Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plagued By Infernal Popups!


  • This topic is locked This topic is locked
26 replies to this topic

#1 Lyanthya

Lyanthya

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 22 January 2008 - 11:34 PM

I keep getting numerous popups from Internet Explorer, which is odd, because Firefox is my default browser. The popups usually don't load, just show a blank page. When they do load, they pertain to something I searched for in Firefox. I have run Spybot, Ad-Aware, XoftSpySE, and AVG. Please help! It's driving me crazy! Here is my HighjackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:03 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Wyzo\wyzo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Lyanthya\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [SpybotDeletingA1712] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2238] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5190] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3026] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\RunOnce: [SpybotDeletingB7314] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3010] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5198] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8163] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: VersionTrackerPro.lnk = ?
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 7010 bytes

I am running Windows XP.

Edited by Lyanthya, 23 January 2008 - 02:10 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 27 January 2008 - 09:57 PM

Hello Lyanthya and welcome to the BC HijackThis forum. Let's get a little more information.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 27 January 2008 - 10:20 PM

WinPFind35 logfile created on: 1/27/2008 10:15:45 PM
WinPFind35U Version Beta38	 Folder = C:\Documents and Settings\Lyanthya\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
 
1015.17 Mb Total Physical Memory | 495.26 Mb Available Physical Memory | 48.79% Memory free
2.39 Gb Paging File | 1.40 Gb Available in Paging File | 58.50% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.55 Gb Total Space | 43.90 Gb Free Space | 64.03% Space Free | Partition Type: NTFS
Drive D: | 581.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: LYSLAPTOP
Current User Name: Lyanthya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/23/2008 12:21:34 AM | Attr =	]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/23/2004 10:40:42 PM | Attr =	]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 94208 bytes | Modified Date = 6/30/2006 12:58:38 PM | Attr =	]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 12:55:22 PM | Attr =	]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 12:59:20 PM | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]
psqltray.exe -> %ProgramFiles%\Protector Suite QL\psqltray.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 46592 bytes | Modified Date = 5/5/2006 5:39:54 PM | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 290112 bytes | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 11:08:42 AM | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/19/2008 1:37:25 PM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr =	]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =	]
versiontrackerpro.exe -> %ProgramFiles%\TechTracker\VersionTracker Pro\VersionTrackerPro.exe -> CNET TechTracker [Ver = 4.0.0.220 | Size = 2121728 bytes | Modified Date = 12/12/2007 2:03:12 PM | Attr =	]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/23/2004 10:40:42 PM | Attr =	]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 12:55:22 PM | Attr =	]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 12:59:20 PM | Attr =	]
psqltray.exe -> %ProgramFiles%\Protector Suite QL\psqltray.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 46592 bytes | Modified Date = 5/5/2006 5:39:54 PM | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 11:08:42 AM | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
versiontrackerpro.exe -> %ProgramFiles%\TechTracker\VersionTracker Pro\VersionTrackerPro.exe -> CNET TechTracker [Ver = 4.0.0.220 | Size = 2121728 bytes | Modified Date = 12/12/2007 2:03:12 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 11/28/2007 2:11:50 PM | Attr =	]
acrord32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 5/11/2007 3:06:38 AM | Attr =	]
bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe ->  [Ver =  | Size = 587568 bytes | Modified Date = 1/24/2008 7:45:47 AM | Attr =	]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 394856 bytes | Modified Date = 12/3/2007 11:10:00 AM | Attr = R  ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/26/2008 1:34:08 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/23/2008 12:21:34 AM | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/19/2008 1:37:25 PM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(Elite Antikeylogger monitoring service) Elite Antikeylogger monitoring service [Win32_Own | Auto | Stopped] ->  -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr =	]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/23/2004 10:40:42 PM | Attr =	]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 12:55:22 PM | Attr =	]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 12:59:20 PM | Attr =	]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 94208 bytes | Modified Date = 6/30/2006 12:58:38 PM | Attr =	]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =	]
PSQLLauncher -> %ProgramFiles%\Protector Suite QL\launcher.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 30208 bytes | Modified Date = 5/5/2006 5:36:28 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr =	]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 5/6/2005 2:06:12 PM | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
CleanUp -> %System32%\CleanUp.exe -> adi [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Modified Date = 4/17/2002 2:05:32 PM | Attr =	]
SpkrCnfg -> %System32%\DSndUp.exe -> Analog Devices Inc. [Ver = 1, 0, 0, 15 | Size = 49152 bytes | Modified Date = 9/26/2005 3:20:58 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AROReminder -> %ProgramFiles%\Advanced Registry Optimizer\ARO.exe -> Sammsoft [Ver = 5.1.338.343 | Size = 1798656 bytes | Modified Date = 5/23/2007 10:41:42 AM | Attr =	]
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ->  [Ver =  | Size = 587568 bytes | Modified Date = 1/24/2008 7:45:47 AM | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 290112 bytes | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]
DW4 -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 12/20/2007 8:10:06 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\VersionTrackerPro.lnk -> %SystemRoot%\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe -> InstallShield Software Corp. [Ver = 10.0.135 | Size = 53248 bytes | Modified Date = 1/20/2008 6:25:10 PM | Attr = R  ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 394856 bytes | Modified Date = 12/3/2007 11:10:00 AM | Attr = R  ]
< Lyanthya Startup Folder > -> C:\Documents and Settings\Lyanthya\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4631 | Size = 139264 bytes | Modified Date = 6/30/2006 12:54:26 PM | Attr =	]
psfus -> %System32%\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 40448 bytes | Modified Date = 5/5/2006 5:48:24 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SLastActive1 -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SFT1 -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{1827766B-9F49-4854-8034-F6EE26FCB1EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [ZILLAbar Browser Helper Object] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} [HKEY_LOCAL_MACHINE] -> %System32%\TwcToolbarBho.dll [TwcToolbarBhoApp Class] ->  [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 5/9/2007 9:41:18 AM | Attr =	]
{E3215F20-3212-11D6-9F8B-00D0B743919D} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [STOPzilla Browser Helper Object] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2E5E800E-6AC0-411E-940A-369530A35E43} [HKEY_LOCAL_MACHINE] -> %System32%\TwcToolbarIe7.dll [The Weather Channel Toolbar] ->  [Ver = 1, 2, 0, 1 | Size = 262144 bytes | Modified Date = 5/9/2007 10:24:10 AM | Attr =	]
{98828DED-A591-462F-83BA-D2F62A68B8B8} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [STOPzilla] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{2E5E800E-6AC0-411E-940A-369530A35E43}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [The Weather Channel] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{66C0FE66-B7A0-43E4-9325-75F649AF45E1} ->	(1394 Net Adapter) -> 
{B774AB67-80A4-4F73-9F43-C247D3F2A737} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{FED54A1D-FD4F-4217-84DB-691C6C69D7D8} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000006 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1088 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
psqlpwd -> %System32%\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 40448 bytes | Modified Date = 5/5/2006 5:48:24 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 304 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3587:TCP -> 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3540:UDP -> 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Wyzo\wyzo.exe -> C:\Program Files\Wyzo\wyzo.exe [C:\Program Files\Wyzo\wyzo.exe:*:Enabled:Wyzo] ->  [Ver =  | Size = 3818496 bytes | Modified Date = 8/20/2007 10:38:20 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] ->  [Ver =  | Size = 290112 bytes | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 1/24/2008 7:45:47 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe -> C:\WINDOWS\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 815104 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe [C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe [C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 8.1.0.52 | Size = 221184 bytes | Modified Date = 1/2/2007 5:27:40 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 080.000.000.154 | Size = 1138688 bytes | Modified Date = 1/2/2007 5:27:38 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3587:TCP -> 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3540:UDP -> 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 1/24/2008 11:39:51 PM | Attr = RH ]
AlpsPointing.temp -> %SystemDrive%\AlpsPointing.temp ->  [Folder | Created Date = 1/10/2008 10:33:22 PM | Attr =	]
Atheros Driver.temp -> %SystemDrive%\Atheros Driver.temp ->  [Folder | Created Date = 1/18/2008 8:10:50 PM | Attr =	]
Audio.temp -> %SystemDrive%\Audio.temp ->  [Folder | Created Date = 1/11/2008 9:57:02 AM | Attr =	]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 1/9/2008 1:43:52 AM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 1/24/2008 1:32:02 AM | Attr =  H ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 1/9/2008 1:44:37 AM | Attr =	]
FingerPrint.temp -> %SystemDrive%\FingerPrint.temp ->  [Folder | Created Date = 1/11/2008 10:20:07 AM | Attr =	]
IceSword -> %SystemDrive%\IceSword ->  [Folder | Created Date = 1/27/2008 12:29:36 AM | Attr =	]
Intel Display.temp -> %SystemDrive%\Intel Display.temp ->  [Folder | Created Date = 1/11/2008 11:09:59 AM | Attr =	]
Intel Driver.temp -> %SystemDrive%\Intel Driver.temp ->  [Folder | Created Date = 1/18/2008 8:37:48 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 1/24/2008 7:50:34 AM | Attr = RH ]
Partition Magic 8.0 -> %SystemDrive%\Partition Magic 8.0 ->  [Folder | Created Date = 1/9/2008 7:25:43 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 1/9/2008 1:46:06 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 1/11/2008 11:14:52 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 1/9/2008 1:44:37 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
big5.nls -> %System32%\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 1/9/2008 7:11:58 AM | Attr =	]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 1/9/2008 7:11:58 AM | Attr =	]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/9/2008 7:12:05 AM | Attr =	]
chtskf.dll -> %System32%\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 1/9/2008 7:12:08 AM | Attr =	]
c_10001.nls -> %System32%\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10002.nls -> %System32%\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10003.nls -> %System32%\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10004.nls -> %System32%\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10005.nls -> %System32%\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10006.nls -> %System32%\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_10007.nls -> %System32%\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10008.nls -> %System32%\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10010.nls -> %System32%\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10017.nls -> %System32%\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10021.nls -> %System32%\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_10029.nls -> %System32%\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10081.nls -> %System32%\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_10082.nls -> %System32%\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_1047.nls -> %System32%\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1140.nls -> %System32%\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1141.nls -> %System32%\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1142.nls -> %System32%\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1143.nls -> %System32%\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1144.nls -> %System32%\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1145.nls -> %System32%\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1146.nls -> %System32%\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1147.nls -> %System32%\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1148.nls -> %System32%\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1149.nls -> %System32%\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1361.nls -> %System32%\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20000.nls -> %System32%\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20001.nls -> %System32%\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20002.nls -> %System32%\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20003.nls -> %System32%\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20004.nls -> %System32%\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20005.nls -> %System32%\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20105.nls -> %System32%\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20106.nls -> %System32%\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20107.nls -> %System32%\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20108.nls -> %System32%\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20127.nls -> %System32%\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:51 AM | Attr =	]
c_20269.nls -> %System32%\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20273.nls -> %System32%\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20277.nls -> %System32%\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20278.nls -> %System32%\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20280.nls -> %System32%\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20284.nls -> %System32%\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20285.nls -> %System32%\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20290.nls -> %System32%\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20297.nls -> %System32%\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20420.nls -> %System32%\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20423.nls -> %System32%\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20424.nls -> %System32%\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20833.nls -> %System32%\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20838.nls -> %System32%\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20871.nls -> %System32%\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20880.nls -> %System32%\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20924.nls -> %System32%\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20932.nls -> %System32%\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20936.nls -> %System32%\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20949.nls -> %System32%\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_21025.nls -> %System32%\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_21027.nls -> %System32%\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_28594.nls -> %System32%\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_28595.nls -> %System32%\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_28596.nls -> %System32%\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_28597.nls -> %System32%\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_28599.nls -> %System32%\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_28603.nls -> %System32%\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:05 AM | Attr =	]
c_708.nls -> %System32%\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_720.nls -> %System32%\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_737.nls -> %System32%\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:57 AM | Attr =	]
c_852.nls -> %System32%\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_855.nls -> %System32%\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_857.nls -> %System32%\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_858.nls -> %System32%\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_862.nls -> %System32%\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_864.nls -> %System32%\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_866.nls -> %System32%\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_869.nls -> %System32%\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_870.nls -> %System32%\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_875.nls -> %System32%\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
e100b325.sys -> %System32%\dllcache\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0101 built by: WinDDK | Size = 163328 bytes | Created Date = 1/10/2008 8:43:50 PM | Attr =	]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/9/2008 7:12:18 AM | Attr =	]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/9/2008 7:12:18 AM | Attr =	]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/9/2008 7:12:18 AM | Attr =	]
FP4.CAT -> %System32%\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
fpencode.dll -> %System32%\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 1/9/2008 7:12:20 AM | Attr =	]
hanja.lex -> %System32%\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 1/9/2008 7:12:25 AM | Attr =	]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/9/2008 7:06:14 AM | Attr =	]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 1/9/2008 7:12:33 AM | Attr =	]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
imekr.lex -> %System32%\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 1/9/2008 7:12:51 AM | Attr =	]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 1/9/2008 7:12:53 AM | Attr =	]
IMS.CAT -> %System32%\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
imscinst.exe -> %System32%\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 1/9/2008 7:12:55 AM | Attr =	]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/9/2008 7:07:58 AM | Attr =	]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 1/9/2008 7:13:02 AM | Attr =	]
ksc.nls -> %System32%\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 1/9/2008 7:13:03 AM | Attr =	]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 1/9/2008 1:46:07 AM | Attr =	]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
mediactr.cat -> %System32%\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 1/9/2008 7:08:16 AM | Attr =	]
msinfo.dll -> %System32%\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/9/2008 7:08:01 AM | Attr =	]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
msn7.cat -> %System32%\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
msn9.cat -> %System32%\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
MW770.CAT -> %System32%\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
