[code] WinPFind35 logfile created on: 2008-02-28 14:04:01 WinPFind35U Version 1.0.2.1 Folder = C:\Documents and Settings\user\Desktop\WinPFind35u Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 511.17 Mb Total Physical Memory | 174.15 Mb Available Physical Memory | 34.07% Memory free 1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.90% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38.09 Gb Total Space | 16.65 Gb Free Space | 43.72% Space Free | Partition Type: NTFS Drive D: | 36.44 Gb Total Space | 29.91 Gb Free Space | 82.09% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-8823FF3BFD Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 2007-12-20 18:57:27 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 2007-12-20 18:57:27 | Attr = ] avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2007-10-11 18:49:44 | Attr = ] dna.exe -> %ProgramFiles%\BitTorrent_DNA\dna.exe -> [Ver = | Size = 286016 bytes | Modified Date = 2007-11-06 22:30:16 | Attr = ] nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 2006-11-16 18:04:20 | Attr = ] nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 884736 bytes | Modified Date = 2006-11-16 17:58:32 | Attr = ] sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007-08-28 12:16:22 | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 2006-10-19 12:52:24 | Attr = ] ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 2007-08-30 16:43:18 | Attr = ] frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 2004-08-06 02:50:00 | Attr = ] mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 237623 bytes | Modified Date = 2004-08-06 02:50:00 | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 2006-03-03 20:03:10 | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.1 | Size = 310272 bytes | Modified Date = 2008-02-27 10:40:40 | Attr = ] [Win32 Services - Non-Microsoft Only] (AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007-08-28 12:16:22 | Attr = ] (AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 7.00.00.82 | Size = 214056 bytes | Modified Date = 2007-10-11 18:49:44 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 2007-12-20 18:57:27 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 2007-12-20 21:05:00 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-03 08:56:50 | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 2006-10-19 12:52:24 | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 2004-08-06 02:50:00 | Attr = ] (McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\Mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] (McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\VsTskMgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 2, 0 | Size = 774144 bytes | Modified Date = 2006-11-10 19:18:02 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found (PSEXESVC) PsExec [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-02-28 13:11:48 | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6764 | Size = 2843136 bytes | Modified Date = 2007-12-20 19:53:20 | Attr = ] (avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 2007-02-27 14:25:10 | Attr = ] (avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.00.04 | Size = 48448 bytes | Modified Date = 2007-10-05 00:55:53 | Attr = ] (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> AVIRA GmbH [Ver = 1.00.02.13 | Size = 61632 bytes | Modified Date = 2007-10-11 18:49:44 | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (DataMan) DataMan USB Infrared Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DataMan.sys -> DataMan Heightech Technology Inc. [Ver = 1.00.0.2 | Size = 10880 bytes | Modified Date = 2002-12-31 21:08:54 | Attr = R ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-03 07:07:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-03 07:07:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2001-08-23 07:00:00 | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.54.00.0439 | Size = 42496 bytes | Modified Date = 2005-11-15 22:51:42 | Attr = R ] (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 2001-08-17 04:13:08 | Attr = ] (HdAudAddService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AtiHdAud.sys -> ATI Research Inc. [Ver = 5.00.40001.08 | Size = 84992 bytes | Modified Date = 2006-12-28 08:44:44 | Attr = R ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005-01-07 16:07:18 | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5345 built by: WinDDK | Size = 4405248 bytes | Modified Date = 2006-12-21 00:26:00 | Attr = R ] (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 108256 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] (NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 58016 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2001-08-23 07:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2007-03-29 03:00:00 | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 02:25:53 | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> Avira GmbH [Ver = 7.0.1.1 | Size = 28352 bytes | Modified Date = 2007-03-01 09:34:36 | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (videX32) videX32 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\videX32.sys -> VIA Technologies, Inc. [Ver = 6.0.3790.160 | Size = 9216 bytes | Modified Date = 2006-10-17 04:22:26 | Attr = R ] (vmfilter303) vmfilter303 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vmfilter303.sys -> Vimicro Corporation [Ver = 1.4.060423.01 | Size = 428160 bytes | Modified Date = 2006-04-24 18:57:42 | Attr = R ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (xfilt) VIA SATA IDE Hot-plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\xfilt.sys -> VIA Technologies,Inc [Ver = 6.0.5728.160 | Size = 17920 bytes | Modified Date = 2006-10-18 01:39:58 | Attr = R ] (ZSMC303) A4 TECH PC Camera H [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbVM303.sys -> Vimicro Corporation [Ver = 3, 6, 831, 17 | Size = 392058 bytes | Modified Date = 2006-08-30 18:30:18 | Attr = R ] (EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EntDrv51.sys -> Network Associates, Inc [Ver = 8.0.0.240 | Size = 8320 bytes | Modified Date = 2004-08-18 07:00:00 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 505c8166 -> %SystemRoot%\system32\ewvohilo.dll -> [Ver = | Size = 85056 bytes | Modified Date = 2008-02-28 13:58:27 | Attr = ] BigDog303 -> %SystemRoot%\VM303_STI.EXE -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 2006-11-16 18:04:20 | Attr = ] BitTorrent DNA -> %ProgramFiles%\BitTorrent_DNA\dna.exe -> [Ver = | Size = 286016 bytes | Modified Date = 2007-11-06 22:30:16 | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 16:43:18 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 2007-09-19 04:33:46 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Start AntiVir PersonalEdition Classic.lnk -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avcenter.exe -> Avira GmbH [Ver = 7.02.00.14 | Size = 675880 bytes | Modified Date = 2007-11-24 23:12:32 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Yahoo! Messenger.lnk -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 16:43:18 | Attr = ] < user Startup Folder > -> C:\Documents and Settings\user\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\avcenter.exe.lnk -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avcenter.exe -> Avira GmbH [Ver = 7.02.00.14 | Size = 675880 bytes | Modified Date = 2007-11-24 23:12:32 | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {E08DE81E-7E47-4777-84C5-C45DA13BCF91} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tuvttuu.dll [] -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-27 22:43:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 2007-12-20 18:58:55 | Attr = ] tuvttuu -> %SystemRoot%\system32\tuvttuu.dll -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-27 22:43:48 | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\Search Page -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[ ] -> HKEY_CURRENT_USER\: URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [] -> MyWebSearch.com [Ver = 1, 0, 2, 5 | Size = 57344 bytes | Modified Date = 2008-01-18 00:16:00 | Attr = ] HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 2007-05-30 13:18:26 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {00A6FAF1-072E-44cf-8957-5838F569A31D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [MyWebSearch Search Assistant BHO] -> MyWebSearch.com [Ver = 1, 0, 2, 5 | Size = 57344 bytes | Modified Date = 2008-01-18 00:16:00 | Attr = ] {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 2007-05-30 13:18:26 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ] {1E6C1A15-258A-4C08-8C70-7DC6728D643E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awvtt.