Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Analyse Hijack This Log.some Trojan


  • This topic is locked This topic is locked
5 replies to this topic

#1 Krishna Madhav

Krishna Madhav

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 24 January 2008 - 12:08 PM

Hi All,

My system got infected with some kind of virus/trojans.
I have completely formatted the system and once again installed windows xp with sp2.But still some how the trojans exist in my drives.
I have done all the steps that were asked to before posting the hijack this log.

These are the problems.
1.System is running slowly.
2.Not able to view hidden files.
3.Not able to open folders in its own windows.Each time they are opening in a new window(which is very annoying).

Here is my log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:06 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
C:\WINNT\system32\n1201194003k.exe
C:\WINNT\system32\E427F7C7.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinForm] C:\WINNT\WinForm.exE
O4 - HKLM\..\Run: [SSLDyn] C:\WINNT\SSLDyn.exE
O4 - HKLM\..\Run: [Kvsc3] C:\WINNT\Kvsc3.exE
O4 - HKLM\..\Run: [mppds] C:\WINNT\mppds.exe
O4 - HKLM\..\Run: [SHAProc] C:\WINNT\SHAProc.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINNT\NAVMon32.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINNT\batxey.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINNT\AVPSrv.exE
O4 - HKLM\..\Run: [WinSysM] C:\WINNT\338448M.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINNT\LotusHlp.exe
O4 - HKLM\..\Run: [msccrt] C:\WINNT\msccrt.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINNT\MsIMMs32.exE
O4 - HKLM\..\Run: [PTSShell] C:\WINNT\PTSShell.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINNT\338448L.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06C1608-3846-4363-B7D7-A377C2607627}: NameServer = 218.248.240.43 218.248.240.141
O23 - Service: 2C4AF937 - Unknown owner - C:\WINNT\system32\E427F7C7.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

--
End of file - 3794 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:12 AM

Posted 30 January 2008 - 04:33 PM

Hello Krishna Madhav and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Krishna Madhav

Krishna Madhav
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 31 January 2008 - 11:48 AM

Hi OT,

Here is the requested information.Please let me know if you need any other information.

WinPFind35 logfile created on: 1/31/2008 10:10:50 PM
WinPFind35U Version Beta42	 Folder = C:\Documents and Settings\Madhav1\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
 
958.48 Mb Total Physical Memory | 678.80 Mb Available Physical Memory | 70.82% Memory free
2.26 Gb Paging File | 2.01 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 10.00 Gb Total Space | 6.35 Gb Free Space | 63.54% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.20 Gb Free Space | 92.03% Space Free | Partition Type: NTFS
Drive E: | 9.99 Gb Total Space | 3.29 Gb Free Space | 32.94% Space Free | Partition Type: FAT32
Drive F: | 9.99 Gb Total Space | 6.07 Gb Free Space | 60.82% Space Free | Partition Type: FAT32

