.exe] -> CambridgeSoft Corp. [Ver = 7.0 | Size = 525976 bytes | Modified Date = 27/11/2001 9:08:08 | Attr = ] Chem3D.exe -> %ProgramFiles%\ChemOffice2002\Chem3D\Chem3D.exe [C:\Program Files\ChemOffice2002\Chem3D\Chem3D.exe] -> CambridgeSoft Corp. [Ver = 7.0.0.212 November 16, 2001" | Size = 3290848 bytes | Modified Date = 19/11/2001 9:47:56 | Attr = ] ChemDraw.exe -> %ProgramFiles%\ChemOffice2002\ChemDraw\ChemDraw.exe [C:\Program Files\ChemOffice2002\ChemDraw\ChemDraw.exe] -> CambridgeSoft.Com [Ver = 7.0.1 | Size = 8603280 bytes | Modified Date = 8/02/2002 16:37:12 | Attr = ] cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found dfbhd.exe -> %ProgramFiles%\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe [C:\Program Files\NovaLogic\Delta Force Black Hawk Down\dfbhd.exe] -> [Ver = | Size = 2547712 bytes | Modified Date = 14/01/2004 22:02:48 | Attr = ] ELabNotebook.exe -> %ProgramFiles%\ChemOffice2002\ENotebook\ELabNotebook.exe [C:\Program Files\ChemOffice2002\ENotebook\ELabNotebook.exe] -> CambridgeSoft Corporation [Ver = 7.00.0041 | Size = 1361576 bytes | Modified Date = 29/11/2001 13:39:06 | Attr = ] ELN_Admin.exe -> %ProgramFiles%\ChemOffice2002\ENotebook\ELN_Admin.exe [C:\Program Files\ChemOffice2002\ENotebook\ELN_Admin.exe] -> CambridgeSoft Corporation [Ver = 7.00.0041 | Size = 497352 bytes | Modified Date = 29/11/2001 13:39:08 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 7/04/2008 11:08:56 | Attr = ] HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\PROGRA~1\TRENDM~1\HIJACK~1\hijackthis.exe] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 1/07/2008 16:59:23 | Attr = ] hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found javaws.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 22/02/2008 2:33:32 | Attr = ] mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> Malwarebytes Corporation [Ver = 1.19 | Size = 1171064 bytes | Modified Date = 28/06/2008 14:16:34 | Attr = ] mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player\mplayer2.exe"] -> [Ver = | Size = 4639 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found pinball.exe -> %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE [C:\Program Files\Windows NT\Pinball\pinball.exe] -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 282624 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] RealPlay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe] -> RealNetworks, Inc. [Ver = 11.0.0.442 | Size = 214560 bytes | Modified Date = 12/04/2008 16:45:55 | Attr = ] rnxproc.exe -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe [C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe] -> RealNetworks, Inc. [Ver = 7.0.1.45 | Size = 58952 bytes | Modified Date = 12/04/2008 16:45:54 | Attr = ] setup.exe -> %ProgramFiles%\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver\setup.exe [C:\Program Files\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver\setup.exe] -> File not found table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found VIA Audio Driver -> [.\VIA Audio Driver] -> File not found winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [Ver = | Size = 936960 bytes | Modified Date = 20/09/2007 18:34:22 | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 19:51:07 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 16:22:52 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 6:40:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 848 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 184832 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119296 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> D1 46 1A 41 8E 56 BF D5 37 93 07 54 08 BC 33 26 64 35 35 38 65 39 36 35 00 FD 07 00 D8 03 00 00 34 FA 07 00 56 82 46 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 7F 44 54 6B 91 08 58 2E C0 57 16 D5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 48 E4 4D 92 19 83 B6 0D 08 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 52 4E 1C 78 B4 61 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> FB E0 7C 88 F4 17 6B 63 21 5D D6 6F A7 14 18 33 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 90 D7 56 57 E3 DC C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Hiermee worden services ten behoeve van netwerkadresomzetting, adressering, naamomzetting en/of preventie van onrechtmatige toegang geboden voor computers in thuis- of bedrijfsnetwerken. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall (WF) / Internet-verbinding delen (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1854 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332288 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2/10/2007 17:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 14:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6300.5000 | Size = 12829216 bytes | Modified Date = 12/12/2007 23:56:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 27/10/2006 15:03:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 11:34:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2/10/2007 17:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 14:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 796440 bytes | Modified Date = 17/05/2008 13:42:01 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 18/04/2008 21:21:09 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Clue - Murder at Boddy mansion\Clue.exe -> %ProgramFiles%\Clue - Murder at Boddy mansion\Clue.exe [C:\Program Files\Clue - Murder at Boddy mansion\Clue.exe:*:Enabled:Clue] -> [Ver = | Size = 1953281 bytes | Modified Date = 1/07/2008 21:13:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatische updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Hiermee wordt het downloaden en de installatie van updates voor Windows ingeschakeld. Als deze service is uitgeschakeld, kan het onderdeel Automatische updates of de website van Windows Update niet op deze computer worden gebruikt. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Hiermee kunnen externe gebruikers de instellingen van het register op deze computer wijzigen. Als de service wordt gestopt kan het register alleen worden gewijzigd door gebruikers van deze computer. Als deze service wordt uitgeschakeld, kunnen services die van deze service afhankelijk zijn niet worden gestart. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 6:42:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 4/08/2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 6:42:48 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Hiermee kan een externe gebruiker zich op deze computer aanmelden en programma's uitvoeren. Deze service biedt ondersteuning voor diverse TCP/IP Telnet-clients, waaronder UNIX- en Windows-computers. Als deze service wordt gestopt, kunnen externe gebruikers mogelijk geen toegang tot programma's krijgen. Als deze service wordt uitgeschakeld, kunnen alle services die er direct van afhankelijk zijn niet worden gestart. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = Mijn huidige introductiepagina -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < MountPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\_Autorun\DefaultIcon\\ -> E:\dfbhd\dfbhdlc.exe [E:\dfbhd\dfbhdlc.exe] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 09 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\\ -> Auto -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Auto\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Auto\\ -> &Autoplay -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Auto\command\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Auto\command\\ -> Start.exe -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8507392 bytes | Modified Date = 25/10/2007 18:44:49 | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\AutoRun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\AutoRun\\Extended -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\AutoRun\\ -> A&utomatisch afspelen -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\AutoRun\command\ -> -> *~EmptyValue* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c2b09b0-0d12-11dd-ae40-0012f02ecd96}\Shell\AutoRun\command\\ -> C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL -> %SystemRoot%\system32\.EXE Shell32.DLL -> File not found ShellExec_RunDLL Start.exe -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e553b3-0271-11dd-81d8-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e553b3-0271-11dd-81d8-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8507392 bytes | Modified Date = 25/10/2007 18:44:49 | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d0-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8507392 bytes | Modified Date = 25/10/2007 18:44:49 | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a2429d1-1f5c-11dd-ae4f-0012f02ecd96}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a778e7c2-0279-11dd-ae25-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a778e7c2-0279-11dd-ae25-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a778e7c2-0279-11dd-ae25-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F 01 01 00 5F 5F EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 60 00 00 00 0A 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a778e7c2-0279-11dd-ae25-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a778e7c2-0279-11dd-ae25-806d6172696f}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a778e7c2-0279-11dd-ae25-806d6172696f}\_Autorun\DefaultIcon\\ -> D:\Installer.ico [D:\Installer.ico] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 07 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8507392 bytes | Modified Date = 25/10/2007 18:44:49 | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de0caa72-13b9-11dd-ae43-0012f02ecd96}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48d363c2-03b8-11dd-ae30-00030d2e08ae}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82e553b3-0271-11dd-81d8-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82e553b3-0271-11dd-81d8-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{82e553b3-0271-11dd-81d8-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a778e7c2-0279-11dd-ae25-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a778e7c2-0279-11dd-ae25-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a778e7c2-0279-11dd-ae25-806d6172696f}\\Generation -> 1 -> [Files/Folders - Created Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 17/05/2008 15:26:44 | Attr = H ] 1 C:\*.tmp files -> C:\*.tmp -> AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 4/04/2008 19:30:42 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 4/04/2008 21:01:45 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 13/05/2008 20:06:13 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 4/04/2008 19:30:42 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/07/2008 10:24:00 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 4/04/2008 21:02:35 | Attr = ] Drivers -> %SystemDrive%\Drivers -> [Folder | Created Date = 17/05/2008 15:43:50 | Attr = ] fsc.tmp -> %SystemDrive%\fsc.tmp -> [Folder | Created Date = 4/04/2008 19:42:20 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 23/06/2008 20:00:43 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 4/04/2008 19:30:42 | Attr = RHS] Logs -> %SystemDrive%\Logs -> [Folder | Created Date = 6/04/2008 2:32:23 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 4/04/2008 19:30:42 | Attr = RHS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 4/04/2008 20:20:25 | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Created Date = 4/04/2008 21:04:07 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/04/2008 22:42:23 | Attr = HS] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/04/2008 21:30:53 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/04/2008 22:40:23 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/04/2008 22:45:19 | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 4/04/2008 22:49:14 | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 12/05/2008 21:19:38 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/04/2008 21:30:53 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/04/2008 22:40:23 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/04/2008 22:45:19 | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 4/04/2008 22:49:14 | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 12/05/2008 21:19:38 | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 4/04/2008 21:02:34 | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 14/06/2008 17:28:34 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 1/07/2008 16:14:06 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/07/2008 14:16:54 | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\dllcache\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0244 | Size = 229376 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\dllcache\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6458 | Size = 207360 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6458 | Size = 746496 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati3duag.dll -> %SystemRoot%\System32\dllcache\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0247 | Size = 2155680 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\dllcache\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0020 | Size = 518240 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 4/04/2008 19:31:52 | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 4/04/2008 19:31:52 | Attr = ] cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 4/04/2008 19:32:06 | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 4/04/2008 19:32:10 | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 4/04/2008 19:31:53 | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 4/04/2008 19:31:53 | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 4/04/2008 19:31:54 | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:54 | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:54 | Attr = ] c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:59 | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 4/04/2008 19:31:54 | Attr = ] c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:59 | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:54 | Attr = ] c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:04:02 | Attr = ] c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:55 | Attr = ] c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:55 | Attr = ] c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:55 | Attr = ] c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:55 | Attr = ] c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:55 | Attr = ] c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:56 | Attr = ] c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:56 | Attr = ] c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:56 | Attr = ] c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:56 | Attr = ] c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:56 | Attr = ] c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:57 | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 4/04/2008 19:31:57 | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 4/04/2008 19:31:57 | Attr = ] c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 4/04/2008 19:31:57 | Attr = ] c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 4/04/2008 19:31:58 | Attr = ] c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 4/04/2008 19:31:58 | Attr = ] c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 4/04/2008 19:31:58 | Attr = ] c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 4/04/2008 19:31:58 | Attr = ] c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:59 | Attr = ] c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:59 | Attr = ] c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:59 | Attr = ] c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:59 | Attr = ] c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:49 | Attr = ] c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:59 | Attr = ] c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:31:59 | Attr = ] c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:00 | Attr = ] c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:00 | Attr = ] c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:00 | Attr = ] c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:00 | Attr = ] c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:00 | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:00 | Attr = ] c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:01 | Attr = ] c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:01 | Attr = ] c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:01 | Attr = ] c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:01 | Attr = ] c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:01 | Attr = ] c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:02 | Attr = ] c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:02 | Attr = ] c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:02 | Attr = ] c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:02 | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 4/04/2008 19:32:02 | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 4/04/2008 19:32:02 | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 4/04/2008 19:32:03 | Attr = ] c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:03 | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:03 | Attr = ] c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:54 | Attr = ] c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:59 | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:03 | Attr = ] c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:04:02 | Attr = ] c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:04:04 | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:04 | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 19:32:04 | Attr = ] c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:54 | Attr = ] c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:04:02 | Attr = ] c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 19:32:04 | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 19:32:04 | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 19:32:04 | Attr = ] c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:54 | Attr = ] c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 19:32:05 | Attr = ] c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 4/04/2008 21:03:48 | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 86556 bytes | Created Date = 4/04/2008 21:03:48 | Attr = ] eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103936 bytes | Created Date = 4/04/2008 21:03:47 | Attr = ] esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 4/04/2008 19:32:24 | Attr = ] esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 4/04/2008 19:32:24 | Attr = ] esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 4/04/2008 19:32:24 | Attr = ] FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT -> [Ver = | Size = 30983 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 4/04/2008 19:32:29 | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 4/04/2008 19:32:37 | Attr = ] HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13497 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 4/04/2008 19:24:45 | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 4/04/2008 19:32:44 | Attr = ] IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8599 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 4/04/2008 19:32:58 | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 4/04/2008 19:33:02 | Attr = ] IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT -> [Ver = | Size = 14043 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 4/04/2008 19:33:03 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 4/04/2008 19:26:54 | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 4/04/2008 19:33:16 | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 4/04/2008 19:33:17 | Attr = ] ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 4/04/2008 21:04:08 | Attr = ] MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399670 bytes | Created Date = 4/04/2008 21:03:27 | Attr = ] mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] mplayer2.exe -> %SystemRoot%\System32\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 4/04/2008 19:27:12 | Attr = ] msinfo.dll -> %SystemRoot%\System32\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 379392 bytes | Created Date = 4/04/2008 19:26:57 | Attr = ] MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] mtlmnt5.sys -> %SystemRoot%\System32\dllcache\mtlmnt5.sys -> [Ver = Apr 19 2004 11:33:20 | Size = 230656 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] mtlstrm.sys -> %SystemRoot%\System32\dllcache\mtlstrm.sys -> [Ver = Apr 19 2004 11:25:58 | Size = 1301488 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37509 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 4/04/2008 19:28:19 | Attr = ] NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT -> [Ver = | Size = 1896400 bytes | Created Date = 4/04/2008 21:03:26 | Attr = ] NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 808234 bytes | Created Date = 4/04/2008 21:03:27 | Attr = ] NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT -> [Ver = | Size = 621950 bytes | Created Date = 4/04/2008 21:03:26 | Attr = ] ntmtlfax.sys -> %SystemRoot%\System32\dllcache\ntmtlfax.sys -> [Ver = Apr 19 2004 11:15:09 | Size = 180664 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 4/04/2008 21:03:27 | Attr = ] OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 282624 bytes | Created Date = 4/04/2008 19:24:21 | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 4/04/2008 19:33:49 | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 4/04/2008 19:33:51 | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 4/04/2008 19:33:52 | Attr = ] r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 4/04/2008 21:04:08 | Attr = ] recagent.sys -> %SystemRoot%\System32\dllcache\recagent.sys -> [Ver = Apr 19 2004 11:50:18 | Size = 13912 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 4/04/2008 19:34:00 | Attr = ] rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 80896 bytes | Created Date = 4/04/2008 19:34:00 | Attr = ] rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 80896 bytes | Created Date = 4/04/2008 19:34:00 | Attr = ] sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 4/04/2008 21:04:09 | Attr = ] sam.spd -> %SystemRoot%\System32\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 4/04/2008 21:04:09 | Attr = ] slextspk.dll -> %SystemRoot%\System32\dllcache\slextspk.dll -> [Ver = 2.21 | Size = 196608 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slgen.dll -> %SystemRoot%\System32\dllcache\slgen.dll -> [Ver = | Size = 163840 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slntamr.sys -> %SystemRoot%\System32\dllcache\slntamr.sys -> [Ver = Apr 19 2004 11:42:16 | Size = 635152 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slnthal.sys -> %SystemRoot%\System32\dllcache\slnthal.sys -> [Ver = Apr 19 2004 11:34:33 | Size = 95760 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slrundll.exe -> %SystemRoot%\System32\dllcache\slrundll.exe -> [Ver = | Size = 24576 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slserv.exe -> %SystemRoot%\System32\dllcache\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slwdmsup.sys -> %SystemRoot%\System32\dllcache\slwdmsup.sys -> [Ver = Apr 19 2004 11:04:45 | Size = 13312 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 1014139 bytes | Created Date = 4/04/2008 21:03:27 | Attr = ] spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 4/04/2008 21:03:48 | Attr = ] srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 4/04/2008 19:27:28 | Attr = ] tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat -> [Ver = | Size = 102826 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 4/04/2008 21:03:28 | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 4/04/2008 19:34:49 | Attr = ] amon.sys -> %SystemRoot%\System32\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Created Date = 23/06/2008 19:56:21 | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6458 | Size = 746496 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 17/05/2008 13:42:08 | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Created Date = 17/05/2008 13:42:08 | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25078049 bytes | Created Date = 17/05/2008 13:42:09 | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 33731 bytes | Created Date = 17/05/2008 13:42:09 | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 116658 bytes | Created Date = 17/05/2008 13:42:08 | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 17/05/2008 13:42:23 | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 17/05/2008 13:42:12 | Attr = ] cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9336 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 9464 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Created Date = 23/06/2008 20:01:53 | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 23/06/2008 20:01:53 | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Created Date = 23/06/2008 20:01:53 | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 23/06/2008 20:01:53 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 3/07/2008 9:20:56 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 3/07/2008 9:20:55 | Attr = ] MbxStby.sys -> %SystemRoot%\System32\drivers\MbxStby.sys -> O2 Micro [Ver = 1, 0, 0, 6 | Size = 6100 bytes | Created Date = 4/04/2008 19:48:43 | Attr = ] mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> [Ver = Apr 19 2004 11:33:20 | Size = 230656 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> [Ver = Apr 19 2004 11:25:58 | Size = 1301488 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] nod32drv.sys -> %SystemRoot%\System32\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 23/06/2008 19:56:21 | Attr = ] ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> [Ver = Apr 19 2004 11:15:09 | Size = 180664 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] o2mmb.cat -> %SystemRoot%\System32\drivers\o2mmb.cat -> [Ver = | Size = 8254 bytes | Created Date = 4/04/2008 19:48:43 | Attr = ] o2mmb.inf -> %SystemRoot%\System32\drivers\o2mmb.inf -> [Ver = | Size = 2539 bytes | Created Date = 4/04/2008 19:48:43 | Attr = ] o2mmb.sys -> %SystemRoot%\System32\drivers\o2mmb.sys -> O2 Micro [Ver = 1, 0, 7, 1 | Size = 191092 bytes | Created Date = 4/04/2008 19:48:43 | Attr = ] PxHelp20.sys -> %SystemRoot%\System32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] RecAgent.sys -> %SystemRoot%\System32\drivers\RecAgent.sys -> [Ver = Apr 19 2004 11:50:18 | Size = 13912 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] RTL8139.sys -> %SystemRoot%\System32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 4/04/2008 21:06:06 | Attr = ] Rtlnicxp.sys -> %SystemRoot%\System32\drivers\Rtlnicxp.sys -> Realtek Semiconductor Corporation [Ver = 5.612.0413.2004 built by: WinDDK | Size = 70144 bytes | Created Date = 4/04/2008 19:48:11 | Attr = ] slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> [Ver = Apr 19 2004 11:42:16 | Size = 635152 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> [Ver = Apr 19 2004 11:34:33 | Size = 95760 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> [Ver = Apr 19 2004 11:04:45 | Size = 13312 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Created Date = 5/04/2008 15:24:25 | Attr = ] SSFS0509.sys -> %SystemRoot%\System32\drivers\SSFS0509.