netfx.cat -> %System32%\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
nls302en.lex -> %System32%\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 1/9/2008 7:09:16 AM | Attr =	]
NT5.CAT -> %System32%\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT ->  [Ver =  | Size = 502724 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/9/2008 7:05:37 AM | Attr =	]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 1/9/2008 7:13:27 AM | Attr =	]
prc.nls -> %System32%\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/9/2008 7:13:28 AM | Attr =	]
prcp.nls -> %System32%\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/9/2008 7:13:28 AM | Attr =	]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 1/9/2008 1:46:08 AM | Attr =	]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/9/2008 7:13:34 AM | Attr =	]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/9/2008 7:13:35 AM | Attr =	]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/9/2008 7:13:35 AM | Attr =	]
sam.sdf -> %System32%\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 1/9/2008 1:46:09 AM | Attr =	]
sam.spd -> %System32%\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 1/9/2008 1:46:09 AM | Attr =	]
SP2.CAT -> %System32%\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
srframe.mmf -> %System32%\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 1/9/2008 7:08:32 AM | Attr =	]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
xjis.nls -> %System32%\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 1/9/2008 7:14:11 AM | Attr =	]
Apfiltr.sys -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 6.0.301.196 | Size = 101833 bytes | Created Date = 1/10/2008 10:33:33 PM | Attr =	]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 1/19/2008 1:37:29 PM | Attr =	]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 1/19/2008 1:37:33 PM | Attr =	]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 1/19/2008 1:37:34 PM | Attr =	]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 1/19/2008 3:46:39 PM | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 1/19/2008 1:37:36 PM | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 1/19/2008 1:37:35 PM | Attr =	]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 1/19/2008 1:37:35 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Created Date = 1/10/2008 11:28:00 PM | Attr =	]
dHook.sys -> %System32%\drivers\dHook.sys ->  [Ver =  | Size = 2080 bytes | Created Date = 1/25/2008 9:39:53 AM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
e100b325.sys -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0101 built by: WinDDK | Size = 163328 bytes | Created Date = 1/10/2008 8:43:50 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
hosts.20080111-113811.backup -> %System32%\drivers\etc\hosts.20080111-113811.backup ->  [Ver =  | Size = 734 bytes | Created Date = 1/11/2008 11:38:11 AM | Attr =	]
quotes -> %System32%\drivers\etc\quotes ->  [Ver =  | Size = 1540 bytes | Created Date = 1/9/2008 8:44:50 AM | Attr =	]
fltMgrr.sys -> %System32%\drivers\fltMgrr.sys ->  [Ver =  | Size = 86144 bytes | Created Date = 1/10/2008 11:28:00 PM | Attr =	]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 1/9/2008 1:43:47 AM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ac3acm.acm -> %System32%\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 1/11/2008 11:25:12 AM | Attr =	]
AddRemove.ico -> %System32%\AddRemove.ico ->  [Ver =  | Size = 766 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 1/9/2008 7:11:04 AM | Attr =	]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Created Date = 1/9/2008 1:45:47 AM | Attr =	]
bopomofo.uce -> %System32%\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 1/9/2008 7:06:05 AM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Created Date = 1/9/2008 1:45:08 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Created Date = 1/9/2008 1:45:08 AM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
CleanUp.exe -> %System32%\CleanUp.exe -> adi [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Created Date = 1/11/2008 9:57:53 AM | Attr =	]
CloseACU.exe -> %System32%\CloseACU.exe -> ASKEY COMPUTER CORP. [Ver = 3, 0, 0, 0 | Size = 32768 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
Com -> %System32%\Com ->  [Folder | Created Date = 1/9/2008 7:05:29 AM | Attr =	]
config -> %System32%\config ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
cpwmon2k.dll -> %System32%\cpwmon2k.dll ->  [Ver =  | Size = 87552 bytes | Created Date = 1/22/2008 7:04:11 PM | Attr =	]
c_10006.nls -> %System32%\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_10007.nls -> %System32%\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10010.nls -> %System32%\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10017.nls -> %System32%\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10029.nls -> %System32%\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10081.nls -> %System32%\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_10082.nls -> %System32%\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_20127.nls -> %System32%\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:51 AM | Attr =	]
C_28594.NLS -> %System32%\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
C_28595.NLS -> %System32%\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
C_28597.NLS -> %System32%\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_28599.nls -> %System32%\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_28603.nls -> %System32%\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:05 AM | Attr =	]
c_737.nls -> %System32%\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:57 AM | Attr =	]
c_852.nls -> %System32%\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_855.nls -> %System32%\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_857.nls -> %System32%\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_866.nls -> %System32%\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_869.nls -> %System32%\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_875.nls -> %System32%\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
desktop.ini -> %System32%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =	]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Created Date = 1/9/2008 7:09:08 AM | Attr =	]
divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr = RHS]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Created Date = 1/18/2008 8:37:53 PM | Attr =	]
DSndUp.exe -> %System32%\DSndUp.exe -> Analog Devices Inc. [Ver = 1, 0, 0, 15 | Size = 49152 bytes | Created Date = 1/11/2008 9:57:53 AM | Attr =	]
e100b325.din -> %System32%\e100b325.din ->  [Ver =  | Size = 5178 bytes | Created Date = 1/10/2008 8:43:49 PM | Attr =	]
e100bmsg.dll -> %System32%\e100bmsg.dll -> Intel Corporation [Ver = 8.0.20.0 | Size = 36864 bytes | Created Date = 1/10/2008 8:43:51 PM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Created Date = 1/9/2008 7:07:13 AM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 1/24/2008 8:22:14 AM | Attr =	]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
export -> %System32%\export ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ff_vfw.dll -> %System32%\ff_vfw.dll ->  [Ver =  | Size = 7680 bytes | Created Date = 1/11/2008 11:25:10 AM | Attr =	]
ff_vfw.dll.manifest -> %System32%\ff_vfw.dll.manifest ->  [Ver =  | Size = 547 bytes | Created Date = 1/11/2008 11:25:10 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 188200 bytes | Created Date = 1/9/2008 1:44:36 AM | Attr =	]
gb2312.uce -> %System32%\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 1/9/2008 7:06:05 AM | Attr =	]
hpovst11.dll -> %System32%\hpovst11.dll -> Hewlett-Packard Co. [Ver = 82.0.168.000 | Size = 294912 bytes | Created Date = 1/24/2008 1:32:44 AM | Attr =	]
hppldcoi.dll -> %System32%\hppldcoi.dll -> Hewlett-Packard [Ver = 2, 1, 1, 51 | Size = 364544 bytes | Created Date = 1/24/2008 1:32:44 AM | Attr =	]
hpwtiop2.dll -> %System32%\hpwtiop2.dll -> Hewlett-Packard Co. [Ver = 82.0.192.000 | Size = 892928 bytes | Created Date = 1/24/2008 1:32:45 AM | Attr =	]
hpwwiax2.dll -> %System32%\hpwwiax2.dll -> Hewlett-Packard [Ver = 0.0.0.204 | Size = 675840 bytes | Created Date = 1/24/2008 1:32:44 AM | Attr =	]
hpz3l4x6.dll -> %System32%\hpz3l4x6.dll -> Hewlett-Packard Company [Ver = 61.063.263.21 | Size = 118272 bytes | Created Date = 1/24/2008 1:34:43 AM | Attr =	]
hpzids01.dll -> %System32%\hpzids01.dll -> Hewlett-Packard [Ver = 8,5,0,71 | Size = 258048 bytes | Created Date = 1/24/2008 1:32:48 AM | Attr =	]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/9/2008 7:06:15 AM | Attr =	]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 1/9/2008 7:05:36 AM | Attr =	]
ias -> %System32%\ias ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ideograf.uce -> %System32%\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4631 | Size = 139264 bytes | Created Date = 1/11/2008 11:12:24 AM | Attr =	]
ikhcore.cfg -> %System32%\ikhcore.cfg ->  [Ver =  | Size = 100 bytes | Created Date = 1/27/2008 12:35:18 AM | Attr =	]
IME -> %System32%\IME ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
InstallInf.exe -> %System32%\InstallInf.exe -> ASKEY COMPUTER CORP. [Ver = 1, 0, 0, 0 | Size = 28672 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/9/2008 7:07:58 AM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/24/2008 4:50:07 PM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/24/2008 4:50:08 PM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/24/2008 4:50:07 PM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/24/2008 4:50:07 PM | Attr =	]
kanji_1.uce -> %System32%\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
kanji_2.uce -> %System32%\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
korean.uce -> %System32%\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
lameACM.acm -> %System32%\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 389120 bytes | Created Date = 1/11/2008 11:25:13 AM | Attr =	]
lame_acm.xml -> %System32%\lame_acm.xml ->  [Ver =  | Size = 414 bytes | Created Date = 1/11/2008 11:25:13 AM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/9/2008 7:09:47 AM | Attr = RH ]
Macromed -> %System32%\Macromed ->  [Folder | Created Date = 1/9/2008 7:08:19 AM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Created Date = 1/9/2008 7:15:43 AM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Created Date = 1/9/2008 7:05:31 AM | Attr =	]
msdtcprf.h -> %System32%\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 1/9/2008 7:06:02 AM | Attr =	]
msdtcprf.ini -> %System32%\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 1/9/2008 7:06:02 AM | Attr =	]
mui -> %System32%\mui ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
NicCo32.dll -> %System32%\NicCo32.dll -> Intel Corporation [Ver = 1.0.5.0 built by: WinDDK | Size = 20480 bytes | Created Date = 1/10/2008 8:43:53 PM | Attr =	]
NicIn32.dll -> %System32%\NicIn32.dll -> Intel Corporation [Ver = 9.0.2.0 built by: WinDDK | Size = 21504 bytes | Created Date = 1/10/2008 8:43:54 PM | Attr =	]
npp -> %System32%\npp ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 1/9/2008 7:11:04 AM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 356120 bytes | Created Date = 1/9/2008 1:46:13 AM | Attr =	]
PlugPlayPCIDevice.exe -> %System32%\PlugPlayPCIDevice.exe ->  [Ver = 1, 0, 0, 1 | Size = 270336 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 1/10/2008 9:35:40 PM | Attr =	]
Prounstl.exe -> %System32%\Prounstl.exe -> Intel Corporation [Ver = 8.0.7.0 | Size = 126976 bytes | Created Date = 1/10/2008 8:43:54 PM | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
ras -> %System32%\ras ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Created Date = 1/10/2008 10:33:38 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Created Date = 1/9/2008 7:07:59 AM | Attr =	]
RmWLAN.exe -> %System32%\RmWLAN.exe -> ASKEY COMPUTER CORP. [Ver = 2.0.0.4 | Size = 32768 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
shiftjis.uce -> %System32%\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
SMMedia.dll -> %System32%\SMMedia.dll -> Analog Devices [Ver = 1, 0, 0, 8 | Size = 1285632 bytes | Created Date = 1/11/2008 9:57:54 AM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 1/10/2008 9:30:50 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
subrange.uce -> %System32%\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
tslabels.h -> %System32%\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 1/9/2008 7:06:03 AM | Attr =	]
tslabels.ini -> %System32%\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 1/9/2008 7:06:03 AM | Attr =	]
TwcToolbarBho.dll -> %System32%\TwcToolbarBho.dll ->  [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Created Date = 1/20/2008 11:16:21 PM | Attr =	]
TwcToolbarIe7.dll -> %System32%\TwcToolbarIe7.dll ->  [Ver = 1, 2, 0, 1 | Size = 262144 bytes | Created Date = 1/20/2008 11:16:21 PM | Attr =	]
TwcToolInstDll.dll -> %System32%\TwcToolInstDll.dll -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 25600 bytes | Created Date = 1/20/2008 11:16:21 PM | Attr =	]
unrar.dll -> %System32%\unrar.dll ->  [Ver =  | Size = 164352 bytes | Created Date = 1/11/2008 11:25:15 AM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
usrlogon.cmd -> %System32%\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 1/9/2008 7:06:03 AM | Attr =	]
Vxdif.dll -> %System32%\Vxdif.dll -> Alps Electric Co., Ltd. [Ver = 6.0.2.67 | Size = 87865 bytes | Created Date = 1/10/2008 10:33:33 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
wdmioctl.dll -> %System32%\wdmioctl.dll -> Analog Devices Inc. [Ver = 6, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/11/2008 9:57:54 AM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/9/2008 7:09:47 AM | Attr = RH ]
wins -> %System32%\wins ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
wmimgmt.msc -> %System32%\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 1/9/2008 7:05:54 AM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Created Date = 1/9/2008 7:11:31 AM | Attr =	]
xvidcore.dll -> %System32%\xvidcore.dll ->  [Ver =  | Size = 1559040 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
xvidvfw.dll -> %System32%\xvidvfw.dll ->  [Ver =  | Size = 282624 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 1/10/2008 9:35:38 PM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 1/24/2008 8:19:03 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 1/24/2008 8:18:41 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 1/9/2008 7:14:28 AM | Attr =   S]
carrier -> %SystemRoot%\carrier ->  [Folder | Created Date = 1/24/2008 1:32:42 AM | Attr =	]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 1/9/2008 7:09:47 AM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr = R S]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
hpwins05.dat -> %SystemRoot%\hpwins05.dat ->  [Ver =  | Size = 148261 bytes | Created Date = 1/24/2008 1:31:26 AM | Attr =	]
hpwmdl05.dat -> %SystemRoot%\hpwmdl05.dat ->  [Ver =  | Size = 4785 bytes | Created Date = 1/24/2008 1:31:09 AM | Attr =	]
hpwscr05.dat -> %SystemRoot%\hpwscr05.dat ->  [Ver =  | Size = 16059 bytes | Created Date = 1/24/2008 1:31:09 AM | Attr =	]
hpzmsi01.exe -> %SystemRoot%\hpzmsi01.exe -> Hewlett-Packard [Ver = 8,5,0,71 | Size = 1132120 bytes | Created Date = 1/24/2008 1:31:14 AM | Attr =	]
hpzshl01.exe -> %SystemRoot%\hpzshl01.exe -> Hewlett-Packard [Ver = 8,5,0,71 | Size = 1275480 bytes | Created Date = 1/24/2008 1:31:17 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 1/24/2008 8:19:29 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 1/24/2008 8:23:52 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 1/9/2008 1:46:16 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 1/9/2008 1:46:12 AM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 1/27/2008 12:54:00 AM | Attr =	]
java -> %SystemRoot%\java ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 1/27/2008 3:02:51 AM | Attr =	]
MalwarePro -> %SystemRoot%\MalwarePro ->  [Folder | Created Date = 1/24/2008 6:46:37 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1811 bytes | Created Date = 1/11/2008 11:18:10 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 1/24/2008 8:15:02 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 1/10/2008 9:28:24 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Created Date = 1/24/2008 7:58:25 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 1/9/2008 1:46:11 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 1/9/2008 7:09:47 AM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 1/9/2008 7:15:44 AM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 1/9/2008 7:06:48 AM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 1/9/2008 7:15:23 AM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 1/9/2008 7:06:08 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 1/24/2008 7:53:45 AM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 1/9/2008 7:15:46 AM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 1/9/2008 7:08:20 AM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 1/24/2008 4:50:30 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
system32 -> %System32% ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 1/9/2008 7:08:26 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 1/9/2008 7:06:55 AM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 1/9/2008 7:06:55 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 1/24/2008 8:22:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 292 bytes | Created Date = 1/11/2008 12:33:10 PM | Attr =	]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 1/9/2008 7:11:03 AM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 1/9/2008 7:06:08 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 1/24/2008 4:40:22 PM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 1/9/2008 7:08:26 AM | Attr = RH ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 444 bytes | Created Date = 1/11/2008 12:37:34 PM | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 378 bytes | Created Date = 1/11/2008 12:37:33 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 1/9/2008 7:15:44 AM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 454 bytes | Created Date = 1/10/2008 11:19:28 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 368 bytes | Created Date = 1/10/2008 11:19:26 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Created Date = 1/23/2008 4:41:29 PM | Attr =	]
Apple -> %AllUsersAppData%\Apple ->  [Folder | Created Date = 1/24/2008 4:40:17 PM | Attr =	]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Created Date = 1/24/2008 4:40:44 PM | Attr =	]
avg7 -> %AllUsersAppData%\avg7 ->  [Folder | Created Date = 1/19/2008 1:37:16 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =  HS]
Google -> %AllUsersAppData%\Google ->  [Folder | Created Date = 1/10/2008 11:35:04 PM | Attr =	]
Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Created Date = 1/19/2008 1:37:16 PM | Attr =	]
Hewlett-Packard -> %AllUsersAppData%\Hewlett-Packard ->  [Folder | Created Date = 1/24/2008 1:35:03 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Created Date = 1/13/2008 3:55:14 AM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Created Date = 1/9/2008 1:45:02 AM | Attr =   S]
SecTaskMan -> %AllUsersAppData%\SecTaskMan ->  [Folder | Created Date = 1/24/2008 7:35:37 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Created Date = 1/11/2008 11:30:25 AM | Attr =	]
STOPzilla! -> %AllUsersAppData%\STOPzilla! ->  [Folder | Created Date = 1/11/2008 12:26:40 AM | Attr =	]
TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Created Date = 1/24/2008 11:34:50 PM | Attr =	]
@Alternate Data Stream - 106 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage ->  [Folder | Created Date = 1/24/2008 7:54:06 AM | Attr =	]
WinZip -> %AllUsersAppData%\WinZip ->  [Folder | Created Date = 1/27/2008 10:40:31 AM | Attr =	]
Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Created Date = 1/10/2008 11:06:12 PM | Attr =	]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion ->  [Folder | Created Date = 1/10/2008 11:28:32 PM | Attr =	]
ZILLAbar -> %AllUsersAppData%\ZILLAbar ->  [Folder | Created Date = 1/11/2008 12:26:40 AM | Attr =	]
.wyzo -> %UserAppData%\.wyzo ->  [Folder | Created Date = 1/10/2008 10:42:31 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Created Date = 1/10/2008 11:06:32 PM | Attr =	]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Created Date = 1/24/2008 4:42:08 PM | Attr =	]
