[code] OTScanIt logfile created on: 28/08/2008 11:31:49 PM OTScanIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\Sarah\Desktop\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 1015.17 Mb Total Physical Memory | 558.27 Mb Available Physical Memory | 54.99% Memory free 2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.58% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 47.49 Gb Free Space | 63.73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 74.53 Gb Total Space | 52.73 Gb Free Space | 70.76% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SATAN Current User Name: Sarah Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] nhksrv.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 6/08/2001 7:41:48 AM | Attr = ] ioloservicemanager.exe -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 19/06/2008 4:59:12 PM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Modified Date = 5/10/2006 11:11:00 PM | Attr = R ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 114688 bytes | Modified Date = 5/10/2006 11:13:00 PM | Attr = R ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 94208 bytes | Modified Date = 5/10/2006 11:10:00 PM | Attr = R ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.3.0 | Size = 16126464 bytes | Modified Date = 10/04/2007 5:28:44 PM | Attr = R ] mouse32a.exe -> %ProgramFiles%\NASDAK\OmniMouse Driver\4.0\Mouse32A.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 9/11/2001 4:47:50 PM | Attr = ] mmkeybd.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe -> Netropa Corp. [Ver = 1.0.2 | Size = 163840 bytes | Modified Date = 4/06/2003 1:32:44 AM | Attr = ] pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 7/08/2007 10:05:46 AM | Attr = ] traymon.exe -> %ProgramFiles%\Netropa\Multimedia Keyboard\Traymon.exe -> [Ver = | Size = 102400 bytes | Modified Date = 21/02/2002 12:48:18 AM | Attr = ] osd.exe -> %ProgramFiles%\Netropa\Onscreen Display\OSD.exe -> Netropa Corp. [Ver = 2.02 | Size = 90112 bytes | Modified Date = 2/11/2001 3:19:34 AM | Attr = ] inetkb.exe -> %ProgramFiles%\Netropa\Inetkb\iNetKb.exe -> Netropa Corp. [Ver = 2.02 | Size = 102400 bytes | Modified Date = 10/12/2002 4:40:58 AM | Attr = ] idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> [Ver = | Size = 802816 bytes | Modified Date = 11/10/2007 3:15:20 AM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 AM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 28/08/2008 8:01:39 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 402944 bytes | Modified Date = 26/08/2008 8:26:02 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 14/08/2008 5:27:51 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 14/04/2008 10:12:17 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 13/08/2008 5:48:29 PM | Attr = ] (ioloFileInfoList) iolo FileInfoList Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 19/06/2008 4:59:12 PM | Attr = ] (ioloSystemService) iolo System Service [Win32_Shared | Auto | Running] -> %ProgramFiles%\iolo\Common\Lib\ioloServiceManager.exe -> [Ver = | Size = 592232 bytes | Modified Date = 19/06/2008 4:59:12 PM | Attr = ] (nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Netropa\Multimedia Keyboard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 6/08/2001 7:41:48 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4704 | Size = 114688 bytes | Modified Date = 5/10/2006 11:13:00 PM | Attr = R ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Modified Date = 5/10/2006 11:11:00 PM | Attr = R ] LWBMOUSE -> %ProgramFiles%\NASDAK\OmniMouse Driver\4.0\Mouse32A.exe [C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE] -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 9/11/2001 4:47:50 PM | Attr = ] MULTIMEDIA KEYBOARD -> %ProgramFiles%\Netropa\Multimedia Keyboard\MMKeybd.exe [C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe] -> Netropa Corp. [Ver = 1.0.2 | Size = 163840 bytes | Modified Date = 4/06/2003 1:32:44 AM | Attr = ] Persistence -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4704 | Size = 94208 bytes | Modified Date = 5/10/2006 11:10:00 PM | Attr = R ] PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 7/08/2007 10:05:46 AM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.3.0 | Size = 16126464 bytes | Modified Date = 10/04/2007 5:28:44 PM | Attr = R ] SkyTel -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.1.9 | Size = 1822720 bytes | Modified Date = 4/04/2007 7:22:46 PM | Attr = R ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> [Ver = | Size = 802816 bytes | Modified Date = 11/10/2007 3:15:20 AM | Attr = ] PSwitch -> %ProgramFiles%\Proxy Switcher Standard\ProxySwitcher.exe [C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe] -> Proxy Switcher [Ver = 3.18.0.4990 | Size = 4431360 bytes | Modified Date = 14/08/2008 2:14:40 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 28/08/2008 8:01:39 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> [Ver = | Size = 802816 bytes | Modified Date = 11/10/2007 3:15:20 AM | Attr = ] PSwitch -> %ProgramFiles%\Proxy Switcher Standard\ProxySwitcher.exe [C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe] -> Proxy Switcher [Ver = 3.18.0.4990 | Size = 4431360 bytes | Modified Date = 14/08/2008 2:14:40 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 28/05/2008 10:33:34 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 28/08/2008 8:01:39 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 4:44:06 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Sarah Startup Folder > -> C:\Documents and Settings\Sarah\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 7:16:50 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> MsgPlusLoader.dll -> %SystemRoot%\system32\MsgPlusLoader.dll -> Patchou [Ver = 3, 63, 4, 0 | Size = 58952 bytes | Modified Date = 13/08/2008 8:04:22 PM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 13/05/2008 10:13:36 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dllschannel.dlldigest.dllmsnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/04/2008 10:12:19 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/04/2008 10:12:38 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/04/2008 10:12:24 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 14/04/2008 10:12:05 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/04/2008 10:12:41 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 19/04/2007 1:41:36 PM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Modified Date = 5/10/2006 11:09:00 PM | Attr = R ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 14/04/2008 4:40:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = ] < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\] > -> -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 11, 0, 7 | Size = 95664 bytes | Modified Date = 29/09/2007 1:14:23 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 28/08/2008 8:01:38 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 28/08/2008 8:01:38 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 28/08/2008 8:01:38 AM | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 28/08/2008 8:01:38 AM | Attr = R ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 20/10/2003 8:13:13 PM | Attr = ] Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 2/07/2007 4:19:10 PM | Attr = ] Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 3/12/2004 2:31:09 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1644491937-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 20/10/2003 8:13:13 PM | Attr = ] Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 2/07/2007 4:19:10 PM | Attr = ] Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 3/12/2004 2:31:09 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1BAE958D-6206-4D50-BD09-49D807950C11} -> (Motorola SURFboard SB5101 USB Cable Modem) -> {D139FFEB-D3AD-4389-BA8C-2A531898D333} -> () -> {E5183744-4DF6-4B13-B2EB-CA0A8DEC9BEA} -> () -> {F957EE68-EFE2-45F4-AFA5-963820423781} -> () -> {FB73F2D0-57C9-4A21-BC9B-534FA5040309} -> (Atheros L2 Fast Ethernet 10/100 Base-T Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1218613219343[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218635530421[MUWebControl Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 10:12:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14/04/2008 10:11:56 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14/04/2008 10:12:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14/04/2008 10:12:05 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14/04/2008 10:12:08 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 992 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 14/04/2008 10:12:05 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 14/04/2008 10:12:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> DA 7F 4C 58 64 6D 3D 79 31 79 66 E2 35 1B 09 46 33 38 37 66 33 38 66 66 00 FD 07 00 69 97 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 85 F2 07 2E 87 01 7F CF EB 96 11 38 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 7E DA 5B 9C C9 B5 BA 34 AF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> F3 F4 48 D6 A1 9E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 4/08/2004 10:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 87 4F 17 79 D4 B9 31 9D 3B 89 FC 5D 56 3B 6B 25 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> BC 52 24 F2 1C FD C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 10:12:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1855 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 14/04/2008 10:11:55 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 10:12:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14/04/2008 4:53:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 14/04/2008 10:12:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14/04/2008 4:53:32 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hamachi\hamachi.exe -> %ProgramFiles%\Hamachi\hamachi.exe [C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client] -> LogMeIn Inc. [Ver = 1, 0, 2, 5 | Size = 624416 bytes | Modified Date = 13/08/2008 6:46:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.11758 | Size = 267056 bytes | Modified Date = 13/08/2008 7:46:19 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 4/01/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe -> %ProgramFiles%\Proxy Switcher Standard\ProxySwitcher.exe [C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher] -> Proxy Switcher [Ver = 3.18.0.4990 | Size = 4431360 bytes | Modified Date = 14/08/2008 2:14:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 10:12:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14/04/2008 10:12:11 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 10:12:04 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14/04/2008 10:12:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14/04/2008 10:12:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 14/04/2008 10:12:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14/04/2008 10:12:04 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 4:21:54 PM | Attr = ] BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Created Date = 28/08/2008 8:00:55 AM | Attr = HS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Created Date = 14/08/2008 2:01:08 AM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 28/08/2008 8:00:39 AM | Attr = RHS] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 28/08/2008 8:00:53 AM | Attr = RHS] Codemasters -> %SystemDrive%\Codemasters -> [Folder | Created Date = 27/08/2008 6:54:34 PM | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 28/08/2008 8:42:29 PM | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 4:21:54 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 14/08/2008 2:08:12 AM | Attr = ] Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 13/08/2008 4:31:19 PM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 4:21:54 PM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 4:21:54 PM | Attr = RHS] Nexon -> %SystemDrive%\Nexon -> [Folder | Created Date = 13/08/2008 8:49:18 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Created Date = 14/08/2008 2:10:53 AM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 27/08/2008 11:15:25 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 28/08/2008 8:47:07 PM | Attr = HS] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 28/08/2008 7:43:59 AM | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 28/08/2008 7:51:18 AM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 28/08/2008 7:43:59 AM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 28/08/2008 7:51:18 AM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 14/08/2008 2:08:11 AM | Attr = HS] UbiSoft -> %SystemDrive%\UbiSoft -> [Folder | Created Date = 27/08/2008 6:28:04 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 27/08/2008 11:06:57 PM | Attr = ] big5.nls -> %SystemRoot%\System32\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 13/08/2008 4:22:31 PM | Attr = ] bktrh.gif -> %SystemRoot%\System32\dllcache\bktrh.gif -> [Ver = | Size = 999 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 13/08/2008 4:22:32 PM | Attr = ] cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 13/08/2008 4:22:37 PM | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 13/08/2008 4:22:39 PM | Attr = ] cloapp.gif -> %SystemRoot%\System32\dllcache\cloapp.gif -> [Ver = | Size = 717 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] cloapph.gif -> %SystemRoot%\System32\dllcache\cloapph.gif -> [Ver = | Size = 760 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] cnt.gif -> %SystemRoot%\System32\dllcache\cnt.gif -> [Ver = | Size = 773 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] cntd.gif -> %SystemRoot%\System32\dllcache\cntd.gif -> [Ver = | Size = 772 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] cnth.gif -> %SystemRoot%\System32\dllcache\cnth.gif -> [Ver = | Size = 773 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] contents.htm -> %SystemRoot%\System32\dllcache\contents.htm -> [Ver = | Size = 8298 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] controls.css -> %SystemRoot%\System32\dllcache\controls.css -> [Ver = | Size = 9585 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] controls.js -> %SystemRoot%\System32\dllcache\controls.js -> [Ver = | Size = 6878 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] copycd.wmv -> %SystemRoot%\System32\dllcache\copycd.wmv -> [Ver = | Size = 381425 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 13/08/2008 4:22:32 PM | Attr = ] c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 13/08/2008 4:22:32 PM | Attr = ] c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 13/08/2008 4:22:32 PM | Attr = ] c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:32 PM | Attr = ] c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:32 PM | Attr = ] c_10006.nls -> %SystemRoot%\System32\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_10007.nls -> %SystemRoot%\System32\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:48 AM | Attr = ] c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_10010.nls -> %SystemRoot%\System32\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_10017.nls -> %SystemRoot%\System32\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:48 AM | Attr = ] c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_10029.nls -> %SystemRoot%\System32\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_10081.nls -> %SystemRoot%\System32\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:50 AM | Attr = ] c_10082.nls -> %SystemRoot%\System32\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 13/08/2008 4:22:33 PM | Attr = ] c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20127.nls -> %SystemRoot%\System32\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:42 AM | Attr = ] c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:34 PM | Attr = ] c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_28594.nls -> %SystemRoot%\System32\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:45 AM | Attr = ] c_28595.nls -> %SystemRoot%\System32\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:48 AM | Attr = ] c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:35 PM | Attr = ] c_28597.nls -> %SystemRoot%\System32\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_28599.nls -> %SystemRoot%\System32\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:50 AM | Attr = ] c_28603.nls -> %SystemRoot%\System32\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:52 AM | Attr = ] c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:36 PM | Attr = ] c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 13/08/2008 4:22:36 PM | Attr = ] c_737.nls -> %SystemRoot%\System32\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_852.nls -> %SystemRoot%\System32\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_855.nls -> %SystemRoot%\System32\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:45 AM | Attr = ] c_857.nls -> %SystemRoot%\System32\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:50 AM | Attr = ] c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 13/08/2008 4:22:36 PM | Attr = ] c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 13/08/2008 4:22:36 PM | Attr = ] c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 13/08/2008 4:22:36 PM | Attr = ] c_866.nls -> %SystemRoot%\System32\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:45 AM | Attr = ] c_869.nls -> %SystemRoot%\System32\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 13/08/2008 4:22:36 PM | Attr = ] c_875.nls -> %SystemRoot%\System32\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 14/08/2008 2:10:42 AM | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 14/08/2008 2:10:42 AM | Attr = ] eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 14/08/2008 2:10:41 AM | Attr = ] esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 13/08/2008 4:22:47 PM | Attr = ] esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 13/08/2008 4:22:47 PM | Attr = ] esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 13/08/2008 4:22:47 PM | Attr = ] events.js -> %SystemRoot%\System32\dllcache\events.js -> [Ver = | Size = 5971 bytes | Created Date = 13/08/2008 6:00:33 PM | Attr = ] hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 13/08/2008 4:22:51 PM | Attr = ] HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 13/08/2008 4:18:26 PM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 13/08/2008 4:22:56 PM | Attr = ] IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 13/08/2008 4:23:05 PM | Attr = ] imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 13/08/2008 4:23:06 PM | Attr = ] imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 13/08/2008 4:23:07 PM | Attr = ] korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 13/08/2008 4:23:12 PM | Attr = ] ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 13/08/2008 4:23:13 PM | Attr = ] ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 14/08/2008 2:10:53 AM | Attr = ] MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] mdlib.wmv -> %SystemRoot%\System32\dllcache\mdlib.wmv -> [Ver = | Size = 457607 bytes | Created Date = 13/08/2008 6:00:35 PM | Attr = ] mplayer2.cnt -> %SystemRoot%\System32\dllcache\mplayer2.cnt -> [Ver = | Size = 1885 bytes | Created Date = 13/08/2008 6:00:36 PM | Attr = ] mplayer2.hlp -> %SystemRoot%\System32\dllcache\mplayer2.hlp -> [Ver = | Size = 97117 bytes | Created Date = 13/08/2008 6:00:36 PM | Attr = ] mplayer2.inf -> %SystemRoot%\System32\dllcache\mplayer2.inf -> [Ver = | Size = 18286 bytes | Created Date = 13/08/2008 6:00:36 PM | Attr = ] mplogo.gif -> %SystemRoot%\System32\dllcache\mplogo.gif -> [Ver = | Size = 2545 bytes | Created Date = 13/08/2008 6:00:36 PM | Attr = ] mplogoh.gif -> %SystemRoot%\System32\dllcache\mplogoh.gif -> [Ver = | Size = 2778 bytes | Created Date = 13/08/2008 6:00:36 PM | Attr = ] MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 13/08/2008 4:20:34 PM | Attr = ] npdrmv2.zip -> %SystemRoot%\System32\dllcache\npdrmv2.zip -> [Ver = | Size = 403 bytes | Created Date = 13/08/2008 6:00:40 PM | Attr = ] npds.zip -> %SystemRoot%\System32\dllcache\npds.zip -> [Ver = | Size = 22060 bytes | Created Date = 13/08/2008 6:00:40 PM | Attr = ] NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] nuskin.wmv -> %SystemRoot%\System32\dllcache\nuskin.wmv -> [Ver = | Size = 375519 bytes | Created Date = 13/08/2008 6:00:41 PM | Attr = ] OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 13/08/2008 4:23:30 PM | Attr = ] plyr_err.chm -> %SystemRoot%\System32\dllcache\plyr_err.chm -> [Ver = | Size = 77307 bytes | Created Date = 13/08/2008 6:00:41 PM | Attr = ] prc.nls -> %SystemRoot%\System32\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 13/08/2008 4:23:31 PM | Attr = ] prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 13/08/2008 4:23:31 PM | Attr = ] r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 14/08/2008 2:10:54 AM | Attr = ] rtuner.wmv -> %SystemRoot%\System32\dllcache\rtuner.wmv -> [Ver = | Size = 572557 bytes | Created Date = 13/08/2008 6:00:41 PM | Attr = ] rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 13/08/2008 4:23:36 PM | Attr = ] rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 13/08/2008 4:23:36 PM | Attr = ] sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 14/08/2008 2:10:54 AM | Attr = ] sam.spd -> %SystemRoot%\System32\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 14/08/2008 2:10:54 AM | Attr = ] skins.inf -> %SystemRoot%\System32\dllcache\skins.inf -> [Ver = | Size = 908 bytes | Created Date = 13/08/2008 6:00:42 PM | Attr = ] snd.htm -> %SystemRoot%\System32\dllcache\snd.htm -> [Ver = | Size = 1148 bytes | Created Date = 13/08/2008 6:00:42 PM | Attr = ] SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 14/08/2008 2:08:50 AM | Attr = ] spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 14/08/2008 2:10:41 AM | Attr = ] srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 13/08/2008 4:20:02 PM | Attr = ] taoff.gif -> %SystemRoot%\System32\dllcache\taoff.gif -> [Ver = | Size = 1380 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] taoffh.gif -> %SystemRoot%\System32\dllcache\taoffh.gif -> [Ver = | Size = 1367 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] taon.gif -> %SystemRoot%\System32\dllcache\taon.gif -> [Ver = | Size = 1398 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] taonh.gif -> %SystemRoot%\System32\dllcache\taonh.gif -> [Ver = | Size = 1380 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] tour.js -> %SystemRoot%\System32\dllcache\tour.js -> [Ver = | Size = 3187 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] tourbg.gif -> %SystemRoot%\System32\dllcache\tourbg.gif -> [Ver = | Size = 23829 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] tpause.gif -> %SystemRoot%\System32\dllcache\tpause.gif -> [Ver = | Size = 2450 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] tpauseh.gif -> %SystemRoot%\System32\dllcache\tpauseh.gif -> [Ver = | Size = 2371 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] tplay.gif -> %SystemRoot%\System32\dllcache\tplay.gif -> [Ver = | Size = 2469 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] tplayh.gif -> %SystemRoot%\System32\dllcache\tplayh.gif -> [Ver = | Size = 2375 bytes | Created Date = 13/08/2008 6:00:44 PM | Attr = ] videobg.gif -> %SystemRoot%\System32\dllcache\videobg.gif -> [Ver = | Size = 17489 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] vidsamp.gif -> %SystemRoot%\System32\dllcache\vidsamp.gif -> [Ver = | Size = 5290 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] viz.wmv -> %SystemRoot%\System32\dllcache\viz.wmv -> [Ver = | Size = 300969 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] wm1.gif -> %SystemRoot%\System32\dllcache\wm1.gif -> [Ver = | Size = 5789 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm2.gif -> %SystemRoot%\System32\dllcache\wm2.gif -> [Ver = | Size = 7636 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm3.gif -> %SystemRoot%\System32\dllcache\wm3.gif -> [Ver = | Size = 6241 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm4.gif -> %SystemRoot%\System32\dllcache\wm4.gif -> [Ver = | Size = 7369 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm5.gif -> %SystemRoot%\System32\dllcache\wm5.gif -> [Ver = | Size = 2477 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm6.gif -> %SystemRoot%\System32\dllcache\wm6.gif -> [Ver = | Size = 6060 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm7.gif -> %SystemRoot%\System32\dllcache\wm7.gif -> [Ver = | Size = 8677 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm8.gif -> %SystemRoot%\System32\dllcache\wm8.gif -> [Ver = | Size = 4193 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wm9.gif -> %SystemRoot%\System32\dllcache\wm9.gif -> [Ver = | Size = 7892 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmdm.inf -> %SystemRoot%\System32\dllcache\wmdm.inf -> [Ver = | Size = 17272 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmerrenu.cat -> %SystemRoot%\System32\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 14/08/2008 2:08:51 AM | Attr = ] wmfsdk.inf -> %SystemRoot%\System32\dllcache\wmfsdk.inf -> [Ver = | Size = 6769 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud1.wav -> %SystemRoot%\System32\dllcache\wmpaud1.wav -> [Ver = | Size = 354468 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud2.wav -> %SystemRoot%\System32\dllcache\wmpaud2.wav -> [Ver = | Size = 86180 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud3.wav -> %SystemRoot%\System32\dllcache\wmpaud3.wav -> [Ver = | Size = 172196 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud4.wav -> %SystemRoot%\System32\dllcache\wmpaud4.wav -> [Ver = | Size = 86180 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud5.wav -> %SystemRoot%\System32\dllcache\wmpaud5.wav -> [Ver = | Size = 86196 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud6.wav -> %SystemRoot%\System32\dllcache\wmpaud6.wav -> [Ver = | Size = 343204 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud7.wav -> %SystemRoot%\System32\dllcache\wmpaud7.wav -> [Ver = | Size = 343204 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud8.wav -> %SystemRoot%\System32\dllcache\wmpaud8.wav -> [Ver = | Size = 172196 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpaud9.wav -> %SystemRoot%\System32\dllcache\wmpaud9.wav -> [Ver = | Size = 172196 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmplay.chm -> %SystemRoot%\System32\dllcache\wmplay.chm -> [Ver = | Size = 23195 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmplayer.adm -> %SystemRoot%\System32\dllcache\wmplayer.adm -> [Ver = | Size = 69612 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmplayer.chm -> %SystemRoot%\System32\dllcache\wmplayer.chm -> [Ver = | Size = 613334 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmploc.js -> %SystemRoot%\System32\dllcache\wmploc.js -> [Ver = | Size = 420 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmpocm.inf -> %SystemRoot%\System32\dllcache\wmpocm.inf -> [Ver = | Size = 855 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmptour.css -> %SystemRoot%\System32\dllcache\wmptour.css -> [Ver = | Size = 1771 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] wmptour.hta -> %SystemRoot%\System32\dllcache\wmptour.hta -> [Ver = | Size = 10457 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 13/08/2008 4:24:02 PM | Attr = ] ASACPI.sys -> %SystemRoot%\System32\drivers\ASACPI.sys -> [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Created Date = 13/08/2008 4:29:04 PM | Attr = R ] AsIO.sys -> %SystemRoot%\System32\drivers\AsIO.sys -> [Ver = | Size = 12664 bytes | Created Date = 13/08/2008 4:36:24 PM | Attr = R ] ASUSHWIO.SYS -> %SystemRoot%\System32\drivers\ASUSHWIO.SYS -> [Ver = | Size = 10288 bytes | Created Date = 13/08/2008 4:28:50 PM | Attr = ] ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 13/08/2008 5:59:16 PM | Attr = ] cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 13/08/2008 6:00:24 PM | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Created Date = 13/08/2008 6:46:28 PM | Attr = ] hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 13/08/2008 6:00:33 PM | Attr = ] hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 13/08/2008 6:00:33 PM | Attr = ] hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 13/08/2008 6:00:33 PM | Attr = ] igxpmp32.sys -> %SystemRoot%\System32\drivers\igxpmp32.sys -> Intel Corporation [Ver = 6.14.10.4704 | Size = 1181824 bytes | Created Date = 13/08/2008 4:33:43 PM | Attr = R ] l251x86.sys -> %SystemRoot%\System32\drivers\l251x86.sys -> Atheros Communications Inc. [Ver = 2.5.6000.0 | Size = 29696 bytes | Created Date = 13/08/2008 4:31:06 PM | Attr = R ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 14/08/2008 12:32:45 AM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 14/08/2008 12:34:15 AM | Attr = ] mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 13/08/2008 6:00:35 PM | Attr = ] Msikbd2k.sys -> %SystemRoot%\System32\drivers\Msikbd2k.sys -> Netropa Corporation [Ver = 1.06 built by: WinDDK | Size = 6656 bytes | Created Date = 13/08/2008 4:41:35 PM | Attr = ] mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 13/08/2008 6:00:39 PM | Attr = ] mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 13/08/2008 6:00:39 PM | Attr = ] mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 13/08/2008 6:00:39 PM | Attr = ] NetMotCM.sys -> %SystemRoot%\System32\drivers\NetMotCM.sys -> Motorola Inc. [Ver = 2.4.5.0 | Size = 15360 bytes | Created Date = 13/08/2008 4:45:50 PM | Attr = ] netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 13/08/2008 6:00:40 PM | Attr = ] ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 13/08/2008 6:00:40 PM | Attr = ] nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 13/08/2008 6:00:41 PM | Attr = ] recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 13/08/2008 6:00:41 PM | Attr = ] RtkHDAud.sys -> %SystemRoot%\System32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5397 built by: WinDDK | Size = 4397568 bytes | Created Date = 13/08/2008 4:34:02 PM | Attr = R ] RTKVHDA.sys -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5397 built by: WinDDK | Size = 1764960 bytes | Created Date = 13/08/2008 4:35:26 PM | Attr = R ] s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 13/08/2008 6:00:41 PM | Attr = ] slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 13/08/2008 6:00:42 PM | Attr = ] slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 13/08/2008 6:00:42 PM | Attr = ] slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 13/08/2008 6:00:42 PM | Attr = ] slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 13/08/2008 6:00:42 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 13/08/2008 6:34:29 PM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 6:34:32 PM | Attr = H ] Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 18/08/2008 8:21:07 AM | Attr = H ] wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 13/08/2008 6:00:45 PM | Attr = ] watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 13/08/2008 6:00:46 PM | Attr = ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 14/08/2008 2:01:04 AM | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] ALSndMgr.cpl -> %SystemRoot%\System32\ALSndMgr.cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 10 | Size = 299008 bytes | Created Date = 13/08/2008 4:33:44 PM | Attr = R ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 13/08/2008 4:21:51 PM | Attr = ] AsIO.dll -> %SystemRoot%\System32\AsIO.dll -> [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Created Date = 13/08/2008 4:36:24 PM | Attr = R ] Atheros_L2 -> %SystemRoot%\System32\Atheros_L2 -> [Folder | Created Date = 13/08/2008 4:30:50 PM | Attr = ] AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT -> [Ver = | Size = 1688 bytes | Created Date = 14/08/2008 2:10:39 AM | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 14848 bytes | Created Date = 13/08/2008 7:51:51 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 13/08/2008 6:12:26 PM | Attr = ] bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce -> [Ver = | Size = 22984 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] BuzzingBee.wav -> %SystemRoot%\System32\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Created Date = 13/08/2008 5:00:14 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Created Date = 14/08/2008 2:08:40 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 14/08/2008 2:08:40 AM | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Created Date = 13/08/2008 4:20:49 PM | Attr = RH ] ChCfg.exe -> %SystemRoot%\System32\ChCfg.exe -> [Ver = | Size = 49152 bytes | Created Date = 13/08/2008 4:36:30 PM | Attr = R ] Com -> %SystemRoot%\System32\Com -> [Folder | Created Date = 13/08/2008 4:17:56 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Created Date = 13/08/2008 4:21:54 PM | Attr = ] c_10006.nls -> %SystemRoot%\System32\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_10007.nls -> %SystemRoot%\System32\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:48 AM | Attr = ] c_10010.nls -> %SystemRoot%\System32\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_10017.nls -> %SystemRoot%\System32\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:48 AM | Attr = ] c_10029.nls -> %SystemRoot%\System32\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_10081.nls -> %SystemRoot%\System32\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:50 AM | Attr = ] c_10082.nls -> %SystemRoot%\System32\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_20127.nls -> %SystemRoot%\System32\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:42 AM | Attr = ] C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:45 AM | Attr = ] C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:48 AM | Attr = ] C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_28599.nls -> %SystemRoot%\System32\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:50 AM | Attr = ] c_28603.nls -> %SystemRoot%\System32\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:52 AM | Attr = ] c_737.nls -> %SystemRoot%\System32\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_852.nls -> %SystemRoot%\System32\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:44 AM | Attr = ] c_855.nls -> %SystemRoot%\System32\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:45 AM | Attr = ] c_857.nls -> %SystemRoot%\System32\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:50 AM | Attr = ] c_866.nls -> %SystemRoot%\System32\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:45 AM | Attr = ] c_869.nls -> %SystemRoot%\System32\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] c_875.nls -> %SystemRoot%\System32\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 14/08/2008 2:10:47 AM | Attr = ] desktop.ini -> %SystemRoot%\System32\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 13/08/2008 4:20:08 PM | Attr = ] dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 14/08/2008 2:10:42 AM | Attr = ] dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 14/08/2008 2:10:42 AM | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Created Date = 13/08/2008 4:20:28 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 13/08/2008 4:31:52 PM | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Created Date = 13/08/2008 4:19:05 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 13/08/2008 6:12:26 PM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Created Date = 13/08/2008 6:12:27 PM | Attr = ] EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 14/08/2008 2:10:41 AM | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 113376 bytes | Created Date = 14/08/2008 2:08:11 AM | Attr = ] gb2312.uce -> %SystemRoot%\System32\gb2312.uce -> [Ver = | Size = 24006 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] hccutils.dll -> %SystemRoot%\System32\hccutils.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 81920 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] hkcmd.exe -> %SystemRoot%\System32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 114688 bytes | Created Date = 13/08/2008 4:33:49 PM | Attr = R ] hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 13/08/2008 4:18:26 PM | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Created Date = 13/08/2008 4:18:00 PM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] ideograf.uce -> %SystemRoot%\System32\ideograf.uce -> [Ver = | Size = 60458 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] igfxcfg.exe -> %SystemRoot%\System32\igfxcfg.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 450560 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] igfxCoIn_v4704.dll -> %SystemRoot%\System32\igfxCoIn_v4704.dll -> [Ver = | Size = 200704 bytes | Created Date = 13/08/2008 4:33:53 PM | Attr = R ] igfxcpl.cpl -> %SystemRoot%\System32\igfxcpl.cpl -> Intel Corporation [Ver = 3.0.0.4704 | Size = 94208 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] igfxdev.dll -> %SystemRoot%\System32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Created Date = 13/08/2008 4:33:48 PM | Attr = R ] igfxdo.dll -> %SystemRoot%\System32\igfxdo.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Created Date = 13/08/2008 4:33:48 PM | Attr = R ] igfxexps.dll -> %SystemRoot%\System32\igfxexps.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 23552 bytes | Created Date = 13/08/2008 4:33:52 PM | Attr = R ] igfxext.exe -> %SystemRoot%\System32\igfxext.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 122880 bytes | Created Date = 13/08/2008 4:33:52 PM | Attr = R ] igfxpers.exe -> %SystemRoot%\System32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 94208 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxpph.dll -> %SystemRoot%\System32\igfxpph.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 163840 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] igfxrara.lrc -> %SystemRoot%\System32\igfxrara.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 143360 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxrchs.lrc -> %SystemRoot%\System32\igfxrchs.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxrcht.lrc -> %SystemRoot%\System32\igfxrcht.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxrcsy.lrc -> %SystemRoot%\System32\igfxrcsy.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 159744 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrdan.lrc -> %SystemRoot%\System32\igfxrdan.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 159744 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxrdeu.lrc -> %SystemRoot%\System32\igfxrdeu.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 176128 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxrell.lrc -> %SystemRoot%\System32\igfxrell.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 176128 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrenu.lrc -> %SystemRoot%\System32\igfxrenu.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxres.dll -> %SystemRoot%\System32\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Created Date = 13/08/2008 5:00:04 PM | Attr = R ] igfxresp.lrc -> %SystemRoot%\System32\igfxresp.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 172032 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxress.dll -> %SystemRoot%\System32\igfxress.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 3276800 bytes | Created Date = 13/08/2008 4:33:49 PM | Attr = R ] igfxrfin.lrc -> %SystemRoot%\System32\igfxrfin.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 159744 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] igfxrfra.lrc -> %SystemRoot%\System32\igfxrfra.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 167936 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrheb.lrc -> %SystemRoot%\System32\igfxrheb.