[code] OTScanIt logfile created on: 22.8.2008 0:59:43 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy 511,48 Mb Total Physical Memory | 193,67 Mb Available Physical Memory | 37,86% Memory free 1,22 Gb Paging File | 0,89 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,96 Gb Total Space | 3,05 Gb Free Space | 19,11% Space Free | Partition Type: NTFS Drive D: | 58,59 Gb Total Space | 26,32 Gb Free Space | 44,92% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 502,10 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMD-C1F6EBFE7E7 Current User Name: AMD Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 385024 bytes | Modified Date = 2.12.2003 15:55:06 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19.7.2008 16:25:06 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19.7.2008 16:38:28 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 385024 bytes | Modified Date = 2.12.2003 15:55:06 | Attr = ] nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 20.9.2007 10:51:46 | Attr = ] slserv.exe -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 2.7.2003 11:40:08 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19.7.2008 16:38:04 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23.7.2008 16:25:45 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5072 | Size = 335872 bytes | Modified Date = 25.11.2003 22:10:00 | Attr = ] gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15.7.2005 23:48:33 | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 10.6.2005 11:44:02 | Attr = ] vm_sti.exe -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 9.6.2004 16:37:02 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19.7.2008 16:38:34 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10.6.2008 4:27:04 | Attr = ] picasamediadetector.exe -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 23.10.2007 23:18:15 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 17.8.2008 10:32:33 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12.7.2008 9:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19.7.2008 16:25:06 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 385024 bytes | Modified Date = 2.12.2003 15:55:06 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0013 | Size = 516096 bytes | Modified Date = 2.12.2003 22:10:00 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19.7.2008 16:38:28 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19.7.2008 16:38:04 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23.7.2008 16:25:45 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4.8.2004 1:56:50 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 3.11.2007 12:02:43 | Attr = ] (Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 1, 0, 0 | Size = 853288 bytes | Modified Date = 20.9.2007 10:51:46 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.1.0.0 | Size = 382248 bytes | Modified Date = 20.9.2007 16:35:38 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 7, 0, 8, 0 | Size = 430592 bytes | Modified Date = 7.4.2008 9:17:30 | Attr = ] (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 2.7.2003 11:40:08 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15.7.2005 23:48:33 | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> ATI Technologies, Inc. [Ver = 6.14.10.5072 | Size = 335872 bytes | Modified Date = 25.11.2003 22:10:00 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19.7.2008 16:38:34 | Attr = ] BigDogPath -> %SystemRoot%\VM_STI.EXE [C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam] -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 9.6.2004 16:37:02 | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 10.6.2005 11:44:02 | Attr = ] Microsoft Windows Express -> [Microsoft Update] -> File not found SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10.6.2008 4:27:04 | Attr = ] zzz_ImInstaller_IncrediMail -> %UserProfile%\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe [C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail] -> IncrediMail Ltd. [Ver = 7, 0, 0, 1334 | Size = 525664 bytes | Modified Date = 26.2.2008 23:05:39 | Attr = ] < RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> Microsoft Windows Express -> [Microsoft Update] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 23.10.2007 23:18:15 | Attr = ] < Run [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.36 | Size = 443968 bytes | Modified Date = 23.10.2007 23:18:15 | Attr = ] < All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> < AMD.AMD-C1F6EBFE7E7 Startup Folder > -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Default User.WINDOWS Startup Folder > -> C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13.6.2007 12:23:07 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 4.8.2004 1:56:52 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26.10.2007 5:36:51 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 2.12.2003 15:55:12 | Attr = ] xxyabcBq -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 3.8.2004 23:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLITE-ON_LTR-52327S______________________QS0C____\5&14576fb3&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRom_NEC_DVD_RW_ND-4550A____________________1.06____\5&14576fb3&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_UH5298N&Prod_QLW818A&Rev_1.0\5&cd3857f&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2.7.2007 9:19:05 | Attr = ] AutoRun [] -> G:\AutoRun.exe [ CDFS ] -> Electronic Arts Inc. [Ver = 1.0.0.293 | Size = 655360 bytes | Modified Date = 7.5.2004 13:41:08 | Attr = R ] AutoRun.exe [MZ | ] -> G:\AutoRun.exe [ CDFS ] -> Electronic Arts Inc. [Ver = 1.0.0.293 | Size = 655360 bytes | Modified Date = 7.5.2004 13:41:08 | Attr = R ] AutoRunGUI.dll [MZ | ] -> G:\AutoRunGUI.dll [ CDFS ] -> Electronic Arts Inc. [Ver = 1.0.0.267 | Size = 569344 bytes | Modified Date = 30.4.2004 6:57:06 | Attr = R ] autorun.inf [[autorun] | open=Setup.exe | Icon=hppoa.ico | Name=Harry Potter and the Prisoner of Azkaban | | [Special] | Disk=1 | | ] -> G:\autorun.inf [ CDFS ] -> [Ver = | Size = 113 bytes | Modified Date = 12.4.2004 15:34:04 | Attr = R ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> -> HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{b5146c40-189a-4311-bda9-fbae3e023187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Multi_Media\tbMult.dll [Multi Media Toolbar] -> Conduit Ltd. [Ver = 4, 5, 156, 0 | Size = 1391640 bytes | Modified Date = 31.7.2007 17:33:40 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\] > -> -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Main\\Start Page -> -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: URLSearchHooks\\{b5146c40-189a-4311-bda9-fbae3e023187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Multi_Media\tbMult.dll [Multi Media Toolbar] -> Conduit Ltd. [Ver = 4, 5, 156, 0 | Size = 1391640 bytes | Modified Date = 31.7.2007 17:33:40 | Attr = ] HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23.10.2006 10:08:42 | Attr = ] {6403C6F0-62D4-4741-8453-20445135DD21} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 3.11.2007 12:02:43 | Attr = R ] {b5146c40-189a-4311-bda9-fbae3e023187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Multi_Media\tbMult.dll [Multi Media Toolbar] -> Conduit Ltd. [Ver = 4, 5, 156, 0 | Size = 1391640 bytes | Modified Date = 31.7.2007 17:33:40 | Attr = ] {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 3.11.2007 12:02:43 | Attr = R ] {b5146c40-189a-4311-bda9-fbae3e023187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Multi_Media\tbMult.dll [Multi Media Toolbar] -> Conduit Ltd. [Ver = 4, 5, 156, 0 | Size = 1391640 bytes | Modified Date = 31.7.2007 17:33:40 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 3.11.2007 12:02:43 | Attr = R ] WebBrowser\\{B5146C40-189A-4311-BDA9-FBAE3E023187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Multi_Media\tbMult.dll [Multi Media Toolbar] -> Conduit Ltd. [Ver = 4, 5, 156, 0 | Size = 1391640 bytes | Modified Date = 31.7.2007 17:33:40 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 3.11.2007 12:02:43 | Attr = R ] WebBrowser\\{B5146C40-189A-4311-BDA9-FBAE3E023187} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Multi_Media\tbMult.dll [Multi Media Toolbar] -> Conduit Ltd. [Ver = 4, 5, 156, 0 | Size = 1391640 bytes | Modified Date = 31.7.2007 17:33:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] {F4430FE8-2638-42e5-B849-800749B94EED}:Exec -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [PartyPoker.net] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1659004503-1614895754-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> FunWebProducts -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {8E6BF630-C311-4186-9F94-716FB1A791DE} -> () -> {B8605BE4-0320-4F11-A637-4E14DC471258} -> (NVIDIA nForce MCP Networking Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[Minesweeper Flags Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\.Owner -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4.8.2004 1:56:44 | Attr = ] C:\WINDOWS\system32\efcaYpnM -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.6.2005 19:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4.8.2004 1:56:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.4.2007 16:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 4.8.2004 1:56:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 756 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 4.8.2004 1:56:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 4.8.2004 1:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> CA D7 8D B5 B5 AE 9A 05 21 17 36 12 3F F4 CD 9A 35 34 35 39 65 38 66 66 00 FD 07 00 D7 1B 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 BD F1 FE 68 67 BC 59 C2 00 F9 11 54 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 3D DE 9F 0A EE 50 AE FC D0 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 37 F3 D5 8E 0B 3E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23.8.2001 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 68 A7 7D 94 3D A1 05 EA 83 8E 2C 81 4B 09 AD 36 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A4 07 72 45 65 1D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 3707 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 4.8.2004 1:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\\??\C:\WINDOWS\system32\winlogon.exe -> %SystemRoot%\system32\winlogon.exe [\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6300.5000 | Size = 12829216 bytes | Modified Date = 12.12.2007 23:56:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 27.10.2006 16:37:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 27.10.2006 16:03:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.2009 | Size = 1491216 bytes | Modified Date = 14.4.2003 19:30:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe -> %ProgramFiles%\EA GAMES\Battlefield Vietnam\bfvietnam.exe [C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\eMule\emule.exe -> D:\eMule\emule.exe [D:\eMule\emule.exe:*:Disabled:eMule] -> http://www.emule-project.net [Ver = 0.47.1 Unicode | Size = 4997120 bytes | Modified Date = 2.11.2007 17:54:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\My Documents\GAL\incredimail_install.exe -> %UserProfile%\My Documents\GAL\incredimail_install.exe [C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\My Documents\GAL\incredimail_install.exe:*:Enabled:IncrediMail Installer] -> IncrediMail Ltd. [Ver = 7, 0, 0, 1334 | Size = 525664 bytes | Modified Date = 31.1.2008 21:51:11 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -> %UserProfile%\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe [C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe:*:Enabled:IncrediMail Installer] -> IncrediMail Ltd. [Ver = 7, 0, 0, 1334 | Size = 525664 bytes | Modified Date = 26.2.2008 23:05:39 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari\Terminator 3 - War of the Machines\T3.exe -> %ProgramFiles%\Atari\Terminator 3 - War of the Machines\T3.exe [C:\Program Files\Atari\Terminator 3 - War of the Machines\T3.exe:*:Disabled:T3] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe -> %CommonProgramFiles%\Nokia\Service Layer\A\nsl_host_process.exe [C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe -> %ProgramFiles%\Nokia\Nokia Software Updater\nsu_ui_client.exe [C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Disabled:Nokia Software Updater] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 30.5.2080 14:08:53 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winsspc.exe -> %SystemRoot%\system32\winsspc.exe [C:\WINDOWS\system32\winsspc.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 1.00.0009 | Size = 172032 bytes | Modified Date = 14.11.2007 7:32:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dlllhosts.exe -> %SystemRoot%\system32\dlllhosts.exe [C:\WINDOWS\system32\dlllhosts.