AVG7 -> %UserAppData%\AVG7 ->  [Folder | Created Date = 1/19/2008 1:37:54 PM | Attr =	]
BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Created Date = 1/10/2008 10:46:33 PM | Attr =	]
desktop.ini -> %UserAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/9/2008 7:17:26 AM | Attr =  HS]
DNA -> %UserAppData%\DNA ->  [Folder | Created Date = 1/10/2008 10:46:27 PM | Attr =	]
Grisoft -> %UserAppData%\Grisoft ->  [Folder | Created Date = 1/19/2008 3:46:48 PM | Attr =	]
Help -> %UserAppData%\Help ->  [Folder | Created Date = 1/24/2008 10:48:11 PM | Attr =	]
Identities -> %UserAppData%\Identities ->  [Folder | Created Date = 1/9/2008 7:17:36 AM | Attr =	]
Lavasoft -> %UserAppData%\Lavasoft ->  [Folder | Created Date = 1/21/2008 4:37:28 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Created Date = 1/10/2008 11:07:01 PM | Attr =	]
Media Player Classic -> %UserAppData%\Media Player Classic ->  [Folder | Created Date = 1/11/2008 12:14:05 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Created Date = 1/9/2008 7:17:25 AM | Attr =   S]
Mozilla -> %UserAppData%\Mozilla ->  [Folder | Created Date = 1/10/2008 9:28:22 PM | Attr =	]
PC Tools -> %UserAppData%\PC Tools ->  [Folder | Created Date = 1/24/2008 11:34:36 PM | Attr =	]
Protector Suite -> %UserAppData%\Protector Suite ->  [Folder | Created Date = 1/11/2008 11:12:24 AM | Attr =	]
Sammsoft -> %UserAppData%\Sammsoft ->  [Folder | Created Date = 1/20/2008 11:17:00 PM | Attr =	]
STOPzilla! -> %UserAppData%\STOPzilla! ->  [Folder | Created Date = 1/11/2008 12:21:40 AM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Created Date = 1/24/2008 4:50:30 PM | Attr =	]
Talkback -> %UserAppData%\Talkback ->  [Folder | Created Date = 1/10/2008 9:28:35 PM | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Created Date = 1/10/2008 8:42:39 PM | Attr =	]
VersionTracker Pro -> %UserAppData%\VersionTracker Pro ->  [Folder | Created Date = 1/20/2008 6:32:41 PM | Attr =	]
WinRAR -> %UserAppData%\WinRAR ->  [Folder | Created Date = 1/10/2008 11:18:00 PM | Attr =	]
Wyzo -> %UserAppData%\Wyzo ->  [Folder | Created Date = 1/10/2008 10:42:31 PM | Attr =	]
Yahoo! -> %UserAppData%\Yahoo! ->  [Folder | Created Date = 1/10/2008 11:28:32 PM | Attr =	]
Apple -> %LocalAppData%\Apple ->  [Folder | Created Date = 1/24/2008 4:40:22 PM | Attr =	]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Created Date = 1/24/2008 4:40:38 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 4608 bytes | Created Date = 1/11/2008 8:21:01 AM | Attr =	]
DNA -> %LocalAppData%\DNA ->  [Folder | Created Date = 1/10/2008 10:46:27 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 42168 bytes | Created Date = 1/11/2008 11:12:27 AM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Created Date = 1/10/2008 11:35:05 PM | Attr =	]
Help -> %LocalAppData%\Help ->  [Folder | Created Date = 1/24/2008 10:48:11 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 5882316 bytes | Created Date = 1/9/2008 7:31:53 AM | Attr =  H ]
Identities -> %LocalAppData%\Identities ->  [Folder | Created Date = 1/23/2008 3:36:47 AM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Created Date = 1/9/2008 7:17:25 AM | Attr =	]
Mozilla -> %LocalAppData%\Mozilla ->  [Folder | Created Date = 1/10/2008 9:28:22 PM | Attr =	]
The Weather Channel -> %LocalAppData%\The Weather Channel ->  [Folder | Created Date = 1/20/2008 11:13:58 PM | Attr =	]
Wyzo -> %LocalAppData%\Wyzo ->  [Folder | Created Date = 1/10/2008 10:42:31 PM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 138 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =  HS]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Created Date = 1/9/2008 7:06:37 AM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Created Date = 1/9/2008 7:07:37 AM | Attr = R  ]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Created Date = 1/9/2008 7:05:14 AM | Attr = R  ]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 79 bytes | Created Date = 1/9/2008 7:17:30 AM | Attr =  HS]
Downloads -> %UserDocuments%\Downloads ->  [Folder | Created Date = 1/10/2008 11:13:03 PM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Created Date = 1/9/2008 7:17:30 AM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Created Date = 1/9/2008 7:17:30 AM | Attr = R  ]
My Safe -> %UserDocuments%\My Safe ->  [Folder | Created Date = 1/27/2008 12:34:18 AM | Attr = R S]
STOPzilla BLACK LIST Contents.htm -> %UserDocuments%\STOPzilla BLACK LIST Contents.htm ->  [Ver =  | Size = 3781 bytes | Created Date = 1/11/2008 10:22:42 AM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/13/2008 3:55:18 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Created Date = 1/13/2008 3:55:16 AM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Created Date = 1/23/2008 4:41:45 PM | Attr =	]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Created Date = 1/19/2008 1:37:37 PM | Attr =	]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 849 bytes | Created Date = 1/19/2008 3:46:43 PM | Attr =	]
BitTorrent.lnk -> %AllUsersDesktop%\BitTorrent.lnk ->  [Ver =  | Size = 706 bytes | Created Date = 1/10/2008 10:46:32 PM | Attr =	]
Keylogger Detector.lnk -> %AllUsersDesktop%\Keylogger Detector.lnk ->  [Ver =  | Size = 883 bytes | Created Date = 1/25/2008 9:39:38 AM | Attr =	]
Media Player Classic.lnk -> %AllUsersDesktop%\Media Player Classic.lnk ->  [Ver =  | Size = 938 bytes | Created Date = 1/11/2008 11:25:15 AM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 1/10/2008 9:28:17 PM | Attr =	]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 1/24/2008 4:41:10 PM | Attr =	]
RegCure.lnk -> %AllUsersDesktop%\RegCure.lnk ->  [Ver =  | Size = 441 bytes | Created Date = 1/11/2008 12:36:05 PM | Attr =	]
Safari.lnk -> %AllUsersDesktop%\Safari.lnk ->  [Ver =  | Size = 1804 bytes | Created Date = 1/24/2008 4:41:56 PM | Attr =	]
SpyHunter.lnk -> %AllUsersDesktop%\SpyHunter.lnk ->  [Ver =  | Size = 899 bytes | Created Date = 1/25/2008 12:21:45 AM | Attr =	]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk ->  [Ver =  | Size = 1637 bytes | Created Date = 1/24/2008 11:34:44 PM | Attr =	]
VersionTracker Pro.lnk -> %AllUsersDesktop%\VersionTracker Pro.lnk ->  [Ver =  | Size = 1888 bytes | Created Date = 1/20/2008 6:25:07 PM | Attr =	]
WinZip.lnk -> %AllUsersDesktop%\WinZip.lnk ->  [Ver =  | Size = 1732 bytes | Created Date = 1/27/2008 10:40:56 AM | Attr =	]
Yahoo! Mail.lnk -> %AllUsersDesktop%\Yahoo! Mail.lnk ->  [Ver =  | Size = 1535 bytes | Created Date = 1/10/2008 11:06:13 PM | Attr =	]
Yahoo! Messenger.lnk -> %AllUsersDesktop%\Yahoo! Messenger.lnk ->  [Ver =  | Size = 812 bytes | Created Date = 1/24/2008 6:36:15 PM | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 21216112 bytes | Created Date = 1/13/2008 3:52:08 AM | Attr =	]
BitTorrent-6.0.exe -> %UserDesktop%\BitTorrent-6.0.exe ->  [Ver =  | Size = 878192 bytes | Created Date = 1/10/2008 10:41:39 PM | Attr =	]
blank.gif -> %UserDesktop%\blank.gif ->  [Ver =  | Size = 43 bytes | Created Date = 1/20/2008 11:13:58 PM | Attr =	]
Check PC For Errors.lnk -> %UserDesktop%\Check PC For Errors.lnk ->  [Ver =  | Size = 1718 bytes | Created Date = 1/20/2008 11:16:59 PM | Attr =	]
FireTune for Firefox.lnk -> %UserDesktop%\FireTune for Firefox.lnk ->  [Ver =  | Size = 1548 bytes | Created Date = 1/27/2008 12:54:01 AM | Attr =	]
firetune.exe -> %UserDesktop%\firetune.exe ->  [Ver = 6.0.1.4 | Size = 982577 bytes | Created Date = 1/27/2008 12:53:13 AM | Attr =	]
Free-SpyHunter-Scanner-Install.exe -> %UserDesktop%\Free-SpyHunter-Scanner-Install.exe ->  [Ver = 3.3 | Size = 7427928 bytes | Created Date = 1/25/2008 12:20:14 AM | Attr =	]
HijackThis.exe.lnk -> %UserDesktop%\HijackThis.exe.lnk ->  [Ver =  | Size = 642 bytes | Created Date = 1/21/2008 12:42:50 AM | Attr =	]
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe ->  [Ver =  | Size = 251392 bytes | Created Date = 1/21/2008 12:37:42 AM | Attr =	]
inst_antispy.exe -> %UserDesktop%\inst_antispy.exe ->  [Ver =  | Size = 335061 bytes | Created Date = 1/24/2008 6:26:56 PM | Attr =	]
iTunesSetup.exe -> %UserDesktop%\iTunesSetup.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 58619176 bytes | Created Date = 1/24/2008 7:54:30 AM | Attr =	]
klcodec365f.exe -> %UserDesktop%\klcodec365f.exe ->															  [Ver = 3.6.5.0			  | Size = 14040777 bytes | Created Date = 1/11/2008 10:37:51 AM | Attr =	]
klcodec365f.exe.part -> %UserDesktop%\klcodec365f.exe.part ->															  [Ver = 3.6.5.0			  | Size = 2872068 bytes | Created Date = 1/11/2008 10:37:47 AM | Attr =	]
Ly.jpg -> %UserDesktop%\Ly.jpg ->  [Ver =  | Size = 26021 bytes | Created Date = 1/12/2008 8:33:12 PM | Attr =	]
MalwareProSetup.exe -> %UserDesktop%\MalwareProSetup.exe ->  [Ver = 7.0.6.1 | Size = 3727138 bytes | Created Date = 1/24/2008 6:46:01 PM | Attr =	]
msgr8us.exe -> %UserDesktop%\msgr8us.exe -> Yahoo! Inc. [Ver = 2007.11.30.01 | Size = 437392 bytes | Created Date = 1/10/2008 11:03:26 PM | Attr =	]
Paranoia.doc -> %UserDesktop%\Paranoia.doc ->  [Ver =  | Size = 2273 bytes | Created Date = 1/23/2008 10:34:20 PM | Attr =	]
Personal Antispy.lnk -> %UserDesktop%\Personal Antispy.lnk ->  [Ver =  | Size = 675 bytes | Created Date = 1/24/2008 6:41:19 PM | Attr =	]
philly.jpg -> %UserDesktop%\philly.jpg ->  [Ver =  | Size = 29212 bytes | Created Date = 1/25/2008 2:01:25 PM | Attr =	]
pp.JPG -> %UserDesktop%\pp.JPG ->  [Ver =  | Size = 286546 bytes | Created Date = 1/26/2008 1:45:43 PM | Attr =	]
pssetup.exe -> %UserDesktop%\pssetup.exe -> ISecSoft, Inc.											   [Ver =					  | Size = 3088476 bytes | Created Date = 1/24/2008 7:03:31 PM | Attr =	]
qg15tpadx.exe -> %UserDesktop%\qg15tpadx.exe ->  [Ver =  | Size = 2570992 bytes | Created Date = 1/21/2008 9:47:41 AM | Attr =	]
Safari304BetaSecUpdateQuickTimeSetup.exe -> %UserDesktop%\Safari304BetaSecUpdateQuickTimeSetup.exe -> Apple Inc. [Ver = 3.523.15.0 | Size = 40133928 bytes | Created Date = 1/24/2008 4:39:01 PM | Attr =	]
Shade.jpg -> %UserDesktop%\Shade.jpg ->  [Ver =  | Size = 12993 bytes | Created Date = 1/12/2008 8:27:50 PM | Attr =	]
Shortcut to IceSword.exe.lnk -> %UserDesktop%\Shortcut to IceSword.exe.lnk ->  [Ver =  | Size = 677 bytes | Created Date = 1/27/2008 12:51:16 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Created Date = 1/11/2008 11:30:29 AM | Attr =	]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd.										[Ver = 1.5.1.15			 | Size = 7467056 bytes | Created Date = 1/11/2008 11:29:00 AM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 1/22/2008 9:14:41 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 17 bytes | Created Date = 1/22/2008 9:34:00 PM | Attr =	]
STOPzilla_Setup.exe -> %UserDesktop%\STOPzilla_Setup.exe -> International Software Systems Solutions [Ver = 3, 1, 2, 1 | Size = 61440 bytes | Created Date = 1/12/2008 2:41:21 PM | Attr =	]
su200audiox.exe -> %UserDesktop%\su200audiox.exe ->  [Ver =  | Size = 7616136 bytes | Created Date = 1/24/2008 5:40:31 PM | Attr =	]
The Weather Channel Desktop.lnk -> %UserDesktop%\The Weather Channel Desktop.lnk ->  [Ver =  | Size = 968 bytes | Created Date = 1/20/2008 11:14:32 PM | Attr =	]
TheWeatherChannel_dw5_Stubweather5.exe -> %UserDesktop%\TheWeatherChannel_dw5_Stubweather5.exe -> The Weather Channel Interactive [Ver = 4, 1, 0, 5 | Size = 277616 bytes | Created Date = 1/20/2008 11:13:45 PM | Attr =	]
Timestop.doc -> %UserDesktop%\Timestop.doc ->  [Ver =  | Size = 63488 bytes | Created Date = 1/12/2008 7:39:39 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/27/2008 10:11:54 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478592 bytes | Created Date = 1/27/2008 10:07:31 PM | Attr =	]
winzip111.exe -> %UserDesktop%\winzip111.exe ->  [Ver =  | Size = 12727648 bytes | Created Date = 1/27/2008 10:37:06 AM | Attr =	]
wrar371.exe -> %UserDesktop%\wrar371.exe ->  [Ver =  | Size = 1206366 bytes | Created Date = 1/10/2008 11:15:58 PM | Attr =	]
Wyzo.lnk -> %UserDesktop%\Wyzo.lnk ->  [Ver =  | Size = 1476 bytes | Created Date = 1/10/2008 10:42:22 PM | Attr =	]
WyzoSetup.exe -> %UserDesktop%\WyzoSetup.exe -> Wyzo Ltd [Ver = 0.5.3.0 | Size = 610644 bytes | Created Date = 1/10/2008 10:40:40 PM | Attr =	]
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk ->  [Ver =  | Size = 682 bytes | Created Date = 1/10/2008 11:19:25 PM | Attr =	]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =  HS]
VersionTrackerPro.lnk -> %AllUsersStartup%\VersionTrackerPro.lnk ->  [Ver =  | Size = 2435 bytes | Created Date = 1/20/2008 6:25:07 PM | Attr =	]
WinZip Quick Pick.lnk -> %AllUsersStartup%\WinZip Quick Pick.lnk ->  [Ver =  | Size = 1660 bytes | Created Date = 1/27/2008 10:40:56 AM | Attr =	]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/9/2008 7:17:25 AM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 1/23/2008 4:41:16 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 1/24/2008 7:54:24 AM | Attr =	]
Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard ->  [Folder | Created Date = 1/24/2008 1:35:32 AM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 1/9/2008 7:27:37 AM | Attr =	]
iS3 -> %CommonProgramFiles%\iS3 ->  [Folder | Created Date = 1/11/2008 12:26:41 AM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 1/24/2008 4:48:50 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 1/9/2008 1:46:06 AM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 1/9/2008 7:08:25 AM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 1/9/2008 1:46:11 AM | Attr =	]
Protector Suite QL -> %CommonProgramFiles%\Protector Suite QL ->  [Folder | Created Date = 1/11/2008 10:20:37 AM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Created Date = 1/9/2008 7:08:30 AM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 1/9/2008 1:46:07 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 1/9/2008 7:07:41 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 1/11/2008 10:20:13 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 1/26/2008 8:45:45 AM | Attr = RH ]
AlpsPointing.temp -> %SystemDrive%\AlpsPointing.temp ->  [Folder | Modified Date = 1/10/2008 10:33:22 PM | Attr =	]
Atheros Driver.temp -> %SystemDrive%\Atheros Driver.temp ->  [Folder | Modified Date = 1/18/2008 8:10:50 PM | Attr =	]
Audio.temp -> %SystemDrive%\Audio.temp ->  [Folder | Modified Date = 1/11/2008 9:57:05 AM | Attr =	]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 1/9/2008 7:03:31 AM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/27/2008 10:41:02 AM | Attr =  H ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/9/2008 9:15:42 AM | Attr =	]
FingerPrint.temp -> %SystemDrive%\FingerPrint.temp ->  [Folder | Modified Date = 1/11/2008 10:20:09 AM | Attr =	]
IceSword -> %SystemDrive%\IceSword ->  [Folder | Modified Date = 1/27/2008 12:29:36 AM | Attr =	]
Intel Display.temp -> %SystemDrive%\Intel Display.temp ->  [Folder | Modified Date = 1/11/2008 11:10:00 AM | Attr =	]
Intel Driver.temp -> %SystemDrive%\Intel Driver.temp ->  [Folder | Modified Date = 1/18/2008 8:37:49 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 1/24/2008 7:50:34 AM | Attr = RH ]
Partition Magic 8.0 -> %SystemDrive%\Partition Magic 8.0 ->  [Folder | Modified Date = 1/9/2008 7:25:43 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/27/2008 10:40:24 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/11/2008 11:14:52 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/9/2008 7:15:48 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/27/2008 10:41:02 AM | Attr =	]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/19/2008 1:37:29 PM | Attr =	]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/19/2008 1:37:33 PM | Attr =	]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 1/19/2008 1:37:34 PM | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/19/2008 1:37:36 PM | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/19/2008 1:37:35 PM | Attr =	]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/19/2008 1:37:35 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 1/27/2008 12:33:52 AM | Attr =	]
dHook.sys -> %System32%\drivers\dHook.sys ->  [Ver =  | Size = 2080 bytes | Modified Date = 1/25/2008 9:39:53 AM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/11/2008 11:38:11 AM | Attr =	]
fltMgrr.sys -> %System32%\drivers\fltMgrr.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 1/10/2008 11:28:00 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 1/9/2008 7:14:28 AM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 1/9/2008 1:36:46 AM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/9/2008 7:11:04 AM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/27/2008 3:04:48 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/27/2008 12:34:39 AM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Modified Date = 1/24/2008 8:03:36 AM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/9/2008 7:15:07 AM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/9/2008 7:09:08 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/27/2008 3:03:03 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/27/2008 3:02:57 AM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 1/24/2008 1:32:53 AM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Modified Date = 1/9/2008 7:07:13 AM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 1/24/2008 8:24:06 AM | Attr =	]
export -> %System32%\export ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 188200 bytes | Modified Date = 1/24/2008 8:33:16 AM | Attr =	]
ias -> %System32%\ias ->  [Folder | Modified Date = 1/9/2008 7:10:33 AM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Modified Date = 1/9/2008 1:37:26 AM | Attr =	]
ikhcore.cfg -> %System32%\ikhcore.cfg ->  [Ver =  | Size = 100 bytes | Modified Date = 1/27/2008 12:35:18 AM | Attr =	]
IME -> %System32%\IME ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/9/2008 7:09:47 AM | Attr = RH ]
lsdelete.exe -> %System32%\lsdelete.exe ->  [Ver =  | Size = 12632 bytes | Modified Date = 1/23/2008 12:23:04 AM | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 1/9/2008 7:08:19 AM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Modified Date = 1/9/2008 7:15:43 AM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Modified Date = 1/9/2008 7:06:46 AM | Attr =	]
mui -> %System32%\mui ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
npp -> %System32%\npp ->  [Folder | Modified Date = 1/9/2008 1:42:39 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/9/2008 7:11:04 AM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Modified Date = 1/9/2008 7:08:57 AM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 40394 bytes | Modified Date = 1/24/2008 11:36:18 PM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 312172 bytes | Modified Date = 1/24/2008 11:36:18 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 356120 bytes | Modified Date = 1/24/2008 11:36:18 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 1/10/2008 9:35:40 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Modified Date = 1/9/2008 1:38:06 AM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 1/10/2008 10:33:38 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/9/2008 7:15:47 AM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Modified Date = 1/9/2008 1:43:37 AM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 1/10/2008 9:30:50 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Modified Date = 1/9/2008 7:04:05 AM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 1/9/2008 1:43:26 AM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/9/2008 7:09:47 AM | Attr = RH ]
wins -> %System32%\wins ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/27/2008 3:57:04 PM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/26/2008 1:53:51 PM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 1/24/2008 8:19:03 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 1/24/2008 8:18:41 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 1/9/2008 1:43:16 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/27/2008 12:33:58 AM | Attr =   S]
carrier -> %SystemRoot%\carrier ->  [Folder | Modified Date = 1/24/2008 1:32:42 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/9/2008 7:06:21 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/24/2008 8:15:49 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/9/2008 7:09:47 AM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 1/10/2008 9:22:35 PM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 1/9/2008 1:43:09 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/24/2008 7:56:13 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/24/2008 8:33:13 AM | Attr =	]