Computer Name: MADHAV
Current User Name: Madhav1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
winsersec.exe -> %System32%\winsersec.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 4/14/2005 4:07:32 AM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/31/2005 11:06:10 AM | Attr =	]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/31/2005 11:06:10 AM | Attr =	]
sdaemon.exe -> %SystemRoot%\sdaemon.exe -> Tropical Software [Ver = 6.4 | Size = 111104 bytes | Modified Date = 4/19/2005 3:27:14 AM | Attr =	]
winwd.exe -> %SystemRoot%\winwd.exe ->  [Ver =  | Size = 26624 bytes | Modified Date = 4/19/2005 3:26:41 AM | Attr =	]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3427 | Size = 180269 bytes | Modified Date = 1/28/2008 10:27:16 PM | Attr =	]
bdagent.exe -> D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 130 | Size = 319488 bytes | Modified Date = 11/16/2007 4:37:38 PM | Attr =	]
xcommsvr.exe -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 11/27/2007 4:46:32 PM | Attr =	]
livesrv.exe -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 65 | Size = 1126400 bytes | Modified Date = 1/30/2008 7:38:58 PM | Attr =	]
vsserv.exe -> D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 387 | Size = 1048576 bytes | Modified Date = 1/30/2008 7:38:57 PM | Attr =	]
googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/2/2007 2:52:02 AM | Attr =	]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 3:23:16 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(18A7898C) 18A7898C [Win32_Own | Disabled | Stopped] -> %System32%\C57AA494.EXE -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 376832 bytes | Modified Date = 8/31/2005 11:06:10 AM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 8/30/2005 9:05:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 10:26:50 PM | Attr =	]
(LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 65 | Size = 1126400 bytes | Modified Date = 1/30/2008 7:38:58 PM | Attr =	]
(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 387 | Size = 1048576 bytes | Modified Date = 1/30/2008 7:38:57 PM | Attr =	]
(winser) winser [Win32_Own | Auto | Running] -> %System32%\winsersec.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 4/14/2005 4:07:32 AM | Attr =	]
(XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 11/27/2007 4:46:32 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic116x) aic116x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(ami0nt) ami0nt [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6571 | Size = 1333760 bytes | Modified Date = 8/31/2005 11:12:36 AM | Attr =	]
(Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> %System32%\drivers\bdfndisf.sys -> BitDefender SRL [Ver = 3.0.0.10 | Size = 87952 bytes | Modified Date = 11/12/2007 4:27:46 PM | Attr =	]
(bdfsfltr) bdfsfltr [File_System | On_Demand | Running] -> %System32%\drivers\bdfsfltr.sys -> BitDefender S.R.L. Bucharest, ROMANIA [Ver = 0.3.89.3444, RELEASE,  built by: WinDDK | Size = 188432 bytes | Modified Date = 8/2/2007 4:03:44 PM | Attr =	]
(bdftdif) bdftdif [Kernel | System | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Firewall\bdftdif.sys -> BitDefender SRL [Ver = 3.0.0.9 | Size = 156688 bytes | Modified Date = 11/12/2007 4:28:08 PM | Attr =	]
(BDSelfPr) BDSelfPr [Kernel | On_Demand | Running] -> D:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys -> BitDefender S.R.L. [Ver = 11.00 built by: WinDDK | Size = 8320 bytes | Modified Date = 1/30/2008 7:38:52 PM | Attr =	]
(BusLogic) BusLogic [Kernel | Disabled | Stopped] ->  -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(cpqarry2) cpqarry2 [Kernel | Disabled | Stopped] ->  -> File not found
(cpqfcalm) cpqfcalm [Kernel | Disabled | Stopped] ->  -> File not found
(cpqfws2e) cpqfws2e [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(deckzpsx) deckzpsx [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 8:37:18 PM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 8:37:18 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/23/2001 5:30:00 PM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(EFS) EFS [File_System | Disabled | Stopped] ->  -> File not found
(Fd16_700) Fd16_700 [Kernel | Disabled | Stopped] ->  -> File not found
(fireport) fireport [Kernel | Disabled | Stopped] ->  -> File not found
(flashpnt) flashpnt [Kernel | Disabled | Stopped] ->  -> File not found
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5178 built by: WinDDK | Size = 4034048 bytes | Modified Date = 10/19/2005 2:45:42 AM | Attr = R  ]
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(ipsraidn) ipsraidn [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(lp6nds35) lp6nds35 [Kernel | Disabled | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Ncrc710) Ncrc710 [Kernel | Disabled | Stopped] ->  -> File not found
(Parallel) Parallel class driver [Kernel | Disabled | Stopped] -> System32\DRIVERS\parallel.sys -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Profos) Profos [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\BitDefender\BitDefender Threat Scanner\profos.sys ->  [Ver =  | Size = 12800 bytes | Modified Date = 7/12/2007 12:32:44 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/23/2001 5:30:00 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(ql2100) ql2100 [Kernel | Disabled | Stopped] ->  -> File not found
(RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) [Kernel | On_Demand | Running] -> %System32%\drivers\RMSPPPOE.SYS -> Robert Schlabbach [Ver = 0.98.0720.0 | Size = 31504 bytes | Modified Date = 10/3/2002 12:09:08 AM | Attr =	]
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.630.0824.2005 built by: WinDDK | Size = 74752 bytes | Modified Date = 8/25/2005 2:26:28 AM | Attr =	]
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 10:31:34 PM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 7/17/2004 9:06:38 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(tga) tga [Kernel | System | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(Trufos) Trufos [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\BitDefender\BitDefender Threat Scanner\trufos.sys ->  [Ver =  | Size = 36736 bytes | Modified Date = 7/10/2007 7:00:42 AM | Attr =	]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ultra66) ultra66 [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(WINSEC) WINSEC [File_System | Boot | Running] -> %System32%\drivers\winsec.sys -> Tropical Software [Ver = 1.20 | Size = 20352 bytes | Modified Date = 4/19/2005 3:27:28 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BDAgent -> D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 130 | Size = 319488 bytes | Modified Date = 11/16/2007 4:37:38 PM | Attr =	]
BitDefender Antiphishing Helper -> D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe -> BitDefender [Ver = 11, 0, 0, 5 | Size = 61440 bytes | Modified Date = 10/9/2007 3:46:58 PM | Attr =	]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/2/2007 2:52:02 AM | Attr =	]
SDaemon -> %SystemRoot%\sdaemon.exe -> Tropical Software [Ver = 6.4 | Size = 111104 bytes | Modified Date = 4/19/2005 3:27:14 AM | Attr =	]
SWd -> %SystemRoot%\winwd.exe ->  [Ver =  | Size = 26624 bytes | Modified Date = 4/19/2005 3:26:41 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Madhav1 Startup Folder > -> C:\Documents and Settings\Madhav1\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4119 | Size = 46080 bytes | Modified Date = 8/31/2005 11:07:14 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LegalNoticeText ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LegalNoticeCaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (734 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINNT\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKEY_LOCAL_MACHINE] -> D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [BitDefender Toolbar] -> Bitdefender [Ver = 11.0.0.25 | Size = 86016 bytes | Modified Date = 11/2/2007 11:08:48 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{3934D1F8-2BC9-4C7D-AA97-0EC434A98136} ->	(Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %System32%\msdxm.ocx[AsyncPProt Class] ->  [Ver =  | Size = 844314 bytes | Modified Date = 8/3/2004 8:21:04 PM | Attr =	]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 10:26:44 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 294400 bytes | Modified Date = 8/3/2004 10:26:44 PM | Attr =	]
msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/3/2004 10:26:44 PM | Attr =	]
schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/3/2004 10:26:46 PM | Attr =	]
wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/3/2004 10:26:48 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 772 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/3/2004 10:26:46 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ForceGuest -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINNT\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/3/2004 10:26:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINNT\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINNT\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 10:26:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11701 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINNT\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/3/2004 10:26:44 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/2/2007 2:52:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINNT\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 10:26:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINNT\system32\wuauserv.dll [C:\WINNT\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/3/2004 10:26:48 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINNT\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/3/2004 10:26:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/3/2004 10:26:46 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINNT\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/3/2004 10:26:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 395776 bytes | Modified Date = 8/3/2004 10:26:46 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINNT\system32\tlntsvr.exe [C:\WINNT\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/3/2004 10:26:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 8:18:50 PM | Attr =  H ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 206 bytes | Created Date = 1/26/2008 1:33:56 AM | Attr =  HS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 1/25/2008 10:39:03 PM | Attr =	]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 8:18:50 PM | Attr =  H ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Created Date = 1/26/2008 1:35:20 AM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 8:18:50 PM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 8:18:50 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Created Date = 1/26/2008 1:36:20 AM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 1/25/2008 10:39:09 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 1/25/2008 10:41:25 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 1/25/2008 8:22:29 PM | Attr =  HS]