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 225280 bytes | Modified Date = 4.12.2006 4:06:19 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\\system32\\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ -> %SystemRoot%\system32 [C:\WINDOWS\system32\:*:Enabled:Emule] -> [Folder | Modified Date = 22.8.2008 0:53:17 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\cssrss.exe -> %SystemRoot%\system32\cssrss.exe [C:\WINDOWS\system32\cssrss.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 1.00.0020 | Size = 90112 bytes | Modified Date = 6.8.2008 19:50:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ctffmon.exe -> %SystemRoot%\system32\ctffmon.exe [C:\WINDOWS\system32\ctffmon.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 1.00.0001 | Size = 94208 bytes | Modified Date = 26.5.2006 6:35:49 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\wincom.exe -> %SystemRoot%\system32\wincom.exe [C:\WINDOWS\system32\wincom.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 1.00.0003 | Size = 57344 bytes | Modified Date = 2.11.2007 5:04:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spolsvs.exe -> %SystemRoot%\system32\spolsvs.exe [C:\WINDOWS\system32\spolsvs.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 1.00.0057 | Size = 200704 bytes | Modified Date = 6.8.2008 18:57:07 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winlogins.exe -> %SystemRoot%\system32\winlogins.exe [C:\WINDOWS\system32\winlogins.exe:*:Enabled:Emule] -> Microsoft Corporation [Ver = 1.00.0012 | Size = 245760 bytes | Modified Date = 2.5.2008 5:09:01 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\winmng.exe -> %SystemRoot%\system32\winmng.exe [C:\WINDOWS\system32\winmng.exe:*:Enabled:Emule] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\wins\sor\WinSrv.exe -> %SystemRoot%\system32\wins\sor\WinSrv.exe [C:\WINDOWS\system32\wins\sor\WinSrv.exe:*:Enabled:Emule] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\System\win32.exe -> %CommonProgramFiles%\System\win32.exe [C:\Program Files\Common Files\System\win32.exe:*:Enabled:Windows Update] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\AMD~1.AMD\LOCALS~1\Temp\vasxvjs.exe -> %UserProfile%\Local Settings\Temp\vasxvjs.exe [C:\DOCUME~1\AMD~1.AMD\LOCALS~1\Temp\vasxvjs.exe:*:Enabled:Windows Update] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1700:TCP -> 1700:TCP:*:Enabled:MioNet Remote Drive Access -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1641:TCP -> 1641:TCP:*:Enabled:MioNet Remote Drive Verification -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4.8.2004 1:56:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26.7.2005 6:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 4.8.2004 1:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26.7.2005 6:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 24.5.2080 11:06:05 | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 24.5.2080 11:06:07 | Attr = H ] pccsmcfd.sys -> %SystemRoot%\System32\drivers\pccsmcfd.sys -> Nokia [Ver = 6.85.3.0 | Size = 21632 bytes | Created Date = 21.4.2080 22:58:53 | Attr = ] awtusppN.dll -> %SystemRoot%\System32\awtusppN.dll -> [Ver = | Size = 38400 bytes | Created Date = 14.4.2080 13:32:04 | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Created Date = 4.6.2080 21:06:47 | Attr = ] cbXPgfeE.dll -> %SystemRoot%\System32\cbXPgfeE.dll -> [Ver = | Size = 36352 bytes | Created Date = 15.4.2080 12:40:12 | Attr = ] cbXQKAtQ.dll -> %SystemRoot%\System32\cbXQKAtQ.dll -> [Ver = | Size = 38400 bytes | Created Date = 14.4.2080 23:31:42 | Attr = ] dPrass.dll -> %SystemRoot%\System32\dPrass.dll -> [Ver = | Size = 26 bytes | Created Date = 17.8.2008 10:29:34 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 17.8.2008 13:31:30 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 17.8.2008 13:31:30 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 17.8.2008 13:31:30 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 17.8.2008 13:31:30 | Attr = ] khfDvuTK.dll -> %SystemRoot%\System32\khfDvuTK.dll -> [Ver = | Size = 36352 bytes | Created Date = 16.4.2080 11:29:19 | Attr = ] khfGaBut.dll -> %SystemRoot%\System32\khfGaBut.dll -> [Ver = | Size = 37888 bytes | Created Date = 16.4.2080 15:20:30 | Attr = ] ljJAtTJY.dll -> %SystemRoot%\System32\ljJAtTJY.dll -> [Ver = | Size = 38400 bytes | Created Date = 14.4.2080 11:23:52 | Attr = ] nnnnKBUo.dll -> %SystemRoot%\System32\nnnnKBUo.dll -> [Ver = | Size = 38400 bytes | Created Date = 14.4.2080 11:01:04 | Attr = ] pmnkhhHy.dll -> %SystemRoot%\System32\pmnkhhHy.dll -> [Ver = | Size = 36352 bytes | Created Date = 16.4.2080 7:07:40 | Attr = ] SierraNW.dll -> %SystemRoot%\System32\SierraNW.dll -> Cendant Software [Ver = 4, 0, 2, 4 | Size = 1022976 bytes | Created Date = 5.5.2080 17:16:27 | Attr = ] SNWValid.dll -> %SystemRoot%\System32\SNWValid.dll -> Cendant Software [Ver = 4, 0, 2, 4 | Size = 231936 bytes | Created Date = 5.5.2080 17:16:27 | Attr = ] urqNheFY.dll -> %SystemRoot%\System32\urqNheFY.dll -> [Ver = | Size = 37888 bytes | Created Date = 16.4.2080 11:52:53 | Attr = ] xxyYPgFu.dll -> %SystemRoot%\System32\xxyYPgFu.dll -> [Ver = | Size = 36352 bytes | Created Date = 15.4.2080 12:07:46 | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 23.5.2080 7:33:08 | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 23.5.2080 7:32:06 | Attr = H ] Favorites -> %SystemRoot%\Favorites -> [Folder | Created Date = 5.5.2080 17:17:03 | Attr = ] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 23.4.2080 17:33:10 | Attr = HS] idkwotbbq.exe -> %SystemRoot%\idkwotbbq.exe -> [Ver = | Size = 91662 bytes | Created Date = 6.7.2008 18:04:12 | Attr = ] loli.exe -> %SystemRoot%\loli.exe -> [Ver = | Size = 5966 bytes | Created Date = 6.7.2008 14:45:22 | Attr = ] SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [Ver = | Size = 287 bytes | Created Date = 5.5.2080 17:16:12 | Attr = ] solcache -> %SystemRoot%\solcache -> [Folder | Created Date = 5.5.2080 17:17:07 | Attr = ] winudpmgr.exe -> %SystemRoot%\winudpmgr.exe -> [Ver = | Size = 64000 bytes | Created Date = 3.7.2008 20:50:51 | Attr = RHS] [Files Created - Additional Folder Scans - Non-Microsoft Only] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Created Date = 15.6.2008 18:36:42 | Attr = ] WinAnonymous -> %AllUsersProfile%\Application Data\WinAnonymous -> [Folder | Created Date = 30.5.2080 13:39:50 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 30.5.2080 14:08:51 | Attr = ] WinAnonymous -> %AppData%\WinAnonymous -> [Folder | Created Date = 30.5.2080 14:21:04 | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 30.5.2080 14:10:13 | Attr = ] Moje mape za izmenjevanje.lnk -> %UserProfile%\My Documents\Moje mape za izmenjevanje.lnk -> [Ver = | Size = 945 bytes | Created Date = 30.5.2080 13:58:46 | Attr = ] Moji viri podatkov -> %UserProfile%\My Documents\Moji viri podatkov -> [Folder | Created Date = 23.6.2008 19:34:04 | Attr = S] BitTorrent-6.0.3.exe -> %UserProfile%\Desktop\BitTorrent-6.0.3.exe -> [Ver = | Size = 874856 bytes | Created Date = 2.6.2080 12:56:50 | Attr = ] Complete IncrediMail Installation.lnk -> %UserProfile%\Desktop\Complete IncrediMail Installation.lnk -> [Ver = | Size = 1121 bytes | Created Date = 31.5.2080 10:26:56 | Attr = ] install_en.exe -> %UserProfile%\Desktop\install_en.exe -> [Ver = | Size = 2660 bytes | Created Date = 24.5.2080 13:38:21 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 22.8.2008 0:57:41 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 22.8.2008 0:56:35 | Attr = ] Programi -> %UserProfile%\Desktop\Programi -> [Folder | Created Date = 30.5.2080 14:28:34 | Attr = ] xpiinstall.exe -> %UserProfile%\Desktop\xpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Created Date = 17.8.2008 13:29:16 | Attr = ] Alwil Software -> %ProgramFiles%\Alwil Software -> [Folder | Created Date = 30.5.2080 14:13:10 | Attr = ] Dictionary -> %ProgramFiles%\Dictionary -> [Folder | Created Date = 17.6.2008 20:32:28 | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 17.8.2008 13:30:58 | Attr = ] MSXML 6.0 -> %ProgramFiles%\MSXML 6.0 -> [Folder | Created Date = 24.5.2080 10:53:22 | Attr = ] PC Connectivity Solution -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Created Date = 21.4.2080 22:58:35 | Attr = ] Sierra On-Line -> %ProgramFiles%\Sierra On-Line -> [Folder | Created Date = 5.5.2080 17:16:27 | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 30.5.2080 14:08:53 | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 30.5.2080 14:40:00 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 17.8.2008 13:31:32 | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 22.8.2008 0:51:44 | Attr = HS] PRENOSI -> %SystemDrive%\PRENOSI -> [Folder | Modified Date = 4.6.2080 20:59:48 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 17.8.2008 13:30:58 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 22.8.2008 1:01:18 | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 19.7.2008 16:32:15 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 19.7.2008 16:37:42 | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 19.7.2008 16:37:21 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 19.7.2008 16:33:42 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 19.7.2008 16:35:18 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 19.7.2008 16:32:36 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 24.5.2080 11:06:05 | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 24.5.2080 11:06:07 | Attr = H ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 30.5.2080 17:24:08 | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 1163960 bytes | Modified Date = 19.7.2008 16:43:08 | Attr = ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1795 bytes | Modified Date = 4.5.2080 15:59:45 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 94392 bytes | Modified Date = 19.7.2008 16:30:53 | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 34308 bytes | Modified Date = 4.6.2080 21:06:47 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 23.5.2080 12:53:59 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 22.8.2008 0:53:11 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 30.5.2080 14:34:59 | Attr = ] dPrass.dll -> %SystemRoot%\System32\dPrass.dll -> [Ver = | Size = 26 bytes | Modified Date = 22.8.2008 0:53:17 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 18.6.2008 12:17:07 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 23.5.2080 21:12:07 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 270984 bytes | Modified Date = 17.8.2008 10:28:56 | Attr = ] gic.exe -> %SystemRoot%\System32\gic.exe -> UnKnown [Ver = 1.00 | Size = 36864 bytes | Modified Date = 6.8.2008 15:03:44 | Attr = ] imon1.dat -> %SystemRoot%\System32\imon1.dat -> [Ver = | Size = 94 bytes | Modified Date = 25.5.2080 22:39:42 | Attr = ] inseml13.exe -> %SystemRoot%\System32\inseml13.exe -> windll. [Ver = 1.00 | Size = 28672 bytes | Modified Date = 6.8.2008 19:49:23 | Attr = ] inspspfiles8.exe -> %SystemRoot%\System32\inspspfiles8.exe -> [Ver = | Size = 1213094 bytes | Modified Date = 8.8.2008 0:18:50 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10.6.2008 1:21:01 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 10.6.2008 2:32:34 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10.6.2008 1:21:04 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 10.6.2008 2:32:34 | Attr = ] MnpYacfe.ini -> %SystemRoot%\System32\MnpYacfe.ini -> [Ver = | Size = 272248 bytes | Modified Date = 30.5.2080 14:13:48 | Attr = HS] MnpYacfe.ini2 -> %SystemRoot%\System32\MnpYacfe.ini2 -> [Ver = | Size = 272248 bytes | Modified Date = 30.5.2080 14:12:25 | Attr = HS] pspfire.exe -> %SystemRoot%\System32\pspfire.exe -> [Ver = | Size = 62464 bytes | Modified Date = 8.8.2008 0:10:33 | Attr = ] psps2.exe -> %SystemRoot%\System32\psps2.exe -> UnKnown [Ver = 1.00 | Size = 40960 bytes | Modified Date = 8.8.2008 0:17:26 | Attr = ] pspvv.dll -> %SystemRoot%\System32\pspvv.dll -> [Ver = | Size = 2075 bytes | Modified Date = 22.8.2008 0:53:16 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 22.8.2008 0:51:47 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 16.6.2008 22:34:39 | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 23.5.2080 7:33:09 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 23.5.2080 7:32:06 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22.8.2008 0:51:45 | Attr = S] Favorites -> %SystemRoot%\Favorites -> [Folder | Modified Date = 5.5.2080 17:17:03 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 18.6.2008 12:17:26 | Attr = R S] ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 23.4.2080 17:33:10 | Attr = HS] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 16.6.2008 