hpwins05.dat -> %SystemRoot%\hpwins05.dat ->  [Ver =  | Size = 148261 bytes | Modified Date = 1/24/2008 1:35:54 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 1/24/2008 8:21:45 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/26/2008 7:33:18 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/24/2008 8:30:57 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/27/2008 3:02:52 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/27/2008 10:41:02 AM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 1/27/2008 12:53:27 AM | Attr =	]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 1/27/2008 3:02:57 AM | Attr =	]
MalwarePro -> %SystemRoot%\MalwarePro ->  [Folder | Modified Date = 1/26/2008 7:37:28 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/24/2008 8:22:02 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1811 bytes | Modified Date = 1/24/2008 4:50:21 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 1/24/2008 8:33:10 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 1/9/2008 1:43:09 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/24/2008 8:15:02 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/10/2008 9:28:24 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 1/24/2008 7:58:27 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 1/9/2008 7:10:51 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 1/9/2008 7:09:47 AM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 1/24/2008 7:52:52 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 1/9/2008 1:42:55 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/26/2008 7:32:00 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/17/2008 7:25:43 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 1/9/2008 7:15:23 AM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/9/2008 8:57:52 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 1/24/2008 7:55:49 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/10/2008 9:30:57 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 1/9/2008 7:09:17 AM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 1/24/2008 4:50:30 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 1/24/2008 7:50:45 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 1/9/2008 1:46:06 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 1/27/2008 3:02:57 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/24/2008 4:40:22 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/27/2008 9:20:34 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/24/2008 1:35:37 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 1/9/2008 7:06:55 AM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 1/9/2008 7:06:55 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 1/24/2008 8:22:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 1/9/2008 7:09:51 AM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 573 bytes | Modified Date = 1/24/2008 7:57:07 AM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 292 bytes | Modified Date = 1/25/2008 9:50:36 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/26/2008 7:32:11 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/9/2008 7:11:04 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 1/24/2008 4:40:23 PM | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 444 bytes | Modified Date = 1/27/2008 5:00:05 PM | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 378 bytes | Modified Date = 1/11/2008 12:37:34 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/27/2008 12:34:04 AM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 454 bytes | Modified Date = 1/27/2008 5:00:07 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 368 bytes | Modified Date = 1/26/2008 7:37:33 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersAppData%\Adobe ->  [Folder | Modified Date = 1/23/2008 4:42:45 PM | Attr =	]
Apple -> %AllUsersAppData%\Apple ->  [Folder | Modified Date = 1/24/2008 4:40:17 PM | Attr =	]
Apple Computer -> %AllUsersAppData%\Apple Computer ->  [Folder | Modified Date = 1/24/2008 4:40:44 PM | Attr =	]
avg7 -> %AllUsersAppData%\avg7 ->  [Folder | Modified Date = 1/25/2008 8:31:55 AM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/9/2008 1:45:25 AM | Attr =  HS]
Google -> %AllUsersAppData%\Google ->  [Folder | Modified Date = 1/10/2008 11:35:04 PM | Attr =	]
Grisoft -> %AllUsersAppData%\Grisoft ->  [Folder | Modified Date = 1/19/2008 3:46:37 PM | Attr =	]
Hewlett-Packard -> %AllUsersAppData%\Hewlett-Packard ->  [Folder | Modified Date = 1/24/2008 1:35:03 AM | Attr =	]
Lavasoft -> %AllUsersAppData%\Lavasoft ->  [Folder | Modified Date = 1/23/2008 12:24:00 AM | Attr =	]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 1/24/2008 7:52:52 AM | Attr =   S]
SecTaskMan -> %AllUsersAppData%\SecTaskMan ->  [Folder | Modified Date = 1/24/2008 7:37:50 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy ->  [Folder | Modified Date = 1/11/2008 12:33:20 PM | Attr =	]
STOPzilla! -> %AllUsersAppData%\STOPzilla! ->  [Folder | Modified Date = 1/12/2008 2:21:31 PM | Attr =	]
TEMP -> %AllUsersAppData%\TEMP ->  [Folder | Modified Date = 1/27/2008 9:20:46 PM | Attr =	]
@Alternate Data Stream - 106 bytes -> %AllUsersAppData%\TEMP:DFC5A2B2
Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage ->  [Folder | Modified Date = 1/24/2008 7:54:06 AM | Attr =	]
WinZip -> %AllUsersAppData%\WinZip ->  [Folder | Modified Date = 1/27/2008 10:41:10 AM | Attr =	]
Yahoo! -> %AllUsersAppData%\Yahoo! ->  [Folder | Modified Date = 1/10/2008 11:06:31 PM | Attr =	]
Yahoo! Companion -> %AllUsersAppData%\Yahoo! Companion ->  [Folder | Modified Date = 1/22/2008 11:51:19 PM | Attr =	]
ZILLAbar -> %AllUsersAppData%\ZILLAbar ->  [Folder | Modified Date = 1/12/2008 2:25:17 PM | Attr =	]
.wyzo -> %UserAppData%\.wyzo ->  [Folder | Modified Date = 1/10/2008 10:42:31 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/10/2008 11:06:32 PM | Attr =	]
Apple Computer -> %UserAppData%\Apple Computer ->  [Folder | Modified Date = 1/24/2008 4:42:08 PM | Attr =	]
AVG7 -> %UserAppData%\AVG7 ->  [Folder | Modified Date = 1/26/2008 8:00:19 AM | Attr =	]
BitTorrent -> %UserAppData%\BitTorrent ->  [Folder | Modified Date = 1/27/2008 10:13:22 PM | Attr =	]
desktop.ini -> %UserAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/9/2008 1:45:25 AM | Attr =  HS]
DNA -> %UserAppData%\DNA ->  [Folder | Modified Date = 1/27/2008 10:12:04 PM | Attr =	]
Grisoft -> %UserAppData%\Grisoft ->  [Folder | Modified Date = 1/19/2008 3:46:48 PM | Attr =	]
Help -> %UserAppData%\Help ->  [Folder | Modified Date = 1/24/2008 10:48:11 PM | Attr =	]
Identities -> %UserAppData%\Identities ->  [Folder | Modified Date = 1/9/2008 7:17:36 AM | Attr =	]
Lavasoft -> %UserAppData%\Lavasoft ->  [Folder | Modified Date = 1/21/2008 4:37:28 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Modified Date = 1/10/2008 11:07:01 PM | Attr =	]
Media Player Classic -> %UserAppData%\Media Player Classic ->  [Folder | Modified Date = 1/11/2008 12:14:07 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 1/23/2008 3:36:48 AM | Attr =   S]
Mozilla -> %UserAppData%\Mozilla ->  [Folder | Modified Date = 1/10/2008 9:28:22 PM | Attr =	]
PC Tools -> %UserAppData%\PC Tools ->  [Folder | Modified Date = 1/24/2008 11:34:36 PM | Attr =	]
Protector Suite -> %UserAppData%\Protector Suite ->  [Folder | Modified Date = 1/11/2008 11:12:24 AM | Attr =	]
Sammsoft -> %UserAppData%\Sammsoft ->  [Folder | Modified Date = 1/20/2008 11:17:00 PM | Attr =	]
STOPzilla! -> %UserAppData%\STOPzilla! ->  [Folder | Modified Date = 1/11/2008 12:21:41 AM | Attr =	]
Sun -> %UserAppData%\Sun ->  [Folder | Modified Date = 1/24/2008 4:50:30 PM | Attr =	]
Talkback -> %UserAppData%\Talkback ->  [Folder | Modified Date = 1/10/2008 9:28:35 PM | Attr =	]
U3 -> %UserAppData%\U3 ->  [Folder | Modified Date = 1/11/2008 11:09:09 AM | Attr =	]
VersionTracker Pro -> %UserAppData%\VersionTracker Pro ->  [Folder | Modified Date = 1/20/2008 6:33:47 PM | Attr =	]
WinRAR -> %UserAppData%\WinRAR ->  [Folder | Modified Date = 1/10/2008 11:18:00 PM | Attr =	]
Wyzo -> %UserAppData%\Wyzo ->  [Folder | Modified Date = 1/27/2008 10:11:47 PM | Attr =	]
Yahoo! -> %UserAppData%\Yahoo! ->  [Folder | Modified Date = 1/15/2008 3:56:13 PM | Attr =	]
Apple -> %LocalAppData%\Apple ->  [Folder | Modified Date = 1/24/2008 4:40:22 PM | Attr =	]
Apple Computer -> %LocalAppData%\Apple Computer ->  [Folder | Modified Date = 1/24/2008 4:42:08 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 4608 bytes | Modified Date = 1/12/2008 9:25:16 PM | Attr =	]
DNA -> %LocalAppData%\DNA ->  [Folder | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 42168 bytes | Modified Date = 1/24/2008 8:33:32 AM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Modified Date = 1/10/2008 11:35:05 PM | Attr =	]
Help -> %LocalAppData%\Help ->  [Folder | Modified Date = 1/24/2008 10:48:11 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 5882316 bytes | Modified Date = 1/11/2008 11:10:48 AM | Attr =  H ]
Identities -> %LocalAppData%\Identities ->  [Folder | Modified Date = 1/23/2008 3:36:47 AM | Attr =	]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/24/2008 8:34:08 AM | Attr =	]
Mozilla -> %LocalAppData%\Mozilla ->  [Folder | Modified Date = 1/10/2008 9:28:22 PM | Attr =	]
The Weather Channel -> %LocalAppData%\The Weather Channel ->  [Folder | Modified Date = 1/20/2008 11:14:52 PM | Attr =	]
Wyzo -> %LocalAppData%\Wyzo ->  [Folder | Modified Date = 1/10/2008 10:42:31 PM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 138 bytes | Modified Date = 1/9/2008 8:33:46 AM | Attr =  HS]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/9/2008 7:08:41 AM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Modified Date = 1/9/2008 7:08:40 AM | Attr = R  ]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Modified Date = 1/9/2008 7:05:14 AM | Attr = R  ]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 79 bytes | Modified Date = 1/25/2008 3:04:14 AM | Attr =  HS]
Downloads -> %UserDocuments%\Downloads ->  [Folder | Modified Date = 1/27/2008 3:57:40 PM | Attr =	]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/25/2008 3:04:14 AM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 3:04:14 AM | Attr = R  ]
My Safe -> %UserDocuments%\My Safe ->  [Folder | Modified Date = 1/27/2008 12:34:19 AM | Attr = R S]
STOPzilla BLACK LIST Contents.htm -> %UserDocuments%\STOPzilla BLACK LIST Contents.htm ->  [Ver =  | Size = 3781 bytes | Modified Date = 1/11/2008 10:22:42 AM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/13/2008 3:55:18 AM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1790 bytes | Modified Date = 1/13/2008 3:55:16 AM | Attr =	]
Adobe Reader 8.lnk -> %AllUsersDesktop%\Adobe Reader 8.lnk ->  [Ver =  | Size = 1729 bytes | Modified Date = 1/23/2008 4:41:46 PM | Attr =	]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 1/19/2008 1:37:37 PM | Attr =	]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk ->  [Ver =  | Size = 849 bytes | Modified Date = 1/19/2008 3:46:43 PM | Attr =	]
BitTorrent.lnk -> %AllUsersDesktop%\BitTorrent.lnk ->  [Ver =  | Size = 706 bytes | Modified Date = 1/10/2008 10:46:32 PM | Attr =	]
Keylogger Detector.lnk -> %AllUsersDesktop%\Keylogger Detector.lnk ->  [Ver =  | Size = 883 bytes | Modified Date = 1/25/2008 9:39:38 AM | Attr =	]
Media Player Classic.lnk -> %AllUsersDesktop%\Media Player Classic.lnk ->  [Ver =  | Size = 938 bytes | Modified Date = 1/11/2008 11:25:15 AM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 1/10/2008 9:28:17 PM | Attr =	]
QuickTime Player.lnk -> %AllUsersDesktop%\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 1/24/2008 4:41:10 PM | Attr =	]
RegCure.lnk -> %AllUsersDesktop%\RegCure.lnk ->  [Ver =  | Size = 441 bytes | Modified Date = 1/11/2008 12:36:05 PM | Attr =	]
Safari.lnk -> %AllUsersDesktop%\Safari.lnk ->  [Ver =  | Size = 1804 bytes | Modified Date = 1/24/2008 4:41:56 PM | Attr =	]
SpyHunter.lnk -> %AllUsersDesktop%\SpyHunter.lnk ->  [Ver =  | Size = 899 bytes | Modified Date = 1/25/2008 12:21:45 AM | Attr =	]
Spyware Doctor.lnk -> %AllUsersDesktop%\Spyware Doctor.lnk ->  [Ver =  | Size = 1637 bytes | Modified Date = 1/24/2008 11:34:44 PM | Attr =	]
VersionTracker Pro.lnk -> %AllUsersDesktop%\VersionTracker Pro.lnk ->  [Ver =  | Size = 1888 bytes | Modified Date = 1/20/2008 6:25:07 PM | Attr =	]
WinZip.lnk -> %AllUsersDesktop%\WinZip.lnk ->  [Ver =  | Size = 1732 bytes | Modified Date = 1/27/2008 10:40:56 AM | Attr =	]
Yahoo! Mail.lnk -> %AllUsersDesktop%\Yahoo! Mail.lnk ->  [Ver =  | Size = 1535 bytes | Modified Date = 1/10/2008 11:06:13 PM | Attr =	]
Yahoo! Messenger.lnk -> %AllUsersDesktop%\Yahoo! Messenger.lnk ->  [Ver =  | Size = 812 bytes | Modified Date = 1/24/2008 6:36:15 PM | Attr =	]
aaw2007.exe -> %UserDesktop%\aaw2007.exe ->  [Ver =  | Size = 21216112 bytes | Modified Date = 1/13/2008 3:54:22 AM | Attr =	]
BitTorrent-6.0.exe -> %UserDesktop%\BitTorrent-6.0.exe ->  [Ver =  | Size = 878192 bytes | Modified Date = 1/10/2008 10:41:43 PM | Attr =	]
blank.gif -> %UserDesktop%\blank.gif ->  [Ver =  | Size = 43 bytes | Modified Date = 1/20/2008 11:13:58 PM | Attr =	]
Check PC For Errors.lnk -> %UserDesktop%\Check PC For Errors.lnk ->  [Ver =  | Size = 1718 bytes | Modified Date = 1/20/2008 11:16:59 PM | Attr =	]
FireTune for Firefox.lnk -> %UserDesktop%\FireTune for Firefox.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 1/27/2008 12:54:01 AM | Attr =	]
firetune.exe -> %UserDesktop%\firetune.exe ->  [Ver = 6.0.1.4 | Size = 982577 bytes | Modified Date = 1/27/2008 12:53:22 AM | Attr =	]
Free-SpyHunter-Scanner-Install.exe -> %UserDesktop%\Free-SpyHunter-Scanner-Install.exe ->  [Ver = 3.3 | Size = 7427928 bytes | Modified Date = 1/25/2008 12:20:59 AM | Attr =	]
HijackThis.exe.lnk -> %UserDesktop%\HijackThis.exe.lnk ->  [Ver =  | Size = 642 bytes | Modified Date = 1/21/2008 12:42:50 AM | Attr =	]
hijackthis_sfx.exe -> %UserDesktop%\hijackthis_sfx.exe ->  [Ver =  | Size = 251392 bytes | Modified Date = 1/21/2008 12:37:41 AM | Attr =	]
inst_antispy.exe -> %UserDesktop%\inst_antispy.exe ->  [Ver =  | Size = 335061 bytes | Modified Date = 1/24/2008 6:26:55 PM | Attr =	]
iTunesSetup.exe -> %UserDesktop%\iTunesSetup.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 58619176 bytes | Modified Date = 1/24/2008 7:55:39 AM | Attr =	]
klcodec365f.exe -> %UserDesktop%\klcodec365f.exe ->															  [Ver = 3.6.5.0			  | Size = 14040777 bytes | Modified Date = 1/11/2008 11:17:48 AM | Attr =	]
klcodec365f.exe.part -> %UserDesktop%\klcodec365f.exe.part ->															  [Ver = 3.6.5.0			  | Size = 2872068 bytes | Modified Date = 1/11/2008 10:52:32 AM | Attr =	]
Ly.jpg -> %UserDesktop%\Ly.jpg ->  [Ver =  | Size = 26021 bytes | Modified Date = 1/12/2008 8:33:12 PM | Attr =	]
MalwareProSetup.exe -> %UserDesktop%\MalwareProSetup.exe ->  [Ver = 7.0.6.1 | Size = 3727138 bytes | Modified Date = 1/24/2008 6:46:20 PM | Attr =	]
msgr8us.exe -> %UserDesktop%\msgr8us.exe -> Yahoo! Inc. [Ver = 2007.11.30.01 | Size = 437392 bytes | Modified Date = 1/10/2008 11:03:25 PM | Attr =	]
Paranoia.doc -> %UserDesktop%\Paranoia.doc ->  [Ver =  | Size = 2273 bytes | Modified Date = 1/23/2008 10:37:02 PM | Attr =	]
Personal Antispy.lnk -> %UserDesktop%\Personal Antispy.lnk ->  [Ver =  | Size = 675 bytes | Modified Date = 1/24/2008 6:41:19 PM | Attr =	]
philly.jpg -> %UserDesktop%\philly.jpg ->  [Ver =  | Size = 29212 bytes | Modified Date = 1/25/2008 2:01:25 PM | Attr =	]
pp.JPG -> %UserDesktop%\pp.JPG ->  [Ver =  | Size = 286546 bytes | Modified Date = 1/26/2008 1:45:32 PM | Attr =	]
pssetup.exe -> %UserDesktop%\pssetup.exe -> ISecSoft, Inc.											   [Ver =					  | Size = 3088476 bytes | Modified Date = 1/24/2008 7:03:38 PM | Attr =	]
qg15tpadx.exe -> %UserDesktop%\qg15tpadx.exe ->  [Ver =  | Size = 2570992 bytes | Modified Date = 1/21/2008 9:48:05 AM | Attr =	]
Safari304BetaSecUpdateQuickTimeSetup.exe -> %UserDesktop%\Safari304BetaSecUpdateQuickTimeSetup.exe -> Apple Inc. [Ver = 3.523.15.0 | Size = 40133928 bytes | Modified Date = 1/24/2008 4:39:28 PM | Attr =	]
Shade.jpg -> %UserDesktop%\Shade.jpg ->  [Ver =  | Size = 12993 bytes | Modified Date = 1/12/2008 8:27:50 PM | Attr =	]
Shortcut to IceSword.exe.lnk -> %UserDesktop%\Shortcut to IceSword.exe.lnk ->  [Ver =  | Size = 677 bytes | Modified Date = 1/27/2008 12:51:16 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 933 bytes | Modified Date = 1/11/2008 11:30:29 AM | Attr =	]
spybotsd15.exe -> %UserDesktop%\spybotsd15.exe -> Safer Networking Ltd.										[Ver = 1.5.1.15			 | Size = 7467056 bytes | Modified Date = 1/11/2008 11:29:27 AM | Attr =	]
stinger.exe -> %UserDesktop%\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 1/22/2008 9:15:26 PM | Attr =	]
stinger.opt -> %UserDesktop%\stinger.opt ->  [Ver =  | Size = 17 bytes | Modified Date = 1/22/2008 9:34:00 PM | Attr =	]
su200audiox.exe -> %UserDesktop%\su200audiox.exe ->  [Ver =  | Size = 7616136 bytes | Modified Date = 1/24/2008 5:41:14 PM | Attr =	]
The Weather Channel Desktop.lnk -> %UserDesktop%\The Weather Channel Desktop.lnk ->  [Ver =  | Size = 968 bytes | Modified Date = 1/20/2008 11:14:32 PM | Attr =	]
TheWeatherChannel_dw5_Stubweather5.exe -> %UserDesktop%\TheWeatherChannel_dw5_Stubweather5.exe -> The Weather Channel Interactive [Ver = 4, 1, 0, 5 | Size = 277616 bytes | Modified Date = 1/20/2008 11:13:39 PM | Attr =	]
Timestop.doc -> %UserDesktop%\Timestop.doc ->  [Ver =  | Size = 63488 bytes | Modified Date = 1/12/2008 7:39:33 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 1/27/2008 10:11:54 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478592 bytes | Modified Date = 1/27/2008 10:07:25 PM | Attr =	]
winzip111.exe -> %UserDesktop%\winzip111.exe ->  [Ver =  | Size = 12727648 bytes | Modified Date = 1/27/2008 10:38:47 AM | Attr =	]
wrar371.exe -> %UserDesktop%\wrar371.exe ->  [Ver =  | Size = 1206366 bytes | Modified Date = 1/10/2008 11:16:23 PM | Attr =	]
Wyzo.lnk -> %UserDesktop%\Wyzo.lnk ->  [Ver =  | Size = 1476 bytes | Modified Date = 1/10/2008 10:42:22 PM | Attr =	]
WyzoSetup.exe -> %UserDesktop%\WyzoSetup.exe -> Wyzo Ltd [Ver = 0.5.3.0 | Size = 610644 bytes | Modified Date = 1/10/2008 10:40:41 PM | Attr =	]
XoftSpySE.lnk -> %UserDesktop%\XoftSpySE.lnk ->  [Ver =  | Size = 682 bytes | Modified Date = 1/10/2008 11:19:26 PM | Attr =	]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/9/2008 7:11:17 AM | Attr =  HS]
VersionTrackerPro.lnk -> %AllUsersStartup%\VersionTrackerPro.lnk ->  [Ver =  | Size = 2435 bytes | Modified Date = 1/27/2008 1:50:58 AM | Attr =	]
WinZip Quick Pick.lnk -> %AllUsersStartup%\WinZip Quick Pick.lnk ->  [Ver =  | Size = 1660 bytes | Modified Date = 1/27/2008 10:40:56 AM | Attr =	]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/9/2008 7:11:17 AM | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 1/23/2008 4:41:40 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 1/24/2008 7:54:24 AM | Attr =	]
Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard ->  [Folder | Modified Date = 1/24/2008 1:35:32 AM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 1/11/2008 9:57:08 AM | Attr =	]
iS3 -> %CommonProgramFiles%\iS3 ->  [Folder | Modified Date = 1/11/2008 12:26:41 AM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 1/24/2008 4:48:50 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/24/2008 7:56:14 AM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 1/9/2008 7:08:25 AM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 1/9/2008 1:46:11 AM | Attr =	]
Protector Suite QL -> %CommonProgramFiles%\Protector Suite QL ->  [Folder | Modified Date = 1/11/2008 10:20:37 AM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 1/9/2008 7:08:30 AM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 1/9/2008 1:46:07 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 1/24/2008 8:04:41 AM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 1/13/2008 3:54:34 AM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 1/26/2008 1:54:03 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 1/26/2008 1:54:03 PM | Attr =	]
Perflib_Perfdata_1d4.dat -> C:\Documents and Settings\Lyanthya\Local Settings\Temp\Perflib_Perfdata_1d4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/27/2008 12:35:37 AM | Attr =	]
1 C:\Documents and Settings\Lyanthya\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Lyanthya\Local Settings\Temp\*.tmp -> 