TempEI4 -> %SystemDrive%\TempEI4 ->  [Folder | Created Date = 1/25/2008 8:59:01 PM | Attr =	]
WINNT -> %SystemRoot% ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
big5.nls -> %System32%\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 1/25/2008 8:50:03 PM | Attr =	]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 1/25/2008 8:50:04 PM | Attr =	]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/25/2008 8:50:12 PM | Attr =	]
chtskf.dll -> %System32%\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 1/25/2008 8:50:18 PM | Attr =	]
c_10001.nls -> %System32%\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10002.nls -> %System32%\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10003.nls -> %System32%\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10004.nls -> %System32%\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10005.nls -> %System32%\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10006.nls -> %System32%\dllcache\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_10007.nls -> %System32%\dllcache\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:48 PM | Attr =	]
c_10008.nls -> %System32%\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10010.nls -> %System32%\dllcache\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_10017.nls -> %System32%\dllcache\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:48 PM | Attr =	]
c_10021.nls -> %System32%\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:05 PM | Attr =	]
c_10029.nls -> %System32%\dllcache\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_10081.nls -> %System32%\dllcache\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_10082.nls -> %System32%\dllcache\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_1047.nls -> %System32%\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1140.nls -> %System32%\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1141.nls -> %System32%\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1142.nls -> %System32%\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1143.nls -> %System32%\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1144.nls -> %System32%\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1145.nls -> %System32%\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1146.nls -> %System32%\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1147.nls -> %System32%\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1148.nls -> %System32%\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1149.nls -> %System32%\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:06 PM | Attr =	]
c_1361.nls -> %System32%\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 1/25/2008 8:50:07 PM | Attr =	]
c_20000.nls -> %System32%\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/25/2008 8:50:07 PM | Attr =	]
c_20001.nls -> %System32%\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 1/25/2008 8:50:07 PM | Attr =	]
c_20002.nls -> %System32%\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/25/2008 8:50:07 PM | Attr =	]
c_20003.nls -> %System32%\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 1/25/2008 8:50:07 PM | Attr =	]
c_20004.nls -> %System32%\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20005.nls -> %System32%\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20105.nls -> %System32%\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20106.nls -> %System32%\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20107.nls -> %System32%\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20108.nls -> %System32%\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20127.nls -> %System32%\dllcache\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/26/2008 1:36:18 AM | Attr =	]
c_20269.nls -> %System32%\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20273.nls -> %System32%\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20277.nls -> %System32%\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20278.nls -> %System32%\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20280.nls -> %System32%\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:08 PM | Attr =	]
c_20284.nls -> %System32%\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20285.nls -> %System32%\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20290.nls -> %System32%\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20297.nls -> %System32%\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20420.nls -> %System32%\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20423.nls -> %System32%\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20424.nls -> %System32%\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20833.nls -> %System32%\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20838.nls -> %System32%\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20871.nls -> %System32%\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20880.nls -> %System32%\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20924.nls -> %System32%\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:09 PM | Attr =	]
c_20932.nls -> %System32%\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 1/25/2008 8:50:10 PM | Attr =	]
c_20936.nls -> %System32%\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 1/25/2008 8:50:10 PM | Attr =	]
c_20949.nls -> %System32%\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 1/25/2008 8:50:10 PM | Attr =	]
c_21025.nls -> %System32%\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:10 PM | Attr =	]
c_21027.nls -> %System32%\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:10 PM | Attr =	]
c_28594.nls -> %System32%\dllcache\c_28594.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_28595.nls -> %System32%\dllcache\c_28595.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:48 PM | Attr =	]
c_28596.nls -> %System32%\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:10 PM | Attr =	]
c_28597.nls -> %System32%\dllcache\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_28599.nls -> %System32%\dllcache\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_28603.nls -> %System32%\dllcache\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_708.nls -> %System32%\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:11 PM | Attr =	]
c_720.nls -> %System32%\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:50:11 PM | Attr =	]
c_737.nls -> %System32%\dllcache\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_852.nls -> %System32%\dllcache\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_855.nls -> %System32%\dllcache\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_857.nls -> %System32%\dllcache\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_858.nls -> %System32%\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:50:11 PM | Attr =	]
c_862.nls -> %System32%\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:50:11 PM | Attr =	]
c_864.nls -> %System32%\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:50:11 PM | Attr =	]
c_866.nls -> %System32%\dllcache\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_869.nls -> %System32%\dllcache\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_870.nls -> %System32%\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:50:11 PM | Attr =	]
c_875.nls -> %System32%\dllcache\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/26/2008 1:36:18 AM | Attr =	]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/26/2008 1:36:17 AM | Attr =	]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/25/2008 8:50:27 PM | Attr =	]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/25/2008 8:50:28 PM | Attr =	]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/25/2008 8:50:28 PM | Attr =	]
FP4.CAT -> %System32%\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
fpencode.dll -> %System32%\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 1/25/2008 8:50:30 PM | Attr =	]
hanja.lex -> %System32%\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 1/25/2008 8:50:32 PM | Attr =	]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/26/2008 1:47:01 AM | Attr =	]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 1/25/2008 8:50:41 PM | Attr =	]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
imekr.lex -> %System32%\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 1/25/2008 8:50:59 PM | Attr =	]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 1/25/2008 8:51:02 PM | Attr =	]
IMS.CAT -> %System32%\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
imscinst.exe -> %System32%\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 1/25/2008 8:51:03 PM | Attr =	]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/25/2008 8:46:41 PM | Attr =	]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 1/25/2008 8:51:12 PM | Attr =	]
ksc.nls -> %System32%\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 1/25/2008 8:51:13 PM | Attr =	]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 1/25/2008 8:39:51 PM | Attr =	]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
mediactr.cat -> %System32%\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 1/25/2008 8:39:26 PM | Attr =	]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe ->  [Ver =  | Size = 4639 bytes | Created Date = 1/25/2008 8:18:15 PM | Attr =	]