22:34:52 | Attr = ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 17.8.2008 13:31:37 | Attr = HS] loli.exe -> %SystemRoot%\loli.exe -> [Ver = | Size = 5966 bytes | Modified Date = 6.7.2008 14:45:46 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 22.8.2008 0:58:13 | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 30.5.2080 14:39:59 | Attr = ] SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [Ver = | Size = 287 bytes | Modified Date = 5.5.2080 17:16:50 | Attr = ] solcache -> %SystemRoot%\solcache -> [Folder | Modified Date = 5.5.2080 17:17:07 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 22.8.2008 1:01:14 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2.6.2080 17:09:55 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 22.8.2008 0:57:07 | Attr = ] Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 404 bytes | Modified Date = 6.7.2008 18:00:00 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 22.8.2008 0:51:49 | Attr = H ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2.11.2007 17:34:49 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 33064 bytes | Modified Date = 22.8.2008 0:53:53 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 33064 bytes | Modified Date = 22.8.2008 0:53:53 | Attr = ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 3.11.2007 17:40:31 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 3.11.2007 17:40:31 | Attr = ] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc -> [Folder | Modified Date = 22.8.2008 0:53:07 | Attr = ] Perflib_Perfdata_830.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_830.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22.8.2008 0:53:07 | Attr = ] 2 C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp -> [Folder | Modified Date = 22.8.2008 1:00:52 | Attr = ] eraseme_16407.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\eraseme_16407.exe -> [Ver = | Size = 1207 bytes | Modified Date = 6.7.2008 17:15:10 | Attr = ] eraseme_25372.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\eraseme_25372.exe -> [Ver = | Size = 1207 bytes | Modified Date = 6.7.2008 17:25:26 | Attr = ] eraseme_60342.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\eraseme_60342.exe -> [Ver = | Size = 1207 bytes | Modified Date = 6.7.2008 17:18:33 | Attr = ] eraseme_88125.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\eraseme_88125.exe -> [Ver = | Size = 1207 bytes | Modified Date = 6.7.2008 17:20:09 | Attr = ] msnsearch.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\msnsearch.exe -> Microsoft Corporation [Ver = 1.0.2607.0 | Size = 228824 bytes | Modified Date = 23.11.2005 18:15:58 | Attr = ] Nokia_PC_Suite_rel_6_85_14_1_wu_slv.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\Nokia_PC_Suite_rel_6_85_14_1_wu_slv.exe -> [Ver = 6, 85, 14, 0 | Size = 27791848 bytes | Modified Date = 15.2.2008 23:10:43 | Attr = ] Nokia_PC_Suite_rel_6_86_9_0_slv.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\Nokia_PC_Suite_rel_6_86_9_0_slv.exe -> [Ver = 2, 1, 1, 1 | Size = 32674872 bytes | Modified Date = 21.4.2080 22:52:48 | Attr = ] ose00000.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 27.10.2006 23:14:30 | Attr = R ] WindowsDesktopSearch-KB917013-V301.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\WindowsDesktopSearch-KB917013-V301.exe -> Microsoft Corporation [Ver = 6.1.0022.4 (SRV03_QFE.031113-0918) | Size = 4880248 bytes | Modified Date = 5.2.2007 18:23:28 | Attr = ] xrvwyymg.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\xrvwyymg.exe -> IncrediMail Ltd. [Ver = 7, 0, 0, 1334 | Size = 525664 bytes | Modified Date = 31.1.2008 21:51:55 | Attr = ] 261 C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\DivA90.tmp\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\DivA90.tmp\ -> [Folder | Modified Date = 4.4.2008 13:01:52 | Attr = ] DivXInstaller.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\DivA90.tmp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.8.0.5 | Size = 17065688 bytes | Modified Date = 4.4.2008 13:01:48 | Attr = ] C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ImInstaller\IncrediMail\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ImInstaller\IncrediMail -> [Folder | Modified Date = 22.8.2008 0:53:47 | Attr = ] incredimail_install.exe -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe -> IncrediMail Ltd. [Ver = 7, 0, 0, 1334 | Size = 525664 bytes | Modified Date = 26.2.2008 23:05:39 | Attr = ] C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp -> [Folder | Modified Date = 22.8.2008 1:00:52 | Attr = ] CmdLineExt03.dll -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 24.4.2080 16:39:10 | Attr = ] mpengine.dll -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\mpengine.dll -> Microsoft Corporation [Ver = 1.1.3520.0 | Size = 3308624 bytes | Modified Date = 23.5.2080 12:49:52 | Attr = ] SIntfNT.dll -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 24744 bytes | Modified Date = 24.4.2080 16:39:12 | Attr = ] 261 C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\CDM\{C9B8608D-E7A7-4088-BB14-FDFC7E696F58}\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\CDM\{C9B8608D-E7A7-4088-BB14-FDFC7E696F58} -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] DIFxAPI.dll -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\CDM\{C9B8608D-E7A7-4088-BB14-FDFC7E696F58}\DIFxAPI.dll -> Microsoft Corporation [Ver = 2.1 | Size = 319456 bytes | Modified Date = 2.11.2006 6:21:54 | Attr = ] C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp -> [Folder | Modified Date = 22.8.2008 1:00:52 | Attr = ] DETemp384Gd78Sjke78Jks75.dat -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\DETemp384Gd78Sjke78Jks75.dat -> [Ver = | Size = 6138141 bytes | Modified Date = 10.8.2007 18:28:36 | Attr = ] 261 C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\ -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp -> [Folder | Modified Date = 22.8.2008 1:00:52 | Attr = ] RunTime.ini -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\RunTime.ini -> [Ver = | Size = 594 bytes | Modified Date = 23.2.2008 17:50:41 | Attr = ] {AC76BA86-7AD7-1060-7B44-A81000000003}.ini -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\{AC76BA86-7AD7-1060-7B44-A81000000003}.ini -> [Ver = | Size = 525 bytes | Modified Date = 23.2.2008 17:51:54 | Attr = ] 261 C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\AMD.AMD-C1F6EBFE7E7\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] dsetup16.dll -> C:\WINDOWS\Temp\_ISTMP3.DIR\dsetup16.dll -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 63248 bytes | Modified Date = 29.7.1998 18:00:06 | Attr = R ] C:\WINDOWS\Temp\_ISTMP4.DIR\ -> C:\WINDOWS\Temp\_ISTMP4.DIR\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] dsetup16.dll -> C:\WINDOWS\Temp\_ISTMP4.DIR\dsetup16.dll -> Microsoft Corporation [Ver = 4.06.00.0318 | Size = 63248 bytes | Modified Date = 29.7.1998 18:00:06 | Attr = R ] C:\WINDOWS\Temp\IXP000.TMP\ -> C:\WINDOWS\Temp\IXP000.