< End of report >

Thank you so much!

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 28 January 2008 - 12:29 AM

Hi Lyanthya. I'm missing one part to the lag that I will need.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • For ALL other sections select None
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 January 2008 - 07:45 AM

WinPFind35 logfile created on: 1/28/2008 7:44:03 AM

WinPFind35U Version Beta38	 Folder = C:\Documents and Settings\Lyanthya\Desktop\WinPFind35u

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

 

1015.17 Mb Total Physical Memory | 479.13 Mb Available Physical Memory | 47.20% Memory free

2.39 Gb Paging File | 1.57 Gb Available in Paging File | 65.71% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 68.55 Gb Total Space | 44.10 Gb Free Space | 64.32% Space Free | Partition Type: NTFS

Drive D: | 581.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded



Computer Name: LYSLAPTOP

Current User Name: Lyanthya

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user





[Driver Services - Non-Microsoft Only]

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found

(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found

(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %System32%\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4321 built by: WinDDK | Size = 176128 bytes | Modified Date = 2/28/2006 2:36:20 PM | Attr =	]

(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found

(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.14 | Size = 127872 bytes | Modified Date = 3/4/2005 8:53:00 PM | Attr =	]

(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found

(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found

(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found

(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found

(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found

(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 6.0.301.196 | Size = 101833 bytes | Modified Date = 5/8/2004 8:38:06 PM | Attr =	]

(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found

(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found

(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found

(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found

(ATE_PROCMON) ATE_PROCMON [File_System | On_Demand | Stopped] -> %ProgramFiles%\Anti Trojan Elite\ATEPMon.sys -> File not found

(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 11000 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =	]

(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/19/2008 1:37:29 PM | Attr =	]

(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/19/2008 1:37:33 PM | Attr =	]

(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 1/19/2008 1:37:34 PM | Attr =	]

(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Modified Date = 5/30/2007 7:10:42 AM | Attr =	]

(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/19/2008 1:37:36 PM | Attr =	]

(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/19/2008 1:37:35 PM | Attr =	]

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found

(Changer) Changer [Kernel | System | Stopped] ->  -> File not found

(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found

(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found

(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0101 built by: WinDDK | Size = 163328 bytes | Modified Date = 10/10/2005 3:31:42 PM | Attr =	]

(EnumHook2) Enumerate Global Windows Service 2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\dHook.sys ->  [Ver =  | Size = 2080 bytes | Modified Date = 1/25/2008 9:39:53 AM | Attr =	]

(FdRedir) FdRedir [File_System | Auto | Running] -> %CommonProgramFiles%\Protector Suite QL\Drivers\FdRedir.sys -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 13568 bytes | Modified Date = 5/5/2006 6:00:02 PM | Attr =	]

(FileDisk2) FileDisk Protector Kernel Driver [Kernel | Auto | Running] -> %CommonProgramFiles%\Protector Suite QL\Drivers\filedisk.sys -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 33024 bytes | Modified Date = 5/5/2006 5:59:52 PM | Attr =	]

(fltMgrr) fltMgrr [Kernel | System | Running] -> %System32%\drivers\fltMgrr.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 1/10/2008 11:28:00 PM | Attr =	]

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]

(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found

(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found

(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found

(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4631 | Size = 1169980 bytes | Modified Date = 6/30/2006 1:21:30 PM | Attr =	]

(IKFileSec) File Security Driver [File_System | On_Demand | Running] -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr =	]

(IKSysFlt) System Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr =	]

(IKSysSec) System Security Driver [Kernel | On_Demand | Running] -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Modified Date = 12/10/2007 2:53:28 PM | Attr =	]

(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found

(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found

(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found

(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found

(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found

(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found

(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found

(PQNTDrv) PQNTDrv [Kernel | System | Running] -> %System32%\drivers\PQNTDRV.sys -> PowerQuest Corporation [Ver = 8.00.000 | Size = 4228 bytes | Modified Date = 9/16/2002 5:14:32 PM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found

(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found

(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]

(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found

(smihlp) SMI helper driver [Kernel | Auto | Running] -> %ProgramFiles%\Protector Suite QL\smihlp.sys -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 3456 bytes | Modified Date = 5/5/2006 5:33:04 PM | Attr =	]

(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found

(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found

(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found

(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found

(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found

(szkg) szkg [Kernel | Boot | Running] -> %System32%\drivers\SZKG.sys -> iS3 Inc. [Ver = 2.1.2.0 | Size = 24704 bytes | Modified Date = 9/5/2006 4:20:18 PM | Attr = R  ]

(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> %System32%\drivers\tcusb.sys -> UPEK Inc. [Ver = 1.8.1.55 | Size = 28800 bytes | Modified Date = 5/5/2006 5:43:38 PM | Attr =	]

(tifm21) tifm21 [Kernel | On_Demand | Running] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 2.0.0.4 | Size = 162560 bytes | Modified Date = 11/30/2005 10:12:36 AM | Attr =	]

(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found

(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found

(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found

(w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\w39n51.sys -> Intel® Corporation [Ver = 10010-13 Driver | Size = 1428096 bytes | Modified Date = 12/5/2005 1:55:30 AM | Attr =	]

(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

(wseak) wseak [Kernel | System | Running] -> %System32%\drivers\wseak.sys -> Widestep Security Software [Ver = 3.0.0.28 built by: WinDDK | Size = 42624 bytes | Modified Date = 12/29/2006 10:13:48 AM | Attr =	]



[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]

msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]

wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1088 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

psqlpwd -> %System32%\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 40448 bytes | Modified Date = 5/5/2006 5:48:24 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 304 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3587:TCP -> 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3540:UDP -> 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Wyzo\wyzo.exe -> C:\Program Files\Wyzo\wyzo.exe [C:\Program Files\Wyzo\wyzo.exe:*:Enabled:Wyzo] ->  [Ver =  | Size = 3818496 bytes | Modified Date = 8/20/2007 10:38:20 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> C:\Program Files\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] ->  [Ver =  | Size = 290112 bytes | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 587568 bytes | Modified Date = 1/24/2008 7:45:47 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe -> C:\WINDOWS\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 815104 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe [C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe [C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 8.1.0.52 | Size = 221184 bytes | Modified Date = 1/2/2007 5:27:40 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 080.000.000.154 | Size = 1138688 bytes | Modified Date = 1/2/2007 5:27:38 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3587:TCP -> 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3540:UDP -> 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





< End of report >


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 28 January 2008 - 09:58 AM

Hi Lyanthya. Ok, let's get started. Please follow the steps below in order:

Step #1

Download SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Minimize SUPERAntiSpyware, we will come back to it later on.
Step #2

Now start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {1827766B-9F49-4854-8034-F6EE26FCB1EC} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [ZILLAbar Browser Helper Object]
YN -> {E3215F20-3212-11D6-9F8B-00D0B743919D} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [STOPzilla Browser Helper Object]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {98828DED-A591-462F-83BA-D2F62A68B8B8} [HKEY_LOCAL_MACHINE] -> Reg Error: Value  does not exist or could not be read. [STOPzilla]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2E5E800E-6AC0-411E-940A-369530A35E43}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [The Weather Channel]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe [C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe:*:Enabled:hpznui01.exe]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe [C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe]
[Files/Folders - Created Within 30 days]
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
[Files/Folders - Modified Within 30 days]
NY -> core.cache.dsk -> %System32%\drivers\core.cache.dsk
[Extra Files]
%SystemRoot%\system32\drivers\core.sys
[Empty Temp Folders]

The fix should only take a very short time. Your desktop will disappear and then reappear when the fix is complete, this is normal. You might be asked to reboot if any of the files could not be moved during the fix. If so, choose Yes and reboot normally.

Step #3

Now bring up SUPERAntiSpyware again and run a scan by doing the following:
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Step #4

Post the following back here:
  • a new WinPFind35U report
  • the SUPERAntiSpyware report
  • the latest .log file from the WinPFind3u/MovedFiles folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 January 2008 - 11:56 AM

I didn't have any problems with those steps, but I'm still getting the popups.

WinPFind35 report:
WinPFind35 logfile created on: 1/28/2008 11:43:39 AM
WinPFind35U Version Beta38	 Folder = C:\Documents and Settings\Lyanthya\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
 
1015.17 Mb Total Physical Memory | 481.57 Mb Available Physical Memory | 47.44% Memory free
2.39 Gb Paging File | 1.90 Gb Available in Paging File | 79.69% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.55 Gb Total Space | 43.95 Gb Free Space | 64.12% Space Free | Partition Type: NTFS
Drive D: | 581.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: LYSLAPTOP
Current User Name: Lyanthya
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/23/2008 12:21:34 AM | Attr =	]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/23/2004 10:40:42 PM | Attr =	]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 94208 bytes | Modified Date = 6/30/2006 12:58:38 PM | Attr =	]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 12:55:22 PM | Attr =	]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 12:59:20 PM | Attr =	]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]
btdna.exe -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 290112 bytes | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]
yahoomessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr =	]
bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe ->  [Ver =  | Size = 587568 bytes | Modified Date = 1/24/2008 7:45:47 AM | Attr =	]
psqltray.exe -> %ProgramFiles%\Protector Suite QL\psqltray.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 46592 bytes | Modified Date = 5/5/2006 5:39:54 PM | Attr =	]
desktopweather.exe -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 12/20/2007 8:10:06 AM | Attr =	]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
versiontrackerpro.exe -> %ProgramFiles%\TechTracker\VersionTracker Pro\VersionTrackerPro.exe -> CNET TechTracker [Ver = 4.0.0.220 | Size = 2121728 bytes | Modified Date = 12/12/2007 2:03:12 PM | Attr =	]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 394856 bytes | Modified Date = 12/3/2007 11:10:00 AM | Attr = R  ]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 11:08:42 AM | Attr =	]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/19/2008 1:37:25 PM | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/26/2008 1:34:08 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/23/2008 12:21:34 AM | Attr =	]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =	]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/19/2008 1:37:25 PM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/19/2008 1:37:23 PM | Attr =	]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(Elite Antikeylogger monitoring service) Elite Antikeylogger monitoring service [Win32_Own | Auto | Stopped] ->  -> File not found
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 12/10/2007 2:53:44 PM | Attr =	]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 12/10/2007 2:53:46 PM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr =	]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:56 PM | Attr =	]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 3/23/2004 10:40:42 PM | Attr =	]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/19/2008 1:37:22 PM | Attr =	]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 77824 bytes | Modified Date = 6/30/2006 12:55:22 PM | Attr =	]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 118784 bytes | Modified Date = 6/30/2006 12:59:20 PM | Attr =	]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4631 | Size = 94208 bytes | Modified Date = 6/30/2006 12:58:38 PM | Attr =	]
PSQLLauncher -> %ProgramFiles%\Protector Suite QL\launcher.exe -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 30208 bytes | Modified Date = 5/5/2006 5:36:28 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 10:56:54 AM | Attr =	]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 5/6/2005 2:06:12 PM | Attr =	]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AROReminder -> %ProgramFiles%\Advanced Registry Optimizer\ARO.exe -> Sammsoft [Ver = 5.1.338.343 | Size = 1798656 bytes | Modified Date = 5/23/2007 10:41:42 AM | Attr =	]
BitTorrent -> %ProgramFiles%\BitTorrent\bittorrent.exe ->  [Ver =  | Size = 587568 bytes | Modified Date = 1/24/2008 7:45:47 AM | Attr =	]
BitTorrent DNA -> %ProgramFiles%\DNA\btdna.exe ->  [Ver =  | Size = 290112 bytes | Modified Date = 1/10/2008 10:46:27 PM | Attr =	]
DW4 -> %ProgramFiles%\The Weather Channel FW\Desktop Weather\DesktopWeather.exe -> The Weather Channel Interactive [Ver = 5, 2, 0, 1 | Size = 715888 bytes | Modified Date = 12/20/2007 8:10:06 AM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 9 | Size = 1460560 bytes | Modified Date = 8/31/2007 4:46:28 PM | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 2:06:28 PM | Attr =	]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr =	]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersStartup%\VersionTrackerPro.lnk -> %SystemRoot%\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe -> InstallShield Software Corp. [Ver = 10.0.135 | Size = 53248 bytes | Modified Date = 1/20/2008 6:25:10 PM | Attr = R  ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, S.L. [Ver = 1.0 (32-bit) | Size = 394856 bytes | Modified Date = 12/3/2007 11:10:00 AM | Attr = R  ]
< Lyanthya Startup Folder > -> C:\Documents and Settings\Lyanthya\Start Menu\Programs\Startup -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =	]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =	]
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4631 | Size = 139264 bytes | Modified Date = 6/30/2006 12:54:26 PM | Attr =	]
psfus -> %System32%\psqlpwd.dll -> UPEK Inc. [Ver = 5.4.0.2934 | Size = 40448 bytes | Modified Date = 5/5/2006 5:48:24 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SLastActive1 -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SFT1 -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} [HKEY_LOCAL_MACHINE] -> %System32%\TwcToolbarBho.dll [TwcToolbarBhoApp Class] ->  [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 5/9/2007 9:41:18 AM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2E5E800E-6AC0-411E-940A-369530A35E43} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2008, 1, 8, 1 | Size = 878352 bytes | Modified Date = 1/8/2008 5:37:04 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 3:33:52 PM | Attr =	]
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{66C0FE66-B7A0-43E4-9325-75F649AF45E1} ->	(1394 Net Adapter) -> 
{B774AB67-80A4-4F73-9F43-C247D3F2A737} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{FED54A1D-FD4F-4217-84DB-691C6C69D7D8} ->	(Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000006 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 