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 139264 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrhun.lrc -> %SystemRoot%\System32\igfxrhun.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 167936 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrita.lrc -> %SystemRoot%\System32\igfxrita.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 172032 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrjpn.lrc -> %SystemRoot%\System32\igfxrjpn.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 114688 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrkor.lrc -> %SystemRoot%\System32\igfxrkor.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 114688 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrnld.lrc -> %SystemRoot%\System32\igfxrnld.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 172032 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrnor.lrc -> %SystemRoot%\System32\igfxrnor.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 159744 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrplk.lrc -> %SystemRoot%\System32\igfxrplk.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 163840 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrptb.lrc -> %SystemRoot%\System32\igfxrptb.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 163840 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrptg.lrc -> %SystemRoot%\System32\igfxrptg.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 163840 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrrus.lrc -> %SystemRoot%\System32\igfxrrus.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 163840 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrsve.lrc -> %SystemRoot%\System32\igfxrsve.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 159744 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrtha.lrc -> %SystemRoot%\System32\igfxrtha.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 147456 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxrtrk.lrc -> %SystemRoot%\System32\igfxrtrk.lrc -> Intel Corporation [Ver = 3.0.0.4704 | Size = 155648 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] igfxsrvc.dll -> %SystemRoot%\System32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4704 | Size = 44032 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] igfxsrvc.exe -> %SystemRoot%\System32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 192512 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] igfxtray.exe -> %SystemRoot%\System32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 98304 bytes | Created Date = 13/08/2008 4:33:48 PM | Attr = R ] igfxzoom.exe -> %SystemRoot%\System32\igfxzoom.exe -> Intel Corporation [Ver = 3.0.0.4704 | Size = 106496 bytes | Created Date = 13/08/2008 4:33:48 PM | Attr = R ] igldev32.dll -> %SystemRoot%\System32\igldev32.dll -> Intel Corporation [Ver = 6.14.10.4704 | Size = 454656 bytes | Created Date = 13/08/2008 4:33:52 PM | Attr = R ] iglicd32.dll -> %SystemRoot%\System32\iglicd32.dll -> Intel Corporation [Ver = 6.14.10.4704 | Size = 2363392 bytes | Created Date = 13/08/2008 4:33:52 PM | Attr = R ] igxpdv32.dll -> %SystemRoot%\System32\igxpdv32.dll -> Intel Corporation [Ver = 6.14.10.4704 | Size = 1442848 bytes | Created Date = 13/08/2008 4:33:43 PM | Attr = R ] igxpdx32.dll -> %SystemRoot%\System32\igxpdx32.dll -> Intel Corporation [Ver = 6.14.10.4704 | Size = 2262528 bytes | Created Date = 13/08/2008 4:33:44 PM | Attr = R ] igxpgd32.dll -> %SystemRoot%\System32\igxpgd32.dll -> Intel Corporation [Ver = 6.14.10.4704 | Size = 146432 bytes | Created Date = 13/08/2008 4:33:43 PM | Attr = R ] igxprd32.dll -> %SystemRoot%\System32\igxprd32.dll -> Intel Corporation [Ver = 6.14.10.4704 | Size = 53248 bytes | Created Date = 13/08/2008 4:33:43 PM | Attr = R ] igxpun.exe -> %SystemRoot%\System32\igxpun.exe -> Intel(R) Corporation [Ver = 1, 0, 29, 0 | Size = 364544 bytes | Created Date = 13/08/2008 4:33:05 PM | Attr = R ] igxpxa32.cpa -> %SystemRoot%\System32\igxpxa32.cpa -> [Ver = | Size = 655842 bytes | Created Date = 13/08/2008 4:33:46 PM | Attr = R ] igxpxa32.vp -> %SystemRoot%\System32\igxpxa32.vp -> [Ver = | Size = 929 bytes | Created Date = 13/08/2008 4:33:46 PM | Attr = R ] igxpxk32.vp -> %SystemRoot%\System32\igxpxk32.vp -> [Ver = | Size = 2096 bytes | Created Date = 13/08/2008 4:33:46 PM | Attr = R ] igxpxs32.vp -> %SystemRoot%\System32\igxpxs32.vp -> [Ver = | Size = 23632 bytes | Created Date = 13/08/2008 4:33:47 PM | Attr = R ] IME -> %SystemRoot%\System32\IME -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Incinerator.dll -> %SystemRoot%\System32\Incinerator.dll -> [Ver = | Size = 918368 bytes | Created Date = 21/08/2008 8:02:43 PM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Infrared.ocx -> %SystemRoot%\System32\Infrared.ocx -> FlashPoint Technology, Inc. [Ver = 1, 0, 0, 1 | Size = 53760 bytes | Created Date = 13/08/2008 7:08:57 PM | Attr = ] ioloBootDefrag.cfg -> %SystemRoot%\System32\ioloBootDefrag.cfg -> [Ver = | Size = 406 bytes | Created Date = 21/08/2008 8:09:04 PM | Attr = ] iolobtdfg.exe -> %SystemRoot%\System32\iolobtdfg.exe -> [Ver = | Size = 29696 bytes | Created Date = 21/08/2008 8:02:36 PM | Attr = ] IScrNB.bmp -> %SystemRoot%\System32\IScrNB.bmp -> [Ver = | Size = 121232 bytes | Created Date = 13/08/2008 4:33:07 PM | Attr = R ] IScrNBR.bmp -> %SystemRoot%\System32\IScrNBR.bmp -> [Ver = | Size = 121232 bytes | Created Date = 13/08/2008 4:33:07 PM | Attr = R ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 13/08/2008 4:19:38 PM | Attr = ] kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce -> [Ver = | Size = 6948 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce -> [Ver = | Size = 8484 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] korean.uce -> %SystemRoot%\System32\korean.uce -> [Ver = | Size = 12876 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Created Date = 13/08/2008 4:33:07 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 13/08/2008 6:34:29 PM | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Created Date = 13/08/2008 4:20:54 PM | Attr = RH ] LoopyMusic.wav -> %SystemRoot%\System32\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Created Date = 13/08/2008 5:00:14 PM | Attr = ] LWBHMVXD.VXD -> %SystemRoot%\System32\LWBHMVXD.VXD -> [Ver = | Size = 6205 bytes | Created Date = 13/08/2008 4:40:29 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Created Date = 13/08/2008 4:19:53 PM | Attr = ] mfc45.dll -> %SystemRoot%\System32\mfc45.dll -> [Ver = | Size = 74703 bytes | Created Date = 21/08/2008 8:00:37 PM | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Created Date = 13/08/2008 4:26:04 PM | Attr = S] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Created Date = 13/08/2008 4:17:57 PM | Attr = ] msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h -> [Ver = | Size = 768 bytes | Created Date = 13/08/2008 4:18:17 PM | Attr = ] msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini -> [Ver = | Size = 1931 bytes | Created Date = 13/08/2008 4:18:17 PM | Attr = ] MsgPlusLoader.dll -> %SystemRoot%\System32\MsgPlusLoader.dll -> Patchou [Ver = 3, 63, 4, 0 | Size = 58952 bytes | Created Date = 21/08/2008 8:10:31 PM | Attr = ] msiosd32.dll -> %SystemRoot%\System32\msiosd32.dll -> [Ver = | Size = 28672 bytes | Created Date = 13/08/2008 4:41:35 PM | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 13/08/2008 4:20:49 PM | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Created Date = 13/08/2008 4:21:51 PM | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 13/08/2008 4:20:49 PM | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Created Date = 14/08/2008 2:10:57 AM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 13/08/2008 5:42:16 PM | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Created Date = 13/08/2008 4:31:55 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Created Date = 13/08/2008 4:19:39 PM | Attr = ] rewire.dll -> %SystemRoot%\System32\rewire.dll -> Propellerhead Software AB [Ver = 1, 5, 2, 89 | Size = 225280 bytes | Created Date = 23/08/2008 11:27:22 AM | Attr = ] Roboex32.dll -> %SystemRoot%\System32\Roboex32.dll -> Blue Sky Software Corporation. [Ver = 7.00.142 | Size = 317952 bytes | Created Date = 13/08/2008 7:08:57 PM | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Created Date = 13/08/2008 4:35:26 PM | Attr = ] RtkAPO.dll -> %SystemRoot%\System32\RtkAPO.dll -> Realtek Semiconductor Corp. [Ver = 11.0.6000.32 built by: WinDDK | Size = 1844224 bytes | Created Date = 13/08/2008 4:35:34 PM | Attr = R ] RtkApoApi.dll -> %SystemRoot%\System32\RtkApoApi.dll -> Realtek Semiconductor Corp. [Ver = 1.0.0.2 | Size = 266240 bytes | Created Date = 13/08/2008 4:35:39 PM | Attr = R ] RtkCoInst.dll -> %SystemRoot%\System32\RtkCoInst.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 1, 1 | Size = 18432 bytes | Created Date = 13/08/2008 4:35:41 PM | Attr = R ] RtkPgExt.dll -> %SystemRoot%\System32\RtkPgExt.dll -> Realtek Semiconductor Corp. [Ver = 6.0.6000.22 | Size = 495104 bytes | Created Date = 13/08/2008 4:35:35 PM | Attr = R ] RTSndMgr.cpl -> %SystemRoot%\System32\RTSndMgr.cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 9 | Size = 282624 bytes | Created Date = 13/08/2008 4:35:33 PM | Attr = R ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 13/08/2008 4:20:49 PM | Attr = RH ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 13/08/2008 6:12:27 PM | Attr = ] Serial.ocx -> %SystemRoot%\System32\Serial.ocx -> FlashPoint Technology, Inc. [Ver = 1, 0, 0, 1 | Size = 54272 bytes | Created Date = 13/08/2008 7:08:57 PM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce -> [Ver = | Size = 16740 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] smrgdf.exe -> %SystemRoot%\System32\smrgdf.exe -> [Ver = | Size = 8704 bytes | Created Date = 21/08/2008 8:02:36 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 13/08/2008 5:39:59 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 213 bytes | Created Date = 28/08/2008 7:38:50 PM | Attr = ] spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 14/08/2008 2:10:41 AM | Attr = ] SRSTSXT.dll -> %SystemRoot%\System32\SRSTSXT.dll -> SRS Labs, Inc. [Ver = 3, 2, 0, 0 | Size = 339968 bytes | Created Date = 13/08/2008 4:35:36 PM | Attr = R ] SRSWOW.dll -> %SystemRoot%\System32\SRSWOW.dll -> SRS Labs, Inc. [Ver = 1.0.6.0 | Size = 135168 bytes | Created Date = 13/08/2008 4:35:37 PM | Attr = R ] subrange.uce -> %SystemRoot%\System32\subrange.uce -> [Ver = | Size = 93702 bytes | Created Date = 13/08/2008 4:18:20 PM | Attr = ] tslabels.h -> %SystemRoot%\System32\tslabels.h -> [Ver = | Size = 3286 bytes | Created Date = 13/08/2008 4:18:18 PM | Attr = ] tslabels.ini -> %SystemRoot%\System32\tslabels.ini -> [Ver = | Size = 13223 bytes | Created Date = 13/08/2008 4:18:18 PM | Attr = ] USB.ocx -> %SystemRoot%\System32\USB.ocx -> FlashPoint Technology, Inc. [Ver = 1, 0, 0, 1 | Size = 51712 bytes | Created Date = 13/08/2008 7:08:57 PM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd -> [Ver = | Size = 1161 bytes | Created Date = 13/08/2008 4:18:18 PM | Attr = ] vorbis.acm -> %SystemRoot%\System32\vorbis.acm -> HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 23/08/2008 11:27:07 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Wh2Robo.dll -> %SystemRoot%\System32\Wh2Robo.dll -> [Ver = | Size = 47104 bytes | Created Date = 13/08/2008 7:08:57 PM | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Created Date = 13/08/2008 4:20:54 PM | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc -> [Ver = | Size = 63488 bytes | Created Date = 13/08/2008 4:18:11 PM | Attr = ] wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 13646 bytes | Created Date = 13/08/2008 5:36:43 PM | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Created Date = 13/08/2008 4:20:49 PM | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Created Date = 13/08/2008 4:22:14 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 13/08/2008 5:42:14 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 13/08/2008 6:04:59 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 13/08/2008 6:21:55 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 13/08/2008 6:21:43 PM | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Alcmtr.exe -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Created Date = 13/08/2008 4:33:46 PM | Attr = R ] alcwzrd.exe -> %SystemRoot%\alcwzrd.exe -> RealTek Semicoductor Corp. [Ver = 1.1.0.36 | Size = 2808832 bytes | Created Date = 13/08/2008 4:33:44 PM | Attr = R ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 11230 bytes | Created Date = 13/08/2008 4:29:05 PM | Attr = ] Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Created Date = 13/08/2008 4:24:12 PM | Attr = S] Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] Config -> %SystemRoot%\Config -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 4:21:54 PM | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] desktop.ini -> %SystemRoot%\desktop.ini -> [Ver = | Size = 2 bytes | Created Date = 13/08/2008 4:20:08 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Created Date = 13/08/2008 4:20:54 PM | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 28/08/2008 7:40:33 AM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = R S] Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Created Date = 13/08/2008 4:33:19 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 13/08/2008 6:22:02 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 28/08/2008 7:39:12 PM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 14/08/2008 2:10:59 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Created Date = 14/08/2008 2:10:57 AM | Attr = HS] java -> %SystemRoot%\java -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 13/08/2008 6:12:27 PM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 28/08/2008 2:12:22 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] MicCal.exe -> %SystemRoot%\MicCal.exe -> Realtek Semiconductor Corp. [Ver = 1.1.1.6 | Size = 2157568 bytes | Created Date = 13/08/2008 4:33:50 PM | Attr = R ] msagent -> %SystemRoot%\msagent -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] MSIOSD.INI -> %SystemRoot%\MSIOSD.INI -> [Ver = | Size = 245 bytes | Created Date = 13/08/2008 4:41:35 PM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 13/08/2008 6:08:35 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Created Date = 16/08/2008 4:41:12 PM | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Created Date = 14/08/2008 2:10:56 AM | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Created Date = 13/08/2008 4:20:54 PM | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Created Date = 18/08/2008 5:02:16 PM | Attr = H ] Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 13/08/2008 6:17:03 PM | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Created Date = 13/08/2008 4:18:51 PM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 13/08/2008 4:25:48 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] RTHDCPL.