msinfo.dll -> %System32%\dllcache\msinfo.dll ->  [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/25/2008 8:46:44 PM | Attr =	]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
msn7.cat -> %System32%\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 1/25/2008 8:39:26 PM | Attr =	]
msn9.cat -> %System32%\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 1/25/2008 8:39:26 PM | Attr =	]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
MW770.CAT -> %System32%\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
netfx.cat -> %System32%\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 1/25/2008 8:39:26 PM | Attr =	]
nls302en.lex -> %System32%\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 1/25/2008 8:47:50 PM | Attr =	]
NT5.CAT -> %System32%\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 1/25/2008 8:39:24 PM | Attr =	]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT ->  [Ver =  | Size = 502724 bytes | Created Date = 1/25/2008 8:39:24 PM | Attr =	]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 1/25/2008 8:39:26 PM | Attr =	]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/26/2008 1:47:10 AM | Attr =	]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 1/25/2008 8:51:35 PM | Attr =	]
prc.nls -> %System32%\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/25/2008 8:51:37 PM | Attr =	]
prcp.nls -> %System32%\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 1/25/2008 8:51:37 PM | Attr =	]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 1/25/2008 8:39:52 PM | Attr =	]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/25/2008 8:51:43 PM | Attr =	]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/25/2008 8:51:43 PM | Attr =	]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/25/2008 8:51:43 PM | Attr =	]
sam.sdf -> %System32%\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 1/25/2008 8:39:52 PM | Attr =	]
sam.spd -> %System32%\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 1/25/2008 8:39:52 PM | Attr =	]
SP2.CAT -> %System32%\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/25/2008 8:39:43 PM | Attr =	]
srframe.mmf -> %System32%\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 1/25/2008 8:47:12 PM | Attr =	]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 1/25/2008 8:39:26 PM | Attr =	]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat ->  [Ver =  | Size = 7334 bytes | Created Date = 1/25/2008 8:39:25 PM | Attr =	]
xjis.nls -> %System32%\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 1/25/2008 8:52:19 PM | Attr =	]
ativcaxx.cpa -> %System32%\drivers\ativcaxx.cpa ->  [Ver =  | Size = 524850 bytes | Created Date = 1/25/2008 9:04:37 PM | Attr = R  ]
ativcaxx.vp -> %System32%\drivers\ativcaxx.vp ->  [Ver =  | Size = 929 bytes | Created Date = 1/25/2008 9:04:37 PM | Attr = R  ]
ativckxx.vp -> %System32%\drivers\ativckxx.vp ->  [Ver =  | Size = 58560 bytes | Created Date = 1/25/2008 9:04:37 PM | Attr = R  ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp ->  [Ver =  | Size = 23936 bytes | Created Date = 1/25/2008 9:04:36 PM | Attr = R  ]
disdn -> %System32%\drivers\disdn ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
RtkHDAud.Sys -> %System32%\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5178 built by: WinDDK | Size = 4034048 bytes | Created Date = 1/25/2008 9:07:25 PM | Attr = R  ]
RTL8139.sys -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 1/25/2008 8:42:55 PM | Attr =	]
Rtnicxp.sys -> %System32%\drivers\Rtnicxp.sys -> Realtek Semiconductor Corporation							[Ver = 5.630.0824.2005 built by: WinDDK | Size = 74752 bytes | Created Date = 1/25/2008 9:12:31 PM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 12897 bytes | Created Date = 1/26/2008 1:33:53 AM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
ALSndMgr.Cpl -> %System32%\ALSndMgr.Cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 10 | Size = 299008 bytes | Created Date = 1/25/2008 9:07:17 PM | Attr = R  ]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 1/25/2008 8:18:48 PM | Attr =	]
ati2sgag.exe -> %System32%\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 516096 bytes | Created Date = 1/25/2008 9:04:43 PM | Attr =	]
atifglpf.xml -> %System32%\atifglpf.xml ->  [Ver =  | Size = 5496 bytes | Created Date = 1/25/2008 9:04:39 PM | Attr = R  ]
atiicdxx.dat -> %System32%\atiicdxx.dat ->  [Ver =  | Size = 104373 bytes | Created Date = 1/25/2008 9:04:38 PM | Attr = R  ]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 1/25/2008 9:04:40 PM | Attr = R  ]
AUTOEXEC.NT -> %System32%\AUTOEXEC.NT ->  [Ver =  | Size = 438 bytes | Created Date = 1/26/2008 1:36:15 AM | Attr =	]
bopomofo.uce -> %System32%\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 1/26/2008 1:46:55 AM | Attr =	]
BuzzingBee.wav -> %System32%\BuzzingBee.wav ->  [Ver =  | Size = 146650 bytes | Created Date = 1/25/2008 9:11:08 PM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Created Date = 1/26/2008 1:35:29 AM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Created Date = 1/25/2008 8:39:04 PM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 8:48:08 PM | Attr = RH ]
ChCfg.exe -> %System32%\ChCfg.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 1/25/2008 9:08:24 PM | Attr = R  ]
Com -> %System32%\Com ->  [Folder | Created Date = 1/26/2008 1:46:49 AM | Attr =	]
config -> %System32%\config ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Created Date = 1/25/2008 8:18:50 PM | Attr =	]
c_10006.nls -> %System32%\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_10007.nls -> %System32%\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:48 PM | Attr =	]
c_10010.nls -> %System32%\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_10017.nls -> %System32%\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:48 PM | Attr =	]
c_10029.nls -> %System32%\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_10081.nls -> %System32%\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_10082.nls -> %System32%\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_20127.nls -> %System32%\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/26/2008 1:36:18 AM | Attr =	]
C_28594.NLS -> %System32%\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
C_28595.NLS -> %System32%\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:48 PM | Attr =	]
c_28597.nls -> %System32%\c_28597.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_28599.nls -> %System32%\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_28603.nls -> %System32%\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_737.nls -> %System32%\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_852.nls -> %System32%\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:46 PM | Attr =	]
c_855.nls -> %System32%\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_857.nls -> %System32%\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:49 PM | Attr =	]
c_866.nls -> %System32%\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_869.nls -> %System32%\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
c_875.nls -> %System32%\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 1/25/2008 8:39:47 PM | Attr =	]
desktop.ini -> %System32%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/25/2008 8:18:23 PM | Attr =	]
dgrpsetu.dll -> %System32%\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/26/2008 1:36:18 AM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Created Date = 1/25/2008 8:47:43 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 22192 bytes | Created Date = 1/25/2008 8:17:42 PM | Attr =	]
EqnClass.Dll -> %System32%\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/26/2008 1:36:17 AM | Attr =	]
export -> %System32%\export ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 239944 bytes | Created Date = 1/26/2008 1:35:19 AM | Attr =	]
folder.htt -> %System32%\folder.htt ->  [Ver =  | Size = 21692 bytes | Created Date = 1/25/2008 8:18:23 PM | Attr =  H ]
fxscount.h -> %System32%\fxscount.h ->  [Ver =  | Size = 1361 bytes | Created Date = 1/25/2008 8:45:10 PM | Attr =	]
fxsperf.ini -> %System32%\fxsperf.ini ->  [Ver =  | Size = 1793 bytes | Created Date = 1/25/2008 8:45:10 PM | Attr =	]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Created Date = 1/25/2008 8:45:31 PM | Attr =	]
gb2312.uce -> %System32%\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 1/26/2008 1:46:55 AM | Attr =	]
GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Created Date = 1/25/2008 8:22:39 PM | Attr =  H ]
hticons.dll -> %System32%\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 1/26/2008 1:47:01 AM | Attr =	]
hypertrm.dll -> %System32%\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2180 | Size = 345088 bytes | Created Date = 1/26/2008 1:47:01 AM | Attr =	]
ias -> %System32%\ias ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
ideograf.uce -> %System32%\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 1/26/2008 1:46:55 AM | Attr =	]
ImagX7.dll -> %System32%\ImagX7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 1568768 bytes | Created Date = 1/25/2008 9:21:38 PM | Attr =	]
ImagXpr7.dll -> %System32%\ImagXpr7.dll -> Pegasus Imaging Corp. [Ver = 7.0.46.0 | Size = 476320 bytes | Created Date = 1/25/2008 9:21:38 PM | Attr =	]
ImagXR7.dll -> %System32%\ImagXR7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 262144 bytes | Created Date = 1/25/2008 9:21:39 PM | Attr =	]
ImagXRA7.dll -> %System32%\ImagXRA7.dll -> Pegasus Imaging Corp. [Ver = 7.0.476.0 | Size = 471040 bytes | Created Date = 1/25/2008 9:21:39 PM | Attr =	]
IME -> %System32%\IME ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
imgadmin.ocx -> %System32%\imgadmin.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 102672 bytes | Created Date = 1/26/2008 1:46:54 AM | Attr =	]
imgcmn.dll -> %System32%\imgcmn.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 60688 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
imgedit.ocx -> %System32%\imgedit.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 306448 bytes | Created Date = 1/26/2008 1:46:54 AM | Attr =	]
imgscan.ocx -> %System32%\imgscan.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 117520 bytes | Created Date = 1/26/2008 1:46:54 AM | Attr =	]
imgshl.dll -> %System32%\imgshl.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 13584 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
