[code] OTScanIt logfile created on: 7/9/2008 12:06:26 AM OTScanIt by OldTimer - Version 1.0.16.1 Folder = C:\Documents and Settings\Nicola's Shit\Desktop\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.36 Mb Total Physical Memory | 479.87 Mb Available Physical Memory | 47.31% Memory free 3.87 Gb Paging File | 3.49 Gb Available in Paging File | 90.11% Paging File free Paging file location(s): C:\pagefile.sys 3048 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51.33 Gb Total Space | 25.32 Gb Free Space | 49.33% Space Free | Partition Type: NTFS Drive D: | 129.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LENOVO-594FD52A Current User Name: Nicola's Shit Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ibmpmsvc.exe -> %SystemRoot%\system32\ibmpmsvc.exe -> [Ver = | Size = 73782 bytes | Modified Date = 11/11/2005 4:33:00 AM | Attr = ] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 2/17/2006 6:52:24 PM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 34 | Size = 540745 bytes | Modified Date = 2/17/2006 6:54:24 PM | Attr = ] ipssvc.exe -> %SystemRoot%\system32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 2, 0, 0, 0 | Size = 73728 bytes | Modified Date = 3/23/2006 5:03:00 AM | Attr = ] acprfmgrsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/1/2006 1:23:08 AM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 7/6/2008 2:15:09 AM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 2/17/2006 6:51:46 PM | Attr = ] tphdexlg.exe -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.40 | Size = 77824 bytes | Modified Date = 6/20/2005 3:15:00 PM | Attr = ] tpkmpsvc.exe -> %SystemRoot%\system32\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 6/7/2005 12:26:22 AM | Attr = ] ibmtcsd.exe -> %ProgramFiles%\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -> IBM [Ver = 1,1,2,009 | Size = 722480 bytes | Modified Date = 12/21/2005 8:17:54 PM | Attr = ] rrservice.exe -> %ProgramFiles%\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -> [Ver = 3,0,27,0 | Size = 1384448 bytes | Modified Date = 12/21/2005 9:20:56 PM | Attr = ] tvtsched.exe -> %ProgramFiles%\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -> [Ver = 3,0,9,0 | Size = 77824 bytes | Modified Date = 12/21/2005 9:34:58 PM | Attr = ] uclauncherservice.exe -> %ProgramFiles%\ThinkVantage\SystemUpdate\UCLauncherService.exe -> [Ver = | Size = 40960 bytes | Modified Date = 8/1/2005 8:32:40 PM | Attr = ] acsvc.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 147456 bytes | Modified Date = 2/1/2006 1:24:28 AM | Attr = ] logmon.exe -> %ProgramFiles%\IBM ThinkVantage\Common\Logger\logmon.exe -> [Ver = | Size = 32768 bytes | Modified Date = 12/21/2005 9:27:00 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/6/2008 2:15:33 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10, 1, 0, 79 | Size = 397381 bytes | Modified Date = 12/28/2005 2:52:32 PM | Attr = ] utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe -> [Ver = | Size = 219952 bytes | Modified Date = 6/27/2008 2:06:04 AM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 5/29/2008 4:08:56 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.1 | Size = 396800 bytes | Modified Date = 7/5/2008 11:19:06 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AcPrfMgrSvc) Ac Profile Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 2/1/2006 1:23:08 AM | Attr = ] (AcSvc) Access Connections Main Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkPad\ConnectUtilities\AcSvc.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 147456 bytes | Modified Date = 2/1/2006 1:24:28 AM | Attr = ] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 2/17/2006 6:52:24 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 7/6/2008 2:15:09 AM | Attr = ] (IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ibmpmsvc.exe -> [Ver = | Size = 73782 bytes | Modified Date = 11/11/2005 4:33:00 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 3/30/2008 10:36:30 AM | Attr = ] (IPSSVC) IPS Core Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IPSSVC.EXE -> Lenovo Group Limited [Ver = 2, 0, 0, 0 | Size = 73728 bytes | Modified Date = 3/23/2006 5:03:00 AM | Attr = ] (PsaSrv) IBM PSA Access Driver Control [Win32_Own | On_Demand | Stopped] -> -> File not found (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 2/17/2006 6:51:46 PM | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 34 | Size = 540745 bytes | Modified Date = 2/17/2006 6:54:24 PM | Attr = ] (TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.40 | Size = 77824 bytes | Modified Date = 6/20/2005 3:15:00 PM | Attr = ] (TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TpKmpSvc.exe -> [Ver = | Size = 32768 bytes | Modified Date = 6/7/2005 12:26:22 AM | Attr = ] (TSSCoreService) TSS Core Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -> IBM [Ver = 1,1,2,009 | Size = 722480 bytes | Modified Date = 12/21/2005 8:17:54 PM | Attr = ] (TVT Backup Service) TVT Backup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -> [Ver = 3,0,27,0 | Size = 1384448 bytes | Modified Date = 12/21/2005 9:20:56 PM | Attr = ] (TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -> [Ver = 3,0,9,0 | Size = 77824 bytes | Modified Date = 12/21/2005 9:34:58 PM | Attr = ] (UCLauncherService) ThinkVantage System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\ThinkVantage\SystemUpdate\UCLauncherService.exe -> [Ver = | Size = 40960 bytes | Modified Date = 8/1/2005 8:32:40 PM | Attr = ] [Driver Services - Non-Microsoft Only] (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 3:20:04 PM | Attr = ] (ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4310 built by: WinDDK | Size = 176128 bytes | Modified Date = 1/31/2006 1:19:34 PM | Attr = ] (AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.20 | Size = 152960 bytes | Modified Date = 6/7/2005 4:53:46 PM | Attr = ] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.5.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Modified Date = 3/20/2008 6:12:33 AM | Attr = ] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 9:16:04 PM | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 4:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr = ] (ANC) ANC [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ANC.sys -> IBM Corp. [Ver = 8.3 | Size = 11520 bytes | Modified Date = 11/8/2005 12:27:20 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 4:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 4:51:58 PM | Attr = ] (atmeltpm) atmeltpm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\atmeltpm.sys -> Atmel, Inc. [Ver = 3.0.0.15 built by: WinDDK | Size = 15872 bytes | Modified Date = 5/17/2005 1:20:08 PM | Attr = ] (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 8.48.0.0 built by: WinDDK | Size = 142720 bytes | Modified Date = 10/26/2005 1:01:02 PM | Attr = ] (CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 4:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 4:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 3:12:10 PM | Attr = ] (EGATHDRV) IBM eGatherer [Kernel | Auto | Running] -> %SystemRoot%\system32\EGATHDRV.SYS -> IBM Corporation [Ver = 2.05 | Size = 5427 bytes | Modified Date = 7/6/2008 | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 12:36:05 PM | Attr = ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsx_dpv.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 936448 bytes | Modified Date = 12/6/2005 2:21:32 PM | Attr = ] (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsxhwazl.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 192512 bytes | Modified Date = 12/6/2005 2:20:48 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4436 | Size = 1353820 bytes | Modified Date = 11/28/2005 5:20:20 PM | Attr = ] (iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\IASTOR.SYS -> Intel Corporation [Ver = 5.5.0.1035 | Size = 874240 bytes | Modified Date = 10/12/2005 3:07:12 PM | Attr = ] (ibmfilter) ibmfilter [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ibmfilter.sys -> IBM [Ver = 4.01 built by: WinDDK | Size = 12544 bytes | Modified Date = 12/21/2005 8:14:58 PM | Attr = ] (IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ibmpmdrv.sys -> Lenovo. [Ver = 1.33 | Size = 10112 bytes | Modified Date = 11/11/2005 4:33:00 AM | Attr = ] (IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> %SystemRoot%\system32\drivers\IBMBLDID.sys -> [Ver = | Size = 6016 bytes | Modified Date = 1/13/2006 3:33:22 AM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 6:57:08 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 4:52:12 PM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 1:29:56 AM | Attr = ] (PrivateDisk) PrivateDisk [Kernel | Auto | Running] -> %ProgramFiles%\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -> Utimaco Safeware AG [Ver = 1.10.2.1 | Size = 46142 bytes | Modified Date = 11/15/2005 4:11:28 PM | Attr = R ] (PROCDD) IPS Helper Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PROCDD.SYS -> Lenovo Group Limited [Ver = 2, 0, 0, 0 | Size = 5120 bytes | Modified Date = 3/23/2006 5:03:00 AM | Attr = ] (psadd) IBM PSA Access Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\psadd.sys -> Lenovo [Ver = 5.2.3670.1 | Size = 16256 bytes | Modified Date = 10/20/2007 8:15:12 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.70C | Size = 43840 bytes | Modified Date = 11/14/2007 3:00:00 AM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 4:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 4:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 4:52:18 PM | Attr = ] (RTLWUSB) NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wg111v2.sys -> NETGEAR Inc. [Ver = 5.1283.0207.2007 built by: WinDDK | Size = 194304 bytes | Modified Date = 2/6/2007 11:22:24 PM | Attr = ] (s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 10, 1, 0, 3 | Size = 13568 bytes | Modified Date = 2/17/2006 7:41:50 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (ShockMgr) ShockMgr [Kernel | System | Running] -> %SystemRoot%\System32\drivers\ShockMgr.sys -> Lenovo. [Ver = 1.40 | Size = 4736 bytes | Modified Date = 6/20/2005 3:18:00 PM | Attr = ] (Shockprf) Shockprf [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\shockprf.sys -> Lenovo [Ver = 1.40 | Size = 85760 bytes | Modified Date = 11/30/2005 6:58:00 PM | Attr = ] (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr = ] (smi2) smi2 [Kernel | Auto | Running] -> %ProgramFiles%\SMI2\smi2.sys -> IBM Corp. [Ver = 1, 1, 1, 0 | Size = 3968 bytes | Modified Date = 12/21/2005 7:45:56 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 5:07:44 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 5:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 5:07:36 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 5:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 5:07:42 PM | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 177664 bytes | Modified Date = 2/14/2006 5:04:58 PM | Attr = ] (TDSMAPI) TDSMAPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TDSMAPI.SYS -> [Ver = | Size = 9343 bytes | Modified Date = 1/17/2006 4:52:00 AM | Attr = ] (TPHKDRV) TPHKDRV [Kernel | System | Running] -> %SystemRoot%\System32\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 17699 bytes | Modified Date = 7/5/2005 5:57:06 PM | Attr = ] (TPPWRIF) TPPWRIF [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TPPWRIF.SYS -> [Ver = | Size = 4442 bytes | Modified Date = 3/23/2006 4:13:00 AM | Attr = ] (TSMAPIP) TSMAPIP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TSMAPIP.SYS -> [Ver = | Size = 7168 bytes | Modified Date = 2/27/2006 5:52:00 AM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 4:52:22 PM | Attr = ] (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-13 Driver | Size = 1428096 bytes | Modified Date = 12/5/2005 3:55:30 AM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hsx_cnxt.sys -> Conexant Systems, Inc. [Ver = 7.39.00 built by: WinDDK | Size = 670208 bytes | Modified Date = 12/6/2005 2:20:42 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 140eef46 -> %SystemRoot%\system32\imycxtiv.dll [rundll32.exe "C:\WINDOWS\system32\imycxtiv.dll",b] -> [Ver = | Size = 78848 bytes | Modified Date = 7/7/2008 1:05:50 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 3/30/2008 10:36:40 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. -> MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. -> MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/6/2008 2:15:33 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\] > -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/6/2008 2:15:33 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Event Reminder.lnk -> %ProgramFiles%\PrintMaster Silver 17\Remind.exe -> Broderbund Properties LLC [Ver = 17, 0, 0, 0039 | Size = 344064 bytes | Modified Date = 2/22/2006 11:45:54 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> < nic.LENOVO-594FD52A Startup Folder > -> C:\Documents and Settings\nic.LENOVO-594FD52A\Start Menu\Programs\Startup -> < Nicola's Shit Startup Folder > -> C:\Documents and Settings\Nicola's Shit\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {613E416F-BCB6-43AD-B0FC-DF7B0D5A70BF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\vtUmNFuS.dll [] -> [Ver = | Size = 32475 bytes | Modified Date = 7/5/2008 1:20:10 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ] *MultiFile Done* -> -> *GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL -> RtlGina2.dll -> %SystemRoot%\system32\RtlGina2.dll -> [Ver = | Size = 36864 bytes | Modified Date = 7/27/2006 12:26:32 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010] > -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ACNotify -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACNotify.dll -> Lenovo [Ver = 4, 11, 0, 0 | Size = 32768 bytes | Modified Date = 2/1/2006 1:13:42 AM | Attr = ] AwayNotify -> %ProgramFiles%\Lenovo\AwayTask\AwayNotify.dll -> Lenovo Group Limited [Ver = 2, 0, 0, 0 | Size = 49152 bytes | Modified Date = 3/23/2006 5:03:00 AM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4436 | Size = 135168 bytes | Modified Date = 11/28/2005 4:51:04 PM | Attr = ] tpfnf2 -> %SystemRoot%\system32\notifyf2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/6/2005 2:45:08 AM | Attr = ] tphotkey -> %SystemRoot%\system32\tphklock.dll -> [Ver = | Size = 24576 bytes | Modified Date = 11/30/2005 11:16:02 PM | Attr = ] vtUmNFuS -> %SystemRoot%\system32\vtUmNFuS.dll -> [Ver = | Size = 32475 bytes | Modified Date = 7/5/2008 1:20:10 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010] > -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_RW/DVD_GCC-4244N_______________1.02____\5&633cdd6&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 10/20/2007 9:08:15 PM | Attr = H ] < HOSTS File > (250917 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\] > -> -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4608 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4608 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4620 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4620 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4397 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4397 domain(s) found. -> 34 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\] > -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4608 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\] > -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3396007615-2316383546-1618413786-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {4923852C-E00A-4E2D-AF7B-79A30ADF15D9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\geBuVNHw.dll [Reg Error: Value does not exist or could not be read.] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 7/6/2008 2:15:33 AM | Attr = ] {bcf062ea-c85b-4aa2-83a8-c9f63fb3be7e} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\vpgsxv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 102912 bytes | Modified Date = 7/7/2008 1:05:42 AM | Attr = ] {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\vtUmNFuS.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 32475 bytes | Modified Date = 7/5/2008 1:20:10 PM | Attr = ] {F6D90091-8BC8-41F8-B2B7-775E8A83A65B} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\J8JTUIYX\3077ahntdksr[1].dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 88576 bytes | Modified Date = 7/7/2008 12:04:36 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}:Exec -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 3.21 | Size = 1392705 bytes | Modified Date = 12/8/2005 2:19:52 AM | Attr = ] {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %SystemDrive%\Documents and Settings\Student\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 3.21 | Size = 1392705 bytes | Modified Date = 12/8/2005 2:19:52 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Lenovo\PkgMgr\PkgMgr.exe [Software Installer] -> Lenovo Group Limited [Ver = 3.21 | Size = 1392705 bytes | Modified Date = 12/8/2005 2:19:52 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> AntivirXP08 -> AntivirXP08 -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1EA0EEF7-0BAA-4B20-8CD9-A045671AFC76} -> (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter) -> {36A66D74-DE87-4E89-9C92-9E35532D07CC} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {9412B67D-B103-442D-AD4F-2238BC2CDA7D} -> (Broadcom NetXtreme Gigabit Ethernet) -> {C16E46DF-894A-4576-9C02-62306E7D3538} -> (1394 Net Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0742B9EF-8C83-41CA-BFBA-830A59E23533}[HKEY_LOCAL_MACHINE] -> https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[Microsoft Data Collection Control] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}[HKEY_LOCAL_MACHINE] -> http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1211207009593[MUCatalogWebControl Class] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192929343828[WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab[Java Plug-in 1.4.2] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSDcode.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSDcode.dll\\.Owner -> {0742B9EF-8C83-41CA-BFBA-830A59E23533} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSDcode.dll\\{0742B9EF-8C83-41CA-BFBA-830A59E23533} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MicrosoftUpdateCatalogWebControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MicrosoftUpdateCatalogWebControl.dll\\.Owner -> {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MicrosoftUpdateCatalogWebControl.dll\\{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> ACMainGUI.exe -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACMainGUI.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACMainGUI.exe] -> Lenovo [Ver = 4, 11, 0, 0 | Size = 724992 bytes | Modified Date = 2/1/2006 1:21:24 AM | Attr = ] AcroRd32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 5/11/2007 3:06:38 AM | Attr = ] Adbook.exe -> %CommonProgramFiles%\Broderbund\UMM\Adbook.exe [C:\Program Files\Common Files\Broderbund\UMM\adbook.exe] -> Broderbund Properties LLC [Ver = 6, 0, 0, 1139 | Size = 3772416 bytes | Modified Date = 7/1/2002 8:39:04 AM | Attr = ] cmmgr32.exe -> %SystemRoot%\system32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found combofix.exe -> %SystemDrive%\Documents and Settings\los\Desktop\ComboFix.exe [C:\Documents and Settings\los\Desktop\ComboFix.exe] -> File not found Crdmind.exe -> %CommonProgramFiles%\Broderbund\UMM\Crdmind.exe [C:\Program Files\Common Files\Broderbund\UMM\Crdmind.exe] -> Broderbund Properties LLC [Ver = 5, 0, 0, 1139 | Size = 253952 bytes | Modified Date = 7/1/2002 8:38:42 AM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 5/29/2008 4:08:56 PM | Attr = ] fontbrowser.exe -> %ProgramFiles%\Broderbund\ClickArt Premium Fonts\Fontbrowser.exe [C:\Program Files\Broderbund\ClickArt Premium Fonts\fontbrowser.exe] -> Broderbund LLC [Ver = 2, 0, 0, 1 | Size = 1064960 bytes | Modified Date = 5/6/2003 10:17:54 AM | Attr = ] HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis\hijackthis.exe] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 7/6/2008 5:38:46 AM | Attr = ] hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Program Files\Windows NT\hypertrm.exe"] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] javaws.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] MediaHub.exe -> %CommonProgramFiles%\Sonic Shared\Sonic Central\Main\Mediahub.exe [c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe] -> [Ver = 2.04.13e | Size = 2310144 bytes | Modified Date = 1/10/2006 5:04:00 AM | Attr = ] MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found My CeWe Photobook.exe -> %ProgramFiles%\CeWe USA\My CEWE Photo Book\My CEWE Photo Book.exe [C:\Program Files\CeWe USA\My CEWE Photo Book\My CEWE Photo Book.exe] -> File not found ORUN32.EXE -> %SystemRoot%\ORUN32.EXE [C:\WINDOWS\ORUN32.EXE] -> File not found PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> Apple Inc. [Ver = 7.5 (861) | Size = 548864 bytes | Modified Date = 5/27/2008 10:50:24 AM | Attr = ] pinball.exe -> %ProgramFiles%\Windows NT\Pinball\pinball.exe [C:\Program Files\Windows NT\Pinball\pinball.exe] -> Cinematronics [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 281088 bytes | Modified Date = 4/13/2008 8:12:31 PM | Attr = ] PMW.exe -> %ProgramFiles%\PrintMaster Silver 17\PMW.exe [C:\Program Files\PrintMaster Silver 17\PMW.exe] -> Broderbund Properties LLC [Ver = 17, 0, 0, 0039 | Size = 6516736 bytes | Modified Date = 2/22/2006 11:54:42 AM | Attr = ] QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> Apple Inc. [Ver = 7.5 (861) | Size = 7677232 bytes | Modified Date = 5/27/2008 10:50:48 AM | Attr = ] setup.exe -> %ProgramFiles%\Belkin\F5D7050v5\setup.exe [C:\Program Files\Belkin\F5D7050v5\setup.exe] -> File not found smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\smax4.exe] -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 5/6/2005 5:06:00 PM | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 11:11:06 AM | Attr = ] SMaxCore -> %ProgramFiles%\Analog Devices\Core [C:\Program Files\Analog Devices\Core] -> [Folder | Modified Date = 10/20/2007 7:43:22 PM | Attr = ] smwdmif.dll -> %ProgramFiles%\Analog Devices\Core\smwdmif.dll [C:\Program Files\Analog Devices\Core\smwdmif.dll] -> Analog Devices, Inc. [Ver = 6, 0, 4200, 014 | Size = 290816 bytes | Modified Date = 1/31/2006 1:25:14 PM | Attr = ] SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX [C:\Program Files\Analog Devices\SoundMAX] -> [Folder | Modified Date = 10/20/2007 7:56:10 PM | Attr = ] table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found TP4EX -> %SystemRoot%\system32\TP4EX.exe [C:\WINDOWS\system32\TP4EX] -> Lenovo Group Limited [Ver = 1.11.00 | Size = 65536 bytes | Modified Date = 10/17/2005 4:11:00 AM | Attr = ] TpKmapAp.exe -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe [C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe] -> Lenovo [Ver = 1, 3, 0, 0 | Size = 864256 bytes | Modified Date = 10/28/2005 10:04:44 PM | Attr = ] TVTMsg.exe -> %ProgramFiles%\Lenovo\TVTMessage\TVTMsg.exe [C:\Program Files\Lenovo\TVTMessage\TVTMsg.exe] -> Lenovo [Ver = 1, 1, 1, 0 | Size = 61440 bytes | Modified Date = 12/1/2005 9:39:50 PM | Attr = ] UNAVWIZ.exe -> %ProgramFiles%\ThinkPad\UltraNav Wizard\UNAVWIZ.exe [C:\Program Files\ThinkPad\UltraNav Wizard\UNAVWIZ.exe] -> Lenovo Group Limited [Ver = 3.04 | Size = 2813952 bytes | Modified Date = 1/24/2006 6:04:00 AM | Attr = ] WinDVD.exe -> %ProgramFiles%\InterVideo\WinDVD\WinDVD.exe [C:\Program Files\InterVideo\WinDVD\WinDVD.exe] -> InterVideo Inc. [Ver = 5.0.11.303 | Size = 118784 bytes | Modified Date = 2/6/2006 3:18:36 PM | Attr = ] winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Program Files\WinRAR\WinRAR.exe] -> [Ver = | Size = 936960 bytes | Modified Date = 9/20/2007 6:34:22 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> %SystemRoot%\system32\msv1_0.dll [msv1_0] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1032 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] csspwntfy -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> C4 38 E1 9E 37 11 D4 BA 45 50 FA 2B D9 61 E0 D2 63 31 31 66 65 65 66 65 00 00 00 00 28 14 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 CE 96 EC D7 E4 EB 1F 26 69 40 4D C1 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> BD 75 6B 24 7C 38 F2 25 5D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 8A 1F 45 EE 8F 83 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DB 31 D2 81 AE FB E4 E8 ED A9 55 FB 65 A1 EA F1 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 68 82 67 DB 3E D8 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8897 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\los\Desktop\utorrent.exe -> %SystemDrive%\Documents and Settings\los\Desktop\utorrent.exe [C:\Documents and Settings\los\Desktop\utorrent.exe:*:Enabled:utorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 6/27/2008 2:06:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 5/27/2008 7:23:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 3/30/2008 10:36:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6300.5000 | Size = 12829216 bytes | Modified Date = 12/12/2007 11:56:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 288 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\FailureActions -> 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 73 00 74 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 02 00 00 00 60 EA 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\0 -> Root\LEGACY_TLNTSVR\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^los^Start Menu^Programs^Startup^WordWeb.lnk -> %ProgramFiles%\WordWeb\wweb32.exe -> Antony Lewis [Ver = 5.0.0.0 | Size = 44384 bytes | Modified Date = 1/27/2007 9:42:48 AM | Attr = ] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> ACTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACTray.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 409600 bytes | Modified Date = 2/1/2006 1:19:26 AM | Attr = ] ACWLIcon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ThinkPad\ConnectUtilities\ACWLIcon.exe -> Lenovo [Ver = 4, 11, 0, 0 | Size = 98304 bytes | Modified Date = 2/1/2006 1:12:04 AM | Attr = ] Adobe Reader Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] AMSG hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ThinkVantage\AMSG\Amsg.exe -> LENOVO [Ver = 1, 0, 0, 0 | Size = 487424 bytes | Modified Date = 11/14/2005 6:23:22 PM | Attr = ] AwaySch hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Lenovo\AwayTask\AwaySch.EXE -> Lenovo Group Limited [Ver = 2, 0, 1, 0 | Size = 69632 bytes | Modified Date = 3/23/2006 5:03:00 AM | Attr = ] BLOG hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL -> [Ver = | Size = 208896 bytes | Modified Date = 3/23/2006 4:13:00 AM | Attr = ] cssauth hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\IBM ThinkVantage\Client Security Solution\cssauth.exe -> Lenovo Group Limited [Ver = 6.01.0044.00 | Size = 1996336 bytes | Modified Date = 12/21/2005 9:08:02 PM | Attr = ] < MountPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF DF DF DF 5F DF DF 01 01 FF FF FF FF FF FF FF FF FF 00 01 00 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e4dfdba-7f66-11dc-b295-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e4dfdba-7f66-11dc-b295-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e4dfdba-7f66-11dc-b295-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF CF CF 5F 5F CF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F DF DF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF DF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 E0 00 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\\_AutorunStatus -> 01 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de70008-14a9-11dd-b38d-0019d2681ab0}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644b86f2-f657-11dc-b302-ef8b15427d6c}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644b86f2-f657-11dc-b302-ef8b15427d6c}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644b86f2-f657-11dc-b302-ef8b15427d6c}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF 01 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca6-e9f0-11d8-8572-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca6-e9f0-11d8-8572-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca7-e9f0-11d8-8572-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca7-e9f0-11d8-8572-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca8-e9f0-11d8-8572-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca8-e9f0-11d8-8572-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca9-e9f0-11d8-8572-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70b63ca9-e9f0-11d8-8572-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3de-7f6b-11dc-b974-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3de-7f6b-11dc-b974-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3df-7f6b-11dc-b974-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3df-7f6b-11dc-b974-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3df-7f6b-11dc-b974-806d6172696f}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F CF 5F 5F 5F 5F CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF CF CF 5F 5F 5F CF CF CF 5F 5F CF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F DF DF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 E0 00 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3df-7f6b-11dc-b974-806d6172696f}\_Autorun\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3df-7f6b-11dc-b974-806d6172696f}\_Autorun\DefaultIcon\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b55c3df-7f6b-11dc-b974-806d6172696f}\_Autorun\DefaultIcon\\ -> D:\setup\app.ico [D:\setup\app.ico] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7b55c3de-7f6b-11dc-b974-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7b55c3de-7f6b-11dc-b974-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7b55c3de-7f6b-11dc-b974-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7b55c3df-7f6b-11dc-b974-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7b55c3df-7f6b-11dc-b974-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{7b55c3df-7f6b-11dc-b974-806d6172696f}\\Generation -> 1 -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/29/2008 12:09:23 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063702528 bytes | Created Date = 6/26/2008 7:20:16 AM | Attr = HS] IBMSHARE -> %SystemDrive%\IBMSHARE -> [Folder | Created Date = 7/8/2008 5:30:10 AM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 5/7/2008 6:56:32 AM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 5/7/2008 6:56:32 AM | Attr = RHS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/17/2008 12:37:32 AM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/27/2008 12:54:51 AM | Attr = ] Settings.ini -> %SystemDrive%\Settings.ini -> [Ver = | Size = 711 bytes | Created Date = 4/10/2008 8:44:20 AM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 6/28/2008 2:12:04 AM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/27/2008 5:27:03 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 7/6/2008 11:51:54 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1288192 bytes | Created Date = 5/7/2008 1:12:40 AM | Attr = ] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 6/27/2008 5:12:04 AM | Attr = ] AFS2K.SYS -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Created Date = 5/17/2008 11:06:43 AM | Attr = ] ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 6/27/2008 5:12:15 AM | Attr = ] ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 6/27/2008 5:12:15 AM | Attr = ] ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 6/27/2008 5:12:15 AM | Attr = ] ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 6/27/2008 5:12:15 AM | Attr = ] ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 6/27/2008 5:12:15 AM | Attr = ] ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 6/27/2008 5:12:15 AM | Attr = ] ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 6/27/2008 5:12:17 AM | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 6/27/2008 5:12:17 AM | Attr = ] atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 6/27/2008 5:12:18 AM | Attr = ] atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 6/27/2008 5:12:20 AM | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 6/27/2008 5:12:20 AM | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 6/27/2008 5:12:20 AM | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 6/27/2008 5:12:20 AM | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 6/27/2008 5:12:20 AM | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 6/27/2008 5:12:28 AM | Attr = ] cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 6/27/2008 5:12:51 AM | Attr = ] hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 6/27/2008 5:13:51 AM | Attr = ] hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 6/27/2008 5:13:51 AM | Attr = ] hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 6/27/2008 5:13:52 AM | Attr = ] mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 6/27/2008 5:16:51 AM | Attr = ] mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 6/27/2008 5:16:52 AM | Attr = ] mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 6/27/2008 5:16:54 AM | Attr = ] netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 6/27/2008 5:17:03 AM | Attr = ] ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 6/27/2008 5:17:21 AM | Attr = ] recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 6/27/2008 5:18:03 AM | Attr = ] s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 6/27/2008 5:18:10 AM | Attr = ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 6/27/2008 5:18:29 AM | Attr = ] slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 6/27/2008 5:18:31 AM | Attr = ] slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 6/27/2008 5:18:31 AM | Attr = ] slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 6/27/2008 5:18:32 AM | Attr = ] slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 6/27/2008 5:18:32 AM | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 6/27/2008 5:19:43 AM | Attr = ] wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 6/27/2008 5:19:50 AM | Attr = ] wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 6/27/2008 5:19:50 AM | Attr = ] wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 6/27/2008 5:19:50 AM | Attr = ] wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 6/27/2008 5:19:50 AM | Attr = ] watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 6/27/2008 5:19:51 AM | Attr = ] watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 6/27/2008 5:19:51 AM | Attr = ] ACHEEN__.TTF -> %SystemRoot%\System32\ACHEEN__.TTF -> [Ver = | Size = 60544 bytes | Created Date = 5/28/2008 6:05:55 AM | Attr = ] AIDAN___.TTF -> %SystemRoot%\System32\AIDAN___.TTF -> [Ver = | Size = 81140 bytes | Created Date = 5/28/2008 6:05:49 AM | Attr = ] aJRtDfhk.ini -> %SystemRoot%\System32\aJRtDfhk.ini -> [Ver = | Size = 760256 bytes | Created Date = 5/23/2008 10:19:43 PM | Attr = HS] AMERRN__.TTF -> %SystemRoot%\System32\AMERRN__.TTF -> [Ver = | Size = 53024 bytes | Created Date = 5/28/2008 6:05:44 AM | Attr = ] ANTIEN__.TTF -> %SystemRoot%\System32\ANTIEN__.TTF -> [Ver = | Size = 51972 bytes | Created Date = 5/28/2008 6:05:39 AM | Attr = ] ARRAEN__.TTF -> %SystemRoot%\System32\ARRAEN__.TTF -> [Ver = | Size = 67964 bytes | Created Date = 5/28/2008 6:05:37 AM | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 6/27/2008 5:12:16 AM | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 6/27/2008 5:12:17 AM | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 6/27/2008 5:12:18 AM | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 6/27/2008 5:12:19 AM | Attr = ] BANTN___.TTF -> %SystemRoot%\System32\BANTN___.TTF -> [Ver = | Size = 72896 bytes | Created Date = 5/28/2008 5:50:39 AM | Attr = ] BEAGLEXR.TTF -> %SystemRoot%\System32\BEAGLEXR.TTF -> [Ver = | Size = 51352 bytes | Created Date = 5/28/2008 5:50:47 AM | Attr = ] BEAUCN__.TTF -> %SystemRoot%\System32\BEAUCN__.TTF -> [Ver = | Size = 60880 bytes | Created Date = 5/28/2008 5:50:53 AM | Attr = ] BERNHR__.TTF -> %SystemRoot%\System32\BERNHR__.TTF -> [Ver = | Size = 64596 bytes | Created Date = 5/28/2008 5:51:02 AM | Attr = ] BERNICOR.TTF -> %SystemRoot%\System32\BERNICOR.TTF -> [Ver = | Size = 46712 bytes | Created Date = 5/28/2008 5:51:05 AM | Attr = ] BIMINCOR.TTF -> %SystemRoot%\System32\BIMINCOR.TTF -> [Ver = | Size = 35972 bytes | Created Date = 5/28/2008 5:51:10 AM | Attr = ] BLEWEXTR.TTF -> %SystemRoot%\System32\BLEWEXTR.TTF -> [Ver = | Size = 46956 bytes | Created Date = 5/28/2008 5:51:15 AM | Attr = ] BLISSEXR.TTF -> %SystemRoot%\System32\BLISSEXR.TTF -> [Ver = | Size = 57624 bytes | Created Date = 5/28/2008 6:05:29 AM | Attr = ] BOBON___.TTF -> %SystemRoot%\System32\BOBON___.TTF -> [Ver = | Size = 67296 bytes | Created Date = 5/28/2008 5:51:23 AM | Attr = ] BOSNEN__.TTF -> %SystemRoot%\System32\BOSNEN__.TTF -> [Ver = | Size = 52256 bytes | Created Date = 5/28/2008 5:51:27 AM | Attr = ] botdytsu.ini -> %SystemRoot%\System32\botdytsu.ini -> [Ver = | Size = 1198506 bytes | Created Date = 5/28/2008 2:10:34 AM | Attr = HS] BROAN___.TTF -> %SystemRoot%\System32\BROAN___.TTF -> [Ver = | Size = 73256 bytes | Created Date = 5/28/2008 5:51:31 AM | Attr = ] BUSSN___.TTF -> %SystemRoot%\System32\BUSSN___.TTF -> [Ver = | Size = 47684 bytes | Created Date = 5/28/2008 5:51:35 AM | Attr = ] CARLAB__.TTF -> %SystemRoot%\System32\CARLAB__.TTF -> [Ver = | Size = 63752 bytes | Created Date = 5/28/2008 5:51:41 AM | Attr = ] CARLAZ__.TTF -> %SystemRoot%\System32\CARLAZ__.TTF -> [Ver = | Size = 68068 bytes | Created Date = 5/28/2008 5:51:43 AM | Attr = ] cdintf210.dll -> %SystemRoot%\System32\cdintf210.dll -> Amyuni Technologies http://www.amyuni.com [Ver = 2.10d | Size = 970752 bytes | Created Date = 7/7/2008 10:27:27 PM | Attr = ] CHANEI__.TTF -> %SystemRoot%\System32\CHANEI__.TTF -> [Ver = | Size = 64368 bytes | Created Date = 5/28/2008 6:05:25 AM | Attr = ] CHASEHN_.TTF -> %SystemRoot%\System32\CHASEHN_.TTF -> [Ver = | Size = 73344 bytes | Created Date = 5/28/2008 5:51:52 AM | Attr = ] CHAZEXTR.TTF -> %SystemRoot%\System32\CHAZEXTR.TTF -> [Ver = | Size = 62772 bytes | Created Date = 5/28/2008 5:51:56 AM | Attr = ] CIRCN___.TTF -> %SystemRoot%\System32\CIRCN___.TTF -> [Ver = | Size = 57264 bytes | Created Date = 5/28/2008 5:52:00 AM | Attr = ] CLAREEXR.TTF -> %SystemRoot%\System32\CLAREEXR.TTF -> [Ver = | Size = 52996 bytes | Created Date = 5/28/2008 5:52:13 AM | Attr = ] CLAYTEXR.TTF -> %SystemRoot%\System32\CLAYTEXR.TTF -> [Ver = | Size = 76568 bytes | Created Date = 5/28/2008 5:52:15 AM | Attr = ] CLEANCOR.TTF -> %SystemRoot%\System32\CLEANCOR.TTF -> [Ver = | Size = 43984 bytes | Created Date = 5/28/2008 5:52:20 AM | Attr = ] COWBOR__.TTF -> %SystemRoot%\System32\COWBOR__.TTF -> [Ver = | Size = 83036 bytes | Created Date = 5/28/2008 5:52:25 AM | Attr = ] DINAN___.TTF -> %SystemRoot%\System32\DINAN___.TTF -> [Ver = | Size = 80900 bytes | Created Date = 5/28/2008 5:52:29 AM | Attr = ] DOLPHEXR.TTF -> %SystemRoot%\System32\DOLPHEXR.TTF -> [Ver = | Size = 54176 bytes | Created Date = 5/28/2008 5:52:35 AM | Attr = ] DOMILN__.TTF -> %SystemRoot%\System32\DOMILN__.TTF -> [Ver = | Size = 48360 bytes | Created Date = 5/28/2008 5:52:40 AM | Attr = ] EGGOEN__.TTF -> %SystemRoot%\System32\EGGOEN__.TTF -> [Ver = | Size = 62568 bytes | Created Date = 5/28/2008 5:52:49 AM | Attr = ] ELEPEN__.TTF -> %SystemRoot%\System32\ELEPEN__.TTF -> [Ver = | Size = 63784 bytes | Created Date = 5/28/2008 5:52:54 AM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 6/27/2008 6:10:14 AM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ENGGEN__.TTF -> %SystemRoot%\System32\ENGGEN__.TTF -> [Ver = | Size = 52264 bytes | Created Date = 5/28/2008 5:53:00 AM | Attr = ] ERICB___.TTF -> %SystemRoot%\System32\ERICB___.TTF -> [Ver = | Size = 44320 bytes | Created Date = 5/28/2008 5:53:06 AM | Attr = ] ERICLTN_.TTF -> %SystemRoot%\System32\ERICLTN_.TTF -> [Ver = | Size = 52364 bytes | Created Date = 5/28/2008 5:53:10 AM | Attr = ] EURAEN__.TTF -> %SystemRoot%\System32\EURAEN__.TTF -> [Ver = | Size = 56136 bytes | Created Date = 5/28/2008 5:53:14 AM | Attr = ] EXPEEN__.TTF -> %SystemRoot%\System32\EXPEEN__.TTF -> [Ver = | Size = 50604 bytes | Created Date = 5/28/2008 6:05:19 AM | Attr = ] EYEGLEXR.TTF -> %SystemRoot%\System32\EYEGLEXR.TTF -> [Ver = | Size = 35980 bytes | Created Date = 5/28/2008 6:05:15 AM | Attr = ] FELIEN__.TTF -> %SystemRoot%\System32\FELIEN__.TTF -> [Ver = | Size = 59812 bytes | Created Date = 5/28/2008 6:05:12 AM | Attr = ] FLATBEN_.TTF -> %SystemRoot%\System32\FLATBEN_.TTF -> [Ver = | Size = 57972 bytes | Created Date = 5/28/2008 5:53:30 AM | Attr = ] FLETEN__.TTF -> %SystemRoot%\System32\FLETEN__.TTF -> [Ver = | Size = 57844 bytes | Created Date = 5/28/2008 5:53:36 AM | Attr = ] FRANCEXR.TTF -> %SystemRoot%\System32\FRANCEXR.TTF -> [Ver = | Size = 51032 bytes | Created Date = 5/28/2008 5:53:40 AM | Attr = ] FREE9CN_.TTF -> %SystemRoot%\System32\FREE9CN_.TTF -> [Ver = | Size = 71840 bytes | Created Date = 5/28/2008 5:53:45 AM | Attr = ] FUJIEXTZ.TTF -> %SystemRoot%\System32\FUJIEXTZ.TTF -> [Ver = | Size = 45216 bytes | Created Date = 5/28/2008 5:53:49 AM | Attr = ] GALAEN__.TTF -> %SystemRoot%\System32\GALAEN__.TTF -> [Ver = | Size = 65308 bytes | Created Date = 5/28/2008 5:53:54 AM | Attr = ] GAZECN__.TTF -> %SystemRoot%\System32\GAZECN__.TTF -> [Ver = | Size = 65316 bytes | Created Date = 5/28/2008 5:53:59 AM | Attr = ] GE40____.TTF -> %SystemRoot%\System32\GE40____.TTF -> [Ver = | Size = 40884 bytes | Created Date = 5/28/2008 5:54:04 AM | Attr = ] GILLIR__.TTF -> %SystemRoot%\System32\GILLIR__.TTF -> [Ver = | Size = 35916 bytes | Created Date = 5/28/2008 5:54:09 AM | Attr = ] GOTH1R__.TTF -> %SystemRoot%\System32\GOTH1R__.TTF -> [Ver = | Size = 73060 bytes | Created Date = 5/28/2008 5:54:19 AM | Attr = ] GOTHIR__.TTF -> %SystemRoot%\System32\GOTHIR__.TTF -> [Ver = | Size = 35772 bytes | Created Date = 5/28/2008 5:54:14 AM | Attr = ] GREGOCOR.TTF -> %SystemRoot%\System32\GREGOCOR.TTF -> [Ver = | Size = 78300 bytes | Created Date = 5/28/2008 5:54:26 AM | Attr = ] GREMN___.TTF -> %SystemRoot%\System32\GREMN___.TTF -> [Ver = | Size = 174212 bytes | Created Date = 5/28/2008 5:54:29 AM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 5/27/2008 4:08:00 AM | Attr = H ] HALOR___.TTF -> %SystemRoot%\System32\HALOR___.TTF -> [Ver = | Size = 83952 bytes | Created Date = 5/28/2008 5:54:34 AM | Attr = ] HANGCI__.TTF -> %SystemRoot%\System32\HANGCI__.TTF -> [Ver = | Size = 71528 bytes | Created Date = 5/28/2008 5:54:39 AM | Attr = ] HANZEEXR.TTF -> %SystemRoot%\System32\HANZEEXR.TTF -> [Ver = | Size = 36196 bytes | Created Date = 5/28/2008 5:54:44 AM | Attr = ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 6/27/2008 5:13:51 AM | Attr = ] imycxtiv.dll -> %SystemRoot%\System32\imycxtiv.dll -> [Ver = | Size = 78848 bytes | Created Date = 7/7/2008 1:05:48 AM | Attr = ] INDEN___.TTF -> %SystemRoot%\System32\INDEN___.TTF -> [Ver = | Size = 83024 bytes | Created Date = 5/28/2008 5:54:51 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/12/2008 12:38:39 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/12/2008 12:38:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 4/12/2008 12:38:39 AM | Attr = ] JOLTEN__.TTF -> %SystemRoot%\System32\JOLTEN__.TTF -> [Ver = | Size = 66504 bytes | Created Date = 5/28/2008 5:54:58 AM | Attr = ] JOTTBI__.TTF -> %SystemRoot%\System32\JOTTBI__.TTF -> [Ver = | Size = 69088 bytes | Created Date = 5/28/2008 5:55:00 AM | Attr = ] JOTTTBI_.TTF -> %SystemRoot%\System32\JOTTTBI_.TTF -> [Ver = | Size = 71640 bytes | Created Date = 5/28/2008 5:55:04 AM | Attr = ] JUNEN___.TTF -> %SystemRoot%\System32\JUNEN___.TTF -> [Ver = | Size = 66012 bytes | Created Date = 5/28/2008 5:55:08 AM | Attr = ] kaklkgew.ini -> %SystemRoot%\System32\kaklkgew.ini -> [Ver = | Size = 1156167 bytes | Created Date = 5/25/2008 5:09:13 PM | Attr = HS] KEIRAEXR.TTF -> %SystemRoot%\System32\KEIRAEXR.TTF -> [Ver = | Size = 53600 bytes | Created Date = 5/28/2008 5:55:14 AM | Attr = ] KEYSHEAR.TTF -> %SystemRoot%\System32\KEYSHEAR.TTF -> [Ver = | Size = 47684 bytes | Created Date = 5/28/2008 5:55:19 AM | Attr = ] KOSHEI__.TTF -> %SystemRoot%\System32\KOSHEI__.TTF -> [Ver = | Size = 81624 bytes | Created Date = 5/28/2008 5:55:24 AM | Attr = ] lawupubm.ini -> %SystemRoot%\System32\lawupubm.ini -> [Ver = | Size = 1384610 bytes | Created Date = 6/16/2008 12:32:59 AM | Attr = HS] LECHR___.TTF -> %SystemRoot%\System32\LECHR___.TTF -> [Ver = | Size = 41040 bytes | Created Date = 5/28/2008 5:55:29 AM | Attr = ] LEOEN___.TTF -> %SystemRoot%\System32\LEOEN___.TTF -> [Ver = | Size = 61732 bytes | Created Date = 5/28/2008 5:55:33 AM | Attr = ] lmtjhz.dll -> %SystemRoot%\System32\lmtjhz.dll -> [Ver = | Size = 103424 bytes | Created Date = 7/5/2008 11:57:45 PM | Attr = ] lsprst7.tgz -> %SystemRoot%\System32\lsprst7.tgz -> [Ver = | Size = 219 bytes | Created Date = 5/15/2008 5:51:45 AM | Attr = ] LUCYR___.TTF -> %SystemRoot%\System32\LUCYR___.TTF -> [Ver = | Size = 65116 bytes | Created Date = 5/28/2008 5:55:43 AM | Attr = ] MANUEN__.TTF -> %SystemRoot%\System32\MANUEN__.TTF -> [Ver = | Size = 75460 bytes | Created Date = 5/28/2008 5:55:50 AM | Attr = ] MARLN___.TTF -> %SystemRoot%\System32\MARLN___.TTF -> [Ver = | Size = 59480 bytes | Created Date = 5/28/2008 5:55:54 AM | Attr = ] MASSER__.TTF -> %SystemRoot%\System32\MASSER__.TTF -> [Ver = | Size = 46432 bytes | Created Date = 5/28/2008 5:55:59 AM | Attr = ] MIRRCN__.TTF -> %SystemRoot%\System32\MIRRCN__.TTF -> [Ver = | Size = 61280 bytes | Created Date = 5/28/2008 5:56:04 AM | Attr = ] MIRRWB__.TTF -> %SystemRoot%\System32\MIRRWB__.TTF -> [Ver = | Size = 60572 bytes | Created Date = 5/28/2008 6:02:47 AM | Attr = ] MLSHB.TTF -> %SystemRoot%\System32\MLSHB.TTF -> [Ver = | Size = 66453 bytes | Created Date = 5/28/2008 6:03:59 AM | Attr = ] mmc.exe.config -> %SystemRoot%\System32\mmc.exe.config -> [Ver = | Size = 126 bytes | Created Date = 5/27/2008 4:09:54 AM | Attr = ] msmq -> %SystemRoot%\System32\msmq -> [Folder | Created Date = 5/27/2008 12:06:49 AM | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 6/27/2008 5:16:53 AM | Attr = ] MYSTII__.TTF -> %SystemRoot%\System32\MYSTII__.TTF -> [Ver = | Size = 92104 bytes | Created Date = 5/28/2008 6:02:50 AM | Attr = ] MYSTIR__.TTF -> %SystemRoot%\System32\MYSTIR__.TTF -> [Ver = | Size = 83780 bytes | Created Date = 5/28/2008 6:02:53 AM | Attr = ] MYSTITHR.TTF -> %SystemRoot%\System32\MYSTITHR.TTF -> [Ver = | Size = 82288 bytes | Created Date = 5/28/2008 6:03:02 AM | Attr = ] MYTHTBI_.TTF -> %SystemRoot%\System32\MYTHTBI_.TTF -> [Ver = | Size = 76432 bytes | Created Date = 5/28/2008 6:03:06 AM | Attr = ] NINEBI__.TTF -> %SystemRoot%\System32\NINEBI__.TTF -> [Ver = | Size = 113988 bytes | Created Date = 5/28/2008 6:03:09 AM | Attr = ] NORWAR__.TTF -> %SystemRoot%\System32\NORWAR__.TTF -> [Ver = | Size = 48988 bytes | Created Date = 5/28/2008 6:03:14 AM | Attr = ] NORWATHR.TTF -> %SystemRoot%\System32\NORWATHR.TTF -> [Ver = | Size = 48184 bytes | Created Date = 5/28/2008 6:03:23 AM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 5/29/2008 1:42:28 AM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 41 | Size = 180224 bytes | Created Date = 6/26/2008 3:32:15 AM | Attr = ] osbvccsy.ini -> %SystemRoot%\System32\osbvccsy.ini -> [Ver = | Size = 1222384 bytes | Created Date = 5/29/2008 2:10:44 AM | Attr = HS] PAREB___.TTF -> %SystemRoot%\System32\PAREB___.TTF -> [Ver = | Size = 49868 bytes | Created Date = 5/28/2008 6:03:29 AM | Attr = ] PARERI__.TTF -> %SystemRoot%\System32\PARERI__.TTF -> [Ver = | Size = 57004 bytes | Created Date = 5/28/2008 6:03:34 AM | Attr = ] PARISWIB.TTF -> %SystemRoot%\System32\PARISWIB.TTF -> [Ver = | Size = 56648 bytes | Created Date = 5/28/2008 6:03:39 AM | Attr = ] PERSB___.TTF -> %SystemRoot%\System32\PERSB___.TTF -> [Ver = | Size = 51336 bytes | Created Date = 5/28/2008 6:03:44 AM | Attr = ] phcgvoj0et1a.bmp -> %SystemRoot%\System32\phcgvoj0et1a.bmp -> [Ver = | Size = 90838 bytes | Created Date = 6/26/2008 12:57:56 AM | Attr = ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 974 bytes | Created Date = 6/27/2008 5:14:16 AM | Attr = ] pkaphtia.ini -> %SystemRoot%\System32\pkaphtia.ini -> [Ver = | Size = 1409358 bytes | Created Date = 6/17/2008 12:32:30 AM | Attr = HS] qdrvefov.dll -> %SystemRoot%\System32\qdrvefov.dll -> [Ver = | Size = 103424 bytes | Created Date = 7/5/2008 11:57:42 PM | Attr = ] qguqwnsk.ini -> %SystemRoot%\System32\qguqwnsk.ini -> [Ver = | Size = 1155206 bytes | Created Date = 5/23/2008 10:20:31 PM | Attr = HS] qqnaigln.ini -> %SystemRoot%\System32\qqnaigln.ini -> [Ver = | Size = 474 bytes | Created Date = 6/15/2008 11:06:37 AM | Attr = HS] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Created Date = 5/27/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Created Date = 5/27/2008 10:50:34 AM | Attr = ] RACEB___.TTF -> %SystemRoot%\System32\RACEB___.TTF -> [Ver = | Size = 53740 bytes | Created Date = 5/28/2008 6:03:49 AM | Attr = ] RALLB___.TTF -> %SystemRoot%\System32\RALLB___.TTF -> [Ver = | Size = 58976 bytes | Created Date = 5/28/2008 6:03:54 AM | Attr = ] roopbtbx.ini -> %SystemRoot%\System32\roopbtbx.ini -> [Ver = | Size = 1155146 bytes | Created Date = 5/24/2008 10:23:07 PM | Attr = HS] RrYaGMoq.ini -> %SystemRoot%\System32\RrYaGMoq.ini -> [Ver = | Size = 686642 bytes | Created Date = 5/25/2008 5:08:15 PM | Attr = HS] RrYaGMoq.ini2 -> %SystemRoot%\System32\RrYaGMoq.ini2 -> [Ver = | Size = 738477 bytes | Created Date = 5/25/2008 5:08:15 PM | Attr = HS] runtime -> %SystemRoot%\System32\runtime -> [Folder | Created Date = 5/4/2008 7:55:15 PM | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 6/27/2008 5:18:10 AM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 6/27/2008 6:10:20 AM | Attr = ] SCROHN__.TTF -> %SystemRoot%\System32\SCROHN__.TTF -> [Ver = | Size = 57160 bytes | Created Date = 5/28/2008 6:04:04 AM | Attr = ] SHADER__.TTF -> %SystemRoot%\System32\SHADER__.TTF -> [Ver = | Size = 41248 bytes | Created Date = 5/28/2008 6:04:10 AM | Attr = ] SINBN___.TTF -> %SystemRoot%\System32\SINBN___.TTF -> [Ver = | Size = 71796 bytes | Created Date = 5/28/2008 6:04:14 AM | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 6/27/2008 5:18:31 AM | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 6/27/2008 5:18:31 AM | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 6/27/2008 5:18:31 AM | Attr = ] SLIVN___.TTF -> %SystemRoot%\System32\SLIVN___.TTF -> [Ver = | Size = 68976 bytes | Created Date = 5/28/2008 6:04:19 AM | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 6/27/2008 5:18:32 AM | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 6/27/2008 5:18:32 AM | Attr = ] SOJON___.TTF -> %SystemRoot%\System32\SOJON___.TTF -> [Ver = | Size = 66724 bytes | Created Date = 5/28/2008 6:04:24 AM | Attr = ] ssprs.tgz -> %SystemRoot%\System32\ssprs.tgz -> [Ver = | Size = 87 bytes | Created Date = 5/15/2008 5:51:45 AM | Attr = ] STUCN___.TTF -> %SystemRoot%\System32\STUCN___.TTF -> [Ver = | Size = 129008 bytes | Created Date = 5/28/2008 6:04:29 AM | Attr = ] sysprs7.tgz -> %SystemRoot%\System32\sysprs7.tgz -> [Ver = | Size = 1025 bytes | Created Date = 5/15/2008 5:51:45 AM | Attr = ] TANGN___.TTF -> %SystemRoot%\System32\TANGN___.TTF -> [Ver = | Size = 105088 bytes | Created Date = 5/28/2008 6:04:34 AM | Attr = ] TECHNHBI.TTF -> %SystemRoot%\System32\TECHNHBI.TTF -> [Ver = | Size = 71700 bytes | Created Date = 5/28/2008 6:04:39 AM | Attr = ] TECHNHI_.TTF -> %SystemRoot%\System32\TECHNHI_.TTF -> [Ver = | Size = 79092 bytes | Created Date = 5/28/2008 6:04:43 AM | Attr = ] TEMPEN__.TTF -> %SystemRoot%\System32\TEMPEN__.TTF -> [Ver = | Size = 52164 bytes | Created Date = 5/28/2008 6:04:44 AM | Attr = ] TERRN___.TTF -> %SystemRoot%\System32\TERRN___.TTF -> [Ver = | Size = 69076 bytes | Created Date = 5/28/2008 6:04:49 AM | Attr = ] THUNN___.TTF -> %SystemRoot%\System32\THUNN___.TTF -> [Ver = | Size = 98844 bytes | Created Date = 5/28/2008 6:04:54 AM | Attr = ] TIMEN___.TTF -> %SystemRoot%\System32\TIMEN___.TTF -> [Ver = | Size = 56644 bytes | Created Date = 5/28/2008 6:04:59 AM | Attr = ] tlwwxihw.ini -> %SystemRoot%\System32\tlwwxihw.ini -> [Ver = | Size = 4559095 bytes | Created Date = 6/10/2008 1:02:13 AM | Attr = HS] vitxcymi.ini -> %SystemRoot%\System32\vitxcymi.ini -> [Ver = | Size = 1695007 bytes | Created Date = 7/7/2008 1:06:02 AM | Attr = HS] vpgsxv.dll -> %SystemRoot%\System32\vpgsxv.dll -> [Ver = | Size = 102912 bytes | Created Date = 7/7/2008 1:05:43 AM | Attr = ] vtUmNFuS.dll -> %SystemRoot%\System32\vtUmNFuS.dll -> [Ver = | Size = 32475 bytes | Created Date = 7/5/2008 1:20:10 PM | Attr = ] vuvqoaxj.ini -> %SystemRoot%\System32\vuvqoaxj.ini -> [Ver = | Size = 1155867 bytes | Created Date = 5/24/2008 10:25:41 PM | Attr = HS] wHNVuBeg.ini -> %SystemRoot%\System32\wHNVuBeg.ini -> [Ver = | Size = 656735 bytes | Created Date = 