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 20544 bytes | Created Date = 23/06/2008 20:01:10 | Attr = ] sshrmd.sys -> %SystemRoot%\System32\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 22080 bytes | Created Date = 23/06/2008 20:01:10 | Attr = ] ssidrv.sys -> %SystemRoot%\System32\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 144960 bytes | Created Date = 23/06/2008 20:01:10 | Attr = ] sskbfd.sys -> %SystemRoot%\System32\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 21056 bytes | Created Date = 23/06/2008 20:01:10 | Attr = ] SynTP.sys -> %SystemRoot%\System32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 188928 bytes | Created Date = 4/04/2008 19:47:48 | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 18/05/2008 15:16:33 | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 18/05/2008 15:16:46 | Attr = H ] vinyl97.sys -> %SystemRoot%\System32\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4060 built by: WinDDK | Size = 159488 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] w22n51.sys -> %SystemRoot%\System32\drivers\w22n51.sys -> Intel® Corporation [Ver = 80012-20000 Driver | Size = 1657344 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] winddx.sys -> %SystemRoot%\System32\drivers\winddx.sys -> [Ver = Apr 19 2004 14:15:30 | Size = 15040 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 4/04/2008 21:01:41 | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1043 -> %SystemRoot%\System32\1043 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] aac_parser.ax -> %SystemRoot%\System32\aac_parser.ax -> [Ver = 1.1 | Size = 81920 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 4/04/2008 19:30:31 | Attr = ] amr_cpl.dll -> %SystemRoot%\System32\amr_cpl.dll -> [Ver = 2, 81, 0, 0 | Size = 208896 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 7/04/2008 16:57:55 | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0244 | Size = 229376 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6458 | Size = 207360 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati2edxx.dll -> %SystemRoot%\System32\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2494 | Size = 30720 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati2evxx.dll -> %SystemRoot%\System32\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati2evxx.exe -> %SystemRoot%\System32\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] Ati2mdxx.exe -> %SystemRoot%\System32\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2494 | Size = 65536 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0247 | Size = 2155680 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ATIDDC.DLL -> %SystemRoot%\System32\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.5 | Size = 81920 bytes | Created Date = 4/04/2008 19:42:40 | Attr = ] ATIDEMGR.dll -> %SystemRoot%\System32\ATIDEMGR.dll -> [Ver = 1.0.1623.815 | Size = 131072 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] atiiiexx.dll -> %SystemRoot%\System32\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4003 | Size = 294912 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] atioglxx.dll -> %SystemRoot%\System32\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4454 | Size = 6524928 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] atipdlxx.dll -> %SystemRoot%\System32\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2490 | Size = 118784 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] atitvo32.dll -> %SystemRoot%\System32\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4100 | Size = 17408 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] ativcoxx.dll -> %SystemRoot%\System32\ativcoxx.dll -> ATI Technologies, Inc. [Ver = 6.13.10.0005 | Size = 24064 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0020 | Size = 518240 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1802 bytes | Created Date = 4/04/2008 21:03:44 | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 17/05/2008 13:42:31 | Attr = ] avisynth.dll -> %SystemRoot%\System32\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Created Date = 30/06/2008 14:04:36 | Attr = ] AVSredirect.dll -> %SystemRoot%\System32\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 30/06/2008 14:04:28 | Attr = ] BIKO3.wav -> %SystemRoot%\System32\BIKO3.wav -> [Ver = | Size = 8464762 bytes | Created Date = 3/06/2008 7:47:41 | Attr = ] bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 4/04/2008 19:24:35 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Created Date = 4/04/2008 21:03:10 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 4/04/2008 21:03:10 | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 4/04/2008 19:28:42 | Attr = RH ] CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Created Date = 1/05/2008 19:13:58 | Attr = ] coinst.dll -> %SystemRoot%\System32\coinst.dll -> [Ver = 2.20.01(27Oct99) | Size = 49152 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Created Date = 4/04/2008 19:24:14 | Attr = ] comdlg32.oca -> %SystemRoot%\System32\comdlg32.oca -> [Ver = | Size = 35840 bytes | Created Date = 4/05/2008 15:04:35 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2845 bytes | Created Date = 4/04/2008 19:30:42 | Attr = ] CoreAAC.ax -> %SystemRoot%\System32\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:59 | Attr = ] c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:59 | Attr = ] c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:04:02 | Attr = ] c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:49 | Attr = ] C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:54 | Attr = ] C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:59 | Attr = ] C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:04:02 | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:04:04 | Attr = ] c_737.nls -> %SystemRoot%\System32\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_852.nls -> %SystemRoot%\System32\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:51 | Attr = ] c_855.nls -> %SystemRoot%\System32\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:54 | Attr = ] c_857.nls -> %SystemRoot%\System32\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:04:02 | Attr = ] c_866.nls -> %SystemRoot%\System32\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:54 | Attr = ] c_869.nls -> %SystemRoot%\System32\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] c_875.nls -> %SystemRoot%\System32\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 4/04/2008 21:03:56 | Attr = ] desktop.ini -> %SystemRoot%\System32\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 4/04/2008 19:27:35 | Attr = ] devil.dll -> %SystemRoot%\System32\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 30/06/2008 14:04:50 | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 4/04/2008 21:03:48 | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 86556 bytes | Created Date = 4/04/2008 21:03:48 | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] DiracSplitter.ax -> %SystemRoot%\System32\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Created Date = 4/04/2008 19:28:06 | Attr = ] dkgfoeik.ini -> %SystemRoot%\System32\dkgfoeik.ini -> [Ver = | Size = 1612615 bytes | Created Date = 22/06/2008 17:32:48 | Attr = HS] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 4/04/2008 20:52:10 | Attr = ] dtgxtpem.ini -> %SystemRoot%\System32\dtgxtpem.ini -> [Ver = | Size = 1610756 bytes | Created Date = 20/06/2008 14:51:11 | Attr = HS] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21748 bytes | Created Date = 4/04/2008 19:25:50 | Attr = ] EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103936 bytes | Created Date = 4/04/2008 21:03:47 | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 263824 bytes | Created Date = 4/04/2008 21:02:34 | Attr = ] gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 4/04/2008 19:24:35 | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 23/06/2008 19:39:55 | Attr = ] hjxkpsnu.ini -> %SystemRoot%\System32\hjxkpsnu.ini -> [Ver = | Size = 1650952 bytes | Created Date = 18/06/2008 17:26:55 | Attr = HS] hpbicoin.dll -> %SystemRoot%\System32\hpbicoin.dll -> Hewlett-Packard [Ver = 6.0.0.10 | Size = 344064 bytes | Created Date = 17/05/2008 15:43:56 | Attr = ] hpcpn5r1.dll -> %SystemRoot%\System32\hpcpn5r1.dll -> Hewlett-Packard Corporation [Ver = 61.074.561.43 | Size = 147456 bytes | Created Date = 17/05/2008 15:45:30 | Attr = ] hpz3l2i0.dll -> %SystemRoot%\System32\hpz3l2i0.dll -> Hewlett-Packard Company [Ver = 60.032.156.45 | Size = 29184 bytes | Created Date = 17/05/2008 15:44:26 | Attr = ] hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 4/04/2008 19:24:45 | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 352768 bytes | Created Date = 4/04/2008 19:24:20 | Attr = ] i420vfw.dll -> %SystemRoot%\System32\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 30/06/2008 14:04:22 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 4/04/2008 19:24:35 | Attr = ] iilmoUtv.ini -> %SystemRoot%\System32\iilmoUtv.ini -> [Ver = | Size = 79560 bytes | Created Date = 19/06/2008 8:57:52 | Attr = HS] IME -> %SystemRoot%\System32\IME -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] imon.dll -> %SystemRoot%\System32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Created Date = 23/06/2008 19:56:21 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 4/04/2008 19:26:54 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 6/05/2008 20:41:23 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 6/05/2008 20:41:23 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 6/05/2008 20:41:23 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 6/05/2008 20:41:23 | Attr = ] kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 4/04/2008 19:24:35 | Attr = ] kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 4/04/2008 19:24:35 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2/07/2008 16:16:50 | Attr = ] kcmtflax.ini -> %SystemRoot%\System32\kcmtflax.ini -> [Ver = | Size = 1632808 bytes | Created Date = 17/06/2008 17:24:14 | Attr = HS] korean.uce -> %SystemRoot%\System32\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 4/04/2008 19:24:35 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 18/05/2008 15:16:33 | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 4/04/2008 19:28:54 | Attr = RH ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 4/04/2008 19:27:15 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Created Date = 4/04/2008 19:36:23 | Attr = S] minirec.exe -> %SystemRoot%\System32\minirec.exe -> [Ver = 1.0 (8.1.2001) | Size = 167936 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Created Date = 4/04/2008 19:24:16 | Attr = ] msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 4/04/2008 19:24:31 | Attr = ] msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini -> [Ver = | Size = 3864 bytes | Created Date = 4/04/2008 19:24:31 | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 4/04/2008 19:28:42 | Attr = RH ] nl-nl -> %SystemRoot%\System32\nl-nl -> [Folder | Created Date = 4/04/2008 21:20:49 | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 4/04/2008 19:30:31 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 4/04/2008 19:28:42 | Attr = RH ] Oemdspif.dll -> %SystemRoot%\System32\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0010 | Size = 102400 bytes | Created Date = 4/04/2008 19:42:41 | Attr = ] okotavgj.ini -> %SystemRoot%\System32\okotavgj.ini -> [Ver = | Size = 1676135 bytes | Created Date = 23/06/2008 17:30:58 | Attr = HS] oobe -> %SystemRoot%\System32\oobe -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] OWHjknpo.ini -> %SystemRoot%\System32\OWHjknpo.ini -> [Ver = | Size = 347 bytes | Created Date = 14/06/2008 18:38:57 | Attr = HS] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1006162 bytes | Created Date = 4/04/2008 21:04:12 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 12/04/2008 16:45:55 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 12/04/2008 16:45:56 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 12/04/2008 16:45:56 | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 4/04/2008 20:14:14 | Attr = ] px.dll -> %SystemRoot%\System32\px.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 551672 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxafs.dll -> %SystemRoot%\System32\pxafs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 129784 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxcpya64.exe -> %SystemRoot%\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 66296 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxcpyi64.exe -> %SystemRoot%\System32\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.44B | Size = 120056 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxdrv.dll -> %SystemRoot%\System32\pxdrv.dll -> Sonic Solutions [Ver = 1.02.09a | Size = 518904 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxhpinst.exe -> %SystemRoot%\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxinsa64.exe -> %SystemRoot%\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 64760 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxinsi64.exe -> %SystemRoot%\System32\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 118520 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxmas.dll -> %SystemRoot%\System32\pxmas.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 187128 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxsfs.dll -> %SystemRoot%\System32\pxsfs.