imgthumb.ocx -> %System32%\imgthumb.ocx -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 107792 bytes | Created Date = 1/26/2008 1:46:54 AM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Created Date = 1/25/2008 8:19:13 PM | Attr =	]
isrdbg32.dll -> %System32%\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/25/2008 8:46:41 PM | Attr =	]
jpeg1x32.dll -> %System32%\jpeg1x32.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 27920 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
jpeg2x32.dll -> %System32%\jpeg2x32.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 38160 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
kanji_1.uce -> %System32%\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 1/26/2008 1:46:55 AM | Attr =	]
kanji_2.uce -> %System32%\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 1/26/2008 1:46:55 AM | Attr =	]
korean.uce -> %System32%\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 1/26/2008 1:46:55 AM | Attr =	]
Lang -> %System32%\Lang ->  [Folder | Created Date = 1/25/2008 9:11:07 PM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/25/2008 8:48:15 PM | Attr = RH ]
LoopyMusic.wav -> %System32%\LoopyMusic.wav ->  [Ver =  | Size = 940794 bytes | Created Date = 1/25/2008 9:11:08 PM | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Created Date = 1/25/2008 8:47:02 PM | Attr =	]
mapisvc.inf -> %System32%\mapisvc.inf ->  [Ver =  | Size = 535 bytes | Created Date = 1/25/2008 8:17:49 PM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Created Date = 1/25/2008 8:54:04 PM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Created Date = 1/25/2008 8:44:59 PM | Attr =	]
msdtcprf.h -> %System32%\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 1/26/2008 1:46:52 AM | Attr =	]
msdtcprf.ini -> %System32%\msdtcprf.ini ->  [Ver =  | Size = 1931 bytes | Created Date = 1/26/2008 1:46:52 AM | Attr =	]
mui -> %System32%\mui ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
n2k.bmp -> %System32%\n2k.bmp ->  [Ver =  | Size = 2048 bytes | Created Date = 1/26/2008 1:47:05 AM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 8:48:08 PM | Attr = RH ]
NeroCheck.exe -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Created Date = 1/25/2008 9:21:35 PM | Attr =	]
npp -> %System32%\npp ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 1/25/2008 8:18:48 PM | Attr =	]
NtmsData -> %System32%\NtmsData ->  [Folder | Created Date = 1/25/2008 8:23:07 PM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 8:48:08 PM | Attr = RH ]
oieng400.dll -> %System32%\oieng400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 444176 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
oiprt400.dll -> %System32%\oiprt400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 13072 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
oislb400.dll -> %System32%\oislb400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 21776 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
oissq400.dll -> %System32%\oissq400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 13072 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
oitwa400.dll -> %System32%\oitwa400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 25872 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
oiui400.dll -> %System32%\oiui400.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2134.1 | Size = 61200 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
oobe -> %System32%\oobe ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
os2 -> %System32%\os2 ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 363760 bytes | Created Date = 1/26/2008 1:36:25 AM | Attr =	]
picn20.dll -> %System32%\picn20.dll -> Pegasus Imaging Corp. [Ver = 1.0.0.54 | Size = 38912 bytes | Created Date = 1/25/2008 9:21:37 PM | Attr =	]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 1/28/2008 10:27:17 PM | Attr =	]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 1/28/2008 10:27:17 PM | Attr =	]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 1/28/2008 10:27:17 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Created Date = 1/25/2008 10:44:25 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Created Date = 1/25/2008 8:59:42 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Created Date = 1/25/2008 8:46:42 PM | Attr =	]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2237 | Size = 176167 bytes | Created Date = 1/28/2008 10:27:21 PM | Attr =	]
rocket -> %System32%\rocket ->  [Folder | Created Date = 1/25/2008 8:19:13 PM | Attr =	]
rpcproxy -> %System32%\rpcproxy ->  [Folder | Created Date = 1/25/2008 8:19:13 PM | Attr =	]
RTCOM -> %System32%\RTCOM ->  [Folder | Created Date = 1/25/2008 9:08:12 PM | Attr =	]
RtlCPAPI.dll -> %System32%\RtlCPAPI.dll ->  [Ver = 1, 0, 0, 6 | Size = 157184 bytes | Created Date = 1/25/2008 9:08:24 PM | Attr = R  ]
RTSndMgr.Cpl -> %System32%\RTSndMgr.Cpl -> Realtek Semiconductor Corp. [Ver = 1.0.0.6 | Size = 266240 bytes | Created Date = 1/25/2008 9:07:29 PM | Attr = R  ]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 8:48:08 PM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
shiftjis.uce -> %System32%\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Created Date = 1/25/2008 10:22:21 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
spxcoins.dll -> %System32%\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/25/2008 8:39:43 PM | Attr =	]
subrange.uce -> %System32%\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 1/25/2008 10:39:08 PM | Attr =	]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 1/25/2008 10:39:08 PM | Attr =	]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 1/25/2008 10:39:08 PM | Attr =	]
tifflt.dll -> %System32%\tifflt.dll -> Eastman Software, Inc., A Kodak Business [Ver = 5.00.2920.0000 | Size = 33552 bytes | Created Date = 1/26/2008 1:46:54 AM | Attr =	]
tslabels.h -> %System32%\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 1/25/2008 8:45:13 PM | Attr =	]
tslabels.ini -> %System32%\tslabels.ini ->  [Ver =  | Size = 13223 bytes | Created Date = 1/25/2008 8:45:13 PM | Attr =	]
tunes.bmp -> %System32%\tunes.bmp ->  [Ver =  | Size = 1584 bytes | Created Date = 1/26/2008 1:47:05 AM | Attr =	]
TwnLib20.dll -> %System32%\TwnLib20.dll -> Pegasus Software [Ver = 2.02.010 | Size = 106496 bytes | Created Date = 1/25/2008 9:21:42 PM | Attr =	]
TwnLib4.dll -> %System32%\TwnLib4.dll -> Pegasus Imaging Corp. [Ver = 4.0.14.0 | Size = 364544 bytes | Created Date = 1/25/2008 9:21:39 PM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
usrlogon.cmd -> %System32%\usrlogon.cmd ->  [Ver =  | Size = 1161 bytes | Created Date = 1/25/2008 8:45:13 PM | Attr =	]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 1/25/2008 10:39:08 PM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 1/25/2008 8:48:15 PM | Attr = RH ]
wins -> %System32%\wins ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 8:48:08 PM | Attr = RH ]
xiffr3_0.dll -> %System32%\xiffr3_0.dll -> Scansoft [Ver = 3. 0. 0. 18 | Size = 641808 bytes | Created Date = 1/26/2008 1:46:53 AM | Attr =	]
xircom -> %System32%\xircom ->  [Folder | Created Date = 1/25/2008 8:49:39 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 1/25/2008 10:44:24 PM | Attr =  H ]
5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 1/25/2008 10:44:39 PM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
Alcmtr.exe -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Created Date = 1/25/2008 9:07:16 PM | Attr = R  ]
alcwzrd.exe -> %SystemRoot%\alcwzrd.exe -> RealTek Semicoductor Corp. [Ver = 1.1.0.28 | Size = 2807808 bytes | Created Date = 1/25/2008 9:07:16 PM | Attr = R  ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
bdagent.INI -> %SystemRoot%\bdagent.INI ->  [Ver =  | Size = 121 bytes | Created Date = 1/30/2008 7:44:41 PM | Attr =	]
Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 1/25/2008 8:52:36 PM | Attr =   S]
Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 8:18:50 PM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 1/25/2008 8:22:38 PM | Attr =  HS]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 1/25/2008 8:18:23 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 1/25/2008 8:18:22 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
dwpces23.dru -> %SystemRoot%\dwpces23.dru ->  [Ver =  | Size = 60 bytes | Created Date = 1/27/2008 4:29:56 PM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 1/25/2008 10:39:37 PM | Attr =	]
FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
folder.htt -> %SystemRoot%\folder.htt ->  [Ver =  | Size = 21692 bytes | Created Date = 1/25/2008 8:18:23 PM | Attr =  H ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr = R S]
gercescp.dvr -> %SystemRoot%\gercescp.dvr ->  [Ver =  | Size = 244 bytes | Created Date = 1/27/2008 4:29:55 PM | Attr =	]
Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
Greenstone.bmp -> %SystemRoot%\Greenstone.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Created Date = 1/26/2008 1:36:28 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 1/25/2008 8:23:39 PM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
MicCal.exe -> %SystemRoot%\MicCal.exe -> Realtek Semiconductor Corp. [Ver = 1.1.0.8 | Size = 2142208 bytes | Created Date = 1/25/2008 9:07:19 PM | Attr = R  ]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1279 bytes | Created Date = 1/27/2008 3:52:01 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
mww32 -> %SystemRoot%\mww32 ->  [Folder | Created Date = 1/25/2008 8:19:13 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 1/25/2008 9:36:25 PM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 1/25/2008 10:39:08 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 1/25/2008 10:24:39 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 626 bytes | Created Date = 1/26/2008 9:15:14 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4073 bytes | Created Date = 1/26/2008 1:36:25 AM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 1/25/2008 8:18:22 PM | Attr = R  ]