7/5/2008 11:51:40 PM | Attr = HS] wHNVuBeg.ini2 -> %SystemRoot%\System32\wHNVuBeg.ini2 -> [Ver = | Size = 656735 bytes | Created Date = 7/5/2008 11:51:40 PM | Attr = HS] xcfcgtli.dll -> %SystemRoot%\System32\xcfcgtli.dll -> [Ver = | Size = 102912 bytes | Created Date = 7/7/2008 1:05:38 AM | Attr = ] xriicamq.ini -> %SystemRoot%\System32\xriicamq.ini -> [Ver = | Size = 2387718 bytes | Created Date = 5/30/2008 2:08:33 AM | Attr = HS] yclamqmo.ini -> %SystemRoot%\System32\yclamqmo.ini -> [Ver = | Size = 624 bytes | Created Date = 6/18/2008 12:36:06 AM | Attr = HS] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 6/27/2008 5:54:06 AM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> a3kebook.ini -> %SystemRoot%\a3kebook.ini -> [Ver = | Size = 4 bytes | Created Date = 6/22/2008 4:40:37 AM | Attr = H ] akebook.ini -> %SystemRoot%\akebook.ini -> [Ver = | Size = 20 bytes | Created Date = 6/22/2008 4:40:37 AM | Attr = H ] ANS2000.INI -> %SystemRoot%\ANS2000.INI -> [Ver = | Size = 23 bytes | Created Date = 6/22/2008 4:40:37 AM | Attr = ] BM173ddcda.xml -> %SystemRoot%\BM173ddcda.xml -> [Ver = | Size = 48 bytes | Created Date = 6/18/2008 12:33:07 AM | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 5/19/2008 11:28:00 AM | Attr = HS] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/29/2008 12:09:52 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 6/27/2008 6:10:16 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 5/24/2008 4:03:00 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1160 bytes | Created Date = 6/18/2008 12:08:09 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 6/27/2008 6:16:47 AM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 6/18/2008 12:33:07 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 4/24/2008 1:38:43 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 4/12/2008 6:51:30 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 4/12/2008 6:51:30 AM | Attr = H ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 6/27/2008 6:02:43 AM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Created Date = 6/30/2008 6:46:13 PM | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 6/27/2008 5:18:32 AM | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 6/30/2008 12:15:49 PM | Attr = ] Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 256 bytes | Created Date = 6/18/2008 12:40:38 PM | Attr = ] User_Feed_Synchronization-{AE952DE2-4671-4745-AE25-AB9FD7571EC1}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{AE952DE2-4671-4745-AE25-AB9FD7571EC1}.job -> [Ver = | Size = 388 bytes | Created Date = 5/17/2008 4:49:14 AM | Attr = H ] Windows Update.job -> %SystemRoot%\tasks\Windows Update.job -> [Ver = | Size = 254 bytes | Created Date = 5/27/2008 3:57:45 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Broderbund Software -> %AllUsersProfile%\Application Data\Broderbund Software -> [Folder | Created Date = 5/17/2008 11:06:34 AM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Created Date = 7/6/2008 2:15:23 AM | Attr = ] hps -> %AllUsersProfile%\Application Data\hps -> [Folder | Created Date = 5/15/2008 5:51:41 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 6/19/2008 4:46:10 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/27/2008 12:12:51 AM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 6/30/2008 3:01:34 PM | Attr = ] PCDr -> %AllUsersProfile%\Application Data\PCDr -> [Folder | Created Date = 4/10/2008 2:46:51 AM | Attr = ] Riverdeep Interactive Learning Limited -> %AllUsersProfile%\Application Data\Riverdeep Interactive Learning Limited -> [Folder | Created Date = 7/7/2008 10:30:43 PM | Attr = ] System Restore -> %AllUsersProfile%\Application Data\System Restore -> [Folder | Created Date = 6/19/2008 8:22:30 AM | Attr = HS] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 5/4/2008 8:09:47 PM | Attr = ] @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 5/26/2008 10:38:18 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 6/26/2008 11:23:25 PM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Created Date = 6/27/2008 2:06:49 AM | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Created Date = 6/6/2008 2:10:08 AM | Attr = ] eBookPro6 -> %AppData%\eBookPro6 -> [Folder | Created Date = 7/5/2008 6:29:55 AM | Attr = ] ErrorRepairTool -> %AppData%\ErrorRepairTool -> [Folder | Created Date = 6/26/2008 11:42:12 PM | Attr = ] FireShot -> %AppData%\FireShot -> [Folder | Created Date = 6/18/2008 6:26:38 AM | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 7/2/2008 8:13:41 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Created Date = 6/17/2008 12:42:08 AM | Attr = ] IBM -> %AppData%\IBM -> [Folder | Created Date = 7/2/2008 8:13:41 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 7/2/2008 8:13:41 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Created Date = 5/19/2008 8:47:26 AM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Created Date = 6/27/2008 11:24:34 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 6/26/2008 11:29:35 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/27/2008 12:12:54 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 7/2/2008 8:13:41 PM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 6/27/2008 1:54:55 AM | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 6/30/2008 12:53:08 AM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 6/27/2008 4:46:13 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Created Date = 7/2/2008 8:13:42 PM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Created Date = 5/19/2008 10:14:29 AM | Attr = ] ThinkVantage -> %AppData%\ThinkVantage -> [Folder | Created Date = 7/2/2008 8:13:42 PM | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Created Date = 6/26/2008 11:48:51 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 6/27/2008 2:06:02 AM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 7/1/2008 5:30:25 AM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 6/28/2008 1:43:14 AM | Attr = ] WordWeb -> %AppData%\WordWeb -> [Folder | Created Date = 5/28/2008 10:12:57 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Created Date = 5/24/2008 3:38:39 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 6/27/2008 2:42:13 AM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 6/27/2008 1:55:55 AM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Created Date = 6/26/2008 6:35:27 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Created Date = 6/26/2008 6:34:58 AM | Attr = ] Broderbund Software -> %UserProfile%\Local Settings\Application Data\Broderbund Software -> [Folder | Created Date = 5/17/2008 11:12:20 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5632 bytes | Created Date = 7/1/2008 5:19:55 AM | Attr = ] fusioncache.dat -> %UserProfile%\Local Settings\Application Data\fusioncache.dat -> [Ver = | Size = 126 bytes | Created Date = 6/26/2008 6:34:59 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 256680 bytes | Created Date = 6/26/2008 8:51:06 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 6/26/2008 6:34:58 AM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 6/17/2008 12:42:08 AM | Attr = ] IBM -> %UserProfile%\Local Settings\Application Data\IBM -> [Folder | Created Date = 6/26/2008 6:34:58 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2530032 bytes | Created Date = 6/30/2008 6:18:07 AM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Created Date = 6/27/2008 3:58:51 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 6/26/2008 6:34:58 AM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 6/30/2008 3:01:39 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 6/27/2008 1:54:56 AM | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 6/30/2008 7:03:24 PM | Attr = ] Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net -> [Folder | Created Date = 6/28/2008 1:44:14 AM | Attr = ] Symantec -> %UserProfile%\Local Settings\Application Data\Symantec -> [Folder | Created Date = 6/26/2008 6:34:58 AM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Created Date = 7/2/2008 6:01:49 PM | Attr = R ] Access Connections -> %UserProfile%\My Documents\Access Connections -> [Folder | Created Date = 7/5/2008 11:49:02 PM | Attr = ] Book1.xlsx -> %UserProfile%\My Documents\Book1.xlsx -> [Ver = | Size = 19540 bytes | Created Date = 7/6/2008 11:50:45 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 6/26/2008 6:34:59 AM | Attr = HS] E-Book Websites -> %UserProfile%\My Documents\E-Book Websites -> [Folder | Created Date = 7/7/2008 7:14:27 PM | Attr = ] My Computer.lnk -> %UserProfile%\My Documents\My Computer.lnk -> [Ver = | Size = 104 bytes | Created Date = 7/4/2008 1:06:19 PM | Attr = ] My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [Folder | Created Date = 7/6/2008 2:17:07 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 7/3/2008 2:22:10 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 6/26/2008 6:34:58 AM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 6/26/2008 7:45:55 PM | Attr = R ] Nicola's Shit -> %UserProfile%\My Documents\Nicola's Shit -> [Folder | Created Date = 6/27/2008 2:40:38 AM | Attr = ] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Created Date = 6/30/2008 6:48:36 PM | Attr = ] RECIPE.doc -> %UserProfile%\My Documents\RECIPE.doc -> [Ver = | Size = 70144 bytes | Created Date = 7/8/2008 10:30:39 PM | Attr = ] RECIPE.docx -> %UserProfile%\My Documents\RECIPE.docx -> [Ver = | Size = 16452 bytes | Created Date = 7/8/2008 12:32:13 AM | Attr = ] runscanner.zip -> %UserProfile%\My Documents\runscanner.zip -> [Ver = | Size = 1659784 bytes | Created Date = 6/30/2008 12:19:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\runscanner.zip:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Created Date = 7/6/2008 5:38:46 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 7/6/2008 5:40:14 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/9/2008 12:03:41 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568114 bytes | Created Date = 7/9/2008 12:02:46 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Event Reminder.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Event Reminder.lnk -> [Ver = | Size = 706 bytes | Created Date = 7/7/2008 10:26:01 PM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 6/26/2008 6:34:58 AM | Attr = HS] Broderbund -> %CommonProgramFiles%\Broderbund -> [Folder | Created Date = 7/7/2008 10:23:14 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 6/30/2008 6:24:15 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 6/30/2008 12:53:45 AM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 6/12/2008 3:49:06 AM | Attr = ] Broderbund -> %ProgramFiles%\Broderbund -> [Folder | Created Date = 5/21/2008 11:03:36 PM | Attr = ] CableRouting -> %ProgramFiles%\CableRouting -> [Folder | Created Date = 6/26/2008 3:38:13 AM | Attr = ] ComPlus Applications -> %ProgramFiles%\ComPlus Applications -> [Folder | Created Date = 7/2/2008 8:13:39 PM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 4/28/2008 6:25:28 AM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 4/28/2008 6:25:13 AM | Attr = ] Microsoft CAPICOM 2.1.0.2 -> %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 -> [Folder | Created Date = 4/12/2008 2:50:12 AM | Attr = ] Microsoft Small Business -> %ProgramFiles%\Microsoft Small Business -> [Folder | Created Date = 6/30/2008 3:39:51 PM | Attr = ] Microsoft SQL Server -> %ProgramFiles%\Microsoft SQL Server -> [Folder | Created Date = 6/30/2008 3:46:06 PM | Attr = ] Microsoft Works -> %ProgramFiles%\Microsoft Works -> [Folder | Created Date = 7/4/2008 1:56:18 AM | Attr = ] Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [Folder | Created Date = 6/19/2008 6:52:20 AM | Attr = ] MSECache -> %ProgramFiles%\MSECache -> [Folder | Created Date = 5/27/2008 2:12:58 AM | Attr = ] PBA -> %ProgramFiles%\PBA -> [Folder | Created Date = 6/18/2008 2:55:50 AM | Attr = ] PrintMaster Silver 17 -> %ProgramFiles%\PrintMaster Silver 17 -> [Folder | Created Date = 7/7/2008 10:23:05 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 7/4/2008 3:17:11 PM | Attr = ] Real -> %ProgramFiles%\Real -> [Folder | Created Date = 6/30/2008 12:53:44 AM | Attr = ] Safer Networking -> %ProgramFiles%\Safer Networking -> [Folder | Created Date = 5/8/2008 6:29:56 AM | Attr = ] Support Tools -> %ProgramFiles%\Support Tools -> [Folder | Created Date = 5/19/2008 9:24:59 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 7/6/2008 5:38:46 AM | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 6/27/2008 2:06:04 AM | Attr = ] VideoLAN -> %ProgramFiles%\VideoLAN -> [Folder | Created Date = 5/7/2008 2:26:29 AM | Attr = ] Web Publish -> %ProgramFiles%\Web Publish -> [Folder | Created Date = 7/7/2008 10:27:34 PM | Attr = ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 6/27/2008 2:11:47 AM | Attr = ] [Files/Folders - Modified Within 90 days] APPS -> %SystemDrive%\APPS -> [Folder | Modified Date = 7/3/2008 6:58:42 PM | Attr = ] BOOT.INI -> %SystemDrive%\BOOT.INI -> [Ver = | Size = 194 bytes | Modified Date = 4/27/2008 5:50:49 AM | Attr = RHS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/29/2008 12:09:23 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 7/3/2008 6:55:23 PM | Attr = ] DRIVERS -> %SystemDrive%\DRIVERS -> [Folder | Modified Date = 5/19/2008 