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 1628920 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] pxwave.dll -> %SystemRoot%\System32\pxwave.dll -> Sonic Solutions [Ver = 4.0.36.500 | Size = 379640 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] qwqmvsdj.ini -> %SystemRoot%\System32\qwqmvsdj.ini -> [Ver = | Size = 1651002 bytes | Created Date = 19/06/2008 9:01:16 | Attr = HS] ras -> %SystemRoot%\System32\ras -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Created Date = 4/04/2008 19:43:24 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Created Date = 4/04/2008 19:26:55 | Attr = ] RLOgg.ax -> %SystemRoot%\System32\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] RLSpeexDec.ax -> %SystemRoot%\System32\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] RLTheoraDec.ax -> %SystemRoot%\System32\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] RLVorbisDec.ax -> %SystemRoot%\System32\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 30/06/2008 14:03:07 | Attr = RHS] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Created Date = 12/04/2008 16:46:05 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 4/04/2008 19:28:42 | Attr = RH ] sDLkmnnn.ini -> %SystemRoot%\System32\sDLkmnnn.ini -> [Ver = | Size = 478596 bytes | Created Date = 17/06/2008 17:20:57 | Attr = HS] Setup -> %SystemRoot%\System32\Setup -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] slcpappl.chm -> %SystemRoot%\System32\slcpappl.chm -> [Ver = | Size = 138560 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] slcpappl.cpl -> %SystemRoot%\System32\slcpappl.cpl -> [Ver = 2, 92, 0, 2 | Size = 454656 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> [Ver = 2.21 | Size = 196608 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] SLGen.dll -> %SystemRoot%\System32\SLGen.dll -> [Ver = | Size = 163840 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] SLLights.dll -> %SystemRoot%\System32\SLLights.dll -> [Ver = 2, 0, 9, 9 | Size = 528384 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] slmh.cab -> %SystemRoot%\System32\slmh.cab -> [Ver = | Size = 351183 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] slmh.exe -> %SystemRoot%\System32\slmh.exe -> [Ver = 2, 92, 0, 3 | Size = 368640 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] SLMOHServ.dll -> %SystemRoot%\System32\SLMOHServ.dll -> [Ver = 1, 0, 0, 1 | Size = 135168 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] Smab.dll -> %SystemRoot%\System32\Smab.dll -> [Ver = | Size = 408576 bytes | Created Date = 30/06/2008 14:04:53 | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 4/04/2008 20:00:18 | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 4/04/2008 21:03:48 | Attr = ] ssiefr.EXE -> %SystemRoot%\System32\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.3.2.2609 | Size = 10240 bytes | Created Date = 23/06/2008 20:00:55 | Attr = ] subrange.uce -> %SystemRoot%\System32\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] SynCOM.dll -> %SystemRoot%\System32\SynCOM.dll -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 82012 bytes | Created Date = 4/04/2008 19:47:48 | Attr = ] SynCtrl.dll -> %SystemRoot%\System32\SynCtrl.dll -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 114688 bytes | Created Date = 4/04/2008 19:47:48 | Attr = ] SynTPAPI.dll -> %SystemRoot%\System32\SynTPAPI.dll -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 90201 bytes | Created Date = 4/04/2008 19:47:48 | Attr = ] SynTPCo2.dll -> %SystemRoot%\System32\SynTPCo2.dll -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 81920 bytes | Created Date = 4/04/2008 19:47:48 | Attr = ] SynTPFcs.dll -> %SystemRoot%\System32\SynTPFcs.dll -> Synaptics, Inc. [Ver = 8.0.0 18Mar05 | Size = 69721 bytes | Created Date = 4/04/2008 19:47:48 | Attr = ] tpprknuf.ini -> %SystemRoot%\System32\tpprknuf.ini -> [Ver = | Size = 1612185 bytes | Created Date = 21/06/2008 16:35:20 | Attr = HS] tslabels.h -> %SystemRoot%\System32\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 4/04/2008 19:24:32 | Attr = ] tslabels.ini -> %SystemRoot%\System32\tslabels.ini -> [Ver = | Size = 27404 bytes | Created Date = 4/04/2008 19:24:32 | Attr = ] UnAudioNT.dll -> %SystemRoot%\System32\UnAudioNT.dll -> [Ver = | Size = 36864 bytes | Created Date = 4/04/2008 19:47:10 | Attr = ] URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Created Date = 4/06/2008 19:12:56 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 4/04/2008 19:24:33 | Attr = ] vxblock.dll -> %SystemRoot%\System32\vxblock.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Created Date = 8/04/2008 20:15:35 | Attr = ] W22MLRES.DLL -> %SystemRoot%\System32\W22MLRES.DLL -> Intel Corporation [Ver = 8, 0, 0, 121 | Size = 991232 bytes | Created Date = 4/04/2008 19:42:55 | Attr = ] w22NCPA.dll -> %SystemRoot%\System32\w22NCPA.dll -> Intel Corporation [Ver = 8, 0, 0, 121 | Size = 344064 bytes | Created Date = 4/04/2008 19:42:50 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 4/04/2008 19:28:54 | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 4/04/2008 19:24:22 | Attr = ] WRLogonNtf.dll -> %SystemRoot%\System32\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,3,2,2609 | Size = 233024 bytes | Created Date = 23/06/2008 20:01:07 | Attr = ] wrlzma.dll -> %SystemRoot%\System32\wrlzma.dll -> [Ver = | Size = 26688 bytes | Created Date = 23/06/2008 20:00:55 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 4/04/2008 19:28:42 | Attr = RH ] x.264.exe -> %SystemRoot%\System32\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 30/06/2008 14:04:15 | Attr = ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 4/04/2008 19:31:10 | Attr = ] xmlparse.dll -> %SystemRoot%\System32\xmlparse.dll -> [Ver = | Size = 36864 bytes | Created Date = 4/05/2008 15:04:35 | Attr = ] xmltok.dll -> %SystemRoot%\System32\xmltok.dll -> [Ver = | Size = 69632 bytes | Created Date = 4/05/2008 15:04:35 | Attr = ] xuycaups.ini -> %SystemRoot%\System32\xuycaups.ini -> [Ver = | Size = 1924006 bytes | Created Date = 20/06/2008 13:49:47 | Attr = HS] xwaiciqr.ini -> %SystemRoot%\System32\xwaiciqr.ini -> [Ver = | Size = 1612065 bytes | Created Date = 21/06/2008 15:35:27 | Attr = HS] yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 30/06/2008 14:04:28 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 4/04/2008 20:14:12 | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 4/04/2008 20:13:59 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 4/04/2008 21:19:33 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 4/04/2008 21:19:11 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Created Date = 4/06/2008 19:13:00 | Attr = R S] Blauw 16.bmp -> %SystemRoot%\Blauw 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] BM6bf1d58b.xml -> %SystemRoot%\BM6bf1d58b.xml -> [Ver = | Size = 110386 bytes | Created Date = 15/06/2008 11:27:22 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 4/04/2008 19:35:01 | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 4/04/2008 19:30:42 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] d3dx.dat -> %SystemRoot%\d3dx.dat -> [Ver = | Size = 8192 bytes | Created Date = 3/06/2008 16:51:12 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 4/04/2008 19:27:35 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 4/04/2008 19:28:54 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/07/2008 10:24:58 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = R S] Groensteen.bmp -> %SystemRoot%\Groensteen.bmp -> [Ver = | Size = 26582 bytes | Created Date = 4/04/2008 19:24:37 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 4/04/2008 21:19:51 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 4/04/2008 21:21:48 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 4/04/2008 21:04:16 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 4/04/2008 21:04:12 | Attr = HS] IsUn0413.exe -> %SystemRoot%\IsUn0413.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 308224 bytes | Created Date = 4/04/2008 19:46:51 | Attr = ] IsUninst.exe -> %SystemRoot%\IsUninst.exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Created Date = 2/06/2008 19:53:13 | Attr = ] java -> %SystemRoot%\java -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Kopje koffie.bmp -> %SystemRoot%\Kopje koffie.bmp -> [Ver = | Size = 17062 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 30/06/2008 14:04:01 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Created Date = 4/06/2008 19:12:59 | Attr = ] Modio -> %SystemRoot%\Modio -> [Folder | Created Date = 4/04/2008 19:47:11 | Attr = ] MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 30/06/2008 14:04:33 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1160 bytes | Created Date = 12/05/2008 21:08:54 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 4/04/2008 21:17:10 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 12/05/2008 21:07:49 | Attr = ] O2Remove.EXE -> %SystemRoot%\O2Remove.EXE -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 34329 bytes | Created Date = 4/04/2008 19:48:46 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4205 bytes | Created Date = 4/04/2008 21:04:11 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 4/04/2008 19:28:54 | Attr = R ] OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Created Date = 4/04/2008 19:48:11 | Attr = ] Patroon.bmp -> %SystemRoot%\Patroon.bmp -> [Ver = | Size = 16730 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Prairie.bmp -> %SystemRoot%\Prairie.bmp -> [Ver = | Size = 65954 bytes | Created Date = 4/04/2008 19:24:37 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 4/04/2008 19:36:24 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 17/06/2008 17:22:19 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 21/04/2008 0:17:39 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 4/04/2008 19:25:24 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 4/04/2008 19:36:04 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 4/04/2008 19:24:37 | Attr = ] Rivier Sumida.bmp -> %SystemRoot%\Rivier Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 4/04/2008 19:24:37 | Attr = ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 4/04/2008 19:24:37 | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 4/04/2008 20:21:57 | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> [Ver = | Size = 24576 bytes | Created Date = 4/04/2008 19:42:49 | Attr = ] SmCfg.exe -> %SystemRoot%\SmCfg.exe -> [Ver = 2, 80, 1, 0 | Size = 65536 bytes | Created Date = 4/04/2008 19:47:12 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 4/04/2008 19:36:25 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 4/04/2008 19:27:16 | Attr = ] Stekkie.bmp -> %SystemRoot%\Stekkie.bmp -> [Ver = | Size = 17336 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 13/05/2008 20:16:13 | Attr = ] system -> %SystemRoot%\system -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 4/04/2008 19:27:22 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 8192 bytes | Created Date = 2/07/2008 11:54:39 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 4/04/2008 19:25:30 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Created Date = 4/04/2008 19:25:30 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 4/04/2008 21:20:50 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = R ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 4/04/2008 19:28:42 | Attr = RH ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 4/04/2008 19:27:36 | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 4/04/2008 19:27:36 | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 4/04/2008 20:50:38 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 4/04/2008 19:30:29 | Attr = ] WRUninstall.dll -> %SystemRoot%\WRUninstall.dll -> Webroot Software, Inc. [Ver = 5,3,2,2361 | Size = 271936 bytes | Created Date = 23/06/2008 20:00:55 | Attr = ] x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 30/06/2008 14:04:08 | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 4/04/2008 19:24:37 | Attr = ] Zeepbellen.bmp -> %SystemRoot%\Zeepbellen.bmp -> [Ver = | Size = 65978 bytes | Created Date = 4/04/2008 19:24:36 | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 4/04/2008 19:27:22 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 4/04/2008 19:36:24 | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 4/04/2008 21:12:07 | Attr = ] Advanced Chemistry Development -> %AllUsersProfile%\Application Data\Advanced Chemistry Development -> [Folder | Created Date = 6/04/2008 13:39:50 | Attr = ] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 17/05/2008 13:41:58 | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 4/04/2008 21:03:29 | Attr = HS] Hewlett-Packard -> %AllUsersProfile%\Application Data\Hewlett-Packard -> [Folder | Created Date = 17/05/2008 15:45:58 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2/07/2008 16:16:54 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 3/07/2008 9:20:55 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Created Date = 4/04/2008 21:03:04 | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 4/04/2008 20:21:03 | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Created Date = 15/06/2008 15:44:06 | Attr = ] Prevx -> %AllUsersProfile%\Application Data\Prevx -> [Folder | Created Date = 23/06/2008 19:52:51 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 16/06/2008 15:05:47 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 23/06/2008 20:02:02 | Attr = ] @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Webroot -> %AllUsersProfile%\Application Data\Webroot -> [Folder | Created Date = 23/06/2008 20:00:55 | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 4/04/2008 20:19:11 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 4/04/2008 20:46:13 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 4/04/2008 20:03:13 | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Created Date = 5/04/2008 15:24:17 | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 4/04/2008 19:37:23 | Attr = HS] DivX -> %AppData%\DivX -> [Folder | Created Date = 8/04/2008 20:16:05 | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 14/06/2008 11:15:33 | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 4/04/2008 19:37:36 | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Created Date = 23/06/2008 20:38:47 | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Created Date = 2/06/2008 19:55:33 | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 6/05/2008 20:42:46 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 4/04/2008 20:03:14 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 3/07/2008 9:21:00 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 4/04/2008 19:37:22 | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 12/05/2008 21:07:42 | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 23/06/2008 20:01:38 | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 12/04/2008 16:45:52 | Attr = ] SecuROM -> %AppData%\SecuROM -> [Folder | Created Date = 1/05/2008 19:14:00 | Attr = RH ] Sun -> %AppData%\Sun -> [Folder | Created Date = 6/05/2008 20:42:06 | Attr = ] temp -> %AppData%\temp -> [Folder | Created Date = 13/06/2008 22:30:27 | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 24/06/2008 13:58:28 | Attr = ] Webroot -> %AppData%\Webroot -> [Folder | Created Date = 23/06/2008 20:00:38 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 5/04/2008 15:24:01 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 4/04/2008 21:13:06 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Created Date = 6/06/2008 20:27:40 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 204288 bytes | Created Date = 4/04/2008 23:42:45 | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 132 bytes | Created Date = 6/06/2008 20:27:44 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 68456 bytes | Created Date = 4/04/2008 21:29:44 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 14/06/2008 11:15:15 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5336904 bytes | Created Date = 13/04/2008 15:56:32 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 4/04/2008 19:37:22 | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 4/04/2008 20:21:20 | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 12/05/2008 21:07:42 | Attr = ] Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net -> [Folder | Created Date = 1/07/2008 21:46:24 | Attr = ] S2 -> %UserProfile%\Local Settings\Application Data\S2 -> [Folder | Created Date = 1/05/2008 19:19:30 | Attr = ] S2_Demo -> %UserProfile%\Local Settings\Application Data\S2_Demo -> [Folder | Created Date = 5/04/2008 17:06:56 | Attr = ] desktop.ini -> %AllUsersProfile%\Documenten\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 4/04/2008 21:03:29 | Attr = HS] Mijn afbeeldingen -> %AllUsersProfile%\Documenten\Mijn afbeeldingen -> [Folder | Created Date = 4/04/2008 19:26:32 | Attr = R ] Mijn muziek -> %AllUsersProfile%\Documenten\Mijn muziek -> [Folder | Created Date = 4/04/2008 19:25:15 | Attr = R ] Mijn video's -> %AllUsersProfile%\Documenten\Mijn video's -> [Folder | Created Date = 4/04/2008 19:23:56 | Attr = R ] BasicLab.sk -> %UserProfile%\Mijn documenten\BasicLab.sk -> [Ver = | Size = 203 bytes | Created Date = 8/04/2008 20:39:44 | Attr = ] biochemie 1.docx -> %UserProfile%\Mijn documenten\biochemie 1.docx -> [Ver = | Size = 46850 bytes | Created Date = 20/04/2008 17:00:42 | Attr = ] Cradle to Cradle3.doc -> %UserProfile%\Mijn documenten\Cradle to Cradle3.doc -> [Ver = | Size = 38400 bytes | Created Date = 7/05/2008 13:38:19 | Attr = ] desktop.ini -> %UserProfile%\Mijn documenten\desktop.ini -> [Ver = | Size = 83 bytes | Created Date = 4/04/2008 19:37:28 | Attr = HS] Downloads -> %UserProfile%\Mijn documenten\Downloads -> [Folder | Created Date = 3/06/2008 20:53:07 | Attr = ] 1 C:\Documents and Settings\Dominique\Mijn documenten\*.tmp files -> C:\Documents and Settings\Dominique\Mijn documenten\*.tmp -> FIFAM 08 Demo -> %UserProfile%\Mijn documenten\FIFAM 08 Demo -> [Folder | Created Date = 13/06/2008 22:30:11 | Attr = ] grstyles.stl -> %UserProfile%\Mijn documenten\grstyles.stl -> [Ver = | Size = 584 bytes | Created Date = 8/04/2008 20:45:39 | Attr = ] LastLab.sk -> %UserProfile%\Mijn documenten\LastLab.sk -> [Ver = | Size = 22 bytes | Created Date = 8/04/2008 20:39:44 | Attr = ] LimeWire -> %UserProfile%\Mijn documenten\LimeWire -> [Folder | Created Date = 6/05/2008 20:42:54 | Attr = ] Mijn afbeeldingen -> %UserProfile%\Mijn documenten\Mijn afbeeldingen -> [Folder | Created Date = 4/04/2008 19:37:28 | Attr = R ] Mijn Gedeelde Mappen.lnk -> %UserProfile%\Mijn documenten\Mijn Gedeelde Mappen.lnk -> [Ver = | Size = 578 bytes | Created Date = 4/04/2008 20:54:23 | Attr = ] Mijn muziek -> %UserProfile%\Mijn documenten\Mijn muziek -> [Folder | Created Date = 4/04/2008 19:37:29 | Attr = R ] Mijn ontvangen bestanden -> %UserProfile%\Mijn documenten\Mijn ontvangen bestanden -> [Folder | Created Date = 4/04/2008 20:52:24 | Attr = ] Mijn video's -> %UserProfile%\Mijn documenten\Mijn video's -> [Folder | Created Date = 8/04/2008 20:15:26 | Attr = R ] mt phillipe.docx -> %UserProfile%\Mijn documenten\mt phillipe.docx -> [Ver = | Size = 10613 bytes | Created Date = 14/05/2008 16:25:16 | Attr = ] Nieuwe map -> %UserProfile%\Mijn documenten\Nieuwe map -> [Folder | Created Date = 27/05/2008 21:28:43 | Attr = ] OneNote Notebooks -> %UserProfile%\Mijn documenten\OneNote Notebooks -> [Folder | Created Date = 15/04/2008 23:01:59 | Attr = ] PTV 2.docx -> %UserProfile%\Mijn documenten\PTV 2.docx -> [Ver = | Size = 777407 bytes | Created Date = 11/06/2008 23:29:12 | Attr = ] S2 -> %UserProfile%\Mijn documenten\S2 -> [Folder | Created Date = 1/05/2008 19:18:58 | Attr = ] spider.sav -> %UserProfile%\Mijn documenten\spider.sav -> [Ver = | Size = 372 bytes | Created Date = 5/04/2008 1:20:41 | Attr = ] stage1.sk2 -> %UserProfile%\Mijn documenten\stage1.sk2 -> [Ver = | Size = 8753 bytes | Created Date = 8/04/2008 20:43:24 | Attr = ] template.cfg -> %UserProfile%\Mijn documenten\template.cfg -> [Ver = | Size = 1921 bytes | Created Date = 6/04/2008 13:39:50 | Attr = ] Thumbs.db -> %UserProfile%\Mijn documenten\Thumbs.db -> [Ver = | Size = 3584 bytes | Created Date = 2/06/2008 19:24:34 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Mijn documenten\Thumbs.db:encryptable TLC.pptx -> %UserProfile%\Mijn documenten\TLC.pptx -> [Ver = | Size = 38601 bytes | Created Date = 20/04/2008 20:08:49 | Attr = ] univ logo -> %UserProfile%\Mijn documenten\univ logo -> [Folder | Created Date = 9/04/2008 17:42:42 | Attr = ] UserLab.sk -> %UserProfile%\Mijn documenten\UserLab.sk -> [Ver = | Size = 0 bytes | Created Date = 8/04/2008 20:39:44 | Attr = ] UserStl.sk -> %UserProfile%\Mijn documenten\UserStl.sk -> [Ver = | Size = 12 bytes | Created Date = 8/04/2008 20:37:17 | Attr = ] ~$adle to Cradle3.doc -> %UserProfile%\Mijn documenten\~$adle to Cradle3.doc -> [Ver = | Size = 162 bytes | Created Date = 7/05/2008 13:38:19 | Attr = H ] ~$PTV 2.docx -> %UserProfile%\Mijn documenten\~$PTV 2.docx -> [Ver = | Size = 162 bytes | Created Date = 8/06/2008 9:30:59 | Attr = H ] Adobe Reader 8.lnk -> %AllUsersProfile%\Bureaublad\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Created Date = 4/04/2008 21:12:17 | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Bureaublad\AVG Free 8.0.lnk -> [Ver = | Size = 1507 bytes | Created Date = 17/05/2008 13:42:32 | Attr = ] DAEMON Tools Lite.lnk -> %AllUsersProfile%\Bureaublad\DAEMON Tools Lite.lnk -> [Ver = | Size = 733 bytes | Created Date = 6/04/2008 11:03:13 | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Bureaublad\DivX Player.lnk -> [Ver = | Size = 795 bytes | Created Date = 8/04/2008 20:15:42 | Attr = ] FIFA Manager 08 Demo.lnk -> %AllUsersProfile%\Bureaublad\FIFA Manager 08 Demo.lnk -> [Ver = | Size = 921 bytes | Created Date = 13/06/2008 22:29:51 | Attr = ] Google Earth.lnk -> %AllUsersProfile%\Bureaublad\Google Earth.lnk -> [Ver = | Size = 1836 bytes | Created Date = 14/06/2008 11:15:16 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureaublad\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 3/07/2008 9:20:57 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Bureaublad\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 12/05/2008 21:07:35 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Bureaublad\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 12/04/2008 16:46:10 | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Bureaublad\VLC media player.lnk -> [Ver = | Size = 719 bytes | Created Date = 24/06/2008 13:53:15 | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Bureaublad\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 1/07/2008 16:10:20 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureaublad\ATF_Cleaner.exe:Zone.Identifier C&C renegade.lnk -> %UserProfile%\Bureaublad\C&C renegade.lnk -> [Ver = | Size = 682 bytes | Created Date = 1/06/2008 11:21:14 | Attr = ] ChemDraw Ultra 7.0.lnk -> %UserProfile%\Bureaublad\ChemDraw Ultra 7.0.lnk -> [Ver = | Size = 1689 bytes | Created Date = 10/06/2008 19:43:32 | Attr = ] delta force.lnk -> %UserProfile%\Bureaublad\delta force.lnk -> [Ver = | Size = 912 bytes | Created Date = 2/06/2008 19:58:21 | Attr = ] downloads -> %UserProfile%\Bureaublad\downloads -> [Folder | Created Date = 5/04/2008 14:36:25 | Attr = ] 1 C:\Documents and Settings\Dominique\Bureaublad\*.tmp files -> C:\Documents and Settings\Dominique\Bureaublad\*.tmp -> dss.exe -> %UserProfile%\Bureaublad\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 2/07/2008 10:21:31 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureaublad\dss.exe:Zone.Identifier geektogo -> %UserProfile%\Bureaublad\geektogo -> [Folder | Created Date = 2/07/2008 10:12:14 | Attr = ] LimeWire 4.16.7.lnk -> %UserProfile%\Bureaublad\LimeWire 4.16.7.lnk -> [Ver = | Size = 1580 bytes | Created Date = 6/05/2008 20:38:17 | Attr = ] Logs -> %UserProfile%\Bureaublad\Logs -> [Folder | Created Date = 6/04/2008 12:50:09 | Attr = ] mbam-setup.exe -> %UserProfile%\Bureaublad\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.19 | Size = 1705000 bytes | Created Date = 3/07/2008 9:20:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureaublad\mbam-setup.exe:Zone.Identifier Nieuwe map -> %UserProfile%\Bureaublad\Nieuwe map -> [Folder | Created Date = 1/07/2008 21:35:50 | Attr = ] postal2 -> %UserProfile%\Bureaublad\postal2 -> [Folder | Created Date = 2/07/2008 13:23:40 | Attr = ] stage -> %UserProfile%\Bureaublad\stage -> [Folder | Created Date = 2/07/2008 11:30:04 | Attr = ] The Settlers II.lnk -> %UserProfile%\Bureaublad\The Settlers II.lnk -> [Ver = | Size = 1122 bytes | Created Date = 2/05/2008 20:53:45 | Attr = ] univ -> %UserProfile%\Bureaublad\univ -> [Folder | Created Date = 2/05/2008 20:58:45 | Attr = ] Windows Media Player.lnk -> %UserProfile%\Bureaublad\Windows Media Player.lnk -> [Ver = | Size = 782 bytes | Created Date = 18/05/2008 16:17:08 | Attr = ] worms.lnk -> %UserProfile%\Bureaublad\worms.lnk -> [Ver = | Size = 621 bytes | Created Date = 6/04/2008 14:20:22 | Attr = ] ~$lloïd chemie.docx -> %UserProfile%\Bureaublad\~$lloïd chemie.docx -> [Ver = | Size = 162 bytes | Created Date = 17/04/2008 21:33:37 | Attr = H ] desktop.ini -> %AllUsersProfile%\Menu Start\Programma's\Opstarten\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 4/04/2008 21:03:29 | Attr = HS] desktop.ini -> %UserProfile%\Menu Start\Programma's\Opstarten\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 4/04/2008 19:37:23 | Attr = HS] ERUNT AutoBackup.lnk -> %UserProfile%\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 2/07/2008 16:06:59 | Attr = ] OneNote 2007 Screen Clipper and Launcher.lnk -> %UserProfile%\Menu Start\Programma's\Opstarten\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 947 bytes | Created Date = 15/04/2008 23:01:59 | Attr = ] PowerReg Scheduler.exe -> %UserProfile%\Menu Start\Programma's\Opstarten\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Created Date = 2/06/2008 19:56:55 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 4/04/2008 21:11:50 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 4/04/2008 20:38:20 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 4/04/2008 19:43:19 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 6/05/2008 20:39:46 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Created Date = 4/04/2008 21:04:07 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Created Date = 4/04/2008 19:27:21 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Created Date = 4/04/2008 21:04:11 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 12/04/2008 16:45:52 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Created Date = 4/04/2008 19:27:25 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Created Date = 4/04/2008 21:04:07 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Created Date = 4/04/2008 19:26:38 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 4/04/2008 20:46:41 | Attr = HS] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 12/04/2008 16:46:11 | Attr = ] ACDFREE11 -> %ProgramFiles%\ACDFREE11 -> [Folder | Created Date = 6/04/2008 13:38:48 | Attr = ] Adobe -> %ProgramFiles%\Adobe -> [Folder | Created Date = 4/04/2008 21:11:50 | Attr = ] ATI Technologies -> %ProgramFiles%\ATI Technologies -> [Folder | Created Date = 4/04/2008 19:44:46 | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 17/05/2008 13:41:58 | Attr = ] AviSynth 2.5 -> %ProgramFiles%\AviSynth 2.5 -> [Folder | Created Date = 30/06/2008 14:03:57 | Attr = ] ChemOffice2002 -> %ProgramFiles%\ChemOffice2002 -> [Folder | Created Date = 10/06/2008 19:41:13 | Attr = ] Clue - Murder at Boddy mansion -> %ProgramFiles%\Clue - Murder at Boddy mansion -> [Folder | Created Date = 1/07/2008 21:02:20 | Attr = ] Common Files -> %CommonProgramFiles% -> [Folder | Created Date = 4/04/2008 21:04:07 | Attr = ] ComPlus Applications -> %ProgramFiles%\ComPlus Applications -> [Folder | Created Date = 4/04/2008 19:25:33 | Attr = ] DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite -> [Folder | Created Date = 6/04/2008 11:03:11 | Attr = ] DirectXmarch2008 -> %ProgramFiles%\DirectXmarch2008 -> [Folder | Created Date = 5/04/2008 16:46:14 | Attr = ] DivX -> %ProgramFiles%\DivX -> [Folder | Created Date = 8/04/2008 20:15:26 | Attr = ] EA SPORTS -> %ProgramFiles%\EA SPORTS -> [Folder | Created Date = 13/06/2008 22:26:52 | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 2/07/2008 16:05:52 | Attr = ] ESET -> %ProgramFiles%\ESET -> [Folder | Created Date = 23/06/2008 19:55:26 | Attr = ] Gabest -> %ProgramFiles%\Gabest -> [Folder | Created Date = 8/04/2008 21:28:50 | Attr = ] Google -> %ProgramFiles%\Google -> [Folder | Created Date = 14/06/2008 11:13:25 | Attr = ] Hitman Pro -> %ProgramFiles%\Hitman Pro -> [Folder | Created Date = 23/06/2008 19:39:28 | Attr = ] InstallShield Installation Information -> %ProgramFiles%\InstallShield Installation Information -> [Folder | Created Date = 4/04/2008 19:43:22 | Attr = H ] Intel -> %ProgramFiles%\Intel -> [Folder | Created Date = 4/04/2008 19:42:55 | Attr = ] Internet Explorer -> %ProgramFiles%\Internet Explorer -> [Folder | Created Date = 4/04/2008 19:26:33 | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 6/05/2008 20:40:19 | Attr = ] KlaimSMS -> %ProgramFiles%\KlaimSMS -> [Folder | Created Date = 27/05/2008 21:14:01 | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 23/06/2008 19:57:48 | Attr = ] LimeWire -> %ProgramFiles%\LimeWire -> [Folder | Created Date = 6/05/2008 20:36:09 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 3/07/2008 9:20:54 | Attr = ] Messenger -> %ProgramFiles%\Messenger -> [Folder | Created Date = 4/04/2008 19:25:04 | Attr = ] microsoft frontpage -> %ProgramFiles%\microsoft frontpage -> [Folder | Created Date = 4/04/2008 19:31:10 | Attr = ] Microsoft Office -> %ProgramFiles%\Microsoft Office -> [Folder | Created Date = 4/04/2008 20:21:06 | Attr = ] Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio -> [Folder | Created Date = 4/04/2008 20:38:20 | Attr = ] Microsoft Works -> %ProgramFiles%\Microsoft Works -> [Folder | Created Date = 4/04/2008 20:39:44 | Attr = ] Movie Maker -> %ProgramFiles%\Movie Maker -> [Folder | Created Date = 4/04/2008 19:27:05 | Attr = ] Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [Folder | Created Date = 12/05/2008 21:07:31 | Attr = ] MSBuild -> %ProgramFiles%\MSBuild -> [Folder | Created Date = 4/04/2008 20:39:13 | Attr = ] MSECache -> %ProgramFiles%\MSECache -> [Folder | Created Date = 15/06/2008 15:45:31 | Attr = ] MSN Gaming Zone -> %ProgramFiles%\MSN Gaming Zone -> [Folder | Created Date = 4/04/2008 19:24:59 | Attr = ] NetMeeting -> %ProgramFiles%\NetMeeting -> [Folder | Created Date = 4/04/2008 19:26:50 | Attr = ] NovaLogic -> %ProgramFiles%\NovaLogic -> [Folder | Created Date = 2/06/2008 19:53:53 | Attr = ] Online Services -> %ProgramFiles%\Online Services -> [Folder | Created Date = 4/04/2008 19:28:31 | Attr = ] Outlook Express -> %ProgramFiles%\Outlook Express -> [Folder | Created Date = 4/04/2008 19:26:46 | Attr = ] Real -> %ProgramFiles%\Real -> [Folder | Created Date = 12/04/2008 16:45:55 | Attr = ] RENEGADE -> %ProgramFiles%\RENEGADE -> [Folder | Created Date = 31/05/2008 17:45:37 | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 16/06/2008 15:05:47 | Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 23/06/2008 20:01:38 | Attr = ] SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [Folder | Created Date = 23/06/2008 19:57:14 | Attr = ] Synaptics -> %ProgramFiles%\Synaptics -> [Folder | Created Date = 4/04/2008 19:47:47 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 1/07/2008 16:59:23 | Attr = ] Trymedia -> %ProgramFiles%\Trymedia -> [Folder | Created Date = 1/07/2008 21:08:17 | Attr = ] Ubisoft -> %ProgramFiles%\Ubisoft -> [Folder | Created Date = 1/05/2008 19:10:29 | Attr = ] Uninstall Information -> %ProgramFiles%\Uninstall Information -> [Folder | Created Date = 4/04/2008 19:37:33 | Attr = H ] VIAudioi -> %ProgramFiles%\VIAudioi -> [Folder | Created Date = 4/04/2008 19:47:06 | Attr = ] VideoLAN -> %ProgramFiles%\VideoLAN -> [Folder | Created Date = 24/06/2008 13:52:34 | Attr = ] Webroot -> %ProgramFiles%\Webroot -> [Folder | Created Date = 23/06/2008 20:00:55 | Attr = ] Windows Live -> %ProgramFiles%\Windows Live -> [Folder | Created Date = 4/04/2008 20:46:31 | Attr = ] Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [Folder | Created Date = 18/05/2008 15:22:19 | Attr = ] Windows Media Player -> %ProgramFiles%\Windows Media Player -> [Folder | Created Date = 4/04/2008 19:25:15 | Attr = ] Windows NT -> %ProgramFiles%\Windows NT -> [Folder | Created Date = 4/04/2008 19:24:20 | Attr = ] WindowsUpdate -> %ProgramFiles%\WindowsUpdate -> [Folder | Created Date = 4/04/2008 19:28:35 | Attr = H ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 5/04/2008 15:23:38 | Attr = ] worms -> %ProgramFiles%\worms -> [Folder | Created Date = 6/04/2008 13:36:06 | Attr = ] xerox -> %ProgramFiles%\xerox -> [Folder | Created Date = 4/04/2008 19:31:10 | Attr = ] [Files/Folders - Modified Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 2/07/2008 18:20:46 | Attr = H ] 1 C:\*.tmp files -> C:\*.tmp -> AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/04/2008 19:22:37 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16/06/2008 19:42:11 | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/07/2008 10:24:00 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 4/04/2008 19:37:21 | Attr = ] Drivers -> %SystemDrive%\Drivers -> [Folder | Modified Date = 17/05/2008 15:44:23 | Attr = ] fsc.tmp -> %SystemDrive%\fsc.tmp -> [Folder | Modified Date = 4/04/2008 19:42:20 | Attr = ] install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 23/06/2008 20:00:43 | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = RHS] Logs -> %SystemDrive%\Logs -> [Folder | Modified Date = 6/04/2008 2:32:23 | Attr = ] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = RHS] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Modified Date = 4/04/2008 20:20:25 | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/07/2008 9:20:54 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/04/2008 22:42:23 | Attr = HS] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/04/2008 21:30:53 | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/04/2008 22:40:23 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/04/2008 22:45:19 | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 4/04/2008 22:49:14 | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/05/2008 21:19:38 | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/04/2008 21:30:53 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/04/2008 22:40:23 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/04/2008 22:45:19 | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 4/04/2008 22:49:14 | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/05/2008 21:19:38 | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/04/2008 19:36:29 | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 23/06/2008 19:53:58 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 1/07/2008 16:47:41 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/07/2008 9:32:31 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/07/2008 14:16:54 | Attr = ] amon.sys -> %SystemRoot%\System32\drivers\amon.sys -> Eset [Ver = 2, 70, 39 | Size = 512096 bytes | Modified Date = 23/06/2008 19:55:32 | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 2/07/2008 13:07:40 | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 5/06/2008 19:09:32 | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25078049 bytes | Modified Date = 2/07/2008 13:07:38 | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 33731 bytes | Modified Date = 2/07/2008 13:07:38 | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 116658 bytes | Modified Date = 18/06/2008 9:15:04 | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 17/05/2008 13:42:23 | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 17/05/2008 13:42:12 | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/04/2008 20:52:57 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 776 bytes | Modified Date = 23/06/2008 23:24:42 | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Modified Date = 2/06/2008 15:19:12 | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 2/06/2008 15:19:16 | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Modified Date = 10/06/2008 21:22:52 | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Modified Date = 2/06/2008 15:19:24 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 28/06/2008 14:16:36 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 28/06/2008 14:16:40 | Attr = ] nod32drv.sys -> %SystemRoot%\System32\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 23/06/2008 19:55:32 | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 5/04/2008 15:24:27 | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 18/05/2008 15:19:11 | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 18/05/2008 15:16:46 | Attr = H ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 4/04/2008 19:35:01 | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 4/04/2008 20:51:44 | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 1043 -> %SystemRoot%\System32\1043 -> [Folder | Modified Date = 4/04/2008 20:55:27 | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 18/05/2008 22:36:57 | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 7/04/2008 16:57:55 | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 17/05/2008 13:42:31 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 22/05/2008 14:57:38 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/07/2008 10:06:51 | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 4/04/2008 19:28:42 | Attr = RH ] CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 1/05/2008 19:13:58 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 4/04/2008 21:02:24 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 16/06/2008 19:43:01 | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2845 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 7/06/2008 13:24:34 | Attr = ] dkgfoeik.ini -> %SystemRoot%\System32\dkgfoeik.ini -> [Ver = | Size = 1612615 bytes | Modified Date = 23/06/2008 17:18:32 | Attr = HS] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 11/06/2008 19:18:52 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/07/2008 9:20:56 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 4/04/2008 20:52:10 | Attr = ] dtgxtpem.ini -> %SystemRoot%\System32\dtgxtpem.ini -> [Ver = | Size = 1610756 bytes | Modified Date = 21/06/2008 15:29:11 | Attr = HS] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21748 bytes | Modified Date = 4/04/2008 19:25:50 | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 263824 bytes | Modified Date = 10/04/2008 16:15:31 | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 23/06/2008 19:39:55 | Attr = ] hjxkpsnu.ini -> %SystemRoot%\System32\hjxkpsnu.ini -> [Ver = | Size = 1650952 bytes | Modified Date = 19/06/2008 8:53:15 | Attr = HS] hpcpn5r1.dll -> %SystemRoot%\System32\hpcpn5r1.dll -> Hewlett-Packard Corporation [Ver = 61.074.561.43 | Size = 147456 bytes | Modified Date = 4/04/2008 21:00:54 | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 4/04/2008 19:29:54 | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 4/04/2008 20:52:35 | Attr = ] iilmoUtv.ini -> %SystemRoot%\System32\iilmoUtv.ini -> [Ver = | Size = 79560 bytes | Modified Date = 27/06/2008 16:01:57 | Attr = HS] IME -> %SystemRoot%\System32\IME -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] imon.dll -> %SystemRoot%\System32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 23/06/2008 19:55:33 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2/07/2008 16:16:50 | Attr = ] kcmtflax.ini -> %SystemRoot%\System32\kcmtflax.ini -> [Ver = | Size = 1632808 bytes | Modified Date = 18/06/2008 17:25:15 | Attr = HS] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 18/05/2008 15:16:33 | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 4/04/2008 19:28:54 | Attr = RH ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 4/04/2008 20:15:40 | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 4/04/2008 19:36:23 | Attr = S] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Modified Date = 4/04/2008 19:25:22 | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 4/06/2008 19:13:14 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 4/04/2008 19:28:42 | Attr = RH ] nl-nl -> %SystemRoot%\System32\nl-nl -> [Folder | Modified Date = 4/04/2008 21:22:00 | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 4/04/2008 21:00:45 | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 18/05/2008 22:36:57 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 4/04/2008 19:28:42 | Attr = RH ] okotavgj.ini -> %SystemRoot%\System32\okotavgj.ini -> [Ver = | Size = 1676135 bytes | Modified Date = 23/06/2008 17:33:16 | Attr = HS] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 4/04/2008 19:27:53 | Attr = ] OWHjknpo.ini -> %SystemRoot%\System32\OWHjknpo.ini -> [Ver = | Size = 347 bytes | Modified Date = 14/06/2008 18:38:57 | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63972 bytes | Modified Date = 23/06/2008 20:03:25 | Attr = ] perfc013.dat -> %SystemRoot%\System32\perfc013.dat -> [Ver = | Size = 83014 bytes | Modified Date = 23/06/2008 20:03:25 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 404944 bytes | Modified Date = 23/06/2008 20:03:25 | Attr = ] perfh013.dat -> %SystemRoot%\System32\perfh013.dat -> [Ver = | Size = 470048 bytes | Modified Date = 23/06/2008 20:03:25 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1006162 bytes | Modified Date = 6/06/2008 18:21:21 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 12/04/2008 16:45:55 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 12/04/2008 16:45:56 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 12/04/2008 16:45:56 | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Modified Date = 4/04/2008 20:14:14 | Attr = ] qwqmvsdj.ini -> %SystemRoot%\System32\qwqmvsdj.ini -> [Ver = | Size = 1651002 bytes | Modified Date = 20/06/2008 13:44:05 | Attr = HS] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 4/04/2008 20:53:46 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 4/04/2008 19:43:24 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 13/05/2008 20:04:39 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Modified Date = 12/04/2008 16:46:05 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 4/04/2008 19:28:42 | Attr = RH ] sDLkmnnn.ini -> %SystemRoot%\System32\sDLkmnnn.ini -> [Ver = | Size = 478596 bytes | Modified Date = 18/06/2008 22:20:00 | Attr = HS] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 4/04/2008 21:01:30 | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Modified Date = 4/04/2008 20:00:19 | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 4/04/2008 19:23:20 | Attr = ] tpprknuf.ini -> %SystemRoot%\System32\tpprknuf.ini -> [Ver = | Size = 1612185 bytes | Modified Date = 22/06/2008 17:27:01 | Attr = HS] URTTemp -> %SystemRoot%\System32\URTTemp -> [Folder | Modified Date = 4/06/2008 19:14:10 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 4/04/2008 21:01:22 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 16/06/2008 19:42:37 | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 4/04/2008 19:28:54 | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 3/07/2008 10:05:00 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 4/04/2008 19:28:42 | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Modified Date = 4/04/2008 19:31:10 | Attr = ] xuycaups.ini -> %SystemRoot%\System32\xuycaups.ini -> [Ver = | Size = 1924006 bytes | Modified Date = 20/06/2008 13:50:30 | Attr = HS] xwaiciqr.ini -> %SystemRoot%\System32\xwaiciqr.ini -> [Ver = | Size = 1612065 bytes | Modified Date = 21/06/2008 15:36:17 | Attr = HS] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 23/06/2008 20:04:35 | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 4/04/2008 20:14:00 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 4/04/2008 21:19:33 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 4/04/2008 21:19:11 | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/06/2008 18:10:48 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 15/06/2008 15:40:50 | Attr = R S] BM6bf1d58b.xml -> %SystemRoot%\BM6bf1d58b.xml -> [Ver = | Size = 110386 bytes | Modified Date = 23/06/2008 17:30:28 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/07/2008 10:03:55 | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 4/04/2008 19:30:42 | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 4/04/2008 19:24:54 | Attr = ] d3dx.dat -> %SystemRoot%\d3dx.dat -> [Ver = | Size = 8192 bytes | Modified Date = 3/06/2008 16:51:12 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/04/2008 21:02:39 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/07/2008 16:16:54 | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 4/04/2008 21:01:11 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2/07/2008 19:14:29 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/04/2008 20:33:33 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 18/05/2008 15:22:02 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 4/04/2008 21:20:31 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 11/06/2008 19:18:32 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 4/04/2008 19:31:10 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 11/06/2008 19:19:06 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/07/2008 16:16:49 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16/06/2008 19:42:11 | Attr = HS] java -> %SystemRoot%\java -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 4/04/2008 21:20:41 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 5/06/2008 20:11:11 | Attr = ] Modio -> %SystemRoot%\Modio -> [Folder | Modified Date = 4/04/2008 19:47:12 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1160 bytes | Modified Date = 12/05/2008 21:08:57 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 4/04/2008 21:28:16 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 4/04/2008 21:17:10 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 12/05/2008 21:07:49 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4205 bytes | Modified Date = 4/04/2008 19:30:16 | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 4/04/2008 19:28:54 | Attr = R ] OPTIONS -> %SystemRoot%\OPTIONS -> [Folder | Modified Date = 4/04/2008 19:48:11 | Attr = ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 4/04/2008 19:27:00 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 4/04/2008 21:00:58 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/07/2008 10:10:10 | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 23/06/2008 17:30:36 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 21/04/2008 0:17:44 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 16/06/2008 19:42:35 | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 4/04/2008 19:36:04 | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 4/04/2008 19:31:09 | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 4/04/2008 20:50:38 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 4/04/2008 19:38:04 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 4/04/2008 20:38:04 | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/04/2008 20:05:39 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 4/04/2008 19:28:20 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 13/05/2008 20:16:13 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 4/04/2008 21:03:47 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 4/04/2008 21:04:05 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/07/2008 9:32:31 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/04/2008 19:36:24 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 3/07/2008 10:14:05 | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 8192 bytes | Modified Date = 2/07/2008 11:54:39 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 4/04/2008 20:55:01 | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 4/04/2008 19:25:30 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 37 bytes | Modified Date = 4/04/2008 19:25:30 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 4/04/2008 21:20:50 | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 4/04/2008 19:28:58 | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 694 bytes | Modified Date = 23/06/2008 20:01:10 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 4/04/2008 19:28:42 | Attr = RH ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/06/2008 19:17:02 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 18/05/2008 15:19:32 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/07/2008 10:04:00 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 4/04/2008 20:02:05 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 12662 bytes | Modified Date = 24/06/2008 9:58:27 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 12662 bytes | Modified Date = 24/06/2008 9:58:26 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/04/2008 15:57:55 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/04/2008 15:57:55 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 4/04/2008 21:13:07 | Attr = ] Advanced Chemistry Development -> %AllUsersProfile%\Application Data\Advanced Chemistry Development -> [Folder | Modified Date = 6/04/2008 13:39:52 | Attr = ] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 17/05/2008 13:41:58 | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 4/04/2008 21:03:29 | Attr = HS] Hewlett-Packard -> %AllUsersProfile%\Application Data\Hewlett-Packard -> [Folder | Modified Date = 17/05/2008 15:45:58 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2/07/2008 16:16:54 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 3/07/2008 9:20:55 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 23/06/2008 19:57:51 | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 15/06/2008 15:41:52 | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Modified Date = 15/06/2008 15:44:06 | Attr = ] Prevx -> %AllUsersProfile%\Application Data\Prevx -> [Folder | Modified Date = 23/06/2008 19:52:51 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 23/06/2008 23:24:28 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 1/07/2008 18:52:21 | Attr = ] @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Webroot -> %AllUsersProfile%\Application Data\Webroot -> [Folder | Modified Date = 23/06/2008 20:00:55 | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 4/04/2008 20:19:11 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 4/04/2008 20:46:13 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 10/04/2008 18:34:07 | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Modified Date = 5/04/2008 15:24:17 | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 4/04/2008 21:03:29 | Attr = HS] DivX -> %AppData%\DivX -> [Folder | Modified Date = 8/04/2008 20:16:24 | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 14/06/2008 11:15:33 | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 4/04/2008 19:37:36 | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 23/06/2008 20:38:47 | Attr = ] Leadertech -> %AppData%\Leadertech -> [Folder | Modified Date = 2/06/2008 19:55:33 | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 14/06/2008 18:36:46 | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 4/04/2008 20:03:14 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 3/07/2008 9:21:00 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 15/06/2008 15:41:53 | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 12/05/2008 21:07:42 | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 23/06/2008 20:01:38 | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 12/04/2008 18:33:19 | Attr = ] SecuROM -> %AppData%\SecuROM -> [Folder | Modified Date = 1/05/2008 19:14:00 | Attr = RH ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 6/05/2008 20:42:06 | Attr = ] temp -> %AppData%\temp -> [Folder | Modified Date = 16/06/2008 20:26:40 | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 24/06/2008 13:58:28 | Attr = ] Webroot -> %AppData%\Webroot -> [Folder | Modified Date = 23/06/2008 20:00:38 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 5/04/2008 15:24:01 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 10/04/2008 18:34:31 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 6/06/2008 21:12:46 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 204288 bytes | Modified Date = 2/07/2008 11:54:36 | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 132 bytes | Modified Date = 6/06/2008 20:27:44 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 68456 bytes | Modified Date = 4/04/2008 21:29:44 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 14/06/2008 11:15:33 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5336904 bytes | Modified Date = 3/07/2008 10:02:40 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 18/05/2008 22:34:20 | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Modified Date = 4/04/2008 20:21:20 | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 12/05/2008 21:07:42 | Attr = ] Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net -> [Folder | Modified Date = 1/07/2008 21:46:24 | Attr = ] S2 -> %UserProfile%\Local Settings\Application Data\S2 -> [Folder | Modified Date = 3/05/2008 17:05:45 | Attr = ] S2_Demo -> %UserProfile%\Local Settings\Application Data\S2_Demo -> [Folder | Modified Date = 6/04/2008 12:34:25 | Attr = ] desktop.ini -> %AllUsersProfile%\Documenten\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 4/04/2008 21:03:29 | Attr = HS] Mijn afbeeldingen -> %AllUsersProfile%\Documenten\Mijn afbeeldingen -> [Folder | Modified Date = 4/04/2008 19:27:36 | Attr = R ] Mijn muziek -> %AllUsersProfile%\Documenten\Mijn muziek -> [Folder | Modified Date = 18/05/2008 15:20:17 | Attr = R ] Mijn video's -> %AllUsersProfile%\Documenten\Mijn video's -> [Folder | Modified Date = 4/04/2008 19:23:56 | Attr = R ] BasicLab.sk -> %UserProfile%\Mijn documenten\BasicLab.sk -> [Ver = | Size = 203 bytes | Modified Date = 8/04/2008 20:39:44 | Attr = ] biochemie 1.docx -> %UserProfile%\Mijn documenten\biochemie 1.docx -> [Ver = | Size = 46850 bytes | Modified Date = 20/04/2008 20:09:22 | Attr = ] Cradle to Cradle3.doc -> %UserProfile%\Mijn documenten\Cradle to Cradle3.doc -> [Ver = | Size = 38400 bytes | Modified Date = 7/05/2008 20:41:51 | Attr = ] desktop.ini -> %UserProfile%\Mijn documenten\desktop.ini -> [Ver = | Size = 83 bytes | Modified Date = 4/04/2008 21:29:02 | Attr = HS] Downloads -> %UserProfile%\Mijn documenten\Downloads -> [Folder | Modified Date = 3/06/2008 21:47:41 | Attr = ] 1 C:\Documents and Settings\Dominique\Mijn documenten\*.tmp files -> C:\Documents and Settings\Dominique\Mijn documenten\*.tmp -> FIFAM 08 Demo -> %UserProfile%\Mijn documenten\FIFAM 08 Demo -> [Folder | Modified Date = 16/06/2008 20:15:20 | Attr = ] grstyles.stl -> %UserProfile%\Mijn documenten\grstyles.stl -> [Ver = | Size = 584 bytes | Modified Date = 8/06/2008 23:49:30 | Attr = ] LastLab.sk -> %UserProfile%\Mijn documenten\LastLab.sk -> [Ver = | Size = 22 bytes | Modified Date = 12/04/2008 21:01:27 | Attr = ] LimeWire -> %UserProfile%\Mijn documenten\LimeWire -> [Folder | Modified Date = 2/07/2008 11:53:19 | Attr = ] Mijn afbeeldingen -> %UserProfile%\Mijn documenten\Mijn afbeeldingen -> [Folder | Modified Date = 11/06/2008 22:43:21 | Attr = R ] Mijn Gedeelde Mappen.lnk -> %UserProfile%\Mijn documenten\Mijn Gedeelde Mappen.lnk -> [Ver = | Size = 578 bytes | Modified Date = 2/07/2008 19:47:58 | Attr = ] Mijn muziek -> %UserProfile%\Mijn documenten\Mijn muziek -> [Folder | Modified Date = 24/05/2008 19:12:24 | Attr = R ] Mijn ontvangen bestanden -> %UserProfile%\Mijn documenten\Mijn ontvangen bestanden -> [Folder | Modified Date = 2/07/2008 11:53:18 | Attr = ] Mijn video's -> %UserProfile%\Mijn documenten\Mijn video's -> [Folder | Modified Date = 12/04/2008 18:33:35 | Attr = R ] mt phillipe.docx -> %UserProfile%\Mijn documenten\mt phillipe.docx -> [Ver = | Size = 10613 bytes | Modified Date = 14/05/2008 16:25:16 | Attr = ] Nieuwe map -> %UserProfile%\Mijn documenten\Nieuwe map -> [Folder | Modified Date = 27/05/2008 21:28:43 | Attr = ] OneNote Notebooks -> %UserProfile%\Mijn documenten\OneNote Notebooks -> [Folder | Modified Date = 15/04/2008 23:02:01 | Attr = ] PTV 2.docx -> %UserProfile%\Mijn documenten\PTV 2.docx -> [Ver = | Size = 777407 bytes | Modified Date = 11/06/2008 23:29:14 | Attr = ] S2 -> %UserProfile%\Mijn documenten\S2 -> [Folder | Modified Date = 1/05/2008 19:18:58 | Attr = ] spider.sav -> %UserProfile%\Mijn documenten\spider.sav -> [Ver = | Size = 372 bytes | Modified Date = 5/04/2008 1:20:41 | Attr = ] stage1.sk2 -> %UserProfile%\Mijn documenten\stage1.sk2 -> [Ver = | Size = 8753 bytes | Modified Date = 8/04/2008 20:43:24 | Attr = ] template.cfg -> %UserProfile%\Mijn