OPTIONS -> %SystemRoot%\OPTIONS ->  [Folder | Created Date = 1/25/2008 9:12:31 PM | Attr =	]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 1/25/2008 8:54:04 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 1/25/2008 9:23:34 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 1/25/2008 8:17:22 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 1/25/2008 8:53:37 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 1/26/2008 1:46:57 AM | Attr =	]
River Sumida.bmp -> %SystemRoot%\River Sumida.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 1/26/2008 1:46:57 AM | Attr =	]
RTHDCPL.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.2.1 | Size = 14864384 bytes | Created Date = 1/25/2008 9:07:19 PM | Attr = R  ]
RTLCPL.exe -> %SystemRoot%\RTLCPL.exe -> Realtek Semiconductor Corp. [Ver = 1.0.1.52 | Size = 9710592 bytes | Created Date = 1/25/2008 9:07:26 PM | Attr = R  ]
RtlExUpd.dll -> %SystemRoot%\RtlExUpd.dll -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 2 | Size = 487424 bytes | Created Date = 1/25/2008 9:07:12 PM | Attr = R  ]
RtlUpd.exe -> %SystemRoot%\RtlUpd.exe -> Realtek Semiconductor Corp. [Ver = 2, 5, 0, 5 | Size = 356352 bytes | Created Date = 1/25/2008 9:07:29 PM | Attr = R  ]
Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 1/26/2008 1:46:57 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
setupapi.old -> %SystemRoot%\setupapi.old ->  [Ver =  | Size = 115056 bytes | Created Date = 1/26/2008 1:36:13 AM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 1/26/2008 9:13:13 PM | Attr =	]
Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 1/26/2008 1:46:56 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 1/25/2008 8:55:15 PM | Attr =	]
SoundMan.exe -> %SystemRoot%\SoundMan.exe -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 21 | Size = 86016 bytes | Created Date = 1/25/2008 9:07:30 PM | Attr = R  ]
Speech -> %SystemRoot%\Speech ->  [Folder | Created Date = 1/26/2008 1:36:22 AM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 1/25/2008 8:47:04 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
system32 -> %System32% ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 1/25/2008 8:18:08 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 1/29/2008 7:37:43 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 1/25/2008 8:17:21 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 1/25/2008 8:17:21 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 1/26/2008 1:30:53 AM | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 1/25/2008 8:48:08 PM | Attr = RH ]
winsc32.ini -> %SystemRoot%\winsc32.ini ->  [Ver =  | Size = 307 bytes | Created Date = 1/27/2008 4:30:10 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 1/26/2008 2:00:44 AM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 1/25/2008 8:49:14 PM | Attr =	]
Zapotec.bmp -> %SystemRoot%\Zapotec.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 1/26/2008 1:46:57 AM | Attr =	]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 1/25/2008 8:18:08 PM | Attr = RH ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 1/25/2008 8:18:43 PM | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
BitDefender -> %AllUsersAppData%\BitDefender ->  [Folder | Created Date = 1/30/2008 7:32:23 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/25/2008 8:39:33 PM | Attr =  HS]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Created Date = 1/26/2008 1:45:36 AM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Created Date = 1/27/2008 3:52:05 PM | Attr =	]
BitDefender -> %UserAppData%\BitDefender ->  [Folder | Created Date = 1/30/2008 7:36:28 PM | Attr =	]
Identities -> %UserAppData%\Identities ->  [Folder | Created Date = 1/25/2008 8:22:41 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Created Date = 1/27/2008 3:52:05 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Created Date = 1/25/2008 8:22:38 PM | Attr =   S]
Mozilla -> %UserAppData%\Mozilla ->  [Folder | Created Date = 1/25/2008 10:24:36 PM | Attr =	]
Real -> %UserAppData%\Real ->  [Folder | Created Date = 1/28/2008 10:27:01 PM | Attr =	]
vlc -> %UserAppData%\vlc ->  [Folder | Created Date = 1/26/2008 12:23:43 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 12800 bytes | Created Date = 1/25/2008 8:57:44 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 62344 bytes | Created Date = 1/25/2008 10:21:39 PM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Created Date = 1/29/2008 7:28:40 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 5355732 bytes | Created Date = 1/29/2008 7:41:33 PM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Created Date = 1/25/2008 8:22:39 PM | Attr =	]
Mozilla -> %LocalAppData%\Mozilla ->  [Folder | Created Date = 1/25/2008 10:24:36 PM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 1/25/2008 8:39:33 PM | Attr =  HS]
My Faxes -> %AllUsersDocuments%\My Faxes ->  [Folder | Created Date = 1/26/2008 1:45:23 AM | Attr =  HS]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Created Date = 1/25/2008 8:45:32 PM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Created Date = 1/25/2008 8:46:20 PM | Attr = R  ]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Created Date = 1/25/2008 8:44:35 PM | Attr = R  ]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 78 bytes | Created Date = 1/25/2008 8:56:06 PM | Attr =  HS]
My Music -> %UserDocuments%\My Music ->  [Folder | Created Date = 1/25/2008 8:56:07 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Created Date = 1/25/2008 8:22:38 PM | Attr = R  ]
BitDefender Total Security 2008.lnk -> %AllUsersDesktop%\BitDefender Total Security 2008.lnk ->  [Ver =  | Size = 1725 bytes | Created Date = 1/30/2008 7:32:39 PM | Attr =	]
Connection through Realtek RTL8139_810x Family Fast Ethernet NIC.lnk -> %AllUsersDesktop%\Connection through Realtek RTL8139_810x Family Fast Ethernet NIC.lnk ->  [Ver =  | Size = 756 bytes | Created Date = 1/25/2008 10:20:28 PM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 1/25/2008 10:24:34 PM | Attr =	]
Nero StartSmart.lnk -> %AllUsersDesktop%\Nero StartSmart.lnk ->  [Ver =  | Size = 1239 bytes | Created Date = 1/25/2008 9:23:21 PM | Attr =	]
PC Security.lnk -> %AllUsersDesktop%\PC Security.lnk ->  [Ver =  | Size = 576 bytes | Created Date = 1/27/2008 4:29:51 PM | Attr =	]
VLC media player.lnk -> %AllUsersDesktop%\VLC media player.lnk ->  [Ver =  | Size = 615 bytes | Created Date = 1/25/2008 10:30:59 PM | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1568123 bytes | Created Date = 1/25/2008 10:38:40 PM | Attr =	]
DA JAN 08.xls -> %UserDesktop%\DA JAN 08.xls ->  [Ver =  | Size = 2802688 bytes | Created Date = 1/30/2008 9:56:55 PM | Attr =	]
Firefox Setup 2.0.0.11.exe -> %UserDesktop%\Firefox Setup 2.0.0.11.exe -> Mozilla [Ver = 4.42 | Size = 6026816 bytes | Created Date = 1/25/2008 10:23:47 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Firefox Setup 2.0.0.11.exe:Zone.Identifier
googletalk-setup.exe -> %UserDesktop%\googletalk-setup.exe ->  [Ver =  | Size = 1606064 bytes | Created Date = 1/29/2008 7:28:17 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 1/25/2008 9:15:56 PM | Attr =	]
pcsecurity.exe -> %UserDesktop%\pcsecurity.exe ->  [Ver =  | Size = 1097909 bytes | Created Date = 1/27/2008 4:28:59 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Created Date = 1/31/2008 10:09:32 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Created Date = 1/31/2008 10:05:45 PM | Attr =	]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/25/2008 8:39:33 PM | Attr =  HS]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 1/25/2008 8:55:56 PM | Attr =  HS]
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Created Date = 1/25/2008 9:21:35 PM | Attr =	]
BitDefender -> %CommonProgramFiles%\BitDefender ->  [Folder | Created Date = 1/30/2008 7:31:18 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 1/26/2008 9:13:33 PM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 1/25/2008 8:59:34 PM | Attr =	]
L&H -> %CommonProgramFiles%\L&H ->  [Folder | Created Date = 1/26/2008 9:14:18 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 1/26/2008 1:36:20 AM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 1/25/2008 8:47:09 PM | Attr =	]
Nero -> %CommonProgramFiles%\Nero ->  [Folder | Created Date = 1/25/2008 9:23:22 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 1/26/2008 1:36:25 AM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Created Date = 1/28/2008 10:27:16 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Created Date = 1/25/2008 8:18:10 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 1/25/2008 8:39:51 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 1/25/2008 8:17:50 PM | Attr =	]
xing shared -> %CommonProgramFiles%\xing shared ->  [Folder | Created Date = 1/28/2008 10:27:25 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 8:18:50 PM | Attr =  H ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 206 bytes | Modified Date = 1/31/2008 9:58:16 PM | Attr =  HS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 1/29/2008 7:37:44 PM | Attr =	]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 8:18:50 PM | Attr =  H ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 1/30/2008 9:36:08 PM | Attr =	]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 8:18:50 PM | Attr = RHS]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 8:18:50 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 1/30/2008 7:32:32 PM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 1/29/2008 7:37:42 PM | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 1/25/2008 10:41:25 PM | Attr =  HS]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 1/25/2008 8:55:15 PM | Attr =  HS]
TempEI4 -> %SystemDrive%\TempEI4 ->  [Folder | Modified Date = 1/25/2008 9:15:33 PM | Attr =	]
WINNT -> %SystemRoot% ->  [Folder | Modified Date = 1/30/2008 7:46:53 PM | Attr =	]
disdn -> %System32%\drivers\disdn ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 1/26/2008 1:32:40 AM | Attr =	]
$winnt$.inf -> %System32%\$winnt$.inf ->  [Ver =  | Size = 12897 bytes | Modified Date = 1/25/2008 8:52:45 PM | Attr =	]
1025 -> %System32%\1025 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> 
1028 -> %System32%\1028 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
1031 -> %System32%\1031 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
1033 -> %System32%\1033 ->  [Folder | Modified Date = 1/26/2008 2:02:26 AM | Attr =	]