[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Created Date = 1/24/2008 11:39:51 PM | Attr = RH ]
AlpsPointing.temp -> %SystemDrive%\AlpsPointing.temp ->  [Folder | Created Date = 1/10/2008 10:33:22 PM | Attr =	]
Atheros Driver.temp -> %SystemDrive%\Atheros Driver.temp ->  [Folder | Created Date = 1/18/2008 8:10:50 PM | Attr =	]
Audio.temp -> %SystemDrive%\Audio.temp ->  [Folder | Created Date = 1/11/2008 9:57:02 AM | Attr =	]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 1/9/2008 1:43:52 AM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 1/24/2008 1:32:02 AM | Attr =  H ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 1/9/2008 1:44:37 AM | Attr =	]
FingerPrint.temp -> %SystemDrive%\FingerPrint.temp ->  [Folder | Created Date = 1/11/2008 10:20:07 AM | Attr =	]
IceSword -> %SystemDrive%\IceSword ->  [Folder | Created Date = 1/27/2008 12:29:36 AM | Attr =	]
Intel Display.temp -> %SystemDrive%\Intel Display.temp ->  [Folder | Created Date = 1/11/2008 11:09:59 AM | Attr =	]
Intel Driver.temp -> %SystemDrive%\Intel Driver.temp ->  [Folder | Created Date = 1/18/2008 8:37:48 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 1/24/2008 7:50:34 AM | Attr = RH ]
Partition Magic 8.0 -> %SystemDrive%\Partition Magic 8.0 ->  [Folder | Created Date = 1/9/2008 7:25:43 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 1/9/2008 1:46:06 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 1/11/2008 11:14:52 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 1/9/2008 1:44:37 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
big5.nls -> %System32%\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 1/9/2008 7:11:58 AM | Attr =	]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 1/9/2008 7:11:58 AM | Attr =	]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/9/2008 7:12:05 AM | Attr =	]
chtskf.dll -> %System32%\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 1/9/2008 7:12:08 AM | Attr =	]
c_10001.nls -> %System32%\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10002.nls -> %System32%\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10003.nls -> %System32%\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10004.nls -> %System32%\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10005.nls -> %System32%\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10006.nls -> %System32%\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_10007.nls -> %System32%\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10008.nls -> %System32%\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/9/2008 7:11:59 AM | Attr =	]
c_10010.nls -> %System32%\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10017.nls -> %System32%\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10021.nls -> %System32%\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_10029.nls -> %System32%\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10081.nls -> %System32%\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_10082.nls -> %System32%\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_1047.nls -> %System32%\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1140.nls -> %System32%\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1141.nls -> %System32%\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1142.nls -> %System32%\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1143.nls -> %System32%\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1144.nls -> %System32%\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1145.nls -> %System32%\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1146.nls -> %System32%\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1147.nls -> %System32%\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1148.nls -> %System32%\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1149.nls -> %System32%\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:00 AM | Attr =	]
c_1361.nls -> %System32%\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20000.nls -> %System32%\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20001.nls -> %System32%\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20002.nls -> %System32%\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20003.nls -> %System32%\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20004.nls -> %System32%\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20005.nls -> %System32%\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20105.nls -> %System32%\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:01 AM | Attr =	]
c_20106.nls -> %System32%\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20107.nls -> %System32%\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20108.nls -> %System32%\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20127.nls -> %System32%\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:51 AM | Attr =	]
c_20269.nls -> %System32%\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20273.nls -> %System32%\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20277.nls -> %System32%\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20278.nls -> %System32%\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20280.nls -> %System32%\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20284.nls -> %System32%\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20285.nls -> %System32%\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20290.nls -> %System32%\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20297.nls -> %System32%\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20420.nls -> %System32%\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20423.nls -> %System32%\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:02 AM | Attr =	]
c_20424.nls -> %System32%\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20833.nls -> %System32%\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20838.nls -> %System32%\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20871.nls -> %System32%\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20880.nls -> %System32%\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20924.nls -> %System32%\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20932.nls -> %System32%\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20936.nls -> %System32%\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_20949.nls -> %System32%\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_21025.nls -> %System32%\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_21027.nls -> %System32%\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:03 AM | Attr =	]
c_28594.nls -> %System32%\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_28595.nls -> %System32%\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_28596.nls -> %System32%\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_28597.nls -> %System32%\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_28599.nls -> %System32%\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_28603.nls -> %System32%\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:05 AM | Attr =	]
c_708.nls -> %System32%\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_720.nls -> %System32%\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_737.nls -> %System32%\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:57 AM | Attr =	]
c_852.nls -> %System32%\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_855.nls -> %System32%\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_857.nls -> %System32%\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_858.nls -> %System32%\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_862.nls -> %System32%\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_864.nls -> %System32%\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_866.nls -> %System32%\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_869.nls -> %System32%\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_870.nls -> %System32%\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 7:12:04 AM | Attr =	]
c_875.nls -> %System32%\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
e100b325.sys -> %System32%\dllcache\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0101 built by: WinDDK | Size = 163328 bytes | Created Date = 1/10/2008 8:43:50 PM | Attr =	]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/9/2008 7:12:18 AM | Attr =	]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/9/2008 7:12:18 AM | Attr =	]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/9/2008 7:12:18 AM | Attr =	]
FP4.CAT -> %System32%\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
fpencode.dll -> %System32%\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 1/9/2008 7:12:20 AM | Attr =	]
hanja.lex -> %System32%\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 1/9/2008 7:12:25 AM | Attr =	]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/9/2008 7:06:14 AM | Attr =	]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 1/9/2008 7:12:33 AM | Attr =	]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
imekr.lex -> %System32%\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 1/9/2008 7:12:51 AM | Attr =	]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 1/9/2008 7:12:53 AM | Attr =	]
IMS.CAT -> %System32%\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
imscinst.exe -> %System32%\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 1/9/2008 7:12:55 AM | Attr =	]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/9/2008 7:07:58 AM | Attr =	]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 1/9/2008 7:13:02 AM | Attr =	]
ksc.nls -> %System32%\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 1/9/2008 7:13:03 AM | Attr =	]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 1/9/2008 1:46:07 AM | Attr =	]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
mediactr.cat -> %System32%\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 1/9/2008 7:08:16 AM | Attr =	]
msinfo.dll -> %System32%\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/9/2008 7:08:01 AM | Attr =	]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
msn7.cat -> %System32%\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
msn9.cat -> %System32%\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
MW770.CAT -> %System32%\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
netfx.cat -> %System32%\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
nls302en.lex -> %System32%\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 1/9/2008 7:09:16 AM | Attr =	]
NT5.CAT -> %System32%\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT ->  [Ver =  | Size = 502724 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/9/2008 7:05:37 AM | Attr =	]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 1/9/2008 7:13:27 AM | Attr =	]
prc.nls -> %System32%\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/9/2008 7:13:28 AM | Attr =	]
prcp.nls -> %System32%\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/9/2008 7:13:28 AM | Attr =	]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 1/9/2008 1:46:08 AM | Attr =	]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/9/2008 7:13:34 AM | Attr =	]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/9/2008 7:13:35 AM | Attr =	]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/9/2008 7:13:35 AM | Attr =	]
sam.sdf -> %System32%\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 1/9/2008 1:46:09 AM | Attr =	]
sam.spd -> %System32%\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 1/9/2008 1:46:09 AM | Attr =	]
SP2.CAT -> %System32%\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 1/9/2008 1:45:24 AM | Attr =	]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
srframe.mmf -> %System32%\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 1/9/2008 7:08:32 AM | Attr =	]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 1/9/2008 1:45:25 AM | Attr =	]
xjis.nls -> %System32%\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 1/9/2008 7:14:11 AM | Attr =	]
Apfiltr.sys -> %System32%\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 6.0.301.196 | Size = 101833 bytes | Created Date = 1/10/2008 10:33:33 PM | Attr =	]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 1/19/2008 1:37:29 PM | Attr =	]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 1/19/2008 1:37:33 PM | Attr =	]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 1/19/2008 1:37:34 PM | Attr =	]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 1/19/2008 3:46:39 PM | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 1/19/2008 1:37:36 PM | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 1/19/2008 1:37:35 PM | Attr =	]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 1/19/2008 1:37:35 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Created Date = 1/10/2008 11:28:00 PM | Attr =	]
dHook.sys -> %System32%\drivers\dHook.sys ->  [Ver =  | Size = 2080 bytes | Created Date = 1/25/2008 9:39:53 AM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
e100b325.sys -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0101 built by: WinDDK | Size = 163328 bytes | Created Date = 1/10/2008 8:43:50 PM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
hosts.20080111-113811.backup -> %System32%\drivers\etc\hosts.20080111-113811.backup ->  [Ver =  | Size = 734 bytes | Created Date = 1/11/2008 11:38:11 AM | Attr =	]
quotes -> %System32%\drivers\etc\quotes ->  [Ver =  | Size = 1540 bytes | Created Date = 1/9/2008 8:44:50 AM | Attr =	]
fltMgrr.sys -> %System32%\drivers\fltMgrr.sys ->  [Ver =  | Size = 86144 bytes | Created Date = 1/10/2008 11:28:00 PM | Attr =	]
ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1038 built by: WinDDK | Size = 41864 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 1/24/2008 11:34:43 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 1/9/2008 1:43:47 AM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ac3acm.acm -> %System32%\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 1/11/2008 11:25:12 AM | Attr =	]
AddRemove.ico -> %System32%\AddRemove.ico ->  [Ver =  | Size = 766 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 1/9/2008 7:11:04 AM | Attr =	]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT ->  [Ver =  | Size = 1688 bytes | Created Date = 1/9/2008 1:45:47 AM | Attr =	]
bopomofo.uce -> %System32%\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 1/9/2008 7:06:05 AM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Created Date = 1/9/2008 1:45:08 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Created Date = 1/9/2008 1:45:08 AM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
CleanUp.exe -> %System32%\CleanUp.exe -> adi [Ver = 1, 0, 0, 2 | Size = 45056 bytes | Created Date = 1/11/2008 9:57:53 AM | Attr =	]
CloseACU.exe -> %System32%\CloseACU.exe -> ASKEY COMPUTER CORP. [Ver = 3, 0, 0, 0 | Size = 32768 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
Com -> %System32%\Com ->  [Folder | Created Date = 1/9/2008 7:05:29 AM | Attr =	]
config -> %System32%\config ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
cpwmon2k.dll -> %System32%\cpwmon2k.dll ->  [Ver =  | Size = 87552 bytes | Created Date = 1/22/2008 7:04:11 PM | Attr =	]
c_10006.nls -> %System32%\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_10007.nls -> %System32%\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10010.nls -> %System32%\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10017.nls -> %System32%\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
c_10029.nls -> %System32%\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_10081.nls -> %System32%\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_10082.nls -> %System32%\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_20127.nls -> %System32%\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:51 AM | Attr =	]
C_28594.NLS -> %System32%\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
C_28595.NLS -> %System32%\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:00 AM | Attr =	]
C_28597.NLS -> %System32%\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_28599.nls -> %System32%\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_28603.nls -> %System32%\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:46:05 AM | Attr =	]
c_737.nls -> %System32%\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:57 AM | Attr =	]
c_852.nls -> %System32%\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:53 AM | Attr =	]
c_855.nls -> %System32%\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_857.nls -> %System32%\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:46:03 AM | Attr =	]
c_866.nls -> %System32%\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:56 AM | Attr =	]
c_869.nls -> %System32%\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
c_875.nls -> %System32%\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/9/2008 1:45:58 AM | Attr =	]
desktop.ini -> %System32%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =	]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
dgsetup.dll -> %System32%\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Created Date = 1/9/2008 7:09:08 AM | Attr =	]
divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.8.0.14 | Size = 682496 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr = RHS]
dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 40 | Size = 81920 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
drivers -> %System32%\drivers ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Created Date = 1/18/2008 8:37:53 PM | Attr =	]
DSndUp.exe -> %System32%\DSndUp.exe -> Analog Devices Inc. [Ver = 1, 0, 0, 15 | Size = 49152 bytes | Created Date = 1/11/2008 9:57:53 AM | Attr =	]
e100b325.din -> %System32%\e100b325.din ->  [Ver =  | Size = 5178 bytes | Created Date = 1/10/2008 8:43:49 PM | Attr =	]
e100bmsg.dll -> %System32%\e100bmsg.dll -> Intel Corporation [Ver = 8.0.20.0 | Size = 36864 bytes | Created Date = 1/10/2008 8:43:51 PM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Created Date = 1/9/2008 7:07:13 AM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Created Date = 1/24/2008 8:22:14 AM | Attr =	]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
export -> %System32%\export ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ff_vfw.dll -> %System32%\ff_vfw.dll ->  [Ver =  | Size = 7680 bytes | Created Date = 1/11/2008 11:25:10 AM | Attr =	]
ff_vfw.dll.manifest -> %System32%\ff_vfw.dll.manifest ->  [Ver =  | Size = 547 bytes | Created Date = 1/11/2008 11:25:10 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 188200 bytes | Created Date = 1/9/2008 1:44:36 AM | Attr =	]
gb2312.uce -> %System32%\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 1/9/2008 7:06:05 AM | Attr =	]
hpovst11.dll -> %System32%\hpovst11.dll -> Hewlett-Packard Co. [Ver = 82.0.168.000 | Size = 294912 bytes | Created Date = 1/24/2008 1:32:44 AM | Attr =	]
hppldcoi.dll -> %System32%\hppldcoi.dll -> Hewlett-Packard [Ver = 2, 1, 1, 51 | Size = 364544 bytes | Created Date = 1/24/2008 1:32:44 AM | Attr =	]
hpwtiop2.dll -> %System32%\hpwtiop2.dll -> Hewlett-Packard Co. [Ver = 82.0.192.000 | Size = 892928 bytes | Created Date = 1/24/2008 1:32:45 AM | Attr =	]
hpwwiax2.dll -> %System32%\hpwwiax2.dll -> Hewlett-Packard [Ver = 0.0.0.204 | Size = 675840 bytes | Created Date = 1/24/2008 1:32:44 AM | Attr =	]
hpz3l4x6.dll -> %System32%\hpz3l4x6.dll -> Hewlett-Packard Company [Ver = 61.063.263.21 | Size = 118272 bytes | Created Date = 1/24/2008 1:34:43 AM | Attr =	]
hpzids01.dll -> %System32%\hpzids01.dll -> Hewlett-Packard [Ver = 8,5,0,71 | Size = 258048 bytes | Created Date = 1/24/2008 1:32:48 AM | Attr =	]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/9/2008 7:06:15 AM | Attr =	]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 347136 bytes | Created Date = 1/9/2008 7:05:36 AM | Attr =	]
ias -> %System32%\ias ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ideograf.uce -> %System32%\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
igfxres.dll -> %System32%\igfxres.dll -> Intel Corporation [Ver = 3.0.0.4631 | Size = 139264 bytes | Created Date = 1/11/2008 11:12:24 AM | Attr =	]
ikhcore.cfg -> %System32%\ikhcore.cfg ->  [Ver =  | Size = 100 bytes | Created Date = 1/27/2008 12:35:18 AM | Attr =	]
IME -> %System32%\IME ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