9:48:18 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063702528 bytes | Modified Date = 7/8/2008 11:07:58 PM | Attr = HS] I386 -> %SystemDrive%\I386 -> [Folder | Modified Date = 6/17/2008 12:42:08 AM | Attr = ] IBMSHARE -> %SystemDrive%\IBMSHARE -> [Folder | Modified Date = 7/8/2008 5:30:27 AM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 5/7/2008 6:56:32 AM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 5/7/2008 6:56:32 AM | Attr = RHS] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 6/27/2008 5:59:19 AM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/8/2008 4:16:21 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/17/2008 12:37:32 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/26/2008 8:53:58 PM | Attr = HS] RRbackups -> %SystemDrive%\RRbackups -> [Folder | Modified Date = 7/8/2008 11:08:17 PM | Attr = RHS] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/27/2008 3:54:03 AM | Attr = ] Settings.ini -> %SystemDrive%\Settings.ini -> [Ver = | Size = 711 bytes | Modified Date = 4/10/2008 8:44:20 AM | Attr = ] SWTOOLS -> %SystemDrive%\SWTOOLS -> [Folder | Modified Date = 6/30/2008 4:49:16 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/27/2008 12:24:34 AM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 7/6/2008 1:59:49 AM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/27/2008 5:57:41 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/8/2008 3:30:15 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 7/6/2008 11:51:54 PM | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 5/7/2008 1:12:40 AM | Attr = ] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Modified Date = 4/13/2008 8:11:48 PM | Attr = ] amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] dmboot.sys -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr = ] dmio.sys -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 7/7/2008 10:25:28 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 250917 bytes | Modified Date = 7/7/2008 10:25:28 PM | Attr = R ] hosts.20080517-025001.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080517-025001.backup -> [Ver = | Size = 238945 bytes | Modified Date = 5/8/2008 6:36:56 AM | Attr = ] hosts.20080517-030459.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080517-030459.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/17/2008 2:50:01 AM | Attr = ] hosts.20080517-105721.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080517-105721.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/17/2008 3:04:59 AM | Attr = ] hosts.20080517-110832.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080517-110832.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/17/2008 10:57:21 AM | Attr = ] hosts.20080518-013554.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080518-013554.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/17/2008 11:08:32 AM | Attr = ] hosts.20080518-234510.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080518-234510.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/18/2008 1:35:54 AM | Attr = ] hosts.20080519-001306.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-001306.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/18/2008 11:45:10 PM | Attr = ] hosts.20080519-001522.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-001522.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 12:13:06 AM | Attr = ] hosts.20080519-063339.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-063339.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 12:15:22 AM | Attr = ] hosts.20080519-063841.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-063841.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 12:15:22 AM | Attr = ] hosts.20080519-063854.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-063854.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 6:38:41 AM | Attr = ] hosts.20080519-090122.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-090122.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 6:38:54 AM | Attr = ] hosts.20080519-090649.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-090649.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 9:01:22 AM | Attr = ] hosts.20080519-100540.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-100540.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 9:06:49 AM | Attr = ] hosts.20080519-110523.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080519-110523.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 10:05:40 AM | Attr = ] hosts.20080530-061328.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080530-061328.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/19/2008 11:05:23 AM | Attr = ] hosts.20080618-043139.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080618-043139.backup -> [Ver = | Size = 239221 bytes | Modified Date = 5/30/2008 6:13:28 AM | Attr = ] hosts.20080619-081203.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080619-081203.backup -> [Ver = | Size = 250029 bytes | Modified Date = 6/18/2008 4:31:39 AM | Attr = ] hosts.20080626-010526.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080626-010526.backup -> [Ver = | Size = 250583 bytes | Modified Date = 6/19/2008 8:12:03 AM | Attr = ] hosts.20080626-010608.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080626-010608.backup -> [Ver = | Size = 250917 bytes | Modified Date = 6/26/2008 1:05:26 AM | Attr = ] hosts.20080626-010641.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080626-010641.backup -> [Ver = | Size = 250917 bytes | Modified Date = 6/26/2008 1:06:08 AM | Attr = ] hosts.20080626-045120.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080626-045120.backup -> [Ver = | Size = 250917 bytes | Modified Date = 6/26/2008 1:06:41 AM | Attr = ] hosts.20080626-061229.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080626-061229.backup -> [Ver = | Size = 250917 bytes | Modified Date = 6/26/2008 4:51:20 AM | Attr = ] hosts.20080707-222517.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080707-222517.backup -> [Ver = | Size = 250917 bytes | Modified Date = 6/26/2008 6:12:29 AM | Attr = ] hosts.20080707-222528.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080707-222528.backup -> [Ver = | Size = 250917 bytes | Modified Date = 7/7/2008 10:25:17 PM | Attr = R ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 374 bytes | Modified Date = 7/8/2008 11:08:11 PM | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 12:36:05 PM | Attr = ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/13/2008 2:36:39 PM | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr = ] aJRtDfhk.ini -> %SystemRoot%\System32\aJRtDfhk.ini -> [Ver = | Size = 760256 bytes | Modified Date = 5/25/2008 4:44:08 PM | Attr = HS] amstream.dll -> %SystemRoot%\System32\amstream.dll -> [Ver = | Size = 70656 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 6/27/2008 12:27:41 AM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Modified Date = 4/13/2008 8:11:49 PM | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 285696 bytes | Modified Date = 4/13/2008 8:09:01 PM | Attr = ] atmlib.dll -> %SystemRoot%\System32\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 226 | Size = 30208 bytes | Modified Date = 4/13/2008 8:11:50 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 6/27/2008 6:10:14 AM | Attr = ] botdytsu.ini -> %SystemRoot%\System32\botdytsu.ini -> [Ver = | Size = 1198506 bytes | Modified Date = 5/29/2008 1:34:11 AM | Attr = HS] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 6/27/2008 6:14:15 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/8/2008 11:11:05 PM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 6/27/2008 6:02:18 AM | Attr = ] compatui.dll -> %SystemRoot%\System32\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 252928 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/2/2008 8:14:37 PM | Attr = ] dcache.bin -> %SystemRoot%\System32\dcache.bin -> [Ver = | Size = 1804 bytes | Modified Date = 4/13/2008 8:25:26 PM | Attr = ] defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 25088 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr = ] devenum.dll -> %SystemRoot%\System32\devenum.dll -> [Ver = | Size = 59904 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr = ] dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 82944 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr = ] dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 105472 bytes | Modified Date = 4/13/2008 8:12:16 PM | Attr = ] dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 39424 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr = ] dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 124416 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr = ] dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 111104 bytes | Modified Date = 4/13/2008 8:11:51 PM | Attr = ] dhcpcfg.dmp -> %SystemRoot%\System32\dhcpcfg.dmp -> [Ver = | Size = 61 bytes | Modified Date = 7/8/2008 11:11:02 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/2/2008 5:37:06 AM | Attr = RHS] dmadmin.exe -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ] dmdlgs.dll -> %SystemRoot%\System32\dmdlgs.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 285184 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr = ] dmdskmgr.dll -> %SystemRoot%\System32\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 200704 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr = ] dmremote.exe -> %SystemRoot%\System32\dmremote.exe -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 15872 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ] dmserver.dll -> %SystemRoot%\System32\dmserver.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr = ] dmutil.dll -> %SystemRoot%\System32\dmutil.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 52224 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/6/2008 4:00:26 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 7/2/2008 6:27:37 AM | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 4/13/2008 8:11:52 PM | Attr = ] EGATHDRV.SYS -> %SystemRoot%\System32\EGATHDRV.SYS -> IBM Corporation [Ver = 2.05 | Size = 5427 bytes | Modified Date = 7/6/2008 | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 6/27/2008 6:10:15 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 6/30/2008 5:34:37 PM | Attr = ] encdec.dll -> %SystemRoot%\System32\encdec.dll -> [Ver = | Size = 186880 bytes | Modified Date = 4/13/2008 8:11:53 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 768488 bytes | Modified Date = 7/8/2008 3:11:23 AM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 5/27/2008 4:08:00 AM | Attr = H ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr = ] iac25_32.ax -> %SystemRoot%\System32\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] iccvid.dll -> %SystemRoot%\System32\iccvid.dll -> Radius Inc. [Ver = 1.10.0.11 | Size = 80384 bytes | Modified Date = 4/13/2008 8:11:54 PM | Attr = ] imycxtiv.dll -> %SystemRoot%\System32\imycxtiv.dll -> [Ver = | Size = 78848 bytes | Modified Date = 7/7/2008 1:05:50 AM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 7/2/2008 5:27:29 AM | Attr = ] ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] ir50_32.dll -> %SystemRoot%\System32\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] ivfsrc.ax -> %SystemRoot%\System32\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] jgdw400.dll -> %SystemRoot%\System32\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] jgpl400.dll -> %SystemRoot%\System32\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] kaklkgew.ini -> %SystemRoot%\System32\kaklkgew.ini -> [Ver = | Size = 1156167 bytes | Modified Date = 5/26/2008 3:12:51 AM | Attr = HS] l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 4/13/2008 8:09:57 PM | Attr = ] lawupubm.ini -> %SystemRoot%\System32\lawupubm.ini -> [Ver = | Size = 1384610 bytes | Modified Date = 6/16/2008 11:59:39 PM | Attr = HS] lmtjhz.dll -> %SystemRoot%\System32\lmtjhz.dll -> [Ver = | Size = 103424 bytes | Modified Date = 7/5/2008 11:57:45 PM | Attr = ] lsprst7.tgz -> %SystemRoot%\System32\lsprst7.tgz -> [Ver = | Size = 219 bytes | Modified Date = 5/15/2008 5:51:56 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 5/19/2008 2:41:00 AM | Attr = ] mciqtz32.dll -> %SystemRoot%\System32\mciqtz32.dll -> [Ver = | Size = 35328 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr = ] mmc.exe.config -> %SystemRoot%\System32\mmc.exe.config -> [Ver = | Size = 126 bytes | Modified Date = 5/27/2008 4:09:54 AM | Attr = ] mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax -> [Ver = | Size = 118272 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [Ver = | Size = 148992 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] msdmo.dll -> %SystemRoot%\System32\msdmo.dll -> [Ver = | Size = 14336 bytes | Modified Date = 4/13/2008 8:11:59 PM | Attr = ] msdxm.ocx -> %SystemRoot%\System32\msdxm.ocx -> [Ver = | Size = 844314 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 4/13/2008 8:10:08 PM | Attr = ] msmq -> %SystemRoot%\System32\msmq -> [Folder | Modified Date = 5/27/2008 12:07:09 AM | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Modified Date = 4/13/2008 8:12:01 PM | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 6/27/2008 6:02:24 