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 289280 bytes | Modified Date = 2008-02-27 22:49:34 | Attr = ] {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar BHO] -> AOL LLC [Ver = 5.1.6.2 | Size = 1135968 bytes | Modified Date = 2007-10-04 12:06:20 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 12:33:52 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 03:00:35 | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {812ce95d-9de6-4aac-9d0a-306ed3082b8e} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tamresey.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 90176 bytes | Modified Date = 2008-02-28 13:58:32 | Attr = ] {E08DE81E-7E47-4777-84C5-C45DA13BCF91} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tuvttuu.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-27 22:43:48 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.6.2 | Size = 1135968 bytes | Modified Date = 2007-10-04 12:06:20 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 2007-05-30 13:18:26 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.6.2 | Size = 1135968 bytes | Modified Date = 2007-10-04 12:06:20 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 5, 30, 1 | Size = 808472 bytes | Modified Date = 2007-05-30 13:18:26 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 12:33:52 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 2006-10-31 12:33:52 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Winamp Toolbar Search -> %AllUsersProfile%\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {DF61F82B-33F7-47CD-AD9D-EEFDCBEC7D6D} -> (VIA Rhine II Fast Ethernet Adapter) -> {F69CF778-AD82-4882-85BE-66D7ED43B433} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-03 08:56:44 | Attr = ] C:\WINDOWS\system32\awvtt.dll -> %SystemRoot%\system32\awvtt.dll -> [Ver = | Size = 289280 bytes | Modified Date = 2008-02-27 22:49:34 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 09:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-03 08:56:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 06:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2004-08-03 08:56:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 856 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-03 08:56:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-03 08:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2001-08-23 07:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4339 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-03 08:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 16:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-10 13:54:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent_DNA\dna.exe -> C:\Program Files\BitTorrent_DNA\dna.exe [C:\Program Files\BitTorrent_DNA\dna.exe:*:Disabled:dna] -> [Ver = | Size = 286016 bytes | Modified Date = 2007-11-06 22:30:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 2007-09-19 04:33:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-03 08:56:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 20:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-03 08:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 20:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] ATI -> %SystemDrive%\ATI -> [Folder | Created Date = 2008-02-13 00:41:49 | Attr = ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Created Date = 2008-02-28 13:11:27 | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-02-28 13:12:28 | Attr = ] ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Modified Date = 2008-02-27 21:59:59 | Attr = ] m.dmp -> %SystemDrive%\m.dmp -> [Ver = | Size = 1138688 bytes | Modified Date = 2008-02-01 09:50:18 | Attr = ] amp3dj.ocx -> %SystemRoot%\System32\amp3dj.ocx -> MultiMedia Soft [Ver = 3, 3, 0, 0 | Size = 425984 bytes | Modified Date = 2007-04-26 12:23:34 | Attr = ] ARProgBar.ocx -> %SystemRoot%\System32\ARProgBar.ocx -> Alvaro Redondo [Ver = 2.00.0002 | Size = 69632 bytes | Modified Date = 2001-06-30 21:04:30 | Attr = ] AudioCtl.dll -> %SystemRoot%\System32\AudioCtl.dll -> Guangming Software [Ver = 2.0.2007.118 | Size = 2301952 bytes | Modified Date = 2007-01-19 19:50:12 | Attr = ] awvtt.dll -> %SystemRoot%\System32\awvtt.dll -> [Ver = | Size = 289280 bytes | Modified Date = 2008-02-27 22:49:34 | Attr = ] bass.dll -> %SystemRoot%\System32\bass.dll -> Un4seen Developments [Ver = 2.3 | Size = 92728 bytes | Modified Date = 2006-06-12 19:56:46 | Attr = ] basscd.dll -> %SystemRoot%\System32\basscd.dll -> Un4seen Developments [Ver = 2.3 | Size = 16952 bytes | Modified Date = 2006-06-27 16:22:22 | Attr = ] basswma.dll -> %SystemRoot%\System32\basswma.dll -> Un4seen Developments [Ver = 2.3 | Size = 14904 bytes | Modified Date = 2006-11-25 15:20:14 | Attr = ] c54 -> %SystemRoot%\System32\c54 -> [Folder | Created Date = 2008-02-27 22:44:24 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CDGShow.ocx -> %SystemRoot%\System32\CDGShow.ocx -> Invicion Inc. [Ver = 1.04 | Size = 94208 bytes | Modified Date = 2007-05-28 14:04:08 | Attr = ] CDGSource.ax -> %SystemRoot%\System32\CDGSource.ax -> DOBLON [Ver = 1.0.15 | Size = 720896 bytes | Modified Date = 2005-05-24 13:45:50 | Attr = ] CJ60Lib.dll -> %SystemRoot%\System32\CJ60Lib.dll -> Code Jockey: http://www.codejockeys.com/kstowell/ [Ver = 6, 0, 0, 7 | Size = 253952 bytes | Modified Date = 2004-06-21 15:20:56 | Attr = ] ewvohilo.dll -> %SystemRoot%\System32\ewvohilo.dll -> [Ver = | Size = 85056 bytes | Modified Date = 2008-02-28 13:58:27 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] h36 -> %SystemRoot%\System32\h36 -> [Folder | Created Date = 2008-02-27 22:45:54 | Attr = ] hv19 -> %SystemRoot%\System32\hv19 -> [Folder | Created Date = 2008-02-27 22:45:55 | Attr = ] iDlo18 -> %SystemRoot%\System32\iDlo18 -> [Folder | Created Date = 2008-02-27 22:44:00 | Attr = ] IMGRES.dll -> %SystemRoot%\System32\IMGRES.dll -> [Ver = | Size = 28672 bytes | Modified Date = 2007-06-11 11:26:18 | Attr = ] javaperm.hlp -> %SystemRoot%\System32\javaperm.hlp -> [Ver = | Size = 11403 bytes | Modified Date = 1998-12-06 16:56:02 | Attr = ] javasec.hlp -> %SystemRoot%\System32\javasec.hlp -> [Ver = | Size = 21444 bytes | Modified Date = 1998-12-06 16:56:02 | Attr = ] javasup.vxd -> %SystemRoot%\System32\javasup.vxd -> [Ver = | Size = 7311 bytes | Modified Date = 1998-12-06 17:18:04 | Attr = ] LameEncoderX.ocx -> %SystemRoot%\System32\LameEncoderX.ocx -> Mind and Motion Technologies [Ver = 1, 0, 0, 1 | Size = 188416 bytes | Modified Date = 2005-08-16 02:57:38 | Attr = ] MoviePlayer.ocx -> %SystemRoot%\System32\MoviePlayer.ocx -> Viscom Software www.viscomsoft.com [Ver = 2, 0, 0, 0 | Size = 122880 bytes | Modified Date = 2006-01-04 18:56:20 | Attr = ] mp3sentry.dll -> %SystemRoot%\System32\mp3sentry.dll -> [Ver = | Size = 57344 bytes | Modified Date = 2007-06-18 13:02:04 | Attr = ] olihovwe.ini -> %SystemRoot%\System32\olihovwe.ini -> [Ver = | Size = 1246626 bytes | Modified Date = 2008-02-28 13:58:51 | Attr = HS] opnopnm.dll -> %SystemRoot%\System32\opnopnm.dll -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-28 00:42:50 | Attr = ] PawLib.dll -> %SystemRoot%\System32\PawLib.dll -> [Ver = 1, 0, 0, 1 | Size = 704512 bytes | Modified Date = 2005-05-24 13:45:02 | Attr = ] PowerPlayCDG.ocx -> %SystemRoot%\System32\PowerPlayCDG.ocx -> DOBLON [Ver = 1.0.12 | Size = 53248 bytes | Modified Date = 2005-06-12 15:46:58 | Attr = ] Scroll.ocx -> %SystemRoot%\System32\Scroll.ocx -> Invicion [Ver = 1, 0, 0, 2 | Size = 274432 bytes | Modified Date = 2005-08-26 16:21:46 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swdmp3.oca -> %SystemRoot%\System32\swdmp3.oca -> [Ver = | Size = 25088 bytes | Modified Date = 2005-12-20 02:07:30 | Attr = ] swdwma9.ocx -> %SystemRoot%\System32\swdwma9.ocx -> Streamware Development [Ver = 1, 5, 0, 9 | Size = 221184 bytes | Modified Date = 2005-07-29 17:41:20 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] tamresey.dll -> %SystemRoot%\System32\tamresey.dll -> [Ver = | Size = 90176 bytes | Modified Date = 2008-02-28 13:58:32 | Attr = ] ttvwa.ini -> %SystemRoot%\System32\ttvwa.ini -> [Ver = | Size = 168999 bytes | Modified Date = 2008-02-28 14:04:13 | Attr = HS] ttvwa.ini2 -> %SystemRoot%\System32\ttvwa.ini2 -> [Ver = | Size = 168999 bytes | Modified Date = 2008-02-28 14:01:35 | Attr = HS] tuvttuu.dll -> %SystemRoot%\System32\tuvttuu.dll -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-27 