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.3.0 | Size = 16126464 bytes | Created Date = 13/08/2008 4:33:51 PM | Attr = R ] RtHDVCpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 50 | Size = 4431872 bytes | Created Date = 13/08/2008 4:35:28 PM | Attr = R ] RTLCPL.exe -> %SystemRoot%\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.65 | Size = 9715200 bytes | Created Date = 13/08/2008 4:34:06 PM | Attr = R ] RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 7 | Size = 520192 bytes | Created Date = 13/08/2008 4:33:15 PM | Attr = R ] RtlUpd.exe -> %SystemRoot%\RtlUpd.exe -> Realtek Semiconductor Corp. [Ver = 2, 7, 0, 6 | Size = 1191936 bytes | Created Date = 13/08/2008 4:35:27 PM | Attr = R ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 13/08/2008 6:10:41 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 28/08/2008 8:00:37 AM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Created Date = 28/08/2008 7:59:43 AM | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Created Date = 16/08/2008 4:30:27 PM | Attr = ] SkyTel.exe -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 2.0.1.9 | Size = 1822720 bytes | Created Date = 13/08/2008 4:35:32 PM | Attr = R ] Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 13/08/2008 4:26:06 PM | Attr = ] SoundMan.exe -> %SystemRoot%\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 30 | Size = 86016 bytes | Created Date = 13/08/2008 4:34:15 PM | Attr = R ] srchasst -> %SystemRoot%\srchasst -> [Folder | Created Date = 13/08/2008 4:19:53 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Created Date = 13/08/2008 4:19:58 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] UbiSoft -> %SystemRoot%\UbiSoft -> [Folder | Created Date = 27/08/2008 6:27:54 PM | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Created Date = 13/08/2008 4:18:55 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 59 bytes | Created Date = 13/08/2008 4:18:55 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 13/08/2008 6:23:09 PM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = R ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Created Date = 13/08/2008 4:20:49 PM | Attr = RH ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 0 bytes | Created Date = 13/08/2008 4:41:38 PM | Attr = ] winnt.bmp -> %SystemRoot%\winnt.bmp -> [Ver = | Size = 48680 bytes | Created Date = 13/08/2008 4:20:08 PM | Attr = HS] winnt256.bmp -> %SystemRoot%\winnt256.bmp -> [Ver = | Size = 48680 bytes | Created Date = 13/08/2008 4:20:08 PM | Attr = HS] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Created Date = 14/08/2008 1:55:59 AM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Created Date = 13/08/2008 4:21:50 PM | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 13/08/2008 4:18:21 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 27/08/2008 11:15:24 PM | Attr = ] desktop.ini -> %SystemRoot%\tasks\desktop.ini -> [Ver = | Size = 65 bytes | Created Date = 13/08/2008 4:19:58 PM | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Created Date = 13/08/2008 4:26:04 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 14/08/2008 5:26:31 PM | Attr = ] Adobe Systems -> %AllUsersProfile%\Application Data\Adobe Systems -> [Folder | Created Date = 14/08/2008 5:38:25 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 14/08/2008 2:10:30 AM | Attr = HS] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 13/08/2008 5:48:30 PM | Attr = ] iolo -> %AllUsersProfile%\Application Data\iolo -> [Folder | Created Date = 21/08/2008 8:00:31 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 14/08/2008 12:28:22 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Created Date = 14/08/2008 2:08:35 AM | Attr = S] N360BUOptions.ini -> %AllUsersProfile%\Application Data\N360BUOptions.ini -> [Ver = | Size = 5115 bytes | Created Date = 27/08/2008 11:00:04 PM | Attr = ] NCH Swift Sound -> %AllUsersProfile%\Application Data\NCH Swift Sound -> [Folder | Created Date = 27/08/2008 7:39:43 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 14/08/2008 12:29:58 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 18/08/2008 2:11:45 PM | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Created Date = 13/08/2008 5:42:22 PM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 13/08/2008 8:06:35 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 13/08/2008 8:56:55 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Created Date = 27/08/2008 7:44:27 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 13/08/2008 4:26:40 PM | Attr = HS] DMCache -> %AppData%\DMCache -> [Folder | Created Date = 13/08/2008 7:51:37 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 13/08/2008 5:48:32 PM | Attr = ] Hamachi -> %AppData%\Hamachi -> [Folder | Created Date = 13/08/2008 6:46:44 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Created Date = 13/08/2008 4:26:52 PM | Attr = ] IDM -> %AppData%\IDM -> [Folder | Created Date = 13/08/2008 7:51:37 PM | Attr = ] iolo -> %AppData%\iolo -> [Folder | Created Date = 21/08/2008 8:00:31 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Created Date = 13/08/2008 5:39:04 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 14/08/2008 12:28:25 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Created Date = 13/08/2008 4:26:39 PM | Attr = S] Microsoft Web Folders -> %AppData%\Microsoft Web Folders -> [Folder | Created Date = 16/08/2008 4:29:14 PM | Attr = ] NCH Swift Sound -> %AppData%\NCH Swift Sound -> [Folder | Created Date = 27/08/2008 7:39:43 PM | Attr = ] NetMedia Providers -> %AppData%\NetMedia Providers -> [Folder | Created Date = 22/08/2008 10:28:56 PM | Attr = ] Nexon -> %AppData%\Nexon -> [Folder | Created Date = 14/08/2008 4:37:41 PM | Attr = ] Opera -> %AppData%\Opera -> [Folder | Created Date = 14/08/2008 10:52:56 PM | Attr = ] Publish Providers -> %AppData%\Publish Providers -> [Folder | Created Date = 22/08/2008 10:28:56 PM | Attr = ] Sony -> %AppData%\Sony -> [Folder | Created Date = 22/08/2008 10:32:14 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 14/08/2008 12:29:51 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Created Date = 27/08/2008 8:00:03 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 18/08/2008 2:11:29 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 13/08/2008 7:00:12 PM | Attr = ] Ventrilo -> %AppData%\Ventrilo -> [Folder | Created Date = 14/08/2008 6:39:34 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 13/08/2008 7:51:08 PM | Attr = ] WNR -> %AppData%\WNR -> [Folder | Created Date = 22/08/2008 12:03:21 AM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Created Date = 14/08/2008 5:42:28 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Created Date = 13/08/2008 6:36:50 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 18640 bytes | Created Date = 13/08/2008 4:27:25 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Created Date = 13/08/2008 5:48:32 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4240744 bytes | Created Date = 13/08/2008 4:59:03 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Created Date = 13/08/2008 4:26:39 PM | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Created Date = 13/08/2008 8:26:05 PM | Attr = ] Sony -> %UserProfile%\Local Settings\Application Data\Sony -> [Folder | Created Date = 22/08/2008 10:28:49 PM | Attr = ] Adobe PDF -> %AllUsersProfile%\Documents\Adobe PDF -> [Folder | Created Date = 14/08/2008 5:40:26 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 62 bytes | Created Date = 14/08/2008 2:10:30 AM | Attr = HS] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Created Date = 13/08/2008 4:18:44 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Created Date = 13/08/2008 4:19:24 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Created Date = 13/08/2008 4:17:43 PM | Attr = R ] 568834350_l.jpg -> %UserProfile%\My Documents\568834350_l.jpg -> [Ver = | Size = 39111 bytes | Created Date = 25/08/2008 9:22:21 PM | Attr = ] aina -> %UserProfile%\My Documents\aina -> [Folder | Created Date = 13/08/2008 4:47:15 PM | Attr = ] Bluetooth -> %UserProfile%\My Documents\Bluetooth -> [Folder | Created Date = 23/08/2008 12:01:57 PM | Attr = ] blutetooth -> %UserProfile%\My Documents\blutetooth -> [Folder | Created Date = 23/08/2008 11:48:34 AM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 76 bytes | Created Date = 13/08/2008 4:26:48 PM | Attr = HS] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Created Date = 13/08/2008 7:01:30 PM | Attr = ] Fraps_2.9.4_Build_7037_[mininova].torrent -> %UserProfile%\My Documents\Fraps_2.9.4_Build_7037_[mininova].torrent -> [Ver = | Size = 708 bytes | Created Date = 18/08/2008 2:08:46 PM | Attr = ] Guitar Pro -> %UserProfile%\My Documents\Guitar Pro -> [Folder | Created Date = 25/08/2008 3:26:58 PM | Attr = ] Hacks.rar -> %UserProfile%\My Documents\Hacks.rar -> [Ver = | Size = 404735 bytes | Created Date = 24/08/2008 4:08:19 AM | Attr = ] LimeWire_Pro_4.17.0.exe_[mininova].torrent -> %UserProfile%\My Documents\LimeWire_Pro_4.17.0.exe_[mininova].torrent -> [Ver = | Size = 942 bytes | Created Date = 19/08/2008 4:49:52 PM | Attr = ] l_4a9da0cb80a526724c139a43043a3c11.jpg -> %UserProfile%\My Documents\l_4a9da0cb80a526724c139a43043a3c11.jpg -> [Ver = | Size = 13554 bytes | Created Date = 26/08/2008 2:11:11 PM | Attr = ] midi -> %UserProfile%\My Documents\midi -> [Folder | Created Date = 23/08/2008 7:57:24 PM | Attr = ] mums crap -> %UserProfile%\My Documents\mums crap -> [Folder | Created Date = 19/08/2008 10:26:03 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Created Date = 13/08/2008 4:26:48 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Created Date = 13/08/2008 4:26:48 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 13/08/2008 11:15:42 PM | Attr = ] My Recordings -> %UserProfile%\My Documents\My Recordings -> [Folder | Created Date = 13/08/2008 4:50:15 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 616 bytes | Created Date = 13/08/2008 11:16:38 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Created Date = 13/08/2008 6:37:13 PM | Attr = R ] newBoogimsclient.rar -> %UserProfile%\My Documents\newBoogimsclient.rar -> [Ver = | Size = 1566575 bytes | Created Date = 13/08/2008 6:14:05 PM | Attr = ] old hardrive My Documents -> %UserProfile%\My Documents\old hardrive My Documents -> [Folder | Created Date = 13/08/2008 4:50:19 PM | Attr = ] PRIVATE -> %UserProfile%\My Documents\PRIVATE -> [Folder | Created Date = 13/08/2008 4:50:23 PM | Attr = ] programs -> %UserProfile%\My Documents\programs -> [Folder | Created Date = 13/08/2008 5:46:14 PM | Attr = ] Register ACID Music Studio.htm -> %UserProfile%\My Documents\Register ACID Music Studio.htm -> [Ver = | Size = 2568 bytes | Created Date = 22/08/2008 10:28:33 PM | Attr = ] school.PNG -> %UserProfile%\My Documents\school.PNG -> [Ver = | Size = 336980 bytes | Created Date = 21/08/2008 9:36:35 AM | Attr = ] Shortcut to My Documents.lnk -> %UserProfile%\My Documents\Shortcut to My Documents.lnk -> [Ver = | Size = 311 bytes | Created Date = 28/08/2008 7:40:14 AM | Attr = ] Sony ACID Music Studio 7.0 Projects -> %UserProfile%\My Documents\Sony ACID Music Studio 7.0 Projects -> [Folder | Created Date = 22/08/2008 10:28:50 PM | Attr = ] Symantec -> %UserProfile%\My Documents\Symantec -> [Folder | Created Date = 27/08/2008 10:02:50 PM | Attr = ] t.A.T.u -> %UserProfile%\My Documents\t.A.T.u -> [Folder | Created Date = 13/08/2008 4:50:27 PM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 23040 bytes | Created Date = 25/08/2008 9:24:17 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable untitled.bmp -> %UserProfile%\My Documents\untitled.bmp -> [Ver = | Size = 3932214 bytes | Created Date = 17/08/2008 4:23:56 PM | Attr = ] untitleddddd.bmp -> %UserProfile%\My Documents\untitleddddd.bmp -> [Ver = | Size = 3932214 bytes | Created Date = 27/08/2008 8:16:23 PM | Attr = ] untitleddddd.GIF -> %UserProfile%\My Documents\untitleddddd.GIF -> [Ver = | Size = 110961 bytes | Created Date = 27/08/2008 8:21:06 PM | Attr = ] youtube.rtf -> %UserProfile%\My Documents\youtube.rtf -> [Ver = | Size = 1219 bytes | Created Date = 16/08/2008 1:31:14 PM | Attr = ] ACID Music Studio 7.0.lnk -> %AllUsersProfile%\Desktop\ACID Music Studio 7.0.lnk -> [Ver = | Size = 1787 bytes | Created Date = 22/08/2008 10:26:13 PM | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1740 bytes | Created Date = 27/08/2008 7:36:12 PM | Attr = ] PowerISO.lnk -> %AllUsersProfile%\Desktop\PowerISO.lnk -> [Ver = | Size = 682 bytes | Created Date = 26/08/2008 9:52:31 AM | Attr = ] SUPERAntiSpyware Professional.