AM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 5/30/2008 5:57:10 AM | Attr = ] nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr = ] odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp -> [Ver = | Size = 4310 bytes | Modified Date = 4/13/2008 1:26:09 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 6/27/2008 6:01:58 AM | Attr = ] osbvccsy.ini -> %SystemRoot%\System32\osbvccsy.ini -> [Ver = | Size = 1222384 bytes | Modified Date = 5/29/2008 11:40:14 PM | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 67024 bytes | Modified Date = 7/6/2008 2:31:31 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 419340 bytes | Modified Date = 7/6/2008 2:31:31 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 493386 bytes | Modified Date = 7/6/2008 2:31:30 AM | Attr = ] phcgvoj0et1a.bmp -> %SystemRoot%\System32\phcgvoj0et1a.bmp -> [Ver = | Size = 90838 bytes | Modified Date = 6/27/2008 12:24:08 AM | Attr = ] pkaphtia.ini -> %SystemRoot%\System32\pkaphtia.ini -> [Ver = | Size = 1409358 bytes | Modified Date = 6/18/2008 12:33:32 AM | Attr = HS] PROCDB.INI -> %SystemRoot%\System32\PROCDB.INI -> [Ver = | Size = 8952 bytes | Modified Date = 7/8/2008 11:08:10 PM | Attr = ] proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 81920 bytes | Modified Date = 4/13/2008 8:10:35 PM | Attr = ] qcap.dll -> %SystemRoot%\System32\qcap.dll -> [Ver = | Size = 192512 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr = ] qdrvefov.dll -> %SystemRoot%\System32\qdrvefov.dll -> [Ver = | Size = 103424 bytes | Modified Date = 7/5/2008 11:57:45 PM | Attr = ] qdv.dll -> %SystemRoot%\System32\qdv.dll -> [Ver = | Size = 279040 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr = ] qdvd.dll -> %SystemRoot%\System32\qdvd.dll -> [Ver = | Size = 386048 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr = ] qedit.dll -> %SystemRoot%\System32\qedit.dll -> [Ver = | Size = 562176 bytes | Modified Date = 4/13/2008 8:12:03 PM | Attr = ] qedwipes.dll -> %SystemRoot%\System32\qedwipes.dll -> [Ver = | Size = 733696 bytes | Modified Date = 4/13/2008 1:21:32 PM | Attr = ] qguqwnsk.ini -> %SystemRoot%\System32\qguqwnsk.ini -> [Ver = | Size = 1155206 bytes | Modified Date = 5/24/2008 1:36:19 PM | Attr = HS] qqnaigln.ini -> %SystemRoot%\System32\qqnaigln.ini -> [Ver = | Size = 474 bytes | Modified Date = 6/15/2008 11:27:05 PM | Attr = HS] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 5/7/2008 1:12:40 AM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Modified Date = 5/27/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Modified Date = 5/27/2008 10:50:34 AM | Attr = ] regwizc.dll -> %SystemRoot%\System32\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 397824 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 6/27/2008 5:58:26 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/27/2008 6:02:24 AM | Attr = ] roopbtbx.ini -> %SystemRoot%\System32\roopbtbx.ini -> [Ver = | Size = 1155146 bytes | Modified Date = 5/24/2008 10:23:16 PM | Attr = HS] RrYaGMoq.ini -> %SystemRoot%\System32\RrYaGMoq.ini -> [Ver = | Size = 686642 bytes | Modified Date = 6/18/2008 12:12:53 PM | Attr = HS] RrYaGMoq.ini2 -> %SystemRoot%\System32\RrYaGMoq.ini2 -> [Ver = | Size = 738477 bytes | Modified Date = 6/18/2008 12:10:41 PM | Attr = HS] runtime -> %SystemRoot%\System32\runtime -> [Folder | Modified Date = 5/4/2008 7:55:15 PM | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] sbe.dll -> %SystemRoot%\System32\sbe.dll -> [Ver = | Size = 270848 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 6/27/2008 6:10:21 AM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 6/27/2008 6:16:08 AM | Attr = ] slbiop.dll -> %SystemRoot%\System32\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2600.2095 (xpsp_sp2_rc1.040310-2010) | Size = 98304 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Modified Date = 4/13/2008 8:12:06 PM | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr = ] sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 4/13/2008 8:10:50 PM | Attr = ] ssprs.tgz -> %SystemRoot%\System32\ssprs.tgz -> [Ver = | Size = 87 bytes | Modified Date = 5/15/2008 5:51:56 AM | Attr = ] sysprs7.tgz -> %SystemRoot%\System32\sysprs7.tgz -> [Ver = | Size = 1025 bytes | Modified Date = 5/15/2008 5:51:45 AM | Attr = ] tlwwxihw.ini -> %SystemRoot%\System32\tlwwxihw.ini -> [Ver = | Size = 4559095 bytes | Modified Date = 6/12/2008 3:36:10 AM | Attr = HS] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 6/27/2008 6:10:23 AM | Attr = ] vbicodec.ax -> %SystemRoot%\System32\vbicodec.ax -> [Ver = | Size = 53248 bytes | Modified Date = 4/13/2008 8:12:42 PM | Attr = ] vitxcymi.ini -> %SystemRoot%\System32\vitxcymi.ini -> [Ver = | Size = 1695007 bytes | Modified Date = 7/8/2008 11:11:08 PM | Attr = HS] vpgsxv.dll -> %SystemRoot%\System32\vpgsxv.dll -> [Ver = | Size = 102912 bytes | Modified Date = 7/7/2008 1:05:42 AM | Attr = ] vtUmNFuS.dll -> %SystemRoot%\System32\vtUmNFuS.dll -> [Ver = | Size = 32475 bytes | Modified Date = 7/5/2008 1:20:10 PM | Attr = ] vuvqoaxj.ini -> %SystemRoot%\System32\vuvqoaxj.ini -> [Ver = | Size = 1155867 bytes | Modified Date = 5/25/2008 5:04:59 PM | Attr = HS] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 7/2/2008 8:14:08 PM | Attr = ] wHNVuBeg.ini -> %SystemRoot%\System32\wHNVuBeg.ini -> [Ver = | Size = 656735 bytes | Modified Date = 7/8/2008 1:31:18 AM | Attr = HS] wHNVuBeg.ini2 -> %SystemRoot%\System32\wHNVuBeg.ini2 -> [Ver = | Size = 656735 bytes | Modified Date = 7/8/2008 1:28:53 AM | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2278 bytes | Modified Date = 7/8/2008 11:10:53 PM | Attr = ] wstpager.ax -> %SystemRoot%\System32\wstpager.ax -> [Ver = | Size = 164352 bytes | Modified Date = 4/13/2008 8:12:43 PM | Attr = ] wstrenderer.ax -> %SystemRoot%\System32\wstrenderer.ax -> [Ver = | Size = 239616 bytes | Modified Date = 4/13/2008 8:12:43 PM | Attr = ] xcfcgtli.dll -> %SystemRoot%\System32\xcfcgtli.dll -> [Ver = | Size = 102912 bytes | Modified Date = 7/7/2008 1:05:42 AM | Attr = ] xriicamq.ini -> %SystemRoot%\System32\xriicamq.ini -> [Ver = | Size = 2387718 bytes | Modified Date = 6/9/2008 5:47:56 PM | Attr = HS] yclamqmo.ini -> %SystemRoot%\System32\yclamqmo.ini -> [Ver = | Size = 624 bytes | Modified Date = 6/26/2008 3:33:29 AM | Attr = HS] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/20/2008 5:02:35 AM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 6/27/2008 5:58:13 AM | Attr = H ] a3kebook.ini -> %SystemRoot%\a3kebook.ini -> [Ver = | Size = 4 bytes | Modified Date = 6/22/2008 4:40:37 AM | Attr = H ] akebook.ini -> %SystemRoot%\akebook.ini -> [Ver = | Size = 20 bytes | Modified Date = 6/22/2008 4:40:37 AM | Attr = H ] ANS2000.INI -> %SystemRoot%\ANS2000.INI -> [Ver = | Size = 23 bytes | Modified Date = 6/22/2008 4:40:37 AM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/27/2008 6:16:08 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 6/30/2008 7:14:08 PM | Attr = R S] BM173ddcda.xml -> %SystemRoot%\BM173ddcda.xml -> [Ver = | Size = 48 bytes | Modified Date = 6/19/2008 12:33:28 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/8/2008 11:07:59 PM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 7/6/2008 4:14:11 PM | Attr = HS] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/27/2008 3:57:50 AM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 6/18/2008 2:46:16 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/7/2008 10:27:34 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 6/27/2008 5:54:00 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/29/2008 12:09:52 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 7/4/2008 1:54:56 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/7/2008 10:28:01 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/19/2008 6:41:26 AM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 6/27/2008 6:10:57 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 2675 bytes | Modified Date = 6/27/2008 6:14:21 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/7/2008 10:28:35 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/7/2008 10:29:58 PM | Attr = HS] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 6/27/2008 6:10:16 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 6/30/2008 3:52:42 PM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5/24/2008 4:03:00 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1160 bytes | Modified Date = 6/18/2008 12:08:10 AM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 6/27/2008 6:02:22 AM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 6/27/2008 6:02:24 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/27/2008 6:10:57 AM | Attr = ] orun32.ini -> %SystemRoot%\orun32.ini -> [Ver = | Size = 893 bytes | Modified Date = 7/2/2008 5:22:37 AM | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 6/27/2008 6:10:14 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/9/2008 12:04:02 AM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 6/26/2008 7:45:12 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/27/2008 5:50:43 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 4/12/2008 6:51:30 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/12/2008 3:35:44 AM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/2/2008 8:14:07 PM | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 5/24/2008 1:36:06 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 6/27/2008 6:13:31 AM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 6/27/2008 6:02:43 AM | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 7/4/2008 1:55:31 AM | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/13/2008 8:12:35 PM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 6/27/2008 6:02:21 AM | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 7/2/2008 8:15:17 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 6/27/2008 6:01:54 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 284 bytes | Modified Date = 6/22/2008 4:40:37 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/8/2008 11:11:08 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/7/2008 6:12:50 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/8/2008 11:12:28 PM | Attr = ] twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,1 | Size = 50688 bytes | Modified Date = 4/13/2008 8:12:07 PM | Attr = ] U3R1ZGVudA -> %SystemRoot%\U3R1ZGVudA -> [Folder | Modified Date = 4/10/2008 8:50:02 AM | Attr = HS] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 765 bytes | Modified Date = 7/4/2008 1:51:20 AM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 2352 bytes | Modified Date = 7/8/2008 12:31:26 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/7/2008 10:29:55 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/2/2008 2:44:05 PM | Attr = ] Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 256 bytes | Modified Date = 7/2/2008 5:23:49 AM | Attr = ] PMTask.job -> %SystemRoot%\tasks\PMTask.job -> [Ver = | Size = 316 bytes | Modified Date = 7/8/2008 5:25:06 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/8/2008 11:08:01 PM | Attr = H ] User_Feed_Synchronization-{AE952DE2-4671-4745-AE25-AB9FD7571EC1}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{AE952DE2-4671-4745-AE25-AB9FD7571EC1}.job -> [Ver = | Size = 388 bytes | Modified Date = 7/9/2008 12:05:00 AM | Attr = H ] Windows Update.job -> %SystemRoot%\tasks\Windows Update.job -> [Ver = | Size = 254 bytes | Modified Date = 7/8/2008 3:57:00 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 10/20/2007 9:18:52 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 22480 bytes | Modified Date = 7/7/2008 1:35:48 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 23832 bytes | Modified Date = 7/7/2008 1:35:47 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/1/2008 9:07:49 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 10/20/2007 10:54:29 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8550 bytes | Modified Date = 7/8/2008 4:47:36 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 7/8/2008 11:12:28 PM | Attr = ] GoogleUpdate.exe36504 -> C:\WINDOWS\Temp\GoogleUpdate.exe -> Google Inc. [Ver = 1.0.0.0 | Size = 51184 bytes | Modified Date = 7/7/2008 1:35:49 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 7/8/2008 11:12:28 PM | Attr = ] goopdate.dll36543 -> C:\WINDOWS\Temp\goopdate.dll -> Google Inc. [Ver = 1.1.25.0 | Size = 450544 bytes | Modified Date = 7/7/2008 1:35:49 AM | Attr = ] GoopdateBho.dll367b4 -> C:\WINDOWS\Temp\GoopdateBho.dll -> [Ver = | Size = 156144 bytes | Modified Date = 7/7/2008 1:35:49 AM | Attr = ] goopdateres_en.dll36802 -> C:\WINDOWS\Temp\goopdateres_en.dll -> Google Inc. [Ver = 1.1.25.0 | Size = 27632 bytes | Modified Date = 7/7/2008 1:35:49 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 4/12/2008 3:25:21 AM | Attr = ] Broderbund Software -> %AllUsersProfile%\Application Data\Broderbund Software -> [Folder | Modified Date = 5/17/2008 11:06:34 AM | Attr = ] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 7/6/2008 2:19:20 AM | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 7/7/2008 4:15:59 AM | Attr = ] hps -> %AllUsersProfile%\Application Data\hps -> [Folder | Modified Date = 5/15/2008 5:51:41 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 7/3/2008 7:53:46 