22:43:48 | Attr = ] vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 2008-02-27 22:46:58 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] viscomqtde.ax -> %SystemRoot%\System32\viscomqtde.ax -> Viscom Software www.viscomsoft.com [Ver = 1.0 | Size = 139264 bytes | Modified Date = 2006-01-04 18:59:36 | Attr = ] Xshow.ocx -> %SystemRoot%\System32\Xshow.ocx -> Softuarium [Ver = 4.0.0.0 | Size = 821248 bytes | Modified Date = 2006-11-18 18:28:08 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] zonedoff.reg -> %SystemRoot%\System32\zonedoff.reg -> [Ver = | Size = 113 bytes | Modified Date = 1998-12-06 16:56:04 | Attr = ] zonedon.reg -> %SystemRoot%\System32\zonedon.reg -> [Ver = | Size = 113 bytes | Modified Date = 1998-12-06 16:56:04 | Attr = ] ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-13 00:54:27 | Attr = ] jautoexp.dat -> %SystemRoot%\jautoexp.dat -> [Ver = | Size = 6550 bytes | Modified Date = 1998-12-06 16:53:04 | Attr = ] mdm.ini -> %SystemRoot%\mdm.ini -> [Ver = | Size = 185 bytes | Modified Date = 2008-02-21 02:17:50 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] PROTOCOL.INI -> %SystemRoot%\PROTOCOL.INI -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-01 09:49:25 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-02-28 13:11:48 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] ATI -> %AllUsersProfile%\Application Data\ATI -> [Folder | Created Date = 2008-02-13 00:54:56 | Attr = ] BigFishGamesCache -> %AllUsersProfile%\Application Data\BigFishGamesCache -> [Folder | Created Date = 2008-02-01 10:26:43 | Attr = ] Globe7 -> %AppData%\Globe7 -> [Folder | Created Date = 2008-02-22 06:19:47 | Attr = ] Ohana Games -> %AppData%\Ohana Games -> [Folder | Created Date = 2008-01-31 13:39:45 | Attr = ] Seven Zip -> %UserProfile%\Local Settings\Application Data\Seven Zip -> [Folder | Created Date = 2008-02-12 23:26:42 | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Created Date = 2008-02-07 23:45:51 | Attr = ] 4043014_1.jpg -> %UserProfile%\My Documents\4043014_1.jpg -> [Ver = | Size = 47482 bytes | Modified Date = 2008-02-03 10:35:41 | Attr = ] Backup_of_Grad-cover1.cdr -> %UserProfile%\My Documents\Backup_of_Grad-cover1.cdr -> [Ver = | Size = 10463104 bytes | Modified Date = 2008-02-10 14:23:56 | Attr = ] Backup_of_song cover -> %UserProfile%\My Documents\Backup_of_song cover -> [Ver = | Size = 1653298 bytes | Modified Date = 2008-02-10 12:50:52 | Attr = ] clicky-pressed.gif -> %UserProfile%\My Documents\clicky-pressed.gif -> [Ver = | Size = 600 bytes | Modified Date = 2008-02-14 14:06:59 | Attr = ] Grad-cover1.cdr -> %UserProfile%\My Documents\Grad-cover1.cdr -> [Ver = | Size = 10463100 bytes | Modified Date = 2008-02-10 14:32:06 | Attr = ] gradpic.xls -> %UserProfile%\My Documents\gradpic.xls -> [Ver = | Size = 2058752 bytes | Modified Date = 2008-02-16 14:32:23 | Attr = ] Ira's movie.avi -> %UserProfile%\My Documents\Ira's movie.avi -> [Ver = | Size = 2982313996 bytes | Modified Date = 2008-02-12 23:36:05 | Attr = ] Ira's movie1.mpg -> %UserProfile%\My Documents\Ira's movie1.mpg -> [Ver = | Size = 100272128 bytes | Modified Date = 2008-02-13 00:15:12 | Attr = ] jikjik_ree.sav -> %UserProfile%\My Documents\jikjik_ree.sav -> [Ver = | Size = 30652 bytes | Modified Date = 2008-02-07 00:48:11 | Attr = ] las nieves map.ppt -> %UserProfile%\My Documents\las nieves map.ppt -> [Ver = | Size = 20939264 bytes | Modified Date = 2008-02-16 22:25:39 | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 2008-02-26 21:19:45 | Attr = ] 1 C:\Documents and Settings\user\My Documents\*.tmp files -> C:\Documents and Settings\user\My Documents\*.tmp -> limewire.m3u -> %UserProfile%\My Documents\limewire.m3u -> [Ver = | Size = 267 bytes | Modified Date = 2008-02-04 20:34:34 | Attr = ] ok..doc -> %UserProfile%\My Documents\ok..doc -> [Ver = | Size = 28160 bytes | Modified Date = 2008-02-27 16:06:50 | Attr = ] Rat.xls -> %UserProfile%\My Documents\Rat.xls -> [Ver = | Size = 24064 bytes | Modified Date = 2008-02-13 22:28:57 | Attr = ] song cover -> %UserProfile%\My Documents\song cover -> [Ver = | Size = 1653284 bytes | Modified Date = 2008-02-10 12:58:53 | Attr = ] Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 2008-02-18 07:22:51 | Attr = ] DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [Ver = | Size = 806 bytes | Modified Date = 2008-02-13 00:18:42 | Attr = ] Nero Home Essentials SE.lnk -> %AllUsersProfile%\Desktop\Nero Home Essentials SE.lnk -> [Ver = | Size = 2261 bytes | Modified Date = 2008-02-06 23:39:09 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-02-28 13:44:18 | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 2008-02-28 02:54:58 | Attr = ] CDGRip.lnk -> %UserProfile%\Desktop\CDGRip.lnk -> [Ver = | Size = 1541 bytes | Modified Date = 2008-02-23 00:02:38 | Attr = ] Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [Ver = | Size = 1573742 bytes | Modified Date = 2008-02-28 13:05:23 | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1422 bytes | Modified Date = 2008-02-13 00:19:19 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008-02-28 01:01:08 | Attr = ] ira.avi -> %UserProfile%\Desktop\ira.avi -> [Ver = | Size = 1560874 bytes | Modified Date = 2008-02-13 00:09:17 | Attr = ] IslandWars2.lnk -> %UserProfile%\Desktop\IslandWars2.lnk -> [Ver = | Size = 732 bytes | Modified Date = 2008-02-27 22:03:07 | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1580 bytes | Modified Date = 2008-02-26 21:19:36 | Attr = ] skulpic.jpg -> %UserProfile%\Desktop\skulpic.jpg -> [Ver = | Size = 206999 bytes | Modified Date = 2008-01-30 22:35:01 | Attr = ] Thanks To You .doc -> %UserProfile%\Desktop\Thanks To You .doc -> [Ver = | Size = 23040 bytes | Modified Date = 2008-02-05 06:19:51 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2008-02-28 13:57:34 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481251 bytes | Modified Date = 2008-02-28 13:47:33 | Attr = ] Start AntiVir PersonalEdition Classic.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Start AntiVir PersonalEdition Classic.lnk -> [Ver = | Size = 1863 bytes | Modified Date = 2007-10-05 00:29:29 | Attr = ] Yahoo! Messenger.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Yahoo! Messenger.lnk -> [Ver = | Size = 824 bytes | Modified Date = 2007-10-02 21:45:16 | Attr = ] avcenter.exe.lnk -> %UserProfile%\Start Menu\Programs\Startup\avcenter.exe.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2008-02-28 03:54:20 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 2008-02-18 07:21:48 | Attr = ] [Files/Folders - Modified Within 30 days] ATI -> %SystemDrive%\ATI -> [Folder | Modified Date = 2008-02-13 00:41:49 | Attr = ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Modified Date = 2008-02-28 13:12:10 | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-02-28 13:13:17 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-02-28 03:03:03 | Attr = H ] ioSpecial.ini -> %SystemDrive%\ioSpecial.ini -> [Ver = | Size = 125 bytes | Modified Date = 2008-02-27 21:59:59 | Attr = ] logfile -> %SystemDrive%\logfile -> [Ver = | Size = 153714 bytes | Modified Date = 2008-02-28 13:53:55 | Attr = ] m.dmp -> %SystemDrive%\m.dmp -> [Ver = | Size = 1138688 bytes | Modified Date = 2008-02-01 09:50:18 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-02-28 02:54:58 | Attr = R ] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 2008-02-27 22:27:42 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-02-28 13:11:48 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-02-02 00:05:49 | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 447 bytes | Modified Date = 2008-02-28 11:49:55 | Attr = ] awvtt.dll -> %SystemRoot%\System32\awvtt.dll -> [Ver = | Size = 289280 bytes | Modified Date = 2008-02-27 22:49:34 | Attr = ] c54 -> %SystemRoot%\System32\c54 -> [Folder | Modified Date = 2008-02-27 22:44:24 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008-02-07 03:01:15 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-02-28 13:13:19 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-02-28 00:35:04 | Attr = ] crash -> %SystemRoot%\System32\crash -> [Ver = | Size = 4096 bytes | Modified Date = 2008-02-12 21:52:07 | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 2008-02-28 03:03:02 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-02-28 12:20:53 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-02-13 07:11:31 | Attr = ] ewvohilo.dll -> %SystemRoot%\System32\ewvohilo.dll -> [Ver = | Size = 85056 bytes | Modified Date = 2008-02-28 