1037 -> %System32%\1037 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
1041 -> %System32%\1041 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
1042 -> %System32%\1042 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
1054 -> %System32%\1054 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
2052 -> %System32%\2052 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
3076 -> %System32%\3076 ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
3com_dmi -> %System32%\3com_dmi ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
amcompat.tlb -> %System32%\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 1/25/2008 8:49:16 PM | Attr =	]
BuzzingBee.wav -> %System32%\BuzzingBee.wav ->  [Ver =  | Size = 146650 bytes | Modified Date = 1/25/2008 9:11:08 PM | Attr =	]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 1/25/2008 8:39:21 PM | Attr =	]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 1/30/2008 9:55:45 PM | Attr =	]
cdplayer.exe.manifest -> %System32%\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 8:48:08 PM | Attr = RH ]
Com -> %System32%\Com ->  [Folder | Modified Date = 1/25/2008 8:45:53 PM | Attr =	]
config -> %System32%\config ->  [Folder | Modified Date = 1/25/2008 8:53:21 PM | Attr =	]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2577 bytes | Modified Date = 1/25/2008 8:18:50 PM | Attr =	]
dhcp -> %System32%\dhcp ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 1/25/2008 8:47:43 PM | Attr =	]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 1/30/2008 9:55:53 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 1/30/2008 9:55:48 PM | Attr =	]
emptyregdb.dat -> %System32%\emptyregdb.dat ->  [Ver =  | Size = 22192 bytes | Modified Date = 1/25/2008 8:45:50 PM | Attr =	]
export -> %System32%\export ->  [Folder | Modified Date = 1/26/2008 1:36:25 AM | Attr =	]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 239944 bytes | Modified Date = 1/26/2008 9:18:30 PM | Attr =	]
folder.htt -> %System32%\folder.htt ->  [Ver =  | Size = 21692 bytes | Modified Date = 1/25/2008 8:18:23 PM | Attr =  H ]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 1/25/2008 8:45:31 PM | Attr =	]
GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Modified Date = 1/25/2008 8:22:39 PM | Attr =  H ]
ias -> %System32%\ias ->  [Folder | Modified Date = 1/25/2008 8:48:53 PM | Attr =	]
icsxml -> %System32%\icsxml ->  [Folder | Modified Date = 1/26/2008 2:03:08 AM | Attr =	]
IME -> %System32%\IME ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
inetsrv -> %System32%\inetsrv ->  [Folder | Modified Date = 1/25/2008 8:19:13 PM | Attr =	]
Lang -> %System32%\Lang ->  [Folder | Modified Date = 1/25/2008 9:11:07 PM | Attr =	]
logonui.exe.manifest -> %System32%\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/25/2008 8:48:15 PM | Attr = RH ]
LoopyMusic.wav -> %System32%\LoopyMusic.wav ->  [Ver =  | Size = 940794 bytes | Modified Date = 1/25/2008 9:11:08 PM | Attr =	]
Macromed -> %System32%\Macromed ->  [Folder | Modified Date = 1/25/2008 8:47:02 PM | Attr =	]
mapisvc.inf -> %System32%\mapisvc.inf ->  [Ver =  | Size = 535 bytes | Modified Date = 1/25/2008 8:45:31 PM | Attr =	]
Microsoft -> %System32%\Microsoft ->  [Folder | Modified Date = 1/25/2008 8:54:04 PM | Attr =   S]
MsDtc -> %System32%\MsDtc ->  [Folder | Modified Date = 1/25/2008 8:45:35 PM | Attr =	]
mui -> %System32%\mui ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
ncpa.cpl.manifest -> %System32%\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 8:48:08 PM | Attr = RH ]
npp -> %System32%\npp ->  [Folder | Modified Date = 1/26/2008 2:06:15 AM | Attr =	]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 1/25/2008 8:49:16 PM | Attr =	]
NtmsData -> %System32%\NtmsData ->  [Folder | Modified Date = 1/31/2008 9:58:44 PM | Attr =	]
nwc.cpl.manifest -> %System32%\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 8:48:08 PM | Attr = RH ]
oobe -> %System32%\oobe ->  [Folder | Modified Date = 1/25/2008 8:47:34 PM | Attr =	]
os2 -> %System32%\os2 ->  [Folder | Modified Date = 1/26/2008 2:00:43 AM | Attr =	]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 42122 bytes | Modified Date = 1/25/2008 9:08:41 PM | Attr =	]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 317330 bytes | Modified Date = 1/25/2008 9:08:41 PM | Attr =	]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 363760 bytes | Modified Date = 1/25/2008 9:08:41 PM | Attr =	]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 1/28/2008 10:27:17 PM | Attr =	]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 1/28/2008 10:27:17 PM | Attr =	]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 1/28/2008 10:27:17 PM | Attr =	]
PreInstall -> %System32%\PreInstall ->  [Folder | Modified Date = 1/25/2008 10:44:25 PM | Attr =	]
ras -> %System32%\ras ->  [Folder | Modified Date = 1/26/2008 1:32:43 AM | Attr =	]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 1/25/2008 8:59:42 PM | Attr =	]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 1/25/2008 8:55:15 PM | Attr =	]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2237 | Size = 176167 bytes | Modified Date = 1/28/2008 10:27:21 PM | Attr =	]
rocket -> %System32%\rocket ->  [Folder | Modified Date = 1/25/2008 8:19:13 PM | Attr =	]
rpcproxy -> %System32%\rpcproxy ->  [Folder | Modified Date = 1/25/2008 8:19:13 PM | Attr =	]
RTCOM -> %System32%\RTCOM ->  [Folder | Modified Date = 1/25/2008 9:08:24 PM | Attr =	]
sapi.cpl.manifest -> %System32%\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 8:48:08 PM | Attr = RH ]
Setup -> %System32%\Setup ->  [Folder | Modified Date = 1/26/2008 2:07:28 AM | Attr =	]
ShellExt -> %System32%\ShellExt ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
SoftwareDistribution -> %System32%\SoftwareDistribution ->  [Folder | Modified Date = 1/25/2008 10:22:21 PM | Attr =	]
spool -> %System32%\spool ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 1/26/2008 2:07:14 AM | Attr =	]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 1/25/2008 8:49:39 PM | Attr =	]
WindowsLogon.manifest -> %System32%\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 1/25/2008 8:48:15 PM | Attr = RH ]
wins -> %System32%\wins ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 1/31/2008 9:54:07 PM | Attr =	]
wuaucpl.cpl.manifest -> %System32%\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 8:48:08 PM | Attr = RH ]
xircom -> %System32%\xircom ->  [Folder | Modified Date = 1/25/2008 8:49:39 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 1/25/2008 10:44:24 PM | Attr =  H ]
5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 1/25/2008 10:44:40 PM | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 1/25/2008 8:45:10 PM | Attr =	]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 1/26/2008 2:07:00 AM | Attr =	]
bdagent.INI -> %SystemRoot%\bdagent.INI ->  [Ver =  | Size = 121 bytes | Modified Date = 1/31/2008 9:56:45 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 1/31/2008 9:57:24 PM | Attr =   S]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 1/26/2008 1:32:21 AM | Attr =	]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 8:18:50 PM | Attr =	]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 1/25/2008 8:22:38 PM | Attr =  HS]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 1/26/2008 1:47:09 AM | Attr =	]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 1/25/2008 9:01:55 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 1/25/2008 8:18:34 PM | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
dwpces23.dru -> %SystemRoot%\dwpces23.dru ->  [Ver =  | Size = 60 bytes | Modified Date = 1/27/2008 4:30:43 PM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 1/26/2008 2:06:51 AM | Attr =	]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 1/25/2008 10:39:37 PM | Attr =	]
folder.htt -> %SystemRoot%\folder.htt ->  [Ver =  | Size = 21692 bytes | Modified Date = 1/25/2008 8:18:23 PM | Attr =  H ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 1/26/2008 9:14:24 PM | Attr = R S]
gercescp.dvr -> %SystemRoot%\gercescp.dvr ->  [Ver =  | Size = 244 bytes | Modified Date = 1/27/2008 4:30:12 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 1/26/2008 9:13:10 PM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 1/25/2008 8:49:39 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 1/25/2008 10:44:28 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 1/30/2008 7:33:07 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 1/30/2008 9:36:33 PM | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 1/26/2008 2:06:48 AM | Attr =	]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1279 bytes | Modified Date = 1/30/2008 7:32:37 PM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 1/26/2008 2:06:05 AM | Attr =	]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 1/26/2008 2:06:51 AM | Attr =	]
mww32 -> %SystemRoot%\mww32 ->  [Folder | Modified Date = 1/25/2008 8:19:13 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 1/28/2008 10:29:15 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 1/25/2008 10:24:39 PM | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 626 bytes | Modified Date = 1/26/2008 9:15:14 PM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4073 bytes | Modified Date = 1/25/2008 8:49:07 PM | Attr =	]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 1/25/2008 8:18:22 PM | Attr = R  ]
OPTIONS -> %SystemRoot%\OPTIONS ->  [Folder | Modified Date = 1/25/2008 9:12:31 PM | Attr =	]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 1/25/2008 8:46:48 PM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 1/26/2008 2:06:33 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 1/25/2008 10:30:50 PM | Attr =	]
Provisioning -> %SystemRoot%\Provisioning ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 1/25/2008 9:23:44 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 1/25/2008 8:56:27 PM | Attr =	]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 1/25/2008 8:53:37 PM | Attr =	]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 1/26/2008 1:30:53 AM | Attr =	]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 1/26/2008 2:00:44 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 1/25/2008 9:00:06 PM | Attr =	]