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/27/2008 12:12:51 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 7/3/2008 7:52:28 PM | Attr = S] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 7/4/2008 1:51:22 PM | Attr = ] PCDr -> %AllUsersProfile%\Application Data\PCDr -> [Folder | Modified Date = 4/10/2008 2:47:14 AM | Attr = ] Riverdeep Interactive Learning Limited -> %AllUsersProfile%\Application Data\Riverdeep Interactive Learning Limited -> [Folder | Modified Date = 7/7/2008 10:30:43 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 5/19/2008 10:12:54 AM | Attr = ] System Restore -> %AllUsersProfile%\Application Data\System Restore -> [Folder | Modified Date = 6/19/2008 8:22:30 AM | Attr = HS] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 7/6/2008 4:00:16 AM | Attr = ] @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 5/26/2008 11:37:22 PM | Attr = ] Yahoo! -> %AllUsersProfile%\Application Data\Yahoo! -> [Folder | Modified Date = 5/28/2008 5:46:27 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/27/2008 2:42:24 AM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 7/7/2008 12:31:53 AM | Attr = ] DivX -> %AppData%\DivX -> [Folder | Modified Date = 5/8/2008 7:49:49 PM | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 6/6/2008 2:10:08 AM | Attr = ] eBookPro6 -> %AppData%\eBookPro6 -> [Folder | Modified Date = 7/5/2008 6:30:24 AM | Attr = ] ErrorRepairTool -> %AppData%\ErrorRepairTool -> [Folder | Modified Date = 6/26/2008 11:42:49 PM | Attr = ] FireShot -> %AppData%\FireShot -> [Folder | Modified Date = 6/19/2008 8:22:30 AM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 7/2/2008 8:13:41 PM | Attr = ] Help -> %AppData%\Help -> [Folder | Modified Date = 6/18/2008 12:09:04 PM | Attr = ] IBM -> %AppData%\IBM -> [Folder | Modified Date = 7/2/2008 8:13:41 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 7/2/2008 8:13:41 PM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 5/19/2008 8:47:26 AM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 7/4/2008 5:48:11 AM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 6/26/2008 11:29:35 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/27/2008 12:12:54 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 7/4/2008 12:54:48 AM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 6/27/2008 1:54:55 AM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 6/30/2008 12:12:59 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 6/27/2008 4:46:13 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 7/2/2008 8:13:42 PM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Modified Date = 5/19/2008 10:14:29 AM | Attr = ] ThinkVantage -> %AppData%\ThinkVantage -> [Folder | Modified Date = 7/2/2008 8:13:42 PM | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Modified Date = 6/26/2008 11:48:51 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 7/9/2008 12:06:44 AM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 7/2/2008 4:17:37 AM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 6/28/2008 1:43:14 AM | Attr = ] WordWeb -> %AppData%\WordWeb -> [Folder | Modified Date = 5/28/2008 10:12:57 AM | Attr = ] Yahoo! -> %AppData%\Yahoo! -> [Folder | Modified Date = 5/28/2008 5:46:27 AM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 7/2/2008 4:21:56 AM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 6/27/2008 1:55:55 AM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 6/30/2008 2:53:24 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/2/2008 4:19:38 AM | Attr = ] Broderbund Software -> %UserProfile%\Local Settings\Application Data\Broderbund Software -> [Folder | Modified Date = 5/17/2008 11:12:20 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 5632 bytes | Modified Date = 7/5/2008 3:13:23 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 256680 bytes | Modified Date = 7/7/2008 10:31:04 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 7/6/2008 8:24:59 AM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 6/17/2008 12:42:08 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2530032 bytes | Modified Date = 7/3/2008 2:40:28 PM | Attr = H ] Identities -> %UserProfile%\Local Settings\Application Data\Identities -> [Folder | Modified Date = 6/27/2008 3:58:51 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 7/4/2008 5:49:05 AM | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Modified Date = 6/30/2008 3:01:39 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 6/27/2008 1:54:56 AM | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 6/30/2008 7:03:24 PM | Attr = ] Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net -> [Folder | Modified Date = 6/28/2008 1:44:14 AM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 7/4/2008 7:30:58 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 7/4/2008 5:06:33 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 7/2/2008 6:37:57 PM | Attr = R ] Access Connections -> %UserProfile%\My Documents\Access Connections -> [Folder | Modified Date = 7/5/2008 11:49:02 PM | Attr = ] Book1.xlsx -> %UserProfile%\My Documents\Book1.xlsx -> [Ver = | Size = 19540 bytes | Modified Date = 7/7/2008 9:20:33 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 6/26/2008 6:35:12 AM | Attr = HS] E-Book Websites -> %UserProfile%\My Documents\E-Book Websites -> [Folder | Modified Date = 7/7/2008 7:14:27 PM | Attr = ] Microsoft -> %UserProfile%\My Documents\Microsoft -> [Folder | Modified Date = 7/3/2008 7:27:39 PM | Attr = ] My Computer.lnk -> %UserProfile%\My Documents\My Computer.lnk -> [Ver = | Size = 104 bytes | Modified Date = 7/4/2008 1:06:19 PM | Attr = ] My Google Gadgets -> %UserProfile%\My Documents\My Google Gadgets -> [Folder | Modified Date = 7/6/2008 2:17:07 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 7/6/2008 8:34:25 AM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/4/2008 3:05:35 PM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 7/6/2008 8:37:59 AM | Attr = R ] Nicola's Shit -> %UserProfile%\My Documents\Nicola's Shit -> [Folder | Modified Date = 7/7/2008 8:14:02 PM | Attr = ] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Modified Date = 7/6/2008 8:40:56 AM | Attr = ] RECIPE.doc -> %UserProfile%\My Documents\RECIPE.doc -> [Ver = | Size = 70144 bytes | Modified Date = 7/8/2008 10:30:39 PM | Attr = ] RECIPE.docx -> %UserProfile%\My Documents\RECIPE.docx -> [Ver = | Size = 16452 bytes | Modified Date = 7/8/2008 5:26:45 AM | Attr = ] runscanner.zip -> %UserProfile%\My Documents\runscanner.zip -> [Ver = | Size = 1659784 bytes | Modified Date = 6/29/2008 12:00:23 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\runscanner.zip:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 7/6/2008 5:38:46 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 7/6/2008 5:40:16 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/9/2008 12:03:41 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568114 bytes | Modified Date = 7/9/2008 12:03:10 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Event Reminder.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Event Reminder.lnk -> [Ver = | Size = 706 bytes | Modified Date = 7/7/2008 10:26:01 PM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 7/2/2008 6:24:42 AM | Attr = HS] Broderbund -> %CommonProgramFiles%\Broderbund -> [Folder | Modified Date = 7/7/2008 10:24:06 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 6/30/2008 6:24:15 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 4/10/2008 2:30:51 AM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 7/4/2008 1:55:41 AM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 6/30/2008 12:13:07 PM | Attr = ] Sonic Shared -> %CommonProgramFiles%\Sonic Shared -> [Folder | Modified Date = 7/2/2008 8:13:45 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 7/4/2008 1:51:15 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\Administrator\My Documents\LimeWire\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\17.0\Books\Address.abk 1988 bytes C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\17.0\Books\Sender C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PrintMaster\17.0\Books\Sender\Sender.abk 2156 bytes C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\20.0\Books\Sender C:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\The Print Shop\20.0\Books\Sender\Sender.abk 2156 bytes C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 98 bytes C:\Documents and Settings\All Users\Documents\My Music\i-tunes\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\Access Connections C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\desktop.ini 74 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\Desktop.ini 179 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\iTunes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\iTunes\Album Artwork C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\iTunes\Album Artwork\Local C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\iTunes\iTunes Library.itl 69127 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\iTunes\iTunes Music C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\iTunes\iTunes Music Library.xml 42824 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Music\Sample Music.lnk 542 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\Desktop.ini 181 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\23.jpg 36545 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\1.jpg 60535 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\10.JPG 56029 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\11.JPG 56279 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\12.jpg 217989 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\13.jpg 41600 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\14.jpg 31645 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\15.jpg 36262 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\16.jpg 79733 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\17.jpg 105327 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\18.jpg 49754 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\19.jpg 74661 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\2.jpg 110187 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\20.jpg 54573 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\21.jpg 66408 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\22.jpg 49071 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\24.jpg 37133 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\25.jpg 42707 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\26.jpg 36598 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\27.jpg 36252 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\28.jpg 68726 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\29.jpg 62046 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\3.jpg 50799 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\30.jpg 64550 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\31.jpg 47786 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\32.jpg 81079 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\33.jpg 76287 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\34.JPG 73035 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\35.jpg 93480 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\36.jpg 42685 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\37.jpg 94702 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\38.jpg 137209 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\39.jpg 43925 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\4.jpg 48386 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\40.jpg 140242 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\5.jpg 48283 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\6.JPG 54375 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\7.JPG 59098 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\8.JPG 56507 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\9.JPG 57285 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\Desktop.ini 77 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\Thumbs.db 187392 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\mine\Thumbs.db:encryptable 0 bytes hidden from API C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Pictures\Sample Pictures.lnk 572 bytes C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Videos C:\Documents and Settings\nic.LENOVO-594FD52A\My Documents\My Videos\Desktop.ini 180 bytes C:\Documents and Settings\Nicola's Shit\Application Data\Mozilla\Firefox\Profiles\tp8m8d9z.default\WebMyndFiles\data\20080620021207\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Nicola's Shit\Application Data\Mozilla\Firefox\Profiles\tp8m8d9z.default\WebMyndFiles\data\20080620021211\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Nicola's Shit\Application Data\Mozilla\Firefox\Profiles\tp8m8d9z.default\WebMyndFiles\data\20080620021215\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Nicola's Shit\Local Settings\Application Data\Microsoft\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Nicola's Shit\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Nicola's Shit\My Documents\My Videos\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 78 < End of report > [/code]