13:58:27 | Attr = ] h36 -> %SystemRoot%\System32\h36 -> [Folder | Modified Date = 2008-02-27 22:45:54 | Attr = ] hv19 -> %SystemRoot%\System32\hv19 -> [Folder | Modified Date = 2008-02-27 22:45:55 | Attr = ] iDlo18 -> %SystemRoot%\System32\iDlo18 -> [Folder | Modified Date = 2008-02-27 22:44:00 | Attr = ] KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [Ver = | Size = 3350 bytes | Modified Date = 2008-02-27 20:12:53 | Attr = HS] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 2008-02-01 10:59:20 | Attr = ] olihovwe.ini -> %SystemRoot%\System32\olihovwe.ini -> [Ver = | Size = 1246626 bytes | Modified Date = 2008-02-28 13:58:51 | Attr = HS] opnopnm.dll -> %SystemRoot%\System32\opnopnm.dll -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-28 00:42:50 | Attr = ] tamresey.dll -> %SystemRoot%\System32\tamresey.dll -> [Ver = | Size = 90176 bytes | Modified Date = 2008-02-28 13:58:32 | Attr = ] ttvwa.ini -> %SystemRoot%\System32\ttvwa.ini -> [Ver = | Size = 168999 bytes | Modified Date = 2008-02-28 14:04:13 | Attr = HS] ttvwa.ini2 -> %SystemRoot%\System32\ttvwa.ini2 -> [Ver = | Size = 168999 bytes | Modified Date = 2008-02-28 14:01:35 | Attr = HS] tuvttuu.dll -> %SystemRoot%\System32\tuvttuu.dll -> [Ver = | Size = 34816 bytes | Modified Date = 2008-02-27 22:43:48 | Attr = ] vbzip10.dll -> %SystemRoot%\System32\vbzip10.dll -> Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 2008-02-27 22:46:58 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 2008-02-28 00:33:35 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-02-13 00:31:38 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-02-13 06:43:13 | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008-02-13 00:52:28 | Attr = R S] ativpsrm.bin -> %SystemRoot%\ativpsrm.bin -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-13 00:54:27 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-02-28 13:51:56 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-02-28 03:39:12 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-02-06 22:50:24 | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-02-28 01:21:18 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2008-02-28 12:08:07 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-02-28 00:30:50 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-02-28 03:03:04 | Attr = HS] java -> %SystemRoot%\java -> [Folder | Modified Date = 2008-02-06 22:34:18 | Attr = ] mdm.ini -> %SystemRoot%\mdm.ini -> [Ver = | Size = 185 bytes | Modified Date = 2008-02-21 02:17:50 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-02-28 03:39:12 | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 2008-02-06 22:45:22 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2008-02-12 23:18:24 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 752 bytes | Modified Date = 2008-02-06 22:51:46 | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 2008-02-06 22:51:46 | Attr = ] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 44 bytes | Modified Date = 2008-02-27 21:42:34 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-02-28 14:01:45 | Attr = ] PROTOCOL.INI -> %SystemRoot%\PROTOCOL.INI -> [Ver = | Size = 0 bytes | Modified Date = 2008-02-01 09:49:25 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-02-28 13:11:48 | Attr = ] randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 2008-02-27 22:29:12 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2008-02-28 00:33:34 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-02-06 22:44:40 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-02-28 13:58:51 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-02-06 23:43:05 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-02-28 13:57:56 | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 8192 bytes | Modified Date = 2008-02-16 23:51:53 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 1309 bytes | Modified Date = 2008-02-06 22:50:32 | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 117 bytes | Modified Date = 2008-02-28 12:15:23 | Attr = ] EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [Ver = | Size = 434 bytes | Modified Date = 2008-02-18 22:10:13 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-02-28 13:52:10 | Attr = H ] Uniblue SpyEraser Nag.job -> %SystemRoot%\tasks\Uniblue SpyEraser Nag.job -> [Ver = | Size = 262 bytes | Modified Date = 2008-02-22 00:09:00 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1301 bytes | Modified Date = 2008-02-21 10:54:40 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 10390 bytes | Modified Date = 2008-02-28 13:54:02 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 10390 bytes | Modified Date = 2008-02-28 13:54:02 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007-09-29 20:40:39 | Attr = ] 123061.exe -> C:\Documents and Settings\user\Local Settings\Temp\123061.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 01:01:18 | Attr = R ] 300943.exe -> C:\Documents and Settings\user\Local Settings\Temp\300943.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 09:18:00 | Attr = R ] 571968.exe -> C:\Documents and Settings\user\Local Settings\Temp\571968.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 10:08:53 | Attr = R ] 652005.exe -> C:\Documents and Settings\user\Local Settings\Temp\652005.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 09:07:11 | Attr = R ] 65939.exe -> C:\Documents and Settings\user\Local Settings\Temp\65939.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-12 12:28:38 | Attr = R ] 721192.exe -> C:\Documents and Settings\user\Local Settings\Temp\721192.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 09:08:20 | Attr = R ] 72824.exe -> C:\Documents and Settings\user\Local Settings\Temp\72824.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 00:27:08 | Attr = R ] 754459.exe -> C:\Documents and Settings\user\Local Settings\Temp\754459.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-06 20:15:53 | Attr = R ] 844918.exe -> C:\Documents and Settings\user\Local Settings\Temp\844918.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 00:40:00 | Attr = R ] 864356.exe -> C:\Documents and Settings\user\Local Settings\Temp\864356.exe -> Data0.Net Software [Ver = 1.06.0112 | Size = 507392 bytes | Modified Date = 2007-10-05 00:40:19 | Attr = R ] OrbSetup2.0.1024.exe -> C:\Documents and Settings\user\Local Settings\Temp\OrbSetup2.0.1024.exe -> Orb Networks [Ver = 2.2008.0121.1800 | Size = 15229896 bytes | Modified Date = 2008-01-31 20:46:23 | Attr = ] procview.exe -> C:\Documents and Settings\user\Local Settings\Temp\procview.exe -> Data0.Net Software [Ver = 1, 1, 0, 1 | Size = 57856 bytes | Modified Date = 2007-10-05 00:27:08 | Attr = R ] setup_wm.exe -> C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 9.00.00.3250 | Size = 774144 bytes | Modified Date = 2004-08-03 08:56:58 | Attr = ] update.exe -> C:\Documents and Settings\user\Local Settings\Temp\update.exe -> Data0.Net Software [Ver = 1.00.0100 | Size = 54784 bytes | Modified Date = 2007-10-05 00:27:08 | Attr = R ] 555 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> setup_blazemp.exe -> C:\Documents and Settings\user\Local Settings\Temp\miaC.tmp\setup_blazemp.exe -> Mystik Media [Ver = 6.0 | Size = 2452022 bytes | Modified Date = 2007-02-14 07:07:09 | Attr = ] avadmin.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avadmin.exe -> Avira GmbH [Ver = 7.0.0.4 | Size = 83520 bytes | Modified Date = 2007-02-26 10:46:54 | Attr = ] avcenter.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avcenter.exe -> Avira GmbH [Ver = 7.02.00.12 | Size = 675880 bytes | Modified Date = 2007-08-30 12:17:50 | Attr = ] avconfig.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avconfig.exe -> Avira GmbH [Ver = 7.02.00.07 | Size = 495656 bytes | Modified Date = 2007-08-21 12:18:57 | Attr = ] avgnt.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avgnt.exe -> Avira GmbH [Ver = 7.02.00.13 | Size = 249896 bytes | Modified Date = 2007-08-31 11:25:18 | Attr = ] avguard.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avguard.exe -> Avira GmbH [Ver = 7.00.00.79 | Size = 210984 bytes | Modified Date = 2007-08-28 12:06:52 | Attr = ] avnotify.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avnotify.exe -> Avira GmbH [Ver = 7.00.07.00 | Size = 159784 bytes | Modified Date = 2007-08-28 12:09:04 | Attr = ] avscan.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avscan.exe -> Avira GmbH [Ver = 7.00.06.01 | Size = 290856 bytes | Modified Date = 2007-08-23 13:16:29 | Attr = ] guardgui.