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Professional.lnk -> [Ver = | Size = 1756 bytes | Created Date = 14/08/2008 12:29:51 AM | Attr = ] Ventrilo.lnk -> %AllUsersProfile%\Desktop\Ventrilo.lnk -> [Ver = | Size = 630 bytes | Created Date = 14/08/2008 6:39:22 PM | Attr = ] WavePad Sound Editor.lnk -> %AllUsersProfile%\Desktop\WavePad Sound Editor.lnk -> [Ver = | Size = 798 bytes | Created Date = 27/08/2008 7:39:40 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2833302 bytes | Created Date = 27/08/2008 11:09:41 PM | Attr = R ] dxwnd.dll -> %UserProfile%\Desktop\dxwnd.dll -> [Ver = | Size = 81920 bytes | Created Date = 14/08/2008 4:39:23 PM | Attr = ] DXwnd.exe -> %UserProfile%\Desktop\DXwnd.exe -> [Ver = 1, 0, 0, 1 | Size = 266240 bytes | Created Date = 14/08/2008 4:39:23 PM | Attr = ] dxwnd.ini -> %UserProfile%\Desktop\dxwnd.ini -> [Ver = | Size = 129 bytes | Created Date = 15/08/2008 12:01:21 AM | Attr = ] FL Studio 8.lnk -> %UserProfile%\Desktop\FL Studio 8.lnk -> [Ver = | Size = 792 bytes | Created Date = 28/08/2008 7:45:36 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 27/08/2008 9:51:46 PM | Attr = ] LimeWire PRO 4.17.0.lnk -> %UserProfile%\Desktop\LimeWire PRO 4.17.0.lnk -> [Ver = | Size = 1588 bytes | Created Date = 28/08/2008 7:45:36 AM | Attr = ] MapleStory.lnk -> %UserProfile%\Desktop\MapleStory.lnk -> [Ver = | Size = 2020 bytes | Created Date = 28/08/2008 7:45:36 AM | Attr = ] ms.png -> %UserProfile%\Desktop\ms.png -> [Ver = | Size = 71007 bytes | Created Date = 14/08/2008 8:46:20 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 27/08/2008 11:00:11 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 28/08/2008 11:25:18 PM | Attr = ] services.msc -> %UserProfile%\Desktop\services.msc -> [Ver = | Size = 7 bytes | Created Date = 27/08/2008 9:28:42 PM | Attr = ] Severance.lnk -> %UserProfile%\Desktop\Severance.lnk -> [Ver = | Size = 2024 bytes | Created Date = 28/08/2008 7:45:36 AM | Attr = ] Shortcut to uTorrent.lnk -> %UserProfile%\Desktop\Shortcut to uTorrent.lnk -> [Ver = | Size = 622 bytes | Created Date = 28/08/2008 7:45:37 AM | Attr = ] System Mechanic.lnk -> %UserProfile%\Desktop\System Mechanic.lnk -> [Ver = | Size = 801 bytes | Created Date = 28/08/2008 7:45:37 AM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 5120 bytes | Created Date = 28/08/2008 10:12:14 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable To Play Rayman 2.lnk -> %UserProfile%\Desktop\To Play Rayman 2.lnk -> [Ver = | Size = 1507 bytes | Created Date = 28/08/2008 7:45:37 AM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1757 bytes | Created Date = 27/08/2008 7:36:12 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 14/08/2008 2:10:30 AM | Attr = HS] Microsoft Office.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> [Ver = | Size = 1725 bytes | Created Date = 16/08/2008 4:31:50 PM | Attr = ] Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 988 bytes | Created Date = 14/08/2008 5:40:39 PM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Created Date = 13/08/2008 4:26:40 PM | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Created Date = 13/08/2008 4:43:40 PM | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 14/08/2008 5:27:51 PM | Attr = ] Designer -> %CommonProgramFiles%\Designer -> [Folder | Created Date = 16/08/2008 4:31:25 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Created Date = 13/08/2008 4:30:25 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Created Date = 14/08/2008 2:10:53 AM | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Created Date = 13/08/2008 4:19:57 PM | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Created Date = 14/08/2008 2:10:56 AM | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Created Date = 13/08/2008 4:20:00 PM | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Created Date = 14/08/2008 2:10:53 AM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Created Date = 27/08/2008 8:01:46 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Created Date = 13/08/2008 4:19:27 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 13/08/2008 8:07:13 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 14/08/2008 12:29:38 AM | Attr = ] Activision -> %ProgramFiles%\Activision -> [Folder | Created Date = 27/08/2008 6:48:01 PM | Attr = ] Adobe -> %ProgramFiles%\Adobe -> [Folder | Created Date = 14/08/2008 5:26:14 PM | Attr = ] ASIO4ALL v2 -> %ProgramFiles%\ASIO4ALL v2 -> [Folder | Created Date = 23/08/2008 11:37:32 AM | Attr = ] ASUS -> %ProgramFiles%\ASUS -> [Folder | Created Date = 13/08/2008 4:36:18 PM | Attr = ] BigPond -> %ProgramFiles%\BigPond -> [Folder | Created Date = 13/08/2008 4:50:05 PM | Attr = ] Common Files -> %CommonProgramFiles% -> [Folder | Created Date = 14/08/2008 2:10:53 AM | Attr = ] ComPlus Applications -> %ProgramFiles%\ComPlus Applications -> [Folder | Created Date = 13/08/2008 4:18:57 PM | Attr = ] Google -> %ProgramFiles%\Google -> [Folder | Created Date = 13/08/2008 5:47:04 PM | Attr = ] Guitar Pro 5 -> %ProgramFiles%\Guitar Pro 5 -> [Folder | Created Date = 25/08/2008 2:27:10 PM | Attr = ] Hamachi -> %ProgramFiles%\Hamachi -> [Folder | Created Date = 13/08/2008 6:46:28 PM | Attr = ] Image-Line -> %ProgramFiles%\Image-Line -> [Folder | Created Date = 23/08/2008 11:24:33 AM | Attr = ] InstallShield Installation Information -> %ProgramFiles%\InstallShield Installation Information -> [Folder | Created Date = 13/08/2008 4:30:49 PM | Attr = H ] Intel -> %ProgramFiles%\Intel -> [Folder | Created Date = 13/08/2008 4:31:52 PM | Attr = ] Internet Download Manager -> %ProgramFiles%\Internet Download Manager -> [Folder | Created Date = 13/08/2008 7:51:34 PM | Attr = ] Internet Explorer -> %ProgramFiles%\Internet Explorer -> [Folder | Created Date = 13/08/2008 4:19:24 PM | Attr = ] iolo -> %ProgramFiles%\iolo -> [Folder | Created Date = 21/08/2008 8:02:34 PM | Attr = ] LimeWire -> %ProgramFiles%\LimeWire -> [Folder | Created Date = 19/08/2008 4:51:22 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 14/08/2008 12:32:45 AM | Attr = ] Messenger -> %ProgramFiles%\Messenger -> [Folder | Created Date = 13/08/2008 4:18:38 PM | Attr = ] MessengerPlus! 3 -> %ProgramFiles%\MessengerPlus! 3 -> [Folder | Created Date = 13/08/2008 8:04:22 PM | Attr = ] microsoft frontpage -> %ProgramFiles%\microsoft frontpage -> [Folder | Created Date = 13/08/2008 4:22:14 PM | Attr = ] Microsoft Office -> %ProgramFiles%\Microsoft Office -> [Folder | Created Date = 16/08/2008 4:29:14 PM | Attr = ] Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio -> [Folder | Created Date = 16/08/2008 4:31:27 PM | Attr = ] Movie Maker -> %ProgramFiles%\Movie Maker -> [Folder | Created Date = 13/08/2008 4:19:46 PM | Attr = ] MSN -> %ProgramFiles%\MSN -> [Folder | Created Date = 13/08/2008 4:18:02 PM | Attr = ] MSN Gaming Zone -> %ProgramFiles%\MSN Gaming Zone -> [Folder | Created Date = 13/08/2008 4:18:34 PM | Attr = ] MSN Messenger -> %ProgramFiles%\MSN Messenger -> [Folder | Created Date = 13/08/2008 11:15:16 PM | Attr = ] NASDAK -> %ProgramFiles%\NASDAK -> [Folder | Created Date = 13/08/2008 4:40:29 PM | Attr = ] NCH Software -> %ProgramFiles%\NCH Software -> [Folder | Created Date = 27/08/2008 7:40:11 PM | Attr = ] NCH Swift Sound -> %ProgramFiles%\NCH Swift Sound -> [Folder | Created Date = 27/08/2008 7:39:38 PM | Attr = ] NetMeeting -> %ProgramFiles%\NetMeeting -> [Folder | Created Date = 13/08/2008 4:19:35 PM | Attr = ] Netropa -> %ProgramFiles%\Netropa -> [Folder | Created Date = 13/08/2008 4:41:35 PM | Attr = ] Online Services -> %ProgramFiles%\Online Services -> [Folder | Created Date = 13/08/2008 4:18:44 PM | Attr = ] Outlook Express -> %ProgramFiles%\Outlook Express -> [Folder | Created Date = 13/08/2008 4:19:32 PM | Attr = ] Outsim -> %ProgramFiles%\Outsim -> [Folder | Created Date = 23/08/2008 11:26:29 AM | Attr = ] Paint Shop Pro 6 -> %ProgramFiles%\Paint Shop Pro 6 -> [Folder | Created Date = 13/08/2008 7:08:53 PM | Attr = ] PowerISO -> %ProgramFiles%\PowerISO -> [Folder | Created Date = 26/08/2008 9:52:31 AM | Attr = ] Proxy Switcher Standard -> %ProgramFiles%\Proxy Switcher Standard -> [Folder | Created Date = 22/08/2008 12:03:18 AM | Attr = ] Realtek -> %ProgramFiles%\Realtek -> [Folder | Created Date = 13/08/2008 4:33:43 PM | Attr = ] Sony -> %ProgramFiles%\Sony -> [Folder | Created Date = 22/08/2008 10:23:05 PM | Attr = ] Sony Setup -> %ProgramFiles%\Sony Setup -> [Folder | Created Date = 22/08/2008 10:24:43 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 14/08/2008 12:29:51 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 27/08/2008 9:51:45 PM | Attr = ] Uninstall Information -> %ProgramFiles%\Uninstall Information -> [Folder | Created Date = 13/08/2008 4:26:51 PM | Attr = H ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 13/08/2008 7:00:18 PM | Attr = ] Ventrilo -> %ProgramFiles%\Ventrilo -> [Folder | Created Date = 14/08/2008 6:39:22 PM | Attr = ] Vstplugins -> %ProgramFiles%\Vstplugins -> [Folder | Created Date = 22/08/2008 10:26:10 PM | Attr = ] Windows Live -> %ProgramFiles%\Windows Live -> [Folder | Created Date = 13/08/2008 8:06:44 PM | Attr = ] Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 -> [Folder | Created Date = 13/08/2008 6:35:30 PM | Attr = ] Windows Media Player -> %ProgramFiles%\Windows Media Player -> [Folder | Created Date = 13/08/2008 4:18:44 PM | Attr = ] Windows NT -> %ProgramFiles%\Windows NT -> [Folder | Created Date = 13/08/2008 4:18:00 PM | Attr = ] WindowsUpdate -> %ProgramFiles%\WindowsUpdate -> [Folder | Created Date = 13/08/2008 4:20:44 PM | Attr = H ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 13/08/2008 7:50:56 PM | Attr = ] xerox -> %ProgramFiles%\xerox -> [Folder | Created Date = 13/08/2008 4:22:14 PM | Attr = ] [Files/Folders - Modified Within 90 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = ] BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Modified Date = 13/08/2008 4:16:59 PM | Attr = HS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 28/08/2008 8:00:55 AM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 28/08/2008 8:00:55 AM | Attr = RHS] Codemasters -> %SystemDrive%\Codemasters -> [Folder | Modified Date = 27/08/2008 6:54:34 PM | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 28/08/2008 8:46:10 PM | Attr = ] CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 13/08/2008 4:26:39 PM | Attr = ] Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 13/08/2008 4:31:19 PM | Attr = ] IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = RHS] MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = RHS] Nexon -> %SystemDrive%\Nexon -> [Folder | Modified Date = 13/08/2008 8:49:30 PM | Attr = ] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 13/08/2008 6:08:20 PM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28/08/2008 7:40:54 AM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 28/08/2008 8:46:07 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 28/08/2008 8:47:07 PM | Attr = HS] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 28/08/2008 7:43:59 AM | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 28/08/2008 7:51:18 AM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 28/08/2008 7:43:59 AM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 28/08/2008 7:51:18 AM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 13/08/2008 4:26:06 PM | Attr = HS] UbiSoft -> %SystemDrive%\UbiSoft -> [Folder | Modified Date = 27/08/2008 6:28:04 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 28/08/2008 8:46:09 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 27/08/2008 11:06:57 PM | Attr = ] disdn -> %SystemRoot%\System32\drivers\disdn -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 28/08/2008 7:45:29 AM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 28/08/2008 7:45:29 AM | Attr = ] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 13/08/2008 6:46:28 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 17/08/2008 3:01:14 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 17/08/2008 3:01:18 PM | Attr = ] UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 18/08/2008 8:21:07 AM | Attr = ] MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 6:34:32 PM | Attr = H ] Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 18/08/2008 8:21:07 AM | Attr = H ] $winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 261 bytes | Modified Date = 13/08/2008 4:24:12 PM | Attr = ] 1025 -> %SystemRoot%\System32\1025 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 23 