setupapi.old -> %SystemRoot%\setupapi.old ->  [Ver =  | Size = 115056 bytes | Modified Date = 1/25/2008 8:20:27 PM | Attr =	]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 1/26/2008 9:14:01 PM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 1/25/2008 10:22:30 PM | Attr =	]
Speech -> %SystemRoot%\Speech ->  [Folder | Modified Date = 1/26/2008 1:36:24 AM | Attr =	]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 1/25/2008 8:47:52 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 1/26/2008 9:11:15 PM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 1/31/2008 9:58:16 PM | Attr =	]
system32 -> %System32% ->  [Folder | Modified Date = 1/30/2008 9:51:19 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 1/25/2008 8:18:43 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 1/31/2008 9:58:58 PM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 1/26/2008 2:03:24 AM | Attr =	]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 1/25/2008 8:17:21 PM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 1/25/2008 8:17:21 PM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 1/25/2008 8:48:18 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 421 bytes | Modified Date = 1/31/2008 9:58:16 PM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 1/25/2008 8:48:08 PM | Attr = RH ]
winsc32.ini -> %SystemRoot%\winsc32.ini ->  [Ver =  | Size = 307 bytes | Modified Date = 1/30/2008 10:55:54 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 1/30/2008 7:32:38 PM | Attr =	]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 1/25/2008 9:22:52 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 1/31/2008 9:57:26 PM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 1/25/2008 10:25:54 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4617 bytes | Modified Date = 1/25/2008 10:25:54 PM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 1/26/2008 9:16:08 PM | Attr =	]
setup.exe -> C:\Documents and Settings\Madhav1\Local Settings\Temp\IXP000.TMP\setup.exe -> BitDefender [Ver = 1, 6, 0, 0 | Size = 169312 bytes | Modified Date = 12/11/2007 4:39:10 PM | Attr =	]
Perflib_Perfdata_80c.dat -> C:\Documents and Settings\Madhav1\Local Settings\Temp\Perflib_Perfdata_80c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/31/2008 10:08:45 PM | Attr =	]
2 C:\Documents and Settings\Madhav1\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Madhav1\Local Settings\Temp\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
BitDefender -> %AllUsersAppData%\BitDefender ->  [Folder | Modified Date = 1/30/2008 7:36:21 PM | Attr =	]
desktop.ini -> %AllUsersAppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/25/2008 8:39:33 PM | Attr =  HS]
Microsoft -> %AllUsersAppData%\Microsoft ->  [Folder | Modified Date = 1/29/2008 7:35:12 PM | Attr =	]
Adobe -> %UserAppData%\Adobe ->  [Folder | Modified Date = 1/27/2008 3:52:05 PM | Attr =	]
BitDefender -> %UserAppData%\BitDefender ->  [Folder | Modified Date = 1/30/2008 7:36:28 PM | Attr =	]
Identities -> %UserAppData%\Identities ->  [Folder | Modified Date = 1/25/2008 8:22:41 PM | Attr =	]
Macromedia -> %UserAppData%\Macromedia ->  [Folder | Modified Date = 1/27/2008 3:52:05 PM | Attr =	]
Microsoft -> %UserAppData%\Microsoft ->  [Folder | Modified Date = 1/30/2008 10:55:31 PM | Attr =   S]
Mozilla -> %UserAppData%\Mozilla ->  [Folder | Modified Date = 1/25/2008 10:24:36 PM | Attr =	]
Real -> %UserAppData%\Real ->  [Folder | Modified Date = 1/28/2008 10:28:18 PM | Attr =	]
vlc -> %UserAppData%\vlc ->  [Folder | Modified Date = 1/26/2008 12:23:43 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 12800 bytes | Modified Date = 1/28/2008 10:29:06 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 62344 bytes | Modified Date = 1/30/2008 7:21:28 PM | Attr =	]
Google -> %LocalAppData%\Google ->  [Folder | Modified Date = 1/29/2008 7:28:40 PM | Attr =	]
IconCache.db -> %LocalAppData%\IconCache.db ->  [Ver =  | Size = 5355732 bytes | Modified Date = 1/29/2008 7:54:04 PM | Attr =  H ]
Microsoft -> %LocalAppData%\Microsoft ->  [Folder | Modified Date = 1/30/2008 8:31:46 PM | Attr =	]
Mozilla -> %LocalAppData%\Mozilla ->  [Folder | Modified Date = 1/25/2008 10:24:36 PM | Attr =	]
desktop.ini -> %AllUsersDocuments%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 1/25/2008 8:39:33 PM | Attr =  HS]
My Faxes -> %AllUsersDocuments%\My Faxes ->  [Folder | Modified Date = 1/25/2008 8:17:49 PM | Attr =  HS]
My Music -> %AllUsersDocuments%\My Music ->  [Folder | Modified Date = 1/25/2008 8:47:19 PM | Attr = R  ]
My Pictures -> %AllUsersDocuments%\My Pictures ->  [Folder | Modified Date = 1/25/2008 8:47:18 PM | Attr = R  ]
My Videos -> %AllUsersDocuments%\My Videos ->  [Folder | Modified Date = 1/25/2008 8:44:35 PM | Attr = R  ]
desktop.ini -> %UserDocuments%\desktop.ini ->  [Ver =  | Size = 78 bytes | Modified Date = 1/25/2008 8:56:18 PM | Attr =  HS]
My Music -> %UserDocuments%\My Music ->  [Folder | Modified Date = 1/25/2008 8:56:18 PM | Attr = R  ]
My Pictures -> %UserDocuments%\My Pictures ->  [Folder | Modified Date = 1/31/2008 10:02:26 PM | Attr = R  ]
BitDefender Total Security 2008.lnk -> %AllUsersDesktop%\BitDefender Total Security 2008.lnk ->  [Ver =  | Size = 1725 bytes | Modified Date = 1/30/2008 7:32:39 PM | Attr =	]
Connection through Realtek RTL8139_810x Family Fast Ethernet NIC.lnk -> %AllUsersDesktop%\Connection through Realtek RTL8139_810x Family Fast Ethernet NIC.lnk ->  [Ver =  | Size = 756 bytes | Modified Date = 1/25/2008 10:20:28 PM | Attr =	]
Mozilla Firefox.lnk -> %AllUsersDesktop%\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 1/25/2008 10:24:34 PM | Attr =	]
Nero StartSmart.lnk -> %AllUsersDesktop%\Nero StartSmart.lnk ->  [Ver =  | Size = 1239 bytes | Modified Date = 1/25/2008 9:23:21 PM | Attr =	]
PC Security.lnk -> %AllUsersDesktop%\PC Security.lnk ->  [Ver =  | Size = 576 bytes | Modified Date = 1/27/2008 4:29:51 PM | Attr =	]
VLC media player.lnk -> %AllUsersDesktop%\VLC media player.lnk ->  [Ver =  | Size = 615 bytes | Modified Date = 1/25/2008 10:30:59 PM | Attr =	]
ComboFix.exe -> %UserDesktop%\ComboFix.exe ->  [Ver =  | Size = 1568123 bytes | Modified Date = 1/25/2008 10:38:51 PM | Attr =	]
DA JAN 08.xls -> %UserDesktop%\DA JAN 08.xls ->  [Ver =  | Size = 2802688 bytes | Modified Date = 1/30/2008 10:20:20 PM | Attr =	]
Firefox Setup 2.0.0.11.exe -> %UserDesktop%\Firefox Setup 2.0.0.11.exe -> Mozilla [Ver = 4.42 | Size = 6026816 bytes | Modified Date = 1/25/2008 10:24:22 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Firefox Setup 2.0.0.11.exe:Zone.Identifier
googletalk-setup.exe -> %UserDesktop%\googletalk-setup.exe ->  [Ver =  | Size = 1606064 bytes | Modified Date = 1/29/2008 7:28:35 PM | Attr =	]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 1/25/2008 9:15:56 PM | Attr =	]
pcsecurity.exe -> %UserDesktop%\pcsecurity.exe ->  [Ver =  | Size = 1097909 bytes | Modified Date = 1/27/2008 4:29:43 PM | Attr =	]
WinPFind35u -> %UserDesktop%\WinPFind35u ->  [Folder | Modified Date = 1/31/2008 10:09:32 PM | Attr =	]
WinPFind35u.exe -> %UserDesktop%\WinPFind35u.exe ->  [Ver =  | Size = 478367 bytes | Modified Date = 1/31/2008 10:08:12 PM | Attr =	]
desktop.ini -> %AllUsersStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/25/2008 8:49:33 PM | Attr =  HS]
desktop.ini -> %UserStartup%\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 1/25/2008 8:49:33 PM | Attr =  HS]
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Modified Date = 1/25/2008 9:21:36 PM | Attr =	]
BitDefender -> %CommonProgramFiles%\BitDefender ->  [Folder | Modified Date = 1/30/2008 7:32:29 PM | Attr =	]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 1/26/2008 9:13:33 PM | Attr =	]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 1/25/2008 9:07:08 PM | Attr =	]
L&H -> %CommonProgramFiles%\L&H ->  [Folder | Modified Date = 1/26/2008 9:14:18 PM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 1/26/2008 9:14:25 PM | Attr =	]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 1/25/2008 8:47:09 PM | Attr =	]
Nero -> %CommonProgramFiles%\Nero ->  [Folder | Modified Date = 1/25/2008 9:23:22 PM | Attr =	]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 1/26/2008 1:36:25 AM | Attr =	]
Real -> %CommonProgramFiles%\Real ->  [Folder | Modified Date = 1/28/2008 10:27:24 PM | Attr =	]
Services -> %CommonProgramFiles%\Services ->  [Folder | Modified Date = 1/25/2008 8:18:10 PM | Attr =	]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 1/25/2008 8:39:51 PM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 1/26/2008 9:13:16 PM | Attr =	]
xing shared -> %CommonProgramFiles%\xing shared ->  [Folder | Modified Date = 1/28/2008 10:27:25 PM | Attr =	]

< End of report >


Regards
Madhav

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:12 AM

Posted 31 January 2008 - 01:36 PM

Hi Krishna Madhav. I don't see nay signs of viruses or malware in the WPF35 log either. Let's look at the issues:

These are the problems.
1.System is running slowly.
2.Not able to view hidden files.
3.Not able to open folders in its own windows.Each time they are opening in a new window(which is very annoying).


1 - for performance issues I would suggest posting in the XP Forum . They can assist with operating system and performance issues.

2 - go to Tools -> Folder Options -> View in Explorer and set the options to view hidden files and folders?

3 - go to Tools -> General and select to view each folder in the same window

If changing these settings does not work then I would look at this program named PCSecurity that I see installed. If it is set to disallow any changes then disable the program and make the desired changes.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Krishna Madhav

Krishna Madhav
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 02 February 2008 - 04:42 AM

Hey thanks me for helping me out.
After installing bit defender,many problems got resolved as it removed some trojans during virus scans.
Thank you.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:12 AM

Posted 03 February 2008 - 11:15 AM

You are welcome Krishna Madhav. Since this does not appear to be malware related I will now close this topic. If you do have any malware related issues int he future please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users