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP000.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP001.TMP\ -> C:\WINDOWS\Temp\IXP001.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP001.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP002.TMP\ -> C:\WINDOWS\Temp\IXP002.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP002.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP003.TMP\ -> C:\WINDOWS\Temp\IXP003.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP003.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP004.TMP\ -> C:\WINDOWS\Temp\IXP004.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP004.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP005.TMP\ -> C:\WINDOWS\Temp\IXP005.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP005.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP006.TMP\ -> C:\WINDOWS\Temp\IXP006.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP006.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP007.TMP\ -> C:\WINDOWS\Temp\IXP007.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP007.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP008.TMP\ -> C:\WINDOWS\Temp\IXP008.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP008.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP009.TMP\ -> C:\WINDOWS\Temp\IXP009.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP009.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP010.TMP\ -> C:\WINDOWS\Temp\IXP010.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP010.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP011.TMP\ -> C:\WINDOWS\Temp\IXP011.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP011.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP012.TMP\ -> C:\WINDOWS\Temp\IXP012.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP012.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP013.TMP\ -> C:\WINDOWS\Temp\IXP013.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP013.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP014.TMP\ -> C:\WINDOWS\Temp\IXP014.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP014.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP015.TMP\ -> C:\WINDOWS\Temp\IXP015.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP015.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP016.TMP\ -> C:\WINDOWS\Temp\IXP016.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP016.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP017.TMP\ -> C:\WINDOWS\Temp\IXP017.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP017.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP018.TMP\ -> C:\WINDOWS\Temp\IXP018.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP018.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP019.TMP\ -> C:\WINDOWS\Temp\IXP019.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP019.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP020.TMP\ -> C:\WINDOWS\Temp\IXP020.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP020.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP021.TMP\ -> C:\WINDOWS\Temp\IXP021.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP021.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP022.TMP\ -> C:\WINDOWS\Temp\IXP022.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP022.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP023.TMP\ -> C:\WINDOWS\Temp\IXP023.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP023.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP024.TMP\ -> C:\WINDOWS\Temp\IXP024.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP024.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP025.TMP\ -> C:\WINDOWS\Temp\IXP025.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP025.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP026.TMP\ -> C:\WINDOWS\Temp\IXP026.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP026.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP027.TMP\ -> C:\WINDOWS\Temp\IXP027.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP027.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP028.TMP\ -> C:\WINDOWS\Temp\IXP028.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP028.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP029.TMP\ -> C:\WINDOWS\Temp\IXP029.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP029.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP030.TMP\ -> C:\WINDOWS\Temp\IXP030.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP030.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP031.TMP\ -> C:\WINDOWS\Temp\IXP031.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP031.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP032.TMP\ -> C:\WINDOWS\Temp\IXP032.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP032.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP033.TMP\ -> C:\WINDOWS\Temp\IXP033.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP033.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP034.TMP\ -> C:\WINDOWS\Temp\IXP034.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP034.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP035.TMP\ -> C:\WINDOWS\Temp\IXP035.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP035.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP036.TMP\ -> C:\WINDOWS\Temp\IXP036.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP036.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP037.TMP\ -> C:\WINDOWS\Temp\IXP037.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP037.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP038.TMP\ -> C:\WINDOWS\Temp\IXP038.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP038.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP039.TMP\ -> C:\WINDOWS\Temp\IXP039.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP039.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP040.TMP\ -> C:\WINDOWS\Temp\IXP040.