documenten\template.cfg -> [Ver = | Size = 1921 bytes | Modified Date = 6/04/2008 13:39:50 | Attr = ] Thumbs.db -> %UserProfile%\Mijn documenten\Thumbs.db -> [Ver = | Size = 3584 bytes | Modified Date = 2/06/2008 19:24:34 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Mijn documenten\Thumbs.db:encryptable TLC.pptx -> %UserProfile%\Mijn documenten\TLC.pptx -> [Ver = | Size = 38601 bytes | Modified Date = 20/04/2008 20:08:49 | Attr = ] univ logo -> %UserProfile%\Mijn documenten\univ logo -> [Folder | Modified Date = 9/04/2008 17:42:45 | Attr = ] UserLab.sk -> %UserProfile%\Mijn documenten\UserLab.sk -> [Ver = | Size = 0 bytes | Modified Date = 8/04/2008 20:39:44 | Attr = ] UserStl.sk -> %UserProfile%\Mijn documenten\UserStl.sk -> [Ver = | Size = 12 bytes | Modified Date = 8/04/2008 20:37:17 | Attr = ] ~$adle to Cradle3.doc -> %UserProfile%\Mijn documenten\~$adle to Cradle3.doc -> [Ver = | Size = 162 bytes | Modified Date = 7/05/2008 13:38:19 | Attr = H ] ~$PTV 2.docx -> %UserProfile%\Mijn documenten\~$PTV 2.docx -> [Ver = | Size = 162 bytes | Modified Date = 8/06/2008 9:30:59 | Attr = H ] Adobe Reader 8.lnk -> %AllUsersProfile%\Bureaublad\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 4/04/2008 21:12:17 | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Bureaublad\AVG Free 8.0.lnk -> [Ver = | Size = 1507 bytes | Modified Date = 17/05/2008 13:42:32 | Attr = ] DAEMON Tools Lite.lnk -> %AllUsersProfile%\Bureaublad\DAEMON Tools Lite.lnk -> [Ver = | Size = 733 bytes | Modified Date = 6/04/2008 11:03:13 | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Bureaublad\DivX Player.lnk -> [Ver = | Size = 795 bytes | Modified Date = 26/04/2008 19:57:34 | Attr = ] FIFA Manager 08 Demo.lnk -> %AllUsersProfile%\Bureaublad\FIFA Manager 08 Demo.lnk -> [Ver = | Size = 921 bytes | Modified Date = 13/06/2008 22:29:51 | Attr = ] Google Earth.lnk -> %AllUsersProfile%\Bureaublad\Google Earth.lnk -> [Ver = | Size = 1836 bytes | Modified Date = 14/06/2008 11:15:16 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Bureaublad\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 3/07/2008 9:20:57 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Bureaublad\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 12/05/2008 21:07:35 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Bureaublad\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Modified Date = 12/04/2008 16:46:10 | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Bureaublad\VLC media player.lnk -> [Ver = | Size = 719 bytes | Modified Date = 24/06/2008 13:53:15 | Attr = ] ATF_Cleaner.exe -> %UserProfile%\Bureaublad\ATF_Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 1/07/2008 16:10:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureaublad\ATF_Cleaner.exe:Zone.Identifier C&C renegade.lnk -> %UserProfile%\Bureaublad\C&C renegade.lnk -> [Ver = | Size = 682 bytes | Modified Date = 1/06/2008 11:21:14 | Attr = ] ChemDraw Ultra 7.0.lnk -> %UserProfile%\Bureaublad\ChemDraw Ultra 7.0.lnk -> [Ver = | Size = 1689 bytes | Modified Date = 10/06/2008 19:41:48 | Attr = ] delta force.lnk -> %UserProfile%\Bureaublad\delta force.lnk -> [Ver = | Size = 912 bytes | Modified Date = 2/06/2008 19:58:21 | Attr = ] downloads -> %UserProfile%\Bureaublad\downloads -> [Folder | Modified Date = 1/07/2008 21:36:32 | Attr = ] 1 C:\Documents and Settings\Dominique\Bureaublad\*.tmp files -> C:\Documents and Settings\Dominique\Bureaublad\*.tmp -> dss.exe -> %UserProfile%\Bureaublad\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/07/2008 10:21:44 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureaublad\dss.exe:Zone.Identifier geektogo -> %UserProfile%\Bureaublad\geektogo -> [Folder | Modified Date = 3/07/2008 9:10:13 | Attr = ] LimeWire 4.16.7.lnk -> %UserProfile%\Bureaublad\LimeWire 4.16.7.lnk -> [Ver = | Size = 1580 bytes | Modified Date = 6/05/2008 20:38:17 | Attr = ] Logs -> %UserProfile%\Bureaublad\Logs -> [Folder | Modified Date = 6/04/2008 12:50:09 | Attr = ] mbam-setup.exe -> %UserProfile%\Bureaublad\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.19 | Size = 1705000 bytes | Modified Date = 3/07/2008 9:20:31 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Bureaublad\mbam-setup.exe:Zone.Identifier Nieuwe map -> %UserProfile%\Bureaublad\Nieuwe map -> [Folder | Modified Date = 1/07/2008 21:36:19 | Attr = ] postal2 -> %UserProfile%\Bureaublad\postal2 -> [Folder | Modified Date = 2/07/2008 13:29:20 | Attr = ] stage -> %UserProfile%\Bureaublad\stage -> [Folder | Modified Date = 2/07/2008 21:48:05 | Attr = ] The Settlers II.lnk -> %UserProfile%\Bureaublad\The Settlers II.lnk -> [Ver = | Size = 1122 bytes | Modified Date = 2/05/2008 20:53:45 | Attr = ] univ -> %UserProfile%\Bureaublad\univ -> [Folder | Modified Date = 6/06/2008 17:13:11 | Attr = ] Windows Media Player.lnk -> %UserProfile%\Bureaublad\Windows Media Player.lnk -> [Ver = | Size = 782 bytes | Modified Date = 18/05/2008 16:17:08 | Attr = ] worms.lnk -> %UserProfile%\Bureaublad\worms.lnk -> [Ver = | Size = 621 bytes | Modified Date = 6/04/2008 14:20:22 | Attr = ] ~$lloïd chemie.docx -> %UserProfile%\Bureaublad\~$lloïd chemie.docx -> [Ver = | Size = 162 bytes | Modified Date = 17/04/2008 21:33:37 | Attr = H ] desktop.ini -> %AllUsersProfile%\Menu Start\Programma's\Opstarten\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 4/04/2008 19:30:46 | Attr = HS] desktop.ini -> %UserProfile%\Menu Start\Programma's\Opstarten\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 4/04/2008 19:30:46 | Attr = HS] ERUNT AutoBackup.lnk -> %UserProfile%\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/07/2008 16:06:59 | Attr = ] OneNote 2007 Screen Clipper and Launcher.lnk -> %UserProfile%\Menu Start\Programma's\Opstarten\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 947 bytes | Modified Date = 15/04/2008 23:01:59 | Attr = ] PowerReg Scheduler.exe -> %UserProfile%\Menu Start\Programma's\Opstarten\PowerReg Scheduler.exe -> [Ver = 2, 0, 0, 1 | Size = 256000 bytes | Modified Date = 2/06/2008 19:56:55 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 4/04/2008 21:11:50 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 4/04/2008 20:38:20 | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 4/04/2008 19:48:27 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 6/05/2008 20:39:46 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 17/05/2008 13:41:46 | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Modified Date = 4/04/2008 19:27:21 | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Modified Date = 4/04/2008 21:04:11 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 12/04/2008 16:46:09 | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 4/04/2008 19:27:26 | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Modified Date = 4/04/2008 21:04:07 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 4/04/2008 21:10:09 | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 4/04/2008 20:51:15 | Attr = HS] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 12/04/2008 16:46:11 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 Het systeem kan het opgegeven bestand niet vinden. scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:2d,00,b6,8c,00,9a,dd,3d,8e,54,c4,15,7e,16,e2,07,4d,d5,21,c0,ec,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,98,24,05,14,d8,26,7b,c9,18,25,3f,6d,1c,df,66,3d,be,.. "khjeh"=hex:e1,fe,58,0b,ee,92,f0,ec,81,06,5a,a4,75,d9,70,85,e2,88,ee,27,1e,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f7,81,a7,77,fa,bf,6b,6f,50,98,6e,82,f7,90,76,6f,be,9d,74,a0,3a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:2d,00,b6,8c,00,9a,dd,3d,8e,54,c4,15,7e,16,e2,07,4d,d5,21,c0,ec,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,98,24,05,14,d8,26,7b,c9,18,25,3f,6d,1c,df,66,3d,be,.. "khjeh"=hex:e1,fe,58,0b,ee,92,f0,ec,81,06,5a,a4,75,d9,70,85,e2,88,ee,27,1e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f7,81,a7,77,fa,bf,6b,6f,50,98,6e,82,f7,90,76,6f,be,9d,74,a0,3a,.. scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 Het systeem kan het opgegeven bestand niet vinden. C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 104 bytes C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Bureaublad\stage\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Bureaublad\univ\biochemie\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Bureaublad\univ\milieutechnologie\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Bureaublad\univ\univ2\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Bureaublad\downloads\movie\Jumper.2008.ENGLISH.TELESYNC.DivX-LTT\Nieuwe map\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Bureaublad\downloads\movie\Jumper.2008.ENGLISH.TELESYNC.DivX-LTT\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Favorieten\Anime Media - Watch Episodes Online Avatar The Last Airbender Episodes.url:favicon 2550 bytes C:\Documents and Settings\Dominique\Favorieten\AvaxHome - Games - Genre - Sport - FIFA Manager 08.url:favicon 2862 bytes C:\Documents and Settings\Dominique\Favorieten\Browse Anime Watch Your Favorite Anime B INDEX.url:favicon 738 bytes C:\Documents and Settings\Dominique\Favorieten\DOWNLOAD BIG GAMES FOR FREE Lionheart Legacy of the Crusader.url:favicon 3638 bytes C:\Documents and Settings\Dominique\Favorieten\DownloadNova - Access Denied.url:favicon 2550 bytes C:\Documents and Settings\Dominique\Favorieten\Search our roms and emulators.url:favicon 1150 bytes C:\Documents and Settings\Dominique\Favorieten\The Waiting Room - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Dominique\Favorieten\Trojan virtumonde - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Dominique\Favorieten\emuparadise.com.url:favicon 3639 bytes C:\Documents and Settings\Dominique\Favorieten\Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Dominique\Favorieten\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Dominique\Favorieten\http--www.gamespot.com-gba-puzzle-yugiohduelmonstersgx-hints.htmlmode=passwords.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\Indi Movi View topic - Delta force black hawk down ISO.url:favicon 5430 bytes C:\Documents and Settings\Dominique\Favorieten\Malware Removal - HijackThis™ Logs Go Here - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Dominique\Favorieten\Microsoft Update.url:favicon 25214 bytes C:\Documents and Settings\Dominique\Favorieten\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Dominique\Favorieten\[Rapidshare] - Delta Force Black Hawk Down - Team Sabre - Bleepd.url:favicon 10134 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\Duurzaam Ondernemen - Cradle to Cradle is ondoordachte hype.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\goeie site\Duurzaam Ondernemen - Cradle to Cradle is ondoordachte hype.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\goeie site\EPEA - Nutrient cycles.url:favicon 3638 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\goeie site\gamefaqs Final Fantasy Tactics Advance (GBA) Secret Character FAQ by deframer.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\goeie site\mt\Cradle%20to%20Cradle%20flyer.url:favicon 2494 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\goeie site\mt\Milieujaarverslag Tessenderlo.url:favicon 3262 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\industrial ecosystem without garbage - Google zoeken.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\Kevin Kelly -- Chapter 10 Industrial Ecology.url:favicon 1150 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\mt\Article Industrial Ecology - WiserEarth.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\mt\cradle to cradle industrial ecosystem annual report - Google zoeken.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\mt\Lunch over IP 25 posts from June 2007.url:favicon 3638 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\mt\Lunch over IP Forum des 100 assisting patient Earth, and defending free expression.url:favicon 3638 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT2\cradle to cradle jaarverslag - Google zoeken.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT3\Cradle to cradle iets heel anders dan recycling - Deze week - intermediair.nl.url:favicon 894 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT3\cradle to cradle industrie - Google zoeken.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT3\CradleToCradle_flyer.url:favicon 2494 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT3\Els Keytsman.url:favicon 318 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT3\Maatschappelijk Verantwoord Ondernemen Nederland.url:favicon 18670 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT4\cradle to cradle industrie jaarverslag - Google zoeken.url:favicon 1406 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT4\Kamer van Koophandel BuildinGreen-congres groot succes.url:favicon 894 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT4\Maatschappelijk Verantwoord Ondernemen Nederland.url:favicon 18670 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\MT4\Tegenlicht - Afleveringen - Afval is Voedsel - Items - Cradle to cradle een open deur, maar wel dé oplossing.url:favicon 318 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\Waste, industrial ecology, and sustainability.(Garbage) - Social Research Encyclopedia.com.url:favicon 2238 bytes C:\Documents and Settings\Dominique\Favorieten\milieutechnologie\Wiley InterScience Journal Abstract.url:favicon 318 bytes C:\Documents and Settings\Dominique\Favorieten\Welkomstpagina Universiteit Hasselt.url:favicon 894 bytes C:\Documents and Settings\Dominique\Mijn documenten\LimeWire\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Mijn documenten\Mijn afbeeldingen\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Mijn documenten\Mijn ontvangen bestanden\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Mijn documenten\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dominique\Mijn documenten\univ logo\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 147 < End of report >