InstallInf.exe -> %System32%\InstallInf.exe -> ASKEY COMPUTER CORP. [Ver = 1, 0, 0, 0 | Size = 28672 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/9/2008 7:07:58 AM | Attr =	]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/24/2008 4:50:07 PM | Attr =	]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 1/24/2008 4:50:08 PM | Attr =	]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 1/24/2008 4:50:07 PM | Attr =	]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 1/24/2008 4:50:07 PM | Attr =	]
kanji_1.uce -> %System32%\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
kanji_2.uce -> %System32%\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
korean.uce -> %System32%\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
lameACM.acm -> %System32%\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 389120 bytes | Created Date = 1/11/2008 11:25:13 AM | Attr =	]
lame_acm.xml -> %System32%\lame_acm.xml ->  [Ver =  | Size = 414 bytes | Created Date = 1/11/2008 11:25:13 AM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/9/2008 7:09:47 AM | Attr = RH ]
Macromed -> %System32%\Macromed ->  [Folder | Created Date = 1/9/2008 7:08:19 AM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Created Date = 1/9/2008 7:15:43 AM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Created Date = 1/9/2008 7:05:31 AM | Attr =	]
msdtcprf.h -> %System32%\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 1/9/2008 7:06:02 AM | Attr =	]
msdtcprf.ini -> %System32%\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 1/9/2008 7:06:02 AM | Attr =	]
mui -> %System32%\mui ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
NicCo32.dll -> %System32%\NicCo32.dll -> Intel Corporation [Ver = 1.0.5.0 built by: WinDDK | Size = 20480 bytes | Created Date = 1/10/2008 8:43:53 PM | Attr =	]
NicIn32.dll -> %System32%\NicIn32.dll -> Intel Corporation [Ver = 9.0.2.0 built by: WinDDK | Size = 21504 bytes | Created Date = 1/10/2008 8:43:54 PM | Attr =	]
npp -> %System32%\npp ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 1/9/2008 7:11:04 AM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 356120 bytes | Created Date = 1/9/2008 1:46:13 AM | Attr =	]
PlugPlayPCIDevice.exe -> %System32%\PlugPlayPCIDevice.exe ->  [Ver = 1, 0, 0, 1 | Size = 270336 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 1/10/2008 9:35:40 PM | Attr =	]
Prounstl.exe -> %System32%\Prounstl.exe -> Intel Corporation [Ver = 8.0.7.0 | Size = 126976 bytes | Created Date = 1/10/2008 8:43:54 PM | Attr =	]
qt-dx331.dll -> %System32%\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
ras -> %System32%\ras ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Created Date = 1/10/2008 10:33:38 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Created Date = 1/9/2008 7:07:59 AM | Attr =	]
RmWLAN.exe -> %System32%\RmWLAN.exe -> ASKEY COMPUTER CORP. [Ver = 2.0.0.4 | Size = 32768 bytes | Created Date = 1/18/2008 8:11:11 PM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
shiftjis.uce -> %System32%\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
SMMedia.dll -> %System32%\SMMedia.dll -> Analog Devices [Ver = 1, 0, 0, 8 | Size = 1285632 bytes | Created Date = 1/11/2008 9:57:54 AM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 1/10/2008 9:30:50 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/9/2008 1:45:50 AM | Attr =	]
subrange.uce -> %System32%\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 1/9/2008 7:06:06 AM | Attr =	]
tslabels.h -> %System32%\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 1/9/2008 7:06:03 AM | Attr =	]
tslabels.ini -> %System32%\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 1/9/2008 7:06:03 AM | Attr =	]
TwcToolbarBho.dll -> %System32%\TwcToolbarBho.dll ->  [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Created Date = 1/20/2008 11:16:21 PM | Attr =	]
TwcToolbarIe7.dll -> %System32%\TwcToolbarIe7.dll ->  [Ver = 1, 2, 0, 1 | Size = 262144 bytes | Created Date = 1/20/2008 11:16:21 PM | Attr =	]
TwcToolInstDll.dll -> %System32%\TwcToolInstDll.dll -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 25600 bytes | Created Date = 1/20/2008 11:16:21 PM | Attr =	]
unrar.dll -> %System32%\unrar.dll ->  [Ver =  | Size = 164352 bytes | Created Date = 1/11/2008 11:25:15 AM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
usrlogon.cmd -> %System32%\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 1/9/2008 7:06:03 AM | Attr =	]
Vxdif.dll -> %System32%\Vxdif.dll -> Alps Electric Co., Ltd. [Ver = 6.0.2.67 | Size = 87865 bytes | Created Date = 1/10/2008 10:33:33 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
wdmioctl.dll -> %System32%\wdmioctl.dll -> Analog Devices Inc. [Ver = 6, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/11/2008 9:57:54 AM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/9/2008 7:09:47 AM | Attr = RH ]
wins -> %System32%\wins ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
wmimgmt.msc -> %System32%\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 1/9/2008 7:05:54 AM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Created Date = 1/9/2008 7:11:31 AM | Attr =	]
xvidcore.dll -> %System32%\xvidcore.dll ->  [Ver =  | Size = 1559040 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
xvidvfw.dll -> %System32%\xvidvfw.dll ->  [Ver =  | Size = 282624 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 1/11/2008 11:25:11 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 1/10/2008 9:35:38 PM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 1/24/2008 8:19:03 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 1/24/2008 8:18:41 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 1/9/2008 7:14:28 AM | Attr =   S]
carrier -> %SystemRoot%\carrier ->  [Folder | Created Date = 1/24/2008 1:32:42 AM | Attr =	]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 1/9/2008 7:11:08 AM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 1/9/2008 7:09:47 AM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr = R S]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
hpwins05.dat -> %SystemRoot%\hpwins05.dat ->  [Ver =  | Size = 148261 bytes | Created Date = 1/24/2008 1:31:26 AM | Attr =	]
hpwmdl05.dat -> %SystemRoot%\hpwmdl05.dat ->  [Ver =  | Size = 4785 bytes | Created Date = 1/24/2008 1:31:09 AM | Attr =	]
hpwscr05.dat -> %SystemRoot%\hpwscr05.dat ->  [Ver =  | Size = 16059 bytes | Created Date = 1/24/2008 1:31:09 AM | Attr =	]
hpzmsi01.exe -> %SystemRoot%\hpzmsi01.exe -> Hewlett-Packard [Ver = 8,5,0,71 | Size = 1132120 bytes | Created Date = 1/24/2008 1:31:14 AM | Attr =	]
hpzshl01.exe -> %SystemRoot%\hpzshl01.exe -> Hewlett-Packard [Ver = 8,5,0,71 | Size = 1275480 bytes | Created Date = 1/24/2008 1:31:17 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 1/24/2008 8:19:29 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 1/24/2008 8:23:52 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 1/9/2008 1:46:16 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 1/9/2008 1:46:12 AM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 1/27/2008 12:54:00 AM | Attr =	]
java -> %SystemRoot%\java ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
MalwarePro -> %SystemRoot%\MalwarePro ->  [Folder | Created Date = 1/24/2008 6:46:37 PM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1811 bytes | Created Date = 1/11/2008 11:18:10 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 1/24/2008 8:15:02 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 1/10/2008 9:28:24 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Created Date = 1/24/2008 7:58:25 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 1/9/2008 1:46:11 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 1/9/2008 7:09:47 AM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 1/9/2008 7:15:44 AM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 1/9/2008 7:06:48 AM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 1/9/2008 7:15:23 AM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 1/9/2008 7:06:08 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 1/24/2008 7:53:45 AM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 1/9/2008 7:06:07 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 1/9/2008 7:15:46 AM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 1/9/2008 7:08:20 AM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 1/24/2008 4:50:30 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
system32 -> %System32% ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 1/9/2008 7:08:26 AM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 1/9/2008 7:06:55 AM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 1/9/2008 7:06:55 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 1/24/2008 8:22:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/9/2008 7:09:40 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 292 bytes | Created Date = 1/11/2008 12:33:10 PM | Attr =	]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 1/9/2008 7:08:40 AM | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 1/9/2008 1:35:28 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 1/9/2008 7:11:03 AM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 1/9/2008 7:06:08 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 1/24/2008 4:40:22 PM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 1/9/2008 7:08:26 AM | Attr = RH ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 444 bytes | Created Date = 1/11/2008 12:37:34 PM | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 378 bytes | Created Date = 1/11/2008 12:37:33 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 1/9/2008 7:15:44 AM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 454 bytes | Created Date = 1/10/2008 11:19:28 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 368 bytes | Created Date = 1/10/2008 11:19:26 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG ->  [Folder | Modified Date = 1/26/2008 8:45:45 AM | Attr = RH ]
AlpsPointing.temp -> %SystemDrive%\AlpsPointing.temp ->  [Folder | Modified Date = 1/10/2008 10:33:22 PM | Attr =	]
Atheros Driver.temp -> %SystemDrive%\Atheros Driver.temp ->  [Folder | Modified Date = 1/18/2008 8:10:50 PM | Attr =	]
Audio.temp -> %SystemDrive%\Audio.temp ->  [Folder | Modified Date = 1/11/2008 9:57:05 AM | Attr =	]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 1/9/2008 7:03:31 AM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 1/28/2008 10:04:58 AM | Attr =  H ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/9/2008 9:15:42 AM | Attr =	]
FingerPrint.temp -> %SystemDrive%\FingerPrint.temp ->  [Folder | Modified Date = 1/11/2008 10:20:09 AM | Attr =	]
IceSword -> %SystemDrive%\IceSword ->  [Folder | Modified Date = 1/27/2008 12:29:36 AM | Attr =	]
Intel Display.temp -> %SystemDrive%\Intel Display.temp ->  [Folder | Modified Date = 1/11/2008 11:10:00 AM | Attr =	]
Intel Driver.temp -> %SystemDrive%\Intel Driver.temp ->  [Folder | Modified Date = 1/18/2008 8:37:49 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 1/24/2008 7:50:34 AM | Attr = RH ]
Partition Magic 8.0 -> %SystemDrive%\Partition Magic 8.0 ->  [Folder | Modified Date = 1/9/2008 7:25:43 AM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/28/2008 10:04:55 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/11/2008 11:14:52 AM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/9/2008 7:15:48 AM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 1/28/2008 10:12:35 AM | Attr =	]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/19/2008 1:37:29 PM | Attr =	]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/19/2008 1:37:33 PM | Attr =	]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 1/19/2008 1:37:34 PM | Attr =	]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/19/2008 1:37:36 PM | Attr =	]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/19/2008 1:37:35 PM | Attr =	]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/19/2008 1:37:35 PM | Attr =	]
core.cache.dsk -> %System32%\drivers\core.cache.dsk ->  [Ver =  | Size = 167545 bytes | Modified Date = 1/28/2008 11:41:57 AM | Attr =	]
dHook.sys -> %System32%\drivers\dHook.sys ->  [Ver =  | Size = 2080 bytes | Modified Date = 1/25/2008 9:39:53 AM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/11/2008 11:38:11 AM | Attr =	]
fltMgrr.sys -> %System32%\drivers\fltMgrr.sys ->  [Ver =  | Size = 86144 bytes | Modified Date = 1/10/2008 11:28:00 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 1/9/2008 7:14:28 AM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 1/9/2008 1:36:46 AM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/9/2008 7:11:04 AM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/27/2008 3:04:48 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/28/2008 11:42:42 AM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Modified Date = 1/24/2008 8:03:36 AM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/9/2008 7:15:07 AM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/9/2008 7:09:08 AM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/27/2008 3:03:03 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/28/2008 11:41:55 AM | Attr =	]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 1/24/2008 1:32:53 AM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 21640 bytes | Modified Date = 1/9/2008 7:07:13 AM | Attr =	]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 1/24/2008 8:24:06 AM | Attr =	]
export -> %System32%\export ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 188200 bytes | Modified Date = 1/24/2008 8:33:16 AM | Attr =	]
ias -> %System32%\ias ->  [Folder | Modified Date = 1/9/2008 7:10:33 AM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Modified Date = 1/9/2008 1:37:26 AM | Attr =	]
ikhcore.cfg -> %System32%\ikhcore.cfg ->  [Ver =  | Size = 100 bytes | Modified Date = 1/27/2008 12:35:18 AM | Attr =	]
IME -> %System32%\IME ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/9/2008 7:09:47 AM | Attr = RH ]
lsdelete.exe -> %System32%\lsdelete.exe ->  [Ver =  | Size = 12632 bytes | Modified Date = 1/23/2008 12:23:04 AM | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 1/9/2008 7:08:19 AM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Modified Date = 1/9/2008 7:15:43 AM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Modified Date = 1/9/2008 7:06:46 AM | Attr =	]
mui -> %System32%\mui ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
npp -> %System32%\npp ->  [Folder | Modified Date = 1/9/2008 1:42:39 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/9/2008 7:11:04 AM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Modified Date = 1/9/2008 7:08:57 AM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 40394 bytes | Modified Date = 1/24/2008 11:36:18 PM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 312172 bytes | Modified Date = 1/24/2008 11:36:18 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 356120 bytes | Modified Date = 1/24/2008 11:36:18 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 1/10/2008 9:35:40 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Modified Date = 1/9/2008 1:38:06 AM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 1/10/2008 10:33:38 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/9/2008 7:15:47 AM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Modified Date = 1/9/2008 1:43:37 AM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 1/10/2008 9:30:50 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Modified Date = 1/9/2008 7:04:05 AM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 1/9/2008 1:43:26 AM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/9/2008 7:09:47 AM | Attr = RH ]
wins -> %System32%\wins ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/28/2008 11:43:20 AM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/26/2008 1:53:51 PM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 1/24/2008 8:19:03 AM | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 1/24/2008 8:18:41 AM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 1/9/2008 1:43:16 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/28/2008 11:42:03 AM | Attr =   S]
carrier -> %SystemRoot%\carrier ->  [Folder | Modified Date = 1/24/2008 1:32:42 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 1/9/2008 7:11:08 AM | Attr =	]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/9/2008 7:06:21 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/24/2008 8:15:49 AM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/9/2008 7:09:47 AM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 1/10/2008 9:22:35 PM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 1/9/2008 1:43:09 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/24/2008 7:56:13 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/24/2008 8:33:13 AM | Attr =	]
hpwins05.dat -> %SystemRoot%\hpwins05.dat ->  [Ver =  | Size = 148261 bytes | Modified Date = 1/24/2008 1:35:54 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 1/24/2008 8:21:45 AM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 1/26/2008 7:33:18 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/24/2008 8:30:57 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/27/2008 3:02:52 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/28/2008 10:04:59 AM | Attr =  HS]
iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 1/27/2008 12:53:27 AM | Attr =	]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
MalwarePro -> %SystemRoot%\MalwarePro ->  [Folder | Modified Date = 1/26/2008 7:37:28 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/24/2008 8:22:02 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1811 bytes | Modified Date = 1/24/2008 4:50:21 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 1/24/2008 8:33:10 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 1/9/2008 1:43:09 AM | Attr =	]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 1/24/2008 8:15:02 AM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/10/2008 9:28:24 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 1/24/2008 7:58:27 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 1/9/2008 7:10:51 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 1/9/2008 7:09:47 AM | Attr = R  ]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 1/24/2008 7:52:52 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 1/9/2008 1:42:55 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/28/2008 11:43:40 AM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/17/2008 7:25:43 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 1/9/2008 7:15:23 AM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 1/9/2008 7:11:31 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 1/9/2008 1:35:28 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/9/2008 8:57:52 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 1/24/2008 7:55:49 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/10/2008 9:30:57 PM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 1/9/2008 7:09:17 AM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 1/24/2008 4:50:30 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 1/24/2008 7:50:45 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 231 bytes | Modified Date = 1/9/2008 1:46:06 AM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 1/27/2008 3:02:57 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/24/2008 4:40:22 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 1/28/2008 11:42:47 AM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/24/2008 1:35:37 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 1/9/2008 7:06:55 AM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 1/9/2008 7:06:55 AM | Attr =	]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 1/24/2008 8:22:16 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 1/9/2008 7:09:51 AM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 573 bytes | Modified Date = 1/24/2008 7:57:07 AM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/9/2008 7:09:40 AM | Attr = RH ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 292 bytes | Modified Date = 1/25/2008 9:50:36 AM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/26/2008 7:32:11 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/9/2008 7:11:04 AM | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 1/24/2008 4:40:23 PM | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 444 bytes | Modified Date = 1/28/2008 11:42:15 AM | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 378 bytes | Modified Date = 1/11/2008 12:37:34 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/28/2008 11:42:08 AM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 454 bytes | Modified Date = 1/28/2008 11:42:15 AM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 368 bytes | Modified Date = 1/26/2008 7:37:33 AM | Attr =	]