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\guardgui.exe -> Avira GmbH [Ver = 7.00.06.00 | Size = 36904 bytes | Modified Date = 2007-08-14 15:48:48 | Attr = ] imp64b.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\imp64b.exe -> Avira GmbH [Ver = 1.00.00.02 | Size = 8744 bytes | Modified Date = 2007-08-28 12:28:21 | Attr = ] licmgr.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\licmgr.exe -> Avira GmbH [Ver = 7.00.04.00 | Size = 106536 bytes | Modified Date = 2007-08-21 12:28:29 | Attr = ] preupd.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\preupd.exe -> Avira GmbH [Ver = 7.00.00.34 | Size = 77864 bytes | Modified Date = 2007-08-14 12:18:04 | Attr = ] sched.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\sched.exe -> Avira GmbH [Ver = 7.00.00.62 | Size = 63016 bytes | Modified Date = 2007-08-28 12:16:22 | Attr = ] setup.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\setup.exe -> Avira GmbH [Ver = 7.00.02.35 | Size = 598056 bytes | Modified Date = 2007-08-31 11:27:27 | Attr = ] update.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\update.exe -> Avira GmbH [Ver = 1.2.10.13 | Size = 409640 bytes | Modified Date = 2007-08-28 12:17:24 | Attr = ] wsctool.exe -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\wsctool.exe -> Avira GmbH [Ver = 7.00.00.01 | Size = 83520 bytes | Modified Date = 2007-04-02 09:41:44 | Attr = ] pavbase.dll -> C:\Documents and Settings\user\Local Settings\Temp\pavbase.dll -> Microsoft Corporation [Ver = 6.00.9690 | Size = 1392671 bytes | Modified Date = 2004-08-03 08:56:44 | Attr = ] swt-awt-win32-3346.dll -> C:\Documents and Settings\user\Local Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 32768 bytes | Modified Date = 2008-02-26 22:10:39 | Attr = ] swt-win32-3346.dll -> C:\Documents and Settings\user\Local Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 2008-02-26 22:10:38 | Attr = ] 555 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> atiusbdx.dll -> C:\Documents and Settings\user\Local Settings\Temp\{36CDA33B-909B-4719-97D1-C4B99309BDC7}\atiusbdx.dll -> ATI Technologies Inc. [Ver = 2, 0, 0, 1 | Size = 118784 bytes | Modified Date = 2007-09-29 14:28:49 | Attr = ] isrt.dll -> C:\Documents and Settings\user\Local Settings\Temp\{6D315694-9329-4B69-B46A-34D16EBA4F9C}\{055EE59D-217B-43A7-ABFF-507B966405D8}\isrt.dll -> InstallShield Software Corporation [Ver = 9.01.429 | Size = 401408 bytes | Modified Date = 2003-11-10 17:15:36 | Attr = ] _IsRes.dll -> C:\Documents and Settings\user\Local Settings\Temp\{6D315694-9329-4B69-B46A-34D16EBA4F9C}\{055EE59D-217B-43A7-ABFF-507B966405D8}\_IsRes.dll -> InstallShield Software Corporation [Ver = 9.00.333 | Size = 299008 bytes | Modified Date = 2003-09-03 03:53:48 | Attr = ] isrt.dll -> C:\Documents and Settings\user\Local Settings\Temp\{6E566730-B518-4E4E-99B0-D01AC35795B2}\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}\isrt.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 425984 bytes | Modified Date = 2005-04-03 22:03:32 | Attr = ] _IsRes.dll -> C:\Documents and Settings\user\Local Settings\Temp\{6E566730-B518-4E4E-99B0-D01AC35795B2}\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}\_IsRes.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 548963 bytes | Modified Date = 2005-04-03 23:50:00 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\isp5.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 159744 bytes | Modified Date = 2007-09-29 14:15:46 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\isp50.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 380928 bytes | Modified Date = 2007-09-30 19:39:50 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\isp53.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 380928 bytes | Modified Date = 2007-10-01 21:39:36 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\isp59.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 380928 bytes | Modified Date = 2007-10-01 21:40:12 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\isp68.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 159744 bytes | Modified Date = 2007-09-29 14:13:12 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\isp77.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 159744 bytes | Modified Date = 2007-09-29 14:13:29 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\ispAE.tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 9.01.429 | Size = 380928 bytes | Modified Date = 2008-02-13 00:45:29 | Attr = ] _Setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\ispF.tmp\_Setup.dll -> Macrovision Corporation [Ver = 11.50.42618 | Size = 368640 bytes | Modified Date = 2007-09-29 14:16:06 | Attr = ] mia.dll -> C:\Documents and Settings\user\Local Settings\Temp\miaC.tmp\mia.dll -> [Ver = | Size = 321108 bytes | Modified Date = 2007-02-14 07:07:09 | Attr = ] Banner.dll -> C:\Documents and Settings\user\Local Settings\Temp\nsh16.tmp\Banner.dll -> [Ver = | Size = 4096 bytes | Modified Date = 2007-10-24 09:20:12 | Attr = ] FindProcDLL.dll -> C:\Documents and Settings\user\Local Settings\Temp\nsh16.tmp\FindProcDLL.dll -> [Ver = | Size = 31744 bytes | Modified Date = 2007-10-24 09:20:12 | Attr = ] InstallOptions.dll -> C:\Documents and Settings\user\Local Settings\Temp\nsh16.tmp\InstallOptions.dll -> [Ver = | Size = 12800 bytes | Modified Date = 2007-10-24 09:20:09 | Attr = ] LangDLL.dll -> C:\Documents and Settings\user\Local Settings\Temp\nsh16.tmp\LangDLL.dll -> [Ver = | Size = 5120 bytes | Modified Date = 2007-10-24 09:20:07 | Attr = ] UserInfo.dll -> C:\Documents and Settings\user\Local Settings\Temp\nsh16.tmp\UserInfo.dll -> [Ver = | Size = 4096 bytes | Modified Date = 2007-10-24 09:20:12 | Attr = ] guardevt.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\guardevt.dll -> Avira GmbH [Ver = 7.0.1.0 | Size = 10792 bytes | Modified Date = 2007-03-19 12:42:38 | Attr = ] rchelp.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\rchelp.dll -> Avira GmbH [Ver = 7.0.0.20 | Size = 53288 bytes | Modified Date = 2007-08-28 12:44:06 | Attr = ] rcimage.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\rcimage.dll -> Avira GmbH [Ver = 7.00.01.30 | Size = 2342952 bytes | Modified Date = 2007-08-07 12:38:13 | Attr = ] rctext.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\rctext.dll -> Avira GmbH [Ver = 7.00.62.00 | Size = 86056 bytes | Modified Date = 2007-08-21 12:50:37 | Attr = ] wksstats.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\wksstats.dll -> Avira GmbH [Ver = 7.00.00.10 | Size = 36904 bytes | Modified Date = 2007-07-19 10:21:31 | Attr = ] avarkt.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avarkt.dll -> Avira GmbH [Ver = 1.00.00.20 | Size = 278568 bytes | Modified Date = 2007-08-28 12:26:33 | Attr = ] avconfig.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avconfig.dll -> Avira GmbH [Ver = 7.02.01.00 | Size = 6696 bytes | Modified Date = 2007-07-31 12:19:04 | Attr = ] avevtlog.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avevtlog.dll -> Avira GmbH [Ver = 7.00.00.20 | Size = 86056 bytes | Modified Date = 2007-07-18 07:10:18 | Attr = ] avewin32.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avewin32.dll -> Avira GmbH [Ver = 7.6.0.5 | Size = 2789888 bytes | Modified Date = 2007-08-29 17:09:10 | Attr = ] avgio.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avgio.dll -> Avira GmbH [Ver = 7.00.00.01 | Size = 90152 bytes | Modified Date = 2007-07-18 07:38:58 | Attr = ] avinet.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avinet.dll -> Avira GmbH [Ver = 7.00.00.07 | Size = 10280 bytes | Modified Date = 2007-08-31 11:25:57 | Attr = ] avipc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avipc.dll -> Avira GmbH [Ver = 1.00.00.04 | Size = 73768 bytes | Modified Date = 2007-07-18 07:37:32 | Attr = ] avnotify.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avnotify.dll -> Avira GmbH [Ver = 7.00.06.00 | Size = 8232 bytes | Modified Date = 2007-08-21 12:34:50 | Attr = ] avpack32.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avpack32.dll -> Avira GmbH [Ver = 7.03.00.15 | Size = 360488 bytes | Modified Date = 2007-08-03 08:46:00 | Attr = ] avpref.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avpref.dll -> Avira GmbH [Ver = 7.00.02.02 | Size = 25640 bytes | Modified Date = 2007-07-18 07:39:17 | Attr = ] AVReg.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\AVReg.dll -> Avira GmbH [Ver = 7.00.01.06 | Size = 30760 bytes | Modified Date = 2007-07-18 07:17:06 | Attr = ] avrep.