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP040.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP041.TMP\ -> C:\WINDOWS\Temp\IXP041.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP041.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP042.TMP\ -> C:\WINDOWS\Temp\IXP042.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP042.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP043.TMP\ -> C:\WINDOWS\Temp\IXP043.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP043.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP044.TMP\ -> C:\WINDOWS\Temp\IXP044.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP044.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP045.TMP\ -> C:\WINDOWS\Temp\IXP045.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP045.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP046.TMP\ -> C:\WINDOWS\Temp\IXP046.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP046.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP047.TMP\ -> C:\WINDOWS\Temp\IXP047.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP047.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP048.TMP\ -> C:\WINDOWS\Temp\IXP048.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP048.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP049.TMP\ -> C:\WINDOWS\Temp\IXP049.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP049.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP050.TMP\ -> C:\WINDOWS\Temp\IXP050.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP050.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP051.TMP\ -> C:\WINDOWS\Temp\IXP051.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP051.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP052.TMP\ -> C:\WINDOWS\Temp\IXP052.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP052.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP053.TMP\ -> C:\WINDOWS\Temp\IXP053.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP053.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP054.TMP\ -> C:\WINDOWS\Temp\IXP054.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP054.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP055.TMP\ -> C:\WINDOWS\Temp\IXP055.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP055.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP056.TMP\ -> C:\WINDOWS\Temp\IXP056.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP056.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP057.TMP\ -> C:\WINDOWS\Temp\IXP057.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP057.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP058.TMP\ -> C:\WINDOWS\Temp\IXP058.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP058.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP059.TMP\ -> C:\WINDOWS\Temp\IXP059.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP059.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP060.TMP\ -> C:\WINDOWS\Temp\IXP060.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP060.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP061.TMP\ -> C:\WINDOWS\Temp\IXP061.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP061.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP062.TMP\ -> C:\WINDOWS\Temp\IXP062.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP062.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP063.TMP\ -> C:\WINDOWS\Temp\IXP063.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP063.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP064.TMP\ -> C:\WINDOWS\Temp\IXP064.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP064.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP065.TMP\ -> C:\WINDOWS\Temp\IXP065.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP065.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP066.TMP\ -> C:\WINDOWS\Temp\IXP066.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP066.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP067.TMP\ -> C:\WINDOWS\Temp\IXP067.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP067.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP068.TMP\ -> C:\WINDOWS\Temp\IXP068.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP068.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP069.TMP\ -> C:\WINDOWS\Temp\IXP069.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP069.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP070.TMP\ -> C:\WINDOWS\Temp\IXP070.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP070.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP071.TMP\ -> C:\WINDOWS\Temp\IXP071.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP071.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP072.TMP\ -> C:\WINDOWS\Temp\IXP072.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP072.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP073.TMP\ -> C:\WINDOWS\Temp\IXP073.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP073.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP074.TMP\ -> C:\WINDOWS\Temp\IXP074.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP074.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP075.TMP\ -> C:\WINDOWS\Temp\IXP075.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP075.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP076.TMP\ -> C:\WINDOWS\Temp\IXP076.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP076.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP077.TMP\ -> C:\WINDOWS\Temp\IXP077.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP077.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP078.TMP\ -> C:\WINDOWS\Temp\IXP078.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP078.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP079.TMP\ -> C:\WINDOWS\Temp\IXP079.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP079.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP080.TMP\ -> C:\WINDOWS\Temp\IXP080.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP080.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP081.TMP\ -> C:\WINDOWS\Temp\IXP081.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP081.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP082.TMP\ -> C:\WINDOWS\Temp\IXP082.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP082.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP083.TMP\ -> C:\WINDOWS\Temp\IXP083.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP083.