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 1028 -> %SystemRoot%\System32\1028 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 1031 -> %SystemRoot%\System32\1031 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 14/08/2008 1:56:48 AM | Attr = ] 1037 -> %SystemRoot%\System32\1037 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 1041 -> %SystemRoot%\System32\1041 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 1042 -> %SystemRoot%\System32\1042 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 1054 -> %SystemRoot%\System32\1054 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 2052 -> %SystemRoot%\System32\2052 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 3076 -> %SystemRoot%\System32\3076 -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] 3com_dmi -> %SystemRoot%\System32\3com_dmi -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 13/08/2008 6:35:36 PM | Attr = ] Atheros_L2 -> %SystemRoot%\System32\Atheros_L2 -> [Folder | Modified Date = 13/08/2008 4:30:50 PM | Attr = ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 14848 bytes | Modified Date = 13/08/2008 7:51:51 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 13/08/2008 6:12:26 PM | Attr = ] BuzzingBee.wav -> %SystemRoot%\System32\BuzzingBee.wav -> [Ver = | Size = 146650 bytes | Modified Date = 13/08/2008 5:00:14 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 13/08/2008 6:15:19 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 28/08/2008 8:47:00 PM | Attr = ] cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 13/08/2008 4:20:49 PM | Attr = RH ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 13/08/2008 6:10:29 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 28/08/2008 7:43:53 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = ] dhcp -> %SystemRoot%\System32\dhcp -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] DirectX -> %SystemRoot%\System32\DirectX -> [Folder | Modified Date = 13/08/2008 4:20:28 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 28/08/2008 7:40:10 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 28/08/2008 8:44:23 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 13/08/2008 11:15:36 PM | Attr = ] emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat -> [Ver = | Size = 21640 bytes | Modified Date = 13/08/2008 4:19:05 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 13/08/2008 6:12:26 PM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Modified Date = 28/08/2008 7:39:22 PM | Attr = ] export -> %SystemRoot%\System32\export -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 113376 bytes | Modified Date = 27/08/2008 8:33:10 PM | Attr = ] ias -> %SystemRoot%\System32\ias -> [Folder | Modified Date = 13/08/2008 4:21:29 PM | Attr = ] icsxml -> %SystemRoot%\System32\icsxml -> [Folder | Modified Date = 14/08/2008 1:57:13 AM | Attr = ] IME -> %SystemRoot%\System32\IME -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] Incinerator.dll -> %SystemRoot%\System32\Incinerator.dll -> [Ver = | Size = 918368 bytes | Modified Date = 19/06/2008 5:15:00 PM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 13/08/2008 6:12:37 PM | Attr = ] ioloBootDefrag.cfg -> %SystemRoot%\System32\ioloBootDefrag.cfg -> [Ver = | Size = 406 bytes | Modified Date = 21/08/2008 8:09:04 PM | Attr = ] iolobtdfg.exe -> %SystemRoot%\System32\iolobtdfg.exe -> [Ver = | Size = 29696 bytes | Modified Date = 16/06/2008 7:21:20 PM | Attr = ] Lang -> %SystemRoot%\System32\Lang -> [Folder | Modified Date = 13/08/2008 4:33:07 PM | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 13/08/2008 6:34:29 PM | Attr = ] logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest -> [Ver = | Size = 488 bytes | Modified Date = 13/08/2008 4:20:54 PM | Attr = RH ] LoopyMusic.wav -> %SystemRoot%\System32\LoopyMusic.wav -> [Ver = | Size = 940794 bytes | Modified Date = 13/08/2008 5:00:14 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 13/08/2008 4:19:53 PM | Attr = ] mfc45.dll -> %SystemRoot%\System32\mfc45.dll -> [Ver = | Size = 74703 bytes | Modified Date = 21/08/2008 8:00:37 PM | Attr = ] Microsoft -> %SystemRoot%\System32\Microsoft -> [Folder | Modified Date = 13/08/2008 4:26:04 PM | Attr = S] MsDtc -> %SystemRoot%\System32\MsDtc -> [Folder | Modified Date = 13/08/2008 4:18:49 PM | Attr = ] MsgPlusLoader.dll -> %SystemRoot%\System32\MsgPlusLoader.dll -> Patchou [Ver = 3, 63, 4, 0 | Size = 58952 bytes | Modified Date = 13/08/2008 8:04:22 PM | Attr = ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 13/08/2008 4:20:49 PM | Attr = RH ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 13/08/2008 6:10:33 PM | Attr = ] nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 13/08/2008 6:35:36 PM | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 13/08/2008 4:20:49 PM | Attr = RH ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 13/08/2008 6:10:08 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 40196 bytes | Modified Date = 26/08/2008 4:17:41 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 311934 bytes | Modified Date = 26/08/2008 4:17:41 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 26/08/2008 4:17:41 PM | Attr = ] PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Modified Date = 13/08/2008 5:42:16 PM | Attr = ] ras -> %SystemRoot%\System32\ras -> [Folder | Modified Date = 14/08/2008 1:57:32 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 13/08/2008 6:07:25 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 27/08/2008 11:02:40 PM | Attr = ] RTCOM -> %SystemRoot%\System32\RTCOM -> [Folder | Modified Date = 13/08/2008 4:36:32 PM | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 13/08/2008 4:20:49 PM | Attr = RH ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 13/08/2008 6:12:27 PM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 13/08/2008 6:16:45 PM | Attr = ] ShellExt -> %SystemRoot%\System32\ShellExt -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] smrgdf.exe -> %SystemRoot%\System32\smrgdf.exe -> [Ver = | Size = 8704 bytes | Modified Date = 6/06/2008 4:55:34 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Modified Date = 13/08/2008 5:39:59 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 13/08/2008 4:17:21 PM | Attr = ] spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 213 bytes | Modified Date = 28/08/2008 7:39:51 PM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 13/08/2008 6:12:27 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 13/08/2008 6:16:44 PM | Attr = ] WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest -> [Ver = | Size = 488 bytes | Modified Date = 13/08/2008 4:20:54 PM | Attr = RH ] wins -> %SystemRoot%\System32\wins -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] wpa.bak -> %SystemRoot%\System32\wpa.bak -> [Ver = | Size = 13646 bytes | Modified Date = 13/08/2008 5:36:41 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 27/08/2008 6:24:49 PM | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 13/08/2008 4:20:49 PM | Attr = RH ] xircom -> %SystemRoot%\System32\xircom -> [Folder | Modified Date = 13/08/2008 4:22:14 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 28/08/2008 7:40:07 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 13/08/2008 6:07:17 PM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 13/08/2008 6:21:55 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 13/08/2008 6:21:43 PM | Attr = H ] addins -> %SystemRoot%\addins -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 28/08/2008 8:44:23 PM | Attr = ] Ascd_tmp.ini -> %SystemRoot%\Ascd_tmp.ini -> [Ver = | Size = 11230 bytes | Modified Date = 13/08/2008 4:29:06 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 28/08/2008 7:45:08 AM | Attr = S] Config -> %SystemRoot%\Config -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] Connection Wizard -> %SystemRoot%\Connection Wizard -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] control.ini -> %SystemRoot%\control.ini -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:21:54 PM | Attr = ] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 13/08/2008 4:18:31 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 13/08/2008 6:23:51 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 13/08/2008 11:52:16 PM | Attr = S] Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 13/08/2008 6:04:58 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 28/08/2008 7:43:45 AM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 26/08/2008 12:28:36 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 28/08/2008 2:12:26 PM | Attr = ] HideWin.exe -> %SystemRoot%\HideWin.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.1 | Size = 315392 bytes | Modified Date = 13/08/2008 4:33:19 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 13/08/2008 6:22:55 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 28/08/2008 7:40:08 PM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 13/08/2008 6:12:36 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 28/08/2008 7:40:04 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 28/08/2008 7:40:11 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 28/08/2008 8:43:37 PM | Attr = HS] java -> %SystemRoot%\java -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 13/08/2008 6:12:27 PM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 28/08/2008 7:38:20 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 16/08/2008 4:31:15 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 13/08/2008 6:10:32 PM | Attr = ] msapps -> %SystemRoot%\msapps -> [Folder | Modified Date = 16/08/2008 4:28:59 PM | Attr = ] MSIOSD.INI -> %SystemRoot%\MSIOSD.INI -> [Ver = | Size = 245 bytes | Modified Date = 28/08/2008 8:46:08 PM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 13/08/2008 6:10:32 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 13/08/2008 6:12:37 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 16/08/2008 4:41:12 PM | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4161 bytes | Modified Date = 13/08/2008 4:21:42 PM | Attr = ] Offline Web Pages -> %SystemRoot%\Offline Web Pages -> [Folder | Modified Date = 13/08/2008 4:20:54 PM | Attr = R ] pchealth -> %SystemRoot%\pchealth -> [Folder | Modified Date = 13/08/2008 11:15:16 PM | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 13/08/2008 6:12:26 PM | Attr = ] PIF -> %SystemRoot%\PIF -> [Folder | Modified Date = 18/08/2008 5:02:16 PM | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/08/2008 10:37:56 PM | Attr = ] Provisioning -> %SystemRoot%\Provisioning -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 13/08/2008 4:21:39 PM | Attr = ] REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 13/08/2008 4:25:48 PM | Attr = ] repair -> %SystemRoot%\repair -> [Folder | Modified Date = 13/08/2008 4:22:13 PM | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 14/08/2008 1:55:59 AM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 23/08/2008 11:45:11 AM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 13/08/2008 6:10:41 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 28/08/2008 8:00:37 AM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Modified Date = 28/08/2008 8:00:23 AM | Attr = ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 16/08/2008 4:30:27 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 13/08/2008 5:40:23 PM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 13/08/2008 6:10:31 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 16/08/2008 4:28:59 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 28/08/2008 8:44:45 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 28/08/2008 8:46:10 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 13/08/2008 4:26:04 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/08/2008 11:28:24 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 14/08/2008 1:57:52 AM | Attr = ] UbiSoft -> %SystemRoot%\UbiSoft -> [Folder | Modified Date = 27/08/2008 6:31:34 PM | Attr = ] vb.ini -> %SystemRoot%\vb.ini -> [Ver = | Size = 36 bytes | Modified Date = 13/08/2008 4:18:55 PM | Attr = ] vbaddin.ini -> %SystemRoot%\vbaddin.ini -> [Ver = | Size = 59 bytes | Modified Date = 16/08/2008 4:32:30 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 13/08/2008 6:23:09 PM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 13/08/2008 4:20:57 PM | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 603 bytes | Modified Date = 16/08/2008 4:31:55 PM | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 13/08/2008 4:20:49 PM | Attr = RH ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 0 bytes | Modified Date = 13/08/2008 4:41:38 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 22/08/2008 10:25:23 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 13/08/2008 6:17:43 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 17/08/2008 2:02:47 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 13/08/2008 5:41:47 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5491 bytes | Modified Date = 28/08/2008 2:14:49 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 28/08/2008 2:14:49 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 27/08/2008 7:36:06 PM | Attr = ] Adobe Systems -> %AllUsersProfile%\Application Data\Adobe Systems -> [Folder | Modified Date = 14/08/2008 5:38:26 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 14/08/2008 2:10:30 AM | Attr = HS] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 13/08/2008 5:48:30 PM | Attr = ] iolo -> %AllUsersProfile%\Application Data\iolo -> [Folder | Modified Date = 21/08/2008 8:08:47 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 14/08/2008 12:28:22 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 18/08/2008 8:21:07 AM | Attr = S] N360BUOptions.ini -> %AllUsersProfile%\Application Data\N360BUOptions.ini -> [Ver = | Size = 5115 bytes | Modified Date = 27/08/2008 11:00:04 PM | Attr = ] NCH Swift Sound -> %AllUsersProfile%\Application Data\NCH Swift Sound -> [Folder | Modified Date = 27/08/2008 7:39:43 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 14/08/2008 12:29:58 AM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 18/08/2008 2:11:45 PM | Attr = ] Windows Genuine Advantage -> %AllUsersProfile%\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 13/08/2008 5:42:22 PM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 13/08/2008 11:12:15 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 27/08/2008 7:43:57 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 27/08/2008 7:44:27 PM | Attr = ] desktop.ini -> %AppData%\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 14/08/2008 2:10:30 AM | Attr = HS] DMCache -> %AppData%\DMCache -> [Folder | Modified Date = 28/08/2008 8:44:45 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 15/08/2008 3:38:24 PM | Attr = ] Hamachi -> %AppData%\Hamachi -> [Folder | Modified Date = 26/08/2008 11:49:28 PM | Attr = ] Identities -> %AppData%\Identities -> [Folder | Modified Date = 13/08/2008 4:26:52 PM | Attr = ] IDM -> %AppData%\IDM -> [Folder | Modified Date = 28/08/2008 11:24:51 PM | Attr = ] iolo -> %AppData%\iolo -> [Folder | Modified Date = 21/08/2008 8:13:14 PM | Attr = ] Macromedia -> %AppData%\Macromedia -> [Folder | Modified Date = 13/08/2008 5:39:04 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 14/08/2008 12:28:25 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 27/08/2008 9:45:07 PM | Attr = S] Microsoft Web Folders -> %AppData%\Microsoft Web Folders -> [Folder | Modified Date = 16/08/2008 4:29:14 PM | Attr = ] NCH Swift Sound -> %AppData%\NCH Swift Sound -> [Folder | Modified Date = 27/08/2008 7:39:43 PM | Attr = ] NetMedia Providers -> %AppData%\NetMedia Providers -> [Folder | Modified Date = 22/08/2008 10:28:56 PM | Attr = ] Nexon -> %AppData%\Nexon -> [Folder | Modified Date = 14/08/2008 4:37:41 PM | Attr = ] Opera -> %AppData%\Opera -> [Folder | Modified Date = 14/08/2008 10:52:56 PM | Attr = ] Publish Providers -> %AppData%\Publish Providers -> [Folder | Modified Date = 22/08/2008 10:28:56 PM | Attr = ] Sony -> %AppData%\Sony -> [Folder | Modified Date = 22/08/2008 10:32:14 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 14/08/2008 12:29:51 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 27/08/2008 8:08:29 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 19/08/2008 9:47:21 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 28/08/2008 7:43:59 AM | Attr = ] Ventrilo -> %AppData%\Ventrilo -> [Folder | Modified Date = 14/08/2008 6:48:24 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 13/08/2008 7:51:08 PM | Attr = ] WNR -> %AppData%\WNR -> [Folder | Modified Date = 22/08/2008 12:03:21 AM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 27/08/2008 7:44:08 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Modified Date = 13/08/2008 6:36:50 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 18640 bytes | Modified Date = 25/08/2008 2:28:40 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 13/08/2008 5:48:32 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4240744 bytes | Modified Date = 27/08/2008 9:37:00 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 13/08/2008 11:16:28 PM | Attr = ] PCHealth -> %UserProfile%\Local Settings\Application Data\PCHealth -> [Folder | Modified Date = 13/08/2008 8:26:05 PM | Attr = ] Sony -> %UserProfile%\Local Settings\Application Data\Sony -> [Folder | Modified Date = 22/08/2008 10:28:56 PM | Attr = ] Adobe PDF -> %AllUsersProfile%\Documents\Adobe PDF -> [Folder | Modified Date = 14/08/2008 5:40:32 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 62 bytes | Modified Date = 14/08/2008 2:10:30 AM | Attr = HS] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 13/08/2008 6:35:04 PM | Attr = R ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 13/08/2008 4:20:08 PM | Attr = R ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 13/08/2008 4:17:43 PM | Attr = R ] 568834350_l.jpg -> %UserProfile%\My Documents\568834350_l.jpg -> [Ver = | Size = 39111 bytes | Modified Date = 25/08/2008 9:22:09 PM | Attr = ] aina -> %UserProfile%\My Documents\aina -> [Folder | Modified Date = 22/08/2008 6:43:17 PM | Attr = ] Bluetooth -> %UserProfile%\My Documents\Bluetooth -> [Folder | Modified Date = 23/08/2008 12:01:59 PM | Attr = ] blutetooth -> %UserProfile%\My Documents\blutetooth -> [Folder | Modified Date = 27/08/2008 3:30:20 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 76 bytes | Modified Date = 13/08/2008 6:26:05 PM | Attr = HS] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 27/08/2008 11:23:00 PM | Attr = ] Fraps_2.9.4_Build_7037_[mininova].torrent -> %UserProfile%\My Documents\Fraps_2.9.4_Build_7037_[mininova].torrent -> [Ver = | Size = 708 bytes | Modified Date = 18/08/2008 2:08:47 PM | Attr = ] Guitar Pro -> %UserProfile%\My Documents\Guitar Pro -> [Folder | Modified Date = 27/08/2008 7:04:46 PM | Attr = ] Hacks.rar -> %UserProfile%\My Documents\Hacks.rar -> [Ver = | Size = 404735 bytes | Modified Date = 24/08/2008 4:08:31 AM | Attr = ] LimeWire_Pro_4.17.0.exe_[mininova].torrent -> %UserProfile%\My Documents\LimeWire_Pro_4.17.0.exe_[mininova].torrent -> [Ver = | Size = 942 bytes | Modified Date = 19/08/2008 4:49:54 PM | Attr = ] l_4a9da0cb80a526724c139a43043a3c11.jpg -> %UserProfile%\My Documents\l_4a9da0cb80a526724c139a43043a3c11.jpg -> [Ver = | Size = 13554 bytes | Modified Date = 26/08/2008 2:10:53 PM | Attr = ] midi -> %UserProfile%\My Documents\midi -> [Folder | Modified Date = 23/08/2008 8:06:31 PM | Attr = ] mums crap -> %UserProfile%\My Documents\mums crap -> [Folder | Modified Date = 20/08/2008 2:43:42 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 27/08/2008 12:06:45 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 27/08/2008 5:55:54 PM | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 26/08/2008 8:16:55 PM | Attr = ] My Recordings -> %UserProfile%\My Documents\My Recordings -> [Folder | Modified Date = 13/08/2008 4:50:16 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 616 bytes | Modified Date = 28/08/2008 9:35:29 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 13/08/2008 6:37:13 PM | Attr = R ] newBoogimsclient.rar -> %UserProfile%\My Documents\newBoogimsclient.rar -> [Ver = | Size = 1566575 bytes | Modified Date = 13/08/2008 6:14:05 PM | Attr = ] old hardrive My Documents -> %UserProfile%\My Documents\old hardrive My Documents -> [Folder | Modified Date = 13/08/2008 4:50:23 PM | Attr = ] PRIVATE -> %UserProfile%\My Documents\PRIVATE -> [Folder | Modified Date = 13/08/2008 4:50:24 PM | Attr = ] programs -> %UserProfile%\My Documents\programs -> [Folder | Modified Date = 26/08/2008 3:02:59 PM | Attr = ] Register ACID Music Studio.htm -> %UserProfile%\My Documents\Register ACID Music Studio.htm -> [Ver = | Size = 2568 bytes | Modified Date = 22/08/2008 10:28:33 PM | Attr = ] school.PNG -> %UserProfile%\My Documents\school.PNG -> [Ver = | Size = 336980 bytes | Modified Date = 21/08/2008 9:36:36 AM | Attr = ] Shortcut to My Documents.lnk -> %UserProfile%\My Documents\Shortcut to My Documents.lnk -> [Ver = | Size = 311 bytes | Modified Date = 28/08/2008 5:36:18 PM | Attr = ] Sony ACID Music Studio 7.0 Projects -> %UserProfile%\My Documents\Sony ACID Music Studio 7.0 Projects -> [Folder | Modified Date = 27/08/2008 7:00:28 PM | Attr = ] Symantec -> %UserProfile%\My Documents\Symantec -> [Folder | Modified Date = 27/08/2008 10:02:50 PM | Attr = ] t.A.T.u -> %UserProfile%\My Documents\t.A.T.u -> [Folder | Modified Date = 23/08/2008 3:45:00 PM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 23040 bytes | Modified Date = 28/08/2008 10:11:57 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable untitled.bmp -> %UserProfile%\My Documents\untitled.bmp -> [Ver = | Size = 3932214 bytes | Modified Date = 17/08/2008 4:23:56 PM | Attr = ] untitleddddd.bmp -> %UserProfile%\My Documents\untitleddddd.bmp -> [Ver = | Size = 3932214 bytes | Modified Date = 27/08/2008 8:16:23 PM | Attr = ] untitleddddd.GIF -> %UserProfile%\My Documents\untitleddddd.GIF -> [Ver = | Size = 110961 bytes | Modified Date = 27/08/2008 8:21:07 PM | Attr = ] youtube.rtf -> %UserProfile%\My Documents\youtube.rtf -> [Ver = | Size = 1219 bytes | Modified Date = 16/08/2008 1:31:14 PM | Attr = ] ACID Music Studio 7.0.lnk -> %AllUsersProfile%\Desktop\ACID Music Studio 7.0.lnk -> [Ver = | Size = 1787 bytes | Modified Date = 22/08/2008 10:26:13 PM | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 27/08/2008 7:36:12 PM | Attr = ] PowerISO.lnk -> %AllUsersProfile%\Desktop\PowerISO.lnk -> [Ver = | Size = 682 bytes | Modified Date = 26/08/2008 9:52:31 AM | Attr = ] SUPERAntiSpyware Professional.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Professional.lnk -> [Ver = | Size = 1756 bytes | Modified Date = 14/08/2008 12:29:51 AM | Attr = ] Ventrilo.lnk -> %AllUsersProfile%\Desktop\Ventrilo.lnk -> [Ver = | Size = 630 bytes | Modified Date = 14/08/2008 6:39:22 PM | Attr = ] WavePad Sound Editor.lnk -> %AllUsersProfile%\Desktop\WavePad Sound Editor.lnk -> [Ver = | Size = 798 bytes | Modified Date = 27/08/2008 7:39:40 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2833302 bytes | Modified Date = 27/08/2008 11:15:10 PM | Attr = R ] dxwnd.ini -> %UserProfile%\Desktop\dxwnd.ini -> [Ver = | Size = 129 bytes | Modified Date = 28/08/2008 7:56:03 PM | Attr = ] FL Studio 8.lnk -> %UserProfile%\Desktop\FL Studio 8.lnk -> [Ver = | Size = 792 bytes | Modified Date = 23/08/2008 11:27:21 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 27/08/2008 9:51:46 PM | Attr = ] LimeWire PRO 4.17.0.lnk -> %UserProfile%\Desktop\LimeWire PRO 4.17.0.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 19/08/2008 4:52:51 PM | Attr = ] MapleStory.lnk -> %UserProfile%\Desktop\MapleStory.lnk -> [Ver = | Size = 2020 bytes | Modified Date = 14/08/2008 4:36:48 PM | Attr = ] ms.png -> %UserProfile%\Desktop\ms.png -> [Ver = | Size = 71007 bytes | Modified Date = 14/08/2008 8:46:20 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 27/08/2008 11:00:45 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 28/08/2008 11:28:26 PM | Attr = ] services.msc -> %UserProfile%\Desktop\services.msc -> [Ver = | Size = 7 bytes | Modified Date = 27/08/2008 9:29:05 PM | Attr = ] Severance.lnk -> %UserProfile%\Desktop\Severance.lnk -> [Ver = | Size = 2024 bytes | Modified Date = 27/08/2008 6:57:00 PM | Attr = ] Shortcut to uTorrent.lnk -> %UserProfile%\Desktop\Shortcut to uTorrent.lnk -> [Ver = | Size = 622 bytes | Modified Date = 26/08/2008 6:11:45 PM | Attr = ] System Mechanic.lnk -> %UserProfile%\Desktop\System Mechanic.lnk -> [Ver = | Size = 801 bytes | Modified Date = 21/08/2008 8:02:44 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 28/08/2008 10:12:14 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable To Play Rayman 2.lnk -> %UserProfile%\Desktop\To Play Rayman 2.lnk -> [Ver = | Size = 1507 bytes | Modified Date = 27/08/2008 6:45:19 PM | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1757 bytes | Modified Date = 27/08/2008 7:36:12 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 13/08/2008 4:22:00 PM | Attr = HS] Microsoft Office.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> [Ver = | Size = 1725 bytes | Modified Date = 16/08/2008 4:31:50 PM | Attr = ] Adobe Gamma.lnk -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> [Ver = | Size = 988 bytes | Modified Date = 14/08/2008 5:40:39 PM | Attr = ] desktop.ini -> %UserProfile%\Start Menu\Programs\Startup\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 13/08/2008 4:22:00 PM | Attr = HS] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 14/08/2008 5:40:36 PM | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Modified Date = 14/08/2008 5:27:51 PM | Attr = ] Designer -> %CommonProgramFiles%\Designer -> [Folder | Modified Date = 16/08/2008 4:31:25 PM | Attr = ] InstallShield -> %CommonProgramFiles%\InstallShield -> [Folder | Modified Date = 13/08/2008 4:36:04 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 22/08/2008 10:25:24 PM | Attr = ] MSSoap -> %CommonProgramFiles%\MSSoap -> [Folder | Modified Date = 13/08/2008 4:19:57 PM | Attr = ] ODBC -> %CommonProgramFiles%\ODBC -> [Folder | Modified Date = 14/08/2008 2:10:56 AM | Attr = ] Services -> %CommonProgramFiles%\Services -> [Folder | Modified Date = 13/08/2008 4:20:00 PM | Attr = ] SpeechEngines -> %CommonProgramFiles%\SpeechEngines -> [Folder | Modified Date = 14/08/2008 2:10:53 AM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 27/08/2008 11:19:39 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 16/08/2008 4:31:03 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 13/08/2008 8:08:17 PM | Attr = HS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 14/08/2008 6:38:49 PM | Attr = ] < End of report > [/code]