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avrep.dll -> Avira GmbH [Ver = 7.00.00.01 | Size = 155688 bytes | Modified Date = 2007-04-16 13:16:24 | Attr = ] avscan.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avscan.dll -> Avira GmbH [Ver = 7.00.06.00 | Size = 49192 bytes | Modified Date = 2007-08-16 12:23:51 | Attr = ] avwinll.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\avwinll.dll -> Avira GmbH [Ver = 1.0.0.7 | Size = 14376 bytes | Modified Date = 2007-02-26 10:36:26 | Attr = ] ccev.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccev.dll -> Avira GmbH [Ver = 7.02.00.02 | Size = 167976 bytes | Modified Date = 2007-07-27 12:14:18 | Attr = ] ccevrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccevrc.dll -> Avira GmbH [Ver = 7.02.01.00 | Size = 12840 bytes | Modified Date = 2007-07-25 16:48:33 | Attr = ] ccgen.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccgen.dll -> Avira GmbH [Ver = 7.02.00.10 | Size = 520232 bytes | Modified Date = 2007-08-21 12:24:02 | Attr = ] ccgenrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccgenrc.dll -> Avira GmbH [Ver = 7.02.04.02 | Size = 16424 bytes | Modified Date = 2007-08-16 12:23:55 | Attr = ] ccgrdrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccgrdrc.dll -> Avira GmbH [Ver = 7.00.06.00 | Size = 19496 bytes | Modified Date = 2007-08-09 12:16:58 | Attr = ] ccguard.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccguard.dll -> Avira GmbH [Ver = 7.00.01.34 | Size = 241704 bytes | Modified Date = 2007-08-21 12:25:00 | Attr = ] cclib.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\cclib.dll -> Avira GmbH [Ver = 7.02.00.03 | Size = 94248 bytes | Modified Date = 2007-08-28 12:27:15 | Attr = ] cclic.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\cclic.dll -> Avira GmbH [Ver = 7.02.00.04 | Size = 65576 bytes | Modified Date = 2007-08-07 12:12:40 | Attr = ] cclicrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\cclicrc.dll -> Avira GmbH [Ver = 7.02.01.00 | Size = 5672 bytes | Modified Date = 2007-07-25 16:48:49 | Attr = ] ccmainrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccmainrc.dll -> Avira GmbH [Ver = 7.02.02.00 | Size = 20520 bytes | Modified Date = 2007-08-01 08:31:54 | Attr = ] ccmsg.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccmsg.dll -> Avira GmbH [Ver = 7.00.00.00 | Size = 77864 bytes | Modified Date = 2007-07-18 07:35:45 | Attr = ] ccprofil.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccprofil.dll -> Avira GmbH [Ver = 7.02.00.05 | Size = 274472 bytes | Modified Date = 2007-08-31 11:26:37 | Attr = ] ccquamgr.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccquamgr.dll -> Avira GmbH [Ver = 7.02.00.04 | Size = 229416 bytes | Modified Date = 2007-08-21 12:27:32 | Attr = ] ccquarc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccquarc.dll -> Avira GmbH [Ver = 7.02.02.00 | Size = 15400 bytes | Modified Date = 2007-07-26 12:09:02 | Attr = ] ccreporc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccreporc.dll -> Avira GmbH [Ver = 7.02.01.00 | Size = 11304 bytes | Modified Date = 2007-07-25 16:49:01 | Attr = ] ccreport.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccreport.dll -> Avira GmbH [Ver = 7.02.00.02 | Size = 151592 bytes | Modified Date = 2007-07-27 12:18:16 | Attr = ] ccscanrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccscanrc.dll -> Avira GmbH [Ver = 7.02.03.00 | Size = 22056 bytes | Modified Date = 2007-08-07 12:20:55 | Attr = ] ccsched.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccsched.dll -> Avira GmbH [Ver = 7.02.00.03 | Size = 172072 bytes | Modified Date = 2007-08-16 12:17:11 | Attr = ] ccscherc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccscherc.dll -> Avira GmbH [Ver = 7.02.02.00 | Size = 16936 bytes | Modified Date = 2007-08-07 12:20:59 | Attr = ] ccupdate.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccupdate.dll -> Avira GmbH [Ver = 7.02.00.04 | Size = 118824 bytes | Modified Date = 2007-08-16 12:17:59 | Attr = ] ccupdrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\ccupdrc.dll -> Avira GmbH [Ver = 7.02.01.00 | Size = 9768 bytes | Modified Date = 2007-07-25 16:49:13 | Attr = ] guardmsg.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\guardmsg.dll -> Avira GmbH [Ver = 7.00.11.00 | Size = 42024 bytes | Modified Date = 2007-07-25 16:49:18 | Attr = ] licmgr.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\licmgr.dll -> Avira GmbH [Ver = 7.00.04.00 | Size = 9768 bytes | Modified Date = 2007-08-21 12:35:16 | Attr = ] luke.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\luke.dll -> Avira GmbH [Ver = 7.00.05.03 | Size = 147496 bytes | Modified Date = 2007-08-14 15:32:47 | Attr = ] lukeres.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\lukeres.dll -> Avira GmbH [Ver = 7.00.06.01 | Size = 10280 bytes | Modified Date = 2007-08-21 12:35:20 | Attr = ] mfc71u.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\mfc71u.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 1047552 bytes | Modified Date = 2005-07-18 08:05:26 | Attr = ] mgrs.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\mgrs.dll -> Avira GmbH [Ver = 7.01.99.00 | Size = 237608 bytes | Modified Date = 2007-08-28 12:20:30 | Attr = ] msgclient.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\msgclient.dll -> Avira GmbH [Ver = 7.0.0.0 | Size = 12328 bytes | Modified Date = 2007-07-18 07:36:13 | Attr = ] msvcp71.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\msvcp71.dll -> Microsoft Corporation [Ver = 7.10.3077.0 | Size = 499712 bytes | Modified Date = 2005-07-06 13:59:20 | Attr = ] msvcr71.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\msvcr71.dll -> Microsoft Corporation [Ver = 7.10.3052.4 | Size = 348160 bytes | Modified Date = 2005-07-06 13:59:20 | Attr = ] netnt.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\netnt.dll -> Avira GmbH [Ver = 7.0.0.0 | Size = 7720 bytes | Modified Date = 2007-03-08 11:09:42 | Attr = ] psapi.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\psapi.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 2007-02-06 16:43:04 | Attr = ] scewxml.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\scewxml.dll -> [Ver = 0.4.0.1 | Size = 102400 bytes | Modified Date = 2007-08-07 12:05:02 | Attr = ] schedr.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\schedr.dll -> Avira GmbH [Ver = 7.00.24.00 | Size = 7208 bytes | Modified Date = 2007-07-26 12:09:10 | Attr = ] setup.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\setup.dll -> Avira GmbH [Ver = 7.00.30.01 | Size = 65616 bytes | Modified Date = 2007-08-01 08:32:02 | Attr = ] shlext.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\shlext.dll -> Avira GmbH [Ver = 7.00.00.10 | Size = 61480 bytes | Modified Date = 2007-03-23 09:25:24 | Attr = ] shlext64.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\shlext64.dll -> Avira GmbH [Ver = 7.00.00.10 | Size = 76096 bytes | Modified Date = 2007-07-18 13:24:26 | Attr = ] smtplib.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\smtplib.dll -> Avira GmbH [Ver = 1.02.00.17 | Size = 28712 bytes | Modified Date = 2007-07-30 11:10:24 | Attr = ] sqlite3.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\sqlite3.dll -> [Ver = 3, 3, 17, 1 | Size = 339968 bytes | Modified Date = 2007-07-23 09:37:21 | Attr = ] unacev2.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\unacev2.dll -> [Ver = | Size = 77312 bytes | Modified Date = 2005-10-18 10:57:30 | Attr = ] updgui.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\updgui.dll -> Avira GmbH [Ver = 1.02.10.5 | Size = 135208 bytes | Modified Date = 2007-08-14 12:20:18 | Attr = ] updguirc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\updguirc.dll -> Avira GmbH [Ver = 1.02.14.00 | Size = 9256 bytes | Modified Date = 2007-08-14 12:25:34 | Attr = ] updlib.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\updlib.dll -> Avira GmbH [Ver = 1.02.10.20 | Size = 426024 bytes | Modified Date = 2007-08-31 11:28:26 | Attr = ] updlibrc.dll -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\basic\updlibrc.dll -> Avira GmbH [Ver = 1.02.23.00 | Size = 18472 bytes | Modified Date = 2007-08-28 12:29:19 | Attr = ] rspov2701.dll -> C:\Documents and Settings\user\Local Settings\Temp\RSPSoftware\rspov2701.dll -> RSP Software - http://rspsoftware.clic3.net [Ver = 1, 0, 0, 1 | Size = 196608 bytes | Modified Date = 2008-02-12 23:36:37 | Attr = ] Perflib_Perfdata_17c.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_17c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-05 08:37:13 | Attr = ] Perflib_Perfdata_1fc.