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP084.TMP\ -> C:\WINDOWS\Temp\IXP084.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP084.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP085.TMP\ -> C:\WINDOWS\Temp\IXP085.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP085.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP086.TMP\ -> C:\WINDOWS\Temp\IXP086.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP086.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 15:51:18 | Attr = ] C:\WINDOWS\Temp\IXP087.TMP\ -> C:\WINDOWS\Temp\IXP087.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP087.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP088.TMP\ -> C:\WINDOWS\Temp\IXP088.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP088.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP089.TMP\ -> C:\WINDOWS\Temp\IXP089.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP089.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP090.TMP\ -> C:\WINDOWS\Temp\IXP090.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP090.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP091.TMP\ -> C:\WINDOWS\Temp\IXP091.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP091.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP092.TMP\ -> C:\WINDOWS\Temp\IXP092.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP092.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP093.TMP\ -> C:\WINDOWS\Temp\IXP093.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP093.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP094.TMP\ -> C:\WINDOWS\Temp\IXP094.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP094.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP095.TMP\ -> C:\WINDOWS\Temp\IXP095.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP095.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP096.TMP\ -> C:\WINDOWS\Temp\IXP096.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP096.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\IXP097.TMP\ -> C:\WINDOWS\Temp\IXP097.TMP\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = ] W95INF16.DLL -> C:\WINDOWS\Temp\IXP097.TMP\W95INF16.DLL -> Microsoft Corporation [Ver = 4.71.704.0 | Size = 2272 bytes | Modified Date = 2.7.2002 14:51:18 | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 22.8.2008 0:57:07 | Attr = ] Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22.8.2008 0:51:50 | Attr = ] Perflib_Perfdata_638.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_638.dat -> [Ver = | Size = 16384 bytes | Modified Date = 16.8.2006 22:45:49 | Attr = ] 302 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 17.8.2006 0:18:44 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 2.11.2007 18:43:19 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2.11.2007 18:43:19 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8POT4VET\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8POT4VET -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8POT4VET\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2.11.2007 18:43:19 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ADKXKLUZ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ADKXKLUZ -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ADKXKLUZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2.11.2007 18:43:19 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G3G1STKL\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G3G1STKL -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G3G1STKL\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2.11.2007 18:43:19 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GT6R65WV\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GT6R65WV -> [Folder | Modified Date = 17.8.2006 0:18:45 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GT6R65WV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2.11.2007 18:43:19 | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Modified Date = 15.6.2008 21:37:34 | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Modified Date = 15.6.2008 18:36:42 | Attr = ] WinAnonymous -> %AllUsersProfile%\Application Data\WinAnonymous -> [Folder | Modified Date = 30.5.2080 13:39:50 | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 13.6.2080 14:56:31 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 23.6.2008 19:35:08 | Attr = S] Nokia -> %AppData%\Nokia -> [Folder | Modified Date = 24.5.2080 11:32:39 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 18.6.2008 23:09:21 | Attr = ] WinAnonymous -> %AppData%\WinAnonymous -> [Folder | Modified Date = 30.5.2080 14:21:04 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 73536 bytes | Modified Date = 5.6.2080 17:54:57 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 7442144 bytes | Modified Date = 19.6.2008 23:39:39 | Attr = H ] Multi_Media -> %UserProfile%\Local Settings\Application Data\Multi_Media -> [Folder | Modified Date = 15.6.2008 21:56:39 | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 74 bytes | Modified Date = 23.5.2080 21:12:44 | Attr = HS] LARA -> %UserProfile%\My Documents\LARA -> [Folder | Modified Date = 5.6.2080 20:12:11 | Attr = ] Moje mape za izmenjevanje.lnk -> %UserProfile%\My Documents\Moje mape za izmenjevanje.lnk -> [Ver = | Size = 945 bytes | Modified Date = 30.5.2080 13:58:46 | Attr = ] Moji viri podatkov -> %UserProfile%\My Documents\Moji viri podatkov -> [Folder | Modified Date = 23.6.2008 19:34:04 | Attr = S] BitTorrent-6.0.3.exe -> %UserProfile%\Desktop\BitTorrent-6.0.3.exe -> [Ver = | Size = 874856 bytes | Modified Date = 2.6.2080 12:57:20 | Attr = ] Complete IncrediMail Installation.lnk -> %UserProfile%\Desktop\Complete IncrediMail Installation.lnk -> [Ver = | Size = 1121 bytes | Modified Date = 22.8.2008 0:53:47 | Attr = ] install_en.exe -> %UserProfile%\Desktop\install_en.exe -> [Ver = | Size = 2660 bytes | Modified Date = 24.5.2080 13:42:07 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 22.8.2008 0:57:41 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 22.8.2008 0:56:35 | Attr = ] xpiinstall.exe -> %UserProfile%\Desktop\xpiinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 382352 bytes | Modified Date = 17.8.2008 13:29:11 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 24.5.2080 10:52:06 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 22.8.2008 1:00:49 | Attr = RHS] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]