< End of report >

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2008 at 11:23 AM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 01:02:37

Memory items scanned : 484
Memory threats detected : 0
Registry items scanned : 4616
Registry threats detected : 0
File items scanned : 33158
File threats detected : 1

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

WinPFind35 log:
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1827766B-9F49-4854-8034-F6EE26FCB1EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{98828DED-A591-462F-83BA-D2F62A68B8B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98828DED-A591-462F-83BA-D2F62A68B8B8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\ deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\HPZnui01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Paul\Local Settings\Temp\7zS6C.tmp\setup\hponicifs01.exe deleted successfully.
[Files/Folders - Created Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\core.cache.dsk scheduled to be moved on reboot.
[Files/Folders - Modified Within 30 days]
File move failed. C:\WINDOWS\System32\drivers\core.cache.dsk scheduled to be moved on reboot.
[Extra Files]
< %SystemRoot%\system32\drivers\core.sys >
Folder C:\WINDOWS\system32\drivers\core.sys not found.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Lyanthya\Local Settings\Temp\~DF961B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\HPSLPS010.log scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
< End of fix log >
WinPFind35U Version Beta38 fix logfile created on 01282008_100946

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 28 January 2008 - 12:54 PM

Hi Lyanthya. Yup, it's still there. Let's try something else.

Step #1

Sownload The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Step #2

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\system32\drivers\core.cache.dsk

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Step #3

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
Step #4

The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #5

Copy/paste the content of c:\avenger.txt into your next reply and I will review it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 January 2008 - 01:15 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iyrngbkc

*******************

Script file located at: \??\C:\Documents and Settings\yihjurlu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\system32\drivers\core.cache.dsk deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 28 January 2008 - 01:19 PM

Hi Lyanthya. That looks good. Reboot the machine and see if the popups come back.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 January 2008 - 01:25 PM

Yes, the popups are still here.

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 28 January 2008 - 01:49 PM

Hi Lyanthya. Either there is something that isn't showing up or they are coming from an application that you are running. Let's see if there is anything that is not showing up.

Follow these instructions to run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#13 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 January 2008 - 03:55 PM

Scanning Report
Monday, January 28, 2008 14:16:48 - 15:53:45

Computer name: LYSLAPTOP
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 3 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System

Statistics
Scanned:

* Files: 25681
* System: 4261
* Not scanned: 3

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGRR.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2008-01-28
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0597-150-72
* F-Secure Libra: 2.4.2, 2008-01-28
* F-Secure Orion: 1.2.37, 2008-01-28
* F-Secure Pegasus: 1.19.0, 2008-00-28

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
* Use Advanced heuristics

#14 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:25 AM

Posted 28 January 2008 - 04:38 PM

Hi Lyanthya. How are things now?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#15 Lyanthya

Lyanthya
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 28 January 2008 - 04:41 PM

I'm still getting the popups.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users