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_1fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-16 20:31:02 | Attr = ] Perflib_Perfdata_218.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_218.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-06 20:42:30 | Attr = ] Perflib_Perfdata_24c.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_24c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-02-18 11:24:59 | Attr = ] Perflib_Perfdata_260.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_260.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-15 18:43:37 | Attr = ] Perflib_Perfdata_2fc.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_2fc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-24 18:09:36 | Attr = ] Perflib_Perfdata_518.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_518.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-25 22:05:08 | Attr = ] Perflib_Perfdata_59c.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_59c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-05 08:36:57 | Attr = ] Perflib_Perfdata_5ac.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_5ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-29 06:42:19 | Attr = ] Perflib_Perfdata_694.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_694.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-02 20:28:23 | Attr = ] Perflib_Perfdata_770.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_770.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-15 20:18:59 | Attr = ] Perflib_Perfdata_788.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_788.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-25 21:50:48 | Attr = ] Perflib_Perfdata_790.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_790.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-15 00:08:15 | Attr = ] Perflib_Perfdata_818.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_818.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-14 19:40:04 | Attr = ] Perflib_Perfdata_844.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_844.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-15 18:43:00 | Attr = ] Perflib_Perfdata_86c.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_86c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-02 16:46:04 | Attr = ] Perflib_Perfdata_884.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_884.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-28 17:39:54 | Attr = ] Perflib_Perfdata_898.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_898.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-11 18:09:47 | Attr = ] Perflib_Perfdata_8a8.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_8a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-10-28 13:45:08 | Attr = ] Perflib_Perfdata_94.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_94.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-10 21:30:08 | Attr = ] Perflib_Perfdata_990.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_990.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-16 11:38:31 | Attr = ] Perflib_Perfdata_a58.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_a58.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-10-11 15:38:17 | Attr = ] Perflib_Perfdata_af0.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_af0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-02 19:59:11 | Attr = ] Perflib_Perfdata_cb4.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_cb4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-02-28 00:42:57 | Attr = ] Perflib_Perfdata_d04.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_d04.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-28 17:39:52 | Attr = ] Perflib_Perfdata_e0.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-02 16:45:43 | Attr = ] Perflib_Perfdata_e0c.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_e0c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-10-02 21:50:05 | Attr = ] Perflib_Perfdata_e54.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_e54.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-11-13 22:46:50 | Attr = ] Perflib_Perfdata_e8.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-22 18:52:44 | Attr = ] Perflib_Perfdata_e9c.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_e9c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-02-27 22:59:15 | Attr = ] Perflib_Perfdata_ef0.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_ef0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-06 20:46:07 | Attr = ] Perflib_Perfdata_f14.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_f14.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2007-12-31 06:52:20 | Attr = ] Perflib_Perfdata_f50.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_f50.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-01-06 20:42:23 | Attr = ] Perflib_Perfdata_f80.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_f80.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-02-27 23:24:20 | Attr = ] vdef1.vdef.1231287318637146.data -> C:\Documents and Settings\user\Local Settings\Temp\vdef1.vde -> [Ver = | Size = 18573 bytes | Modified Date = 2007-10-05 00:38:10 | Attr = ] 555 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> build.dat -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\build.dat -> [Ver = | Size = 15604 bytes | Modified Date = 2007-09-10 13:32:12 | Attr = ] setupprf.dat -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\setupprf.dat -> [Ver = | Size = 840 bytes | Modified Date = 2006-10-26 21:11:58 | Attr = ] index.dat -> C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 2008-02-28 04:05:40 | Attr = ] {AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> C:\Documents and Settings\user\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81100000003}.ini -> [Ver = | Size = 769 bytes | Modified Date = 2008-02-18 07:19:17 | Attr = ] {AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> C:\Documents and Settings\user\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini -> [Ver = | Size = 578 bytes | Modified Date = 2008-02-18 07:21:18 | Attr = ] 555 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> corecomp.ini -> C:\Documents and Settings\user\Local Settings\Temp\{6D315694-9329-4B69-B46A-34D16EBA4F9C}\corecomp.ini -> [Ver = | Size = 65503 bytes | Modified Date = 2002-04-15 16:04:36 | Attr = ] corecomp.ini -> C:\Documents and Settings\user\Local Settings\Temp\{6E566730-B518-4E4E-99B0-D01AC35795B2}\corecomp.ini -> [Ver = | Size = 65503 bytes | Modified Date = 2005-04-03 21:35:38 | Attr = ] FontData.ini -> C:\Documents and Settings\user\Local Settings\Temp\{6E566730-B518-4E4E-99B0-D01AC35795B2}\{362483B1-91EB-4CB4-B9BB-3B4B4C644404}\FontData.ini -> [Ver = | Size = 39 bytes | Modified Date = 2006-10-30 14:08:06 | Attr = ] setup.ini -> C:\Documents and Settings\user\Local Settings\Temp\iss135.tmp\setup.ini -> [Ver = | Size = 642 bytes | Modified Date = 2007-10-01 22:55:16 | Attr = ] setup.ini -> C:\Documents and Settings\user\Local Settings\Temp\iss56.tmp\setup.ini -> [Ver = | Size = 642 bytes | Modified Date = 2007-10-01 21:40:11 | Attr = ] setup.ini -> C:\Documents and Settings\user\Local Settings\Temp\issAD.tmp\setup.ini -> [Ver = | Size = 775 bytes | Modified Date = 2008-02-13 00:45:25 | Attr = ] ioSpecial.ini -> C:\Documents and Settings\user\Local Settings\Temp\nsh16.tmp\ioSpecial.ini -> [Ver = | Size = 931 bytes | Modified Date = 2007-10-24 09:20:10 | Attr = ] filelist.ini -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\filelist.ini -> [Ver = | Size = 8249 bytes | Modified Date = 2007-09-10 13:31:48 | Attr = ] product.ini -> C:\Documents and Settings\user\Local Settings\Temp\RarSFX0\product.ini -> [Ver = | Size = 2149 bytes | Modified Date = 2007-09-10 13:31:48 | Attr = ] desktop.ini -> C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-02-28 01:37:46 | Attr = HS] desktop.ini -> C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\0LIPC9QP\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-02-28 01:37:46 | Attr = HS] desktop.ini -> C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\C5GVABMD\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-02-28 01:37:46 | Attr = HS] desktop.ini -> C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTGBO7UH\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-02-28 01:37:46 | Attr = HS] desktop.ini -> C:\Documents and Settings\user\Local Settings\Temp\Temporary Internet Files\Content.IE5\CVE7SLUF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 2008-02-28 01:37:46 | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2008-02-18 07:22:33 | Attr = ] ATI -> %AllUsersProfile%\Application Data\ATI -> [Folder | Modified Date = 2008-02-13 00:54:57 | Attr = ] BigFishGamesCache -> %AllUsersProfile%\Application Data\BigFishGamesCache -> [Folder | Modified Date = 2008-02-01 10:43:35 | Attr = ] Escape From Paradise -> %AllUsersProfile%\Application Data\Escape From Paradise -> [Folder | Modified Date = 2008-02-01 10:44:55 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2008-02-27 21:50:35 | Attr = ] @Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:4B7BEAFF @Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:9E3E060F @Alternate Data Stream - 133 bytes -> %AllUsersProfile%\Application Data\TEMP:A2ADBD5A @Alternate Data Stream - 117 bytes -> %AllUsersProfile%\Application Data\TEMP:F851032E BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 2008-02-05 17:16:10 | Attr = ] BitTorrent DNA -> %AppData%\BitTorrent DNA -> [Folder | Modified Date = 2008-02-28 14:02:18 | Attr = ] Globe7 -> %AppData%\Globe7 -> [Folder | Modified Date = 2008-02-22 06:19:51 | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 2008-02-27 21:51:31 | Attr = ] Ohana Games -> %AppData%\Ohana Games -> [Folder | Modified Date = 2008-01-31 13:39:45 | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 2008-02-16 09:23:29 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 2008-02-20 01:27:51 | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Modified Date = 2008-02-10 10:18:25 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 17408 bytes | Modified Date = 2008-02-21 00:52:29 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2641876 bytes | Modified Date = 2008-02-17 17:33:07 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-02-28 13:05:52 | Attr = ] Seven Zip -> %UserProfile%\Local Settings\Application Data\Seven Zip -> [Folder | Modified Date = 2008-02-12 23:26:42 | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 2008-02-16 22:59:38 | Attr = ] ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb -> [Ver = | Size = 1120256 bytes | Modified Date = 2008-02-25 19:45:36 | Attr = R ] ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb -> [Ver = | Size = 2324480 bytes | Modified Date = 2008-02-25 19:45:36 | Attr = R ] 4043014_1.jpg -> %UserProfile%\My Documents\4043014_1.jpg -> [Ver = | Size = 47482 bytes | Modified Date = 2008-02-03 10:35:41 | Attr = ] Backup_of_Grad-cover1.cdr -> %UserProfile%\My Documents\Backup_of_Grad-cover1.cdr -> [Ver = | Size = 10463104 bytes | Modified Date = 2008-02-10 14:23:56 | Attr = ] Backup_of_song cover -> %UserProfile%\My Documents\Backup_of_song cover -> [Ver = | Size = 1653298 bytes | Modified Date = 2008-02-10 12:50:52 | Attr = ] clicky-pressed.gif -> %UserProfile%\My Documents\clicky-pressed.gif -> [Ver = | Size = 600 bytes | Modified Date = 2008-02-14 14:06:59 | Attr = ] Grad-cover1.cdr -> %UserProfile%\My Documents\Grad-cover1.cdr -> [Ver = | Size = 10463100 bytes | Modified Date = 2008-02-10 14:32:06 | Attr = ] gradpic.xls -> %UserProfile%\My Documents\gradpic.xls -> [Ver = | Size = 2058752 bytes | Modified Date = 2008-02-16 14:32:23 | Attr = ] graduation.cdr -> %UserProfile%\My Documents\graduation.cdr -> [Ver = | Size = 60779754 bytes | Modified Date = 2008-01-30 06:30:15 | Attr = ] Ira's movie.avi -> %UserProfile%\My Documents\Ira's movie.avi -> [Ver = | Size = 2982313996 bytes | Modified Date = 2008-02-12 23:36:05 | Attr = ] Ira's movie1.mpg -> %UserProfile%\My Documents\Ira's movie1.mpg -> [Ver = | Size = 100272128 bytes | Modified Date = 2008-02-13 00:15:12 | Attr = ] jikjik_ree.sav -> %UserProfile%\My Documents\jikjik_ree.sav -> [Ver = | Size = 30652 bytes | Modified Date = 2008-02-07 00:48:11 | Attr = ] las nieves map.ppt -> %UserProfile%\My Documents\las nieves map.ppt -> [Ver = | Size = 20939264 bytes | Modified Date = 2008-02-16 22:25:39 | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 2008-02-26 21:23:21 | Attr = ] 1 C:\Documents and Settings\user\My Documents\*.tmp files -> C:\Documents and Settings\user\My Documents\*.tmp -> limewire.m3u -> %UserProfile%\My Documents\limewire.m3u -> [Ver = | Size = 267 bytes | Modified Date = 2008-02-04 20:34:34 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008-02-20 22:03:31 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-02-19 14:00:13 | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 567 bytes | Modified Date = 2008-02-06 21:21:27 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2008-02-17 15:08:32 | Attr = R ] NeroVision -> %UserProfile%\My Documents\NeroVision -> [Folder | Modified Date = 2008-02-13 00:28:01 | Attr = ] ok..doc -> %UserProfile%\My Documents\ok..doc -> [Ver = | Size = 28160 bytes | Modified Date = 2008-02-27 16:06:50 | Attr = ] phil iri.xls -> %UserProfile%\My Documents\phil iri.xls -> [Ver = | Size = 28672 bytes | Modified Date = 2008-02-27 15:31:19 | Attr = ] Rat.xls -> %UserProfile%\My Documents\Rat.xls -> [Ver = | Size = 24064 bytes | Modified Date = 2008-02-13 22:28:57 | Attr = ] School ID.xls -> %UserProfile%\My Documents\School ID.xls -> [Ver = | Size = 9341440 bytes | Modified Date = 2008-02-02 20:37:34 | Attr = ] song cover -> %UserProfile%\My Documents\song cover -> [Ver = | Size = 1653284 bytes | Modified Date = 2008-02-10 12:58:53 | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 147456 bytes | Modified Date = 2008-02-27 20:10:05 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Adobe Reader 8.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 8.lnk -> [Ver = | Size = 1729 bytes | Modified Date = 2008-02-18 07:22:51 | Attr = ] DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [Ver = | Size = 806 bytes | Modified Date = 2008-02-13 00:18:42 | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [Ver = | Size = 795 bytes | Modified Date = 2008-02-13 00:18:55 | Attr = ] Nero Home Essentials SE.lnk -> %AllUsersProfile%\Desktop\Nero Home Essentials SE.lnk -> [Ver = | Size = 2261 bytes | Modified Date = 2008-02-06 23:39:09 | Attr = ] Nero StartSmart Essentials.lnk -> %AllUsersProfile%\Desktop\Nero StartSmart Essentials.lnk -> [Ver = | Size = 2361 bytes | Modified Date = 2008-02-06 23:39:09 | Attr = ] Skype.lnk -> %AllUsersProfile%\Desktop\Skype.lnk -> [Ver = | Size = 2257 bytes | Modified Date = 2008-02-16 09:21:55 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2008-02-28 13:44:18 | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 2008-02-28 02:54:58 | Attr = ] CDGRip.lnk -> %UserProfile%\Desktop\CDGRip.lnk -> [Ver = | Size = 1541 bytes | Modified Date = 2008-02-23 00:02:38 | Attr = ] Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [Ver = | Size = 1573742 bytes | Modified Date = 2008-02-28 13:05:23 | Attr = ] CorelDRAW X3.lnk -> %UserProfile%\Desktop\CorelDRAW X3.lnk -> [Ver = | Size = 2549 bytes | Modified Date = 2008-02-26 23:14:46 | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1422 bytes | Modified Date = 2008-02-13 00:19:19 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008-02-28 01:01:08 | Attr = ] ira.avi -> %UserProfile%\Desktop\ira.avi -> [Ver = | Size = 1560874 bytes | Modified Date = 2008-02-13 00:09:17 | Attr = ] IslandWars2.lnk -> %UserProfile%\Desktop\IslandWars2.lnk -> [Ver = | Size = 732 bytes | Modified Date = 2008-02-27 22:03:07 | Attr = ] Kodak Pictures -> %UserProfile%\Desktop\Kodak Pictures -> [Folder | Modified Date = 2008-02-27 15:29:09 | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1580 bytes | Modified Date = 2008-02-26 21:19:36 | Attr = ] skulpic.jpg -> %UserProfile%\Desktop\skulpic.jpg -> [Ver = | Size = 206999 bytes | Modified Date = 2008-01-30 22:35:01 | Attr = ] Thanks To You .doc -> %UserProfile%\Desktop\Thanks To You .doc -> [Ver = | Size = 23040 bytes | Modified Date = 2008-02-05 06:19:51 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 113152 bytes | Modified Date = 2008-02-05 20:34:21 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2008-02-28 13:57:34 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481251 bytes | Modified Date = 2008-02-28 13:47:33 | Attr = ] avcenter.exe.lnk -> %UserProfile%\Start Menu\Programs\Startup\avcenter.exe.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2008-02-28 03:54:20 | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 2008-02-18 07:22:46 | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 2008-02-06 23:35:40 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 2008-02-06 22:49:47 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2008-